156-115 Check Point Certified Security Master - Final Exam Set 6

What is the best way to see how the firewall is performing processing of packets the firewall on the road, including the use of resources?


Options are :

  • fwaccel Statistics
  • FW getperf
  • SecureXL stat
  • FW ctl Pstat (Correct)
  • None

Answer : FW ctl Pstat

Why not see CoreXL configuration functions cpconfig?


Options are :

  • CoreXL is to disable the policy.
  • None
  • CoreXL has not been approved.
  • A gateway is just one processor core. (Correct)
  • CoreXL is not enabled gateway object.

Answer : A gateway is just one processor core.

Which command allows you to change the firewall affinity and survive with a reboot of any kind of changes?


Options are :

  • fw affinity
  • sim affinity (Correct)
  • fw ctl affinity
  • None
  • sim affinity

Answer : sim affinity

156-315.77 Check Point Certified Security Expert Exam Set 1

Which routing protocols do not support the GAIA OS running VTIs?


Options are :

  • OSPF
  • static routes
  • BGP
  • RIPv1; RIPv2 (Correct)
  • None

Answer : RIPv1; RIPv2

What file owned by the global kernel values ??to survive a reboot that Check Point R77 gateway?


Options are :

  • $ FWDIR / boot / confwkern.conf
  • $ FWDIR / conf / fwkern.conf
  • None
  • $ FWDIR / boot / fwkern.conf
  • $ FWDIR / boot / modules / fwkern.conf (Correct)

Answer : $ FWDIR / boot / modules / fwkern.conf

What command would you use to check if CoreXL use?


Options are :

  • FW ctl multik stat (Correct)
  • cpconfig
  • FW ctl Pstat
  • fw ctl affinity -1
  • None

Answer : FW ctl multik stat

Check Point Certified Security Expert Exam Set 9

You find that some users complain about slow connection. You would like to review a summary of connections, such as what links are accelerated and those who are not. What command can I use?


Options are :

  • FW ctl Pstat
  • fwaccel Statistics -S (Correct)
  • fwaccel power
  • FW tab -t connections -S
  • None

Answer : fwaccel Statistics -S

Safety system administrator wants to increase the number of processing cores is a Check Point Security Gateway. He begins by increasing the number of cores, but the number of cases remain the core in the same way. What is the correct process to increase the number of cases of the core?


Options are :

  • Cpconfig- Checkpoint CoreXL- to change the firewall instances to determine how many firewall to allow cases-cpstop, cpstart
  • Cpconfig- Checkpoint CoreXL- to change the firewall instances to determine how many cases the firewall to allow re-start (Correct)
  • Cpconfig- Take a Check Point firewall CoreXL- change cases to determine how many firewall to allow cases-cprestart
  • Cpconfig- Take a Check Point firewall ClusterXL- change instances- determine how many cases the firewall to allow re-start
  • None

Answer : Cpconfig- Checkpoint CoreXL- to change the firewall instances to determine how many cases the firewall to allow re-start

What should I do after editing fwkern.conf to NAT designs?


Options are :

  • reboot (Correct)
  • None
  • Install policy
  • Install database
  • Make sure that the change is also reflected in Smartview Monitor

Answer : reboot

156-315.77 Check Point Certified Security Expert Exam Set 1

What kind of connections can not be templated?


Options are :

  • Complex such as FTP, H323, SQL, ETC (Correct)
  • UDP because it is not connection oriented
  • All connections, which contain items of NAT
  • None
  • TCP

Answer : Complex such as FTP, H323, SQL, ETC

What is the difference between the connection setup acceleration (templating) and traffic acceleration?


Options are :

  • These are the same technologies under different names.
  • Traffic will accelerate acceleration of only one connection, the connection will accelerate acceleration similar to traffic. (Correct)
  • None
  • Traffic will accelerate acceleration through hardware, and the connection is accelerated acceleration software.
  • The connection setup acceleration only accelerates one connection, while the acceleration accelerate traffic similar to traffic.

Answer : Traffic will accelerate acceleration of only one connection, the connection will accelerate acceleration similar to traffic.

Each menu shows the Firewall internal memory and traffic statistics?


Options are :

  • FW ctl Pstat (Correct)
  • cpstat os memory
  • None
  • cpstat os CPU
  • FW getifs

Answer : FW ctl Pstat

156-215.70 Check Point Certified Security Administrator Exam Set 9

You can check what is currently set to debug the kernel firewall Enter the command:


Options are :

  • FW ctl multistate
  • None
  • FW debug ctl
  • FW ctl Pstat
  • FW debug ctl (Correct)

Answer : FW debug ctl

How to Check Point Security Administrator enables NAT Models?


Options are :

  • None
  • Set the firewall object> NAT> Advanced Settings
  • Command syntax fw ctl plurality int cphwd_nat_templates_support 1 and fw ctl plurality int cphwd_nat_templates_enabled 1
  • Set Global Properties> NAT-Network Address Translation
  • Edit the file $ FWDIR / boot / modules / fwkern.conf lines cphwd_nat_templates_support = 1 and cphwd_nat_templates_enabled = 1. (Correct)

Answer : Edit the file $ FWDIR / boot / modules / fwkern.conf lines cphwd_nat_templates_support = 1 and cphwd_nat_templates_enabled = 1.

Misha working on stand-by firewall and removes connections to the error table. He notes that it is now on the table is synchronized with the Active Member. to get them completely in sync again, Mish should run the command, and a couple of ____________ __________.


Options are :

  • FW CTL setsync stop, FW CTL setsync on
  • FW CTL sync stops, FW ctl sync start
  • None
  • FW CTL setsync off, FW ctl setsync early (Correct)
  • FW CTL setsync off, the FW on the CTL setsync

Answer : FW CTL setsync off, FW ctl setsync early

156-215.75 Check Point Certified Security Administrator Exam Set 7

What is the end result, if you set the kernel parameters cphwd_nat_templates_enabled and cphwd_nat_templates_support?


Options are :

  • This would allow Hide NAT support.
  • These parameters are not valid.
  • These parameters are mutually exclusive and can not be used at the same time.
  • This would allow SecureXL NAT designs. (Correct)
  • None

Answer : This would allow SecureXL NAT designs.

In the delayed ClusterXL cluster synchronization, which of the following is not true?


Options are :

  • Delayed Synchronization occurs only connections matching SecureXL Connection
  • It applies only to TCP services, the type of which the Protocol is set to HTTP or anything.
  • The length of the time delay can be customized. (Correct)
  • None
  • Delayed synchronization is not available if the rule Track option is set to log or account.

Answer : The length of the time delay can be customized.

You want to make sure that the majority of the connections are optimized SecureXL. What you run the command to create this information?


Options are :

  • FW tab -t connections -S
  • None
  • sim_dbg -S
  • FW ctl Pstat
  • fwaccel Conns -S (Correct)

Answer : fwaccel Conns -S

Check Point Certified Security Expert Exam Set 12

How to determine the value of "Maximum simultaneous connections" NAT table?


Options are :

  • objects_5_0.C
  • fwx_auth
  • fwx_max_conns
  • fwx_alloc (Correct)
  • None

Answer : fwx_alloc

Base rule is not configured rule, which prevents the top of the templating rule base. How does this affect the traffic acceleration?


Options are :

  • Templates are disabled, but performance acceleration continues today. (Correct)
  • SecureXL is not in use.
  • None
  • The models are used in this rule, but it does not affect any other rule base.
  • The models are not in use, and throughput acceleration only works above the rules of this.

Answer : Templates are disabled, but performance acceleration continues today.

PXL considered what kind of acceleration?


Options are :

  • Medium Path (Correct)
  • slow Path
  • PXL is not related to acceleration
  • fast Path
  • None

Answer : Medium Path

156-315.77 Check Point Certified Security Expert Exam Set 5

When troubleshooting a performance issue multicore firewall that uses CoreXL, which is a command to check the number of connections for each core handles?


Options are :

  • Human affinity -l
  • None
  • FW ctl multik stat (Correct)
  • FW CTL Pstat
  • cat fwkern.conf

Answer : FW ctl multik stat

From the best practices from the perspective of how large a percentage of the packets should be speeded up?


Options are :

  • 75%
  • None
  • 65%
  • 100%
  • 90% (Correct)

Answer : 90%

What is the best way to see how much traffic went through the firewall, which was TCP, UDP and ICMP?


Options are :

  • FW ctl Pstat (Correct)
  • fwaccel Conns
  • FW tab connections
  • None
  • fwaccel Statistics

Answer : FW ctl Pstat

156-315.77 Check Point Certified Security Expert Exam Set 24

What do cphwd_nat_templates_enabled = 1, when it came fwkern.conf?


Options are :

  • Enables NAT models when SecureXL is on. (Correct)
  • Removes the NAT always designs.
  • None
  • Removes the NAT models when SecureXL is on.
  • Enables NAT always models

Answer : Enables NAT models when SecureXL is on.

f the number of employees for the firewall is set higher CoreXL one member of the cluster than the other, the cluster will be in what state?


Options are :

  • Active / Standby
  • Active / Completed (Correct)
  • None
  • Active Attention / Down
  • Active / Down

Answer : Active / Completed

What is the way to change the cores CoreXL to use?


Options are :

  • sysconfig
  • cpconfig (Correct)
  • SmartDashboard
  • CoreXL automatically detects the number of cores for system start-up so there is no method or reason to change the setting.
  • None

Answer : cpconfig

Check Point Certified Security Expert Exam Set 6

ACME Corp is a cluster consisting of two 13,500 devices. Since Firewall Administrator, you will notice that the top of the output, you see high CPU usage cores assigned as SNDs, but low CPU usage cores attached to individual fw_worker_X processes. What command should you run next to tune the performance of the cluster?


Options are :

  • None
  • fwaccel off "this will turn off SecureXL, which has caused SNDs be running high in the first place
  • FW CTL + debug cluster, all this seems to issue all connections ClusterXL and explain the use of a large processor of the device.
  • FW Connections tab, this displays a summary table of connections, and you can determine whether too much traffic passes through the firewall.
  • fwaccel Statistics show this acceleration profile, connections, and possibly why SNDs are on the surface, while the other cores running low. (Correct)

Answer : fwaccel Statistics show this acceleration profile, connections, and possibly why SNDs are on the surface, while the other cores running low.

When a member of the cluster is completely turned off, how to recognize another member, whether a network connection?


Options are :

  • Works Agency is looking for answers to traffic sent your internal hosts.
  • None
  • Works Agency becomes the default gateway for the ARP.
  • Works Agency ping IP subnet until you get an answer. (Correct)
  • Benefit body automatically assumes the connection.

Answer : Works Agency ping IP subnet until you get an answer.

You're setting up a dynamic VPN routing using OSPF. You have entered the gateway, created a fully meshed VPN community that includes everyone involved in the gateway; created a rule to accept OSPF dynamic routing and configured. OSPF adjacencies will not be created. Which of the following could explain why?


Options are :

  • Checkpoint is not supported by dynamic VPN using the OSPF routing.
  • None
  • You have not set VTIs. (Correct)
  • You need to create a VPN Star community.
  • Overlapping encryption domains.

Answer : You have not set VTIs.

156-115 Check Point Certified Security Master Practice Exam Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now