156-115 Check Point Certified Security Master - Final Exam Set 3

Customer would like to take his IPS Corporate Cluster, but he is concerned about the high CPU usage, because if IPS inspection. What would you have configured removed for inspection of high CPU usage evolves?


Options are :

  • It is not possible to. In this case, nothing allows IPS
  • Removes the audit. (IPS alternative Gateway Properties)
  • Overtake inspection. (IPS alternative Gateway Properties)
  • Overtake under load. (IPS alternative Gateway Properties)
  • None

Answer : Overtake under load. (IPS alternative Gateway Properties)

IPS which of the two original sections have more resources?


Options are :

  • default
  • prevention
  • standard
  • None
  • advisable

Answer : default

156-115 Check Point Certified Security Master - Final Exam Set 4

Jerry is a network administrator ACME Co. network includes five gateways all managed by a single management server. at the moment they receive a disproportionate number of false positives traffic passing through the network. Based on this information, what do you think the factor most influenced by a large number of false positives Jerry gets?


Options are :

  • He has set up hedges to act Detect mode
  • None
  • He has created a profile for each of your IPS Security Gateway
  • He is performing IPS inspection of all traffic
  • He has made it possible to be protected based on network devices and requirements

Answer : He is performing IPS inspection of all traffic

You are trying to figure out the problem the HR team. One of the users using the IP 10.10.10.24. Those who have tried to get into the holiday-servers, but all connections fail. You've checked the logs and do not see any traffic dropped. You have reason to believe that the bill does not log in. What command can you use to confirm this?


Options are :

  • FW CTL Pstat host 10.10.10.24
  • FW connections to -t -S
  • You can not execute the command for this; must be enabled by logging all rules
  • fw ctl zdebug + log dynlog
  • None

Answer : fw ctl zdebug + log dynlog

Snort is a popular open-source IDS, you would like to import Snort rules in plain text Check Point's Smart Center. How can you do this?


Options are :

  • Under the tree IPS Security> By Protocol> IPS Software Blade> Application Intelligence> Snort Snort import and select the import option.
  • None
  • Checkpoint is not supported by the signatures of third parties.
  • From the command line, run: ips_export_import import f [p ].
  • IPS profiles manually configured on each gateway.

Answer : Under the tree IPS Security> By Protocol> IPS Software Blade> Application Intelligence> Snort Snort import and select the import option.

156-115 Check Point Certified Security Master - Final Exam Set 5

When performing a procedure to solve the Clean IPS IPS corrupt files on the question of what the file has been modified in order to SDUU process to automatically update files at the end of IPS procedure?


Options are :

  • inspect.C
  • asm.C
  • None
  • objects_5_0.C
  • profiles.C

Answer : asm.C

How do you see the connection dropped and the reason for the core?


Options are :

  • FW CTL debug drop
  • FW zdebug drop
  • FW ctl zdebug drop
  • FW debug drop
  • None

Answer : FW ctl zdebug drop

156-115 Check Point Certified Security Master - Final Exam Set 6

In some situations, the switches may not play nicely with Check Point Cluster and it is necessary to move to a multicast broadcast. What command should appeal to fix the problem?


Options are :

  • This can only be changed GuiDbEdit.
  • cphaconf set_ccp broadcast
  • The CCP set of broadcast
  • None
  • cpha_conf set of broadcast CCP

Answer : cphaconf set_ccp broadcast

By default, the entire table is fwx_alloc:


Options are :

  • 65536
  • None
  • 1024
  • 65535
  • 25000

Answer : 25000

What is the file you want to edit to change the ClusterXL VIP Hide NAT rules, and where?


Options are :

  • $ FWDIR / lib / table.def is SMC
  • $ FWDIR / lib / base.def is SMC
  • $ FWDIR / lib / base.def cluster members
  • None
  • $ FWDIR / lib / table.def cluster members

Answer : $ FWDIR / lib / table.def is SMC

156-110 Check Point Certified Security Principles Associate Set 1

Which definition best describes the file table.def tool? It is a placeholder:


Options are :

  • definitions of the different core security gateways tables.
  • definitions of the different core tables Management Servers
  • user-defined rules implied security gateways.
  • User-defined rules implied Management Servers.
  • None

Answer : definitions of the different core security gateways tables.

"Hide behind the internal networks external IP Gateway" is selected. What determines what traffic NATted?


Options are :

  • None
  • VPN gateway encryption domain object
  • The topology configuration of the gateway object
  • Network objects defined network
  • Firewall policy gateway

Answer : The topology configuration of the gateway object

Which of the following is NOT cphaprob status?


Options are :

  • active
  • At the ready
  • Attentio down (or down! In the VSX-mode)
  • Back up
  • None

Answer : Attentio down (or down! In the VSX-mode)

156-110 Check Point Certified Security Principles Associate Set 2

Once you've created and pushed out a new policy, Joe discovers that the old connection is still permitted, that should have been closed after her changes. He wants to remove the connection to the gateway, and it seems with FW tab "T connections " u. Joe find the connection he is looking for. What command should be used Joe to delete this connection? <0, a128c22,89, a158508,89,11; 10001,2281,25,15b, a1,4ecdfeee, AC, 691400ac, 7b6,3e, ffffffff, 3c, 3c, 0,0,0,0,0, 0,0,0,0,0,0,0 0.0>


Options are :

  • FW tab connections 00000000, a128c22,00000089,0a158508,00000089,00000011 "
  • FW tab connections 0, a128c22,00000089,0a158508,00000089,00000011 "
  • FW tab connections 0, a128c22,89,0a158508,89,11 "
  • None
  • FW tab connections 00000000, a128c22,00000089,0a158508,00000089,00000011 "

Answer : FW tab connections 0, a128c22,00000089,0a158508,00000089,00000011 "

Using the default values ??for R77 how many cases whether the kernel is a 16-core gateway?


Options are :

  • 16
  • None
  • 12
  • 8
  • 14

Answer : 14

After you edit the configuration local.arp, support manual NAT, what must be done to ensure that the proxy Arps as well as manual and automatic NAT rules work?


Options are :

  • None
  • Create and run the script to forward the changes local.arp tables Gateway
  • Global Properties> NAT tree, click Connect Manual proxy configuration check box, ARP
  • The command FW CTL ARP gateway
  • Global Properties> NAT tree select the Flip the client side of the dialog box

Answer : Global Properties> NAT tree, click Connect Manual proxy configuration check box, ARP

156-110 Check Point Certified Security Principles Associate Set 3

Every FW-1 kernel flags should be used properly debug and troubleshoot NAT?


Options are :

  • None
  • nat, xltrc, xlate, drop, Conn vm
  • nat, drop, in total, xlate, filter, ioctl
  • nat, xlate, fwd, VIII, low density, chain
  • nat, route, Conn fwd, zeco, uh

Answer : nat, xltrc, xlate, drop, Conn vm

When viewing access to the command fw tab -t connections, all the results are displayed with a six-tuple key elements of the six-tuple are EXCEPT:


Options are :

  • source port number
  • connection id
  • None
  • Direction (incoming / outgoing)
  • destination port number

Answer : connection id

When viewing the NAT table, which represents a second binary number of the plural 6:


Options are :

  • source IP
  • protocol
  • the source port
  • None
  • destination Ports

Answer : source IP

156-110 Check Point Certified Security Principles Associate Set 4

What kernel parameters that magic air conditioning systems?


Options are :

  • fwha_mac_magic and fw_mac_forward_magic
  • fwha_magic_mac and fw_forward_magic_mac
  • cpha_magic_mac and cpha_mac_forward_magic
  • None
  • cpha_mac_magic and cp_mac_forward_magic

Answer : fwha_mac_magic and fw_mac_forward_magic

What mechanism solves the asymmetric routing issues a load sharing cluster?


Options are :

  • farm owner
  • status of the synchronization process
  • Rinse and ACK
  • None
  • SYN Defender

Answer : Rinse and ACK

Ann wants to hide your FTP traffic through the virtual IP for his cluster. With a table.def the relevant file is located to make this change?


Options are :

  • $ FWDIR / log / table.def
  • $ FWDIR / lib / table.def
  • $ FWDIR / conf / table.def
  • None
  • $ FWDIR / bin / table.def

Answer : $ FWDIR / lib / table.def

156-110 Check Point Certified Security Principles Associate Set 5

Which command should be used to stop the kernel module faults (excluding SecureXL)?


Options are :

  • FW debug ctl 0
  • FW CTL zdebug - all
  • None
  • FW debug FWD off; VPN from the debug
  • FW debug FWD off

Answer : FW debug ctl 0

Every command is a troubleshooting tool to use to check the table in the connection info (peak concurrent) and check the data cluster synchronization status?


Options are :

  • View all info
  • FW ctl Pstat
  • FW ctl multik stat
  • None
  • FW tab connections

Answer : View all info

You are trying to set Directional VPN Match VPN column but Directional Match fitness options do not exist. Why is this missing?


Options are :

  • This can be done only in the traditional mode.
  • None
  • Peer does not support this feature.
  • This has enabled Gateway Advanced.
  • You need to enable this feature through the use of Global Properties> VPN> Advanced Settings and select the Enable VPN Directional VPN Match column.

Answer : You need to enable this feature through the use of Global Properties> VPN> Advanced Settings and select the Enable VPN Directional VPN Match column.

156-110 Check Point Certified Security Principles Associate Set 6

What would be the reason to change the MAC Magic?


Options are :

  • In order for automatic updates.
  • For two or more clusters to be in the same network.
  • In order for these two cluster members to use the same virtual IP address.
  • None
  • In order for two or more cluster members to be on the same network.

Answer : For two or more clusters to be in the same network.

Who commands you should run the debug VPN-1 kernel module?


Options are :

  • FW debug VPN
  • None
  • VPN debug TDERROR_ALL_ALL = 5
  • FW CTL zdebug Crypt kbuf
  • FW CTL -m to debug all VPN

Answer : FW CTL -m to debug all VPN

Adam wants to find his idle connections to the gateway. Which command would be the best way of viewing connections to the table?


Options are :

  • FW tab -t connections
  • FW tab -t connections
  • None
  • FW tab -t connections
  • FW tab connections to -t -u

Answer : FW tab connections to -t -u

156-110 Check Point Certified Security Principles Associate Set 7

Extended Cluster Anti-scam, check what you value in order to determine whether the packet's source IP address, gateway cluster is a fake?


Options are :

  • None
  • The source MAC address of the packet.
  • Destination IP packet.
  • The package is the TTL value is less than 255.
  • Source IP packet.

Answer : The package is the TTL value is less than 255.

Tom troubleshoot NAT allows FW to monitor and Wireshark. He is trying to initiate a connection to the external network DMZ server is using a public IP, firewall which translates the real IP server. He analyzes the received packets using Wireshark and finds that the destination IP is being amended as required by the firewall, but does not see the packet leaves the external interface. What could be the reason?


Options are :

  • The translation can be done on the server side, and the packet is routed by the operating system back to the external interface.
  • The translation can be done on the client side, and the packet is routed back to the operating system by an external interface.
  • None
  • Firewall package is dropped.
  • After translation, the package cancels anti-spoofing Protection.

Answer : The translation can be done on the server side, and the packet is routed by the operating system back to the external interface.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions