In
Wire mode. If the packet reaches the gateway from a trusted source and
is intended for a trusted destination, the firewall is to do packet
filtering in?
Options are :
- Yes, the firewall is always stateful inspection.
- No
(Correct)
- None
- Yes, but only if SecureXL is not in use.
- No, but IPS inspection is still enforced.
Answer : No
You
have just configured the HA and noted that the connections are not
synced. When you failover, users complain that they are losing their
connections. What may you run the command to see the status of the
synchronization process statistics?
Options are :
- FW sync statistics
- None
- FW ctl Pstat
(Correct)
- FW CTL get int fw_state_sync_stats
- cphaprob stat
Answer : FW ctl Pstat
156-315.77 Check Point Certified Security Expert Exam Set 19
The
firewall administrator to know the details of the header of the packet,
the firewall already established connection. What command will show if
SecureXL accelerates the package?
Options are :
- fwaccel Conns
- fwaccel models
(Correct)
- FW tab connections | grep dest. port # | grep source port | grep dest. IP address
- None
- CTL + FW zdebug SXL Error Warning ASM
Answer : fwaccel models
It
is to analyze firewall logs, / var / log / messages, and repeatedly
refer to the following core message: "Nuclear: a neighbor table overflow
'What is the reason?
Options are :
- OSPF neighbor down
- a member of the cluster table overflow
- None
- Nothing, you can disconsider it.
- The ARP cache overflow
(Correct)
Answer : The ARP cache overflow
Gateway
target is currently defined max connection count of 25k connections
Smart Dashboard. Which of the following commands is displayed, the
current and the peak connection drops?
Options are :
- show connections to all
- FW ctl Pstat
(Correct)
- FW ctl Conn
- None
- FW ctl chain
Answer : FW ctl Pstat
156-315.71 Check Point Security Expert R71 Practical Exam Set 6
How to check the general SecureXL statistics:
Options are :
- fwaccel stat
- fwaccel Conns
- fwaccel site
- cat / proc / PPK / Statistics
(Correct)
- None
Answer : cat / proc / PPK / Statistics
What command would you use if a specific connection speed up SecureXL?
Options are :
- fwaccel Conns
(Correct)
- FW tab connections
- fwaccel stat
- None
- FW ctl kdebug
Answer : fwaccel Conns
You
have a user-specified SMTP trap configured to send an alert e-mail
server, and you also have the SmartView Monitor configured to trigger an
alarm when the policy is pushed gateway. However, you do not get any
e-mails even if you are testing for pushing policies. What should be the
process of troubleshooting is a Management Server?
Options are :
- cpwd_admin
- cpstat_monitor
(Correct)
- . fwd
- FWM
- None
Answer : cpstat_monitor
156-315.77 Check Point Certified Security Expert Exam Set 21
You
have a requirement to implement a strict security policy. With this in
mind, you must create a stealth rule. How does this affect your packet
acceleration?
Options are :
- There will be no impact, because the rules do not affect the stealth SecureXL.
(Correct)
- None
- There will be no effect as long as the rule is not logged in.
- NAT models will not work.
- Use stealth delete rule SecureXL.
Answer : There will be no impact, because the rules do not affect the stealth SecureXL.
what a command other than the FW CTL Pstat, will show the peak number of concurrent connections?
Options are :
- FW tab -t connections -S
(Correct)
- netstat -ni
- top
- None
- FW CTL get int fw_peak_connections
Answer : FW tab -t connections -S
The
company has grown considerably in recent months. You will see that new
connections will not be saved, but note that the connections table is
not full. You suspect that the memory kernel reserved for the firewall
has reached full capacity. Check â € € œMachine Capacity Summary
statistics you use the command:
Options are :
- FW ctl Pstat
(Correct)
- ps Aux
- cat / proc / net / capacity
- None
- top
Answer : FW ctl Pstat
156-315.77 Check Point Certified Security Expert Exam Set 10
Which command should be used to start the firewall administrator to debug SecureXL?
Options are :
- fwaccel dbg API + wordy add
- None
- fwaccel dbg -m
(Correct)
- SecureXL be dubugged and debug core to provide enough output to help the firewall administrator to understand the behavior of firewalls. The right to use the command has to debug FW CTL â € "m FW.
- fwaccel debug
Answer : fwaccel dbg -m
In the optimization, client firewall rule base, which is the best way to start your analysis?
Options are :
- Using Hit Count column.
- At the top of the rule base.
- The command stat fwaccel follow fwaccel statistics command.
(Correct)
- Using the new software Blade.
- None
Answer : The command stat fwaccel follow fwaccel statistics command.
What command displays the same information as fwaccel statistics?
Options are :
- None
- fwaccell Statistics
- cphaprob hconf
- cat / proc / PPK / cpls
- cat / proc / PPK / Statistics
(Correct)
Answer : cat / proc / PPK / Statistics
156-215.75 Check Point Certified Security Administrator Exam Set 3
Where would you find the processor information, including the model, the number of cores, the seller and architecture?
Options are :
- None
- WebUI
- Cpuinfo file in / proc.
(Correct)
- sysconfig
- Right click the gateway object to the Smart Dashboard and view
Answer : Cpuinfo file in / proc.
If you must use the Domain object rule base, where this rule be located?
Options are :
- None
- After the last rule to clean up the rule.
- 2. Up to rule.
- The last rule before the rule to clean up.
(Correct)
- The first rule Rule Base.
Answer : The last rule before the rule to clean up.
Oman
ARP cache is full undermine the user experience online experience.
Every command you can give to increase the ARP cache on the fly? You do
not need this to survive a reboot.
Options are :
- ARP cache table> 1024
- You can not enlarge the ARP cache on the fly.
- echo 1024> / proc / sys / net / IPv4 / neighbor / default / gc_thresh3
(Correct)
- None
- Edit /etc/sysctl.conf: net.ipv4.neigh.default.gc_thresh3 = 1024.
Answer : echo 1024> / proc / sys / net / IPv4 / neighbor / default / gc_thresh3
156-315.71 Check Point Security Expert R71 Practice Exam Set 5
Which command does not show the use of information related to memory?
Options are :
- FW ctl Pstat
- cat / proc / meminfo
- free
- memoryinfo.conf
(Correct)
- None
Answer : memoryinfo.conf
What version you can add the Proxy ARP entries through GAIA portal?
Options are :
- R77
- R76
- R77.10
- None
- R75.40
(Correct)
Answer : R75.40
According to which scenario you're likely to consider the use of Multi-Queue?
Options are :
- When you try to add a session rate.
- When IPS is in heavy use.
- When most of the processing is CoreXL
- When most of the traffic has picked up.
(Correct)
- None
Answer : When most of the traffic has picked up.
Check Point Certified Security Expert Exam Set 8
What
happens to the changes manually in the file $ FWDIR / conf / local.arp
in adding Proxy ARP entries Gaia via the portal or in Clish?
Options are :
- They will be replaced.
(Correct)
- They will be merged into the new entries are added from the Gaia Portal / Clish.
- Nothing.
- None
- If the file $ FWDIR / conf / local.arp has been edited by hand, you can not add the Proxy ARP entries Gaia through the portal or in Clish.
Answer : They will be replaced.
Which
of the following statements are true about SecureXL? I. SecureXL able
to accelerate all connections through the firewall. II. Medium path
acceleration still cause some CPU usage CoreXL hearts. III. F2F
connections are â € œforwarded to € firewallâ connections, which are not
accelerated and fully processed the core of the firewall. IV. SecureXL
through the packages must be checked before the kernel firewall
accelerated.
Options are :
- I, II, and III
- III and IV
- I and IV
- None
- II and III
(Correct)
Answer : II and III
You
will notice that the server open the Secure Platform system lags even
though you know you have plenty of memory, and the complexity of the
rule base has not changed significantly. Do you think that you update
frequency of the CPU speed can help performance. Every command can help
you see what the CPU speed and model are you using?
Options are :
- top
- None
- cat / proc / cpuinfo
(Correct)
- sysconfig
- FW tab
Answer : cat / proc / cpuinfo
156-315.77 Check Point Certified Security Expert Exam Set 9
What's with the flags of output fwaccel Conns?
Options are :
- Fast route packets
- Forward firewall
(Correct)
- Set debug flag
- None
- Flow was founded
Answer : Forward firewall
What is the command to check how many connections the firewall has detected that SecureXL device?
Options are :
- FW tab -t cphwd_db
(Correct)
- fwaccel Conns
- None
- FW tab connections
- FW tab connection grep pattern
Answer : FW tab -t cphwd_db
What is the equivalent access model input SecureXL connection table connection: â € œ10.0.0.100 1024> 216.239.59.59:80â€
Options are :
- 10.0.0.100: *> 216.239.59.59:*
- 10.0.0.100:1024> 216.239.59.59:80
- None
- 10.0.0.100:1024> 216.239.59.59:*
- 10.0.0.100: *> 216.239.59.59:80
(Correct)
Answer : 10.0.0.100: *> 216.239.59.59:80
Check Point Certified Security Administrator Set 3
To enable OSPF Secure Platform, but please note that the required gated daemon is not running. How can you take this?
Options are :
- None
- Enter cpconfig, type Y to advanced routing, type Y to start the Check Point services.
(Correct)
- More OSPF rule of the rule base.
- Enter cpconfig, type Y to OSPF, type Y to start the Check Point services.
- The command line enter the gated tellpm
Answer : Enter cpconfig, type Y to advanced routing, type Y to start the Check Point services.
156-315.71 Check Point Security Expert R71 Practice Exam Set 4
Jane wants to create a VPN using OSPF. What VPN edifice would you recommend?
Options are :
- Domain-based VPN
- The remote VPN
- Route-based VPN
(Correct)
- None
- Site-to-site VPN
Answer : Route-based VPN
CoreXL software architecture includes a Secure Network Dispatcher (SND). One of the responsibilities of the SND is:
Options are :
- To send a package safely through the physical connection
- Handling outgoing traffic for network interfaces
- Splits among the non-accelerated packet core cases
(Correct)
- Sends the packet to safely through the VPN link
- None
Answer : Splits among the non-accelerated packet core cases
You
are using the mapping process in your business environment (R77) and
need to find out the CPU, memory, disk space, and information about the
software blades available. What command can you use to collect this
information easily?
Options are :
- cpconfig
- cpview
(Correct)
- None
- SmartView Tracker
- FW ctl Pstat
Answer : cpview
156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7