1. 156-115 Check Point Certified Security Master - Final Exam Set 5

156-115 Check Point Certified Security Master - Final Exam Set 5

In Wire mode. If the packet reaches the gateway from a trusted source and is intended for a trusted destination, the firewall is to do packet filtering in?


Options are :

  • Yes, the firewall is always stateful inspection.
  • No (Correct)
  • None
  • Yes, but only if SecureXL is not in use.
  • No, but IPS inspection is still enforced.

Answer : No

You have just configured the HA and noted that the connections are not synced. When you failover, users complain that they are losing their connections. What may you run the command to see the status of the synchronization process statistics?


Options are :

  • FW sync statistics
  • None
  • FW ctl Pstat (Correct)
  • FW CTL get int fw_state_sync_stats
  • cphaprob stat

Answer : FW ctl Pstat

156-315.77 Check Point Certified Security Expert Exam Set 19

The firewall administrator to know the details of the header of the packet, the firewall already established connection. What command will show if SecureXL accelerates the package?


Options are :

  • fwaccel Conns
  • fwaccel models (Correct)
  • FW tab connections | grep dest. port # | grep source port | grep dest. IP address
  • None
  • CTL + FW zdebug SXL Error Warning ASM

Answer : fwaccel models

It is to analyze firewall logs, / var / log / messages, and repeatedly refer to the following core message: "Nuclear: a neighbor table overflow 'What is the reason?


Options are :

  • OSPF neighbor down
  • a member of the cluster table overflow
  • None
  • Nothing, you can disconsider it.
  • The ARP cache overflow (Correct)

Answer : The ARP cache overflow

Gateway target is currently defined max connection count of 25k connections Smart Dashboard. Which of the following commands is displayed, the current and the peak connection drops?


Options are :

  • show connections to all
  • FW ctl Pstat (Correct)
  • FW ctl Conn
  • None
  • FW ctl chain

Answer : FW ctl Pstat

156-315.71 Check Point Security Expert R71 Practical Exam Set 6

How to check the general SecureXL statistics:


Options are :

  • fwaccel stat
  • fwaccel Conns
  • fwaccel site
  • cat / proc / PPK / Statistics (Correct)
  • None

Answer : cat / proc / PPK / Statistics

What command would you use if a specific connection speed up SecureXL?


Options are :

  • fwaccel Conns (Correct)
  • FW tab connections
  • fwaccel stat
  • None
  • FW ctl kdebug

Answer : fwaccel Conns

You have a user-specified SMTP trap configured to send an alert e-mail server, and you also have the SmartView Monitor configured to trigger an alarm when the policy is pushed gateway. However, you do not get any e-mails even if you are testing for pushing policies. What should be the process of troubleshooting is a Management Server?


Options are :

  • cpwd_admin
  • cpstat_monitor (Correct)
  • . fwd
  • FWM
  • None

Answer : cpstat_monitor

156-315.77 Check Point Certified Security Expert Exam Set 21

You have a requirement to implement a strict security policy. With this in mind, you must create a stealth rule. How does this affect your packet acceleration?


Options are :

  • There will be no impact, because the rules do not affect the stealth SecureXL. (Correct)
  • None
  • There will be no effect as long as the rule is not logged in.
  • NAT models will not work.
  • Use stealth delete rule SecureXL.

Answer : There will be no impact, because the rules do not affect the stealth SecureXL.

what a command other than the FW CTL Pstat, will show the peak number of concurrent connections?


Options are :

  • FW tab -t connections -S (Correct)
  • netstat -ni
  • top
  • None
  • FW CTL get int fw_peak_connections

Answer : FW tab -t connections -S

The company has grown considerably in recent months. You will see that new connections will not be saved, but note that the connections table is not full. You suspect that the memory kernel reserved for the firewall has reached full capacity. Check â € € œMachine Capacity Summary statistics you use the command:


Options are :

  • FW ctl Pstat (Correct)
  • ps Aux
  • cat / proc / net / capacity
  • None
  • top

Answer : FW ctl Pstat

156-315.77 Check Point Certified Security Expert Exam Set 10

Which command should be used to start the firewall administrator to debug SecureXL?


Options are :

  • fwaccel dbg API + wordy add
  • None
  • fwaccel dbg -m (Correct)
  • SecureXL be dubugged and debug core to provide enough output to help the firewall administrator to understand the behavior of firewalls. The right to use the command has to debug FW CTL â € "m FW.
  • fwaccel debug

Answer : fwaccel dbg -m

In the optimization, client firewall rule base, which is the best way to start your analysis?


Options are :

  • Using Hit Count column.
  • At the top of the rule base.
  • The command stat fwaccel follow fwaccel statistics command. (Correct)
  • Using the new software Blade.
  • None

Answer : The command stat fwaccel follow fwaccel statistics command.

What command displays the same information as fwaccel statistics?


Options are :

  • None
  • fwaccell Statistics
  • cphaprob hconf
  • cat / proc / PPK / cpls
  • cat / proc / PPK / Statistics (Correct)

Answer : cat / proc / PPK / Statistics

156-215.75 Check Point Certified Security Administrator Exam Set 3

Where would you find the processor information, including the model, the number of cores, the seller and architecture?


Options are :

  • None
  • WebUI
  • Cpuinfo file in / proc. (Correct)
  • sysconfig
  • Right click the gateway object to the Smart Dashboard and view

Answer : Cpuinfo file in / proc.

If you must use the Domain object rule base, where this rule be located?


Options are :

  • None
  • After the last rule to clean up the rule.
  • 2. Up to rule.
  • The last rule before the rule to clean up. (Correct)
  • The first rule Rule Base.

Answer : The last rule before the rule to clean up.

Oman ARP cache is full undermine the user experience online experience. Every command you can give to increase the ARP cache on the fly? You do not need this to survive a reboot.


Options are :

  • ARP cache table> 1024
  • You can not enlarge the ARP cache on the fly.
  • echo 1024> / proc / sys / net / IPv4 / neighbor / default / gc_thresh3 (Correct)
  • None
  • Edit /etc/sysctl.conf: net.ipv4.neigh.default.gc_thresh3 = 1024.

Answer : echo 1024> / proc / sys / net / IPv4 / neighbor / default / gc_thresh3

156-315.71 Check Point Security Expert R71 Practice Exam Set 5

Which command does not show the use of information related to memory?


Options are :

  • FW ctl Pstat
  • cat / proc / meminfo
  • free
  • memoryinfo.conf (Correct)
  • None

Answer : memoryinfo.conf

What version you can add the Proxy ARP entries through GAIA portal?


Options are :

  • R77
  • R76
  • R77.10
  • None
  • R75.40 (Correct)

Answer : R75.40

According to which scenario you're likely to consider the use of Multi-Queue?


Options are :

  • When you try to add a session rate.
  • When IPS is in heavy use.
  • When most of the processing is CoreXL
  • When most of the traffic has picked up. (Correct)
  • None

Answer : When most of the traffic has picked up.

Check Point Certified Security Expert Exam Set 8

What happens to the changes manually in the file $ FWDIR / conf / local.arp in adding Proxy ARP entries Gaia via the portal or in Clish?


Options are :

  • They will be replaced. (Correct)
  • They will be merged into the new entries are added from the Gaia Portal / Clish.
  • Nothing.
  • None
  • If the file $ FWDIR / conf / local.arp has been edited by hand, you can not add the Proxy ARP entries Gaia through the portal or in Clish.

Answer : They will be replaced.

Which of the following statements are true about SecureXL? I. SecureXL able to accelerate all connections through the firewall. II. Medium path acceleration still cause some CPU usage CoreXL hearts. III. F2F connections are â € œforwarded to € firewallâ connections, which are not accelerated and fully processed the core of the firewall. IV. SecureXL through the packages must be checked before the kernel firewall accelerated.


Options are :

  • I, II, and III
  • III and IV
  • I and IV
  • None
  • II and III (Correct)

Answer : II and III

You will notice that the server open the Secure Platform system lags even though you know you have plenty of memory, and the complexity of the rule base has not changed significantly. Do you think that you update frequency of the CPU speed can help performance. Every command can help you see what the CPU speed and model are you using?


Options are :

  • top
  • None
  • cat / proc / cpuinfo (Correct)
  • sysconfig
  • FW tab

Answer : cat / proc / cpuinfo

156-315.77 Check Point Certified Security Expert Exam Set 9

What's with the flags of output fwaccel Conns?


Options are :

  • Fast route packets
  • Forward firewall (Correct)
  • Set debug flag
  • None
  • Flow was founded

Answer : Forward firewall

What is the command to check how many connections the firewall has detected that SecureXL device?


Options are :

  • FW tab -t cphwd_db (Correct)
  • fwaccel Conns
  • None
  • FW tab connections
  • FW tab connection grep pattern

Answer : FW tab -t cphwd_db

What is the equivalent access model input SecureXL connection table connection: â € œ10.0.0.100 1024> 216.239.59.59:80â€


Options are :

  • 10.0.0.100: *> 216.239.59.59:*
  • 10.0.0.100:1024> 216.239.59.59:80
  • None
  • 10.0.0.100:1024> 216.239.59.59:*
  • 10.0.0.100: *> 216.239.59.59:80 (Correct)

Answer : 10.0.0.100: *> 216.239.59.59:80

Check Point Certified Security Administrator Set 3

To enable OSPF Secure Platform, but please note that the required gated daemon is not running. How can you take this?


Options are :

  • None
  • Enter cpconfig, type Y to advanced routing, type Y to start the Check Point services. (Correct)
  • More OSPF rule of the rule base.
  • Enter cpconfig, type Y to OSPF, type Y to start the Check Point services.
  • The command line enter the gated tellpm

Answer : Enter cpconfig, type Y to advanced routing, type Y to start the Check Point services.

156-315.71 Check Point Security Expert R71 Practice Exam Set 4

Jane wants to create a VPN using OSPF. What VPN edifice would you recommend?


Options are :

  • Domain-based VPN
  • The remote VPN
  • Route-based VPN (Correct)
  • None
  • Site-to-site VPN

Answer : Route-based VPN

CoreXL software architecture includes a Secure Network Dispatcher (SND). One of the responsibilities of the SND is:


Options are :

  • To send a package safely through the physical connection
  • Handling outgoing traffic for network interfaces
  • Splits among the non-accelerated packet core cases (Correct)
  • Sends the packet to safely through the VPN link
  • None

Answer : Splits among the non-accelerated packet core cases

You are using the mapping process in your business environment (R77) and need to find out the CPU, memory, disk space, and information about the software blades available. What command can you use to collect this information easily?


Options are :

  • cpconfig
  • cpview (Correct)
  • None
  • SmartView Tracker
  • FW ctl Pstat

Answer : cpview

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

Recommended Readings

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions