156-115 Check Point Certified Security Master Practice Exam Set 4

You have spent time configuring the IPS profile on your primary gateway firewall. You want to ensure that this profile can be applied to all gateway firewalls in your environment. How can you share this information between firewalls?


Options are :

  • From the Smart Dashboard IPS tab select export IPS profiles and select the gateway to send this export to.
  • From the command line, run: ips_export_import export [-o ] [-p ]. (Correct)
  • From the command line, run: ips_export [-o ] [-p ].
  • IPS profiles must be manually configured on each gateway.

Answer : From the command line, run: ips_export_import export [-o ] [-p ].

Your Customer would like to enable IPS in his Corporate Cluster, but he is concerned about high CPU usage because if the IPS inspection. What feature would you configure to disable inspection if a high CPU usage develops?


Options are :

  • Bypass Inspection. (In IPS Option on Gateway Properties)
  • Disable Inspection. (In IPS Option on Gateway Properties)
  • Bypass Under Load. (In IPS Option on Gateway Properties) (Correct)
  • It is not possible. In this case no enable IPS

Answer : Bypass Under Load. (In IPS Option on Gateway Properties)

How would one enable „INSPECT debugging? if one suspects IPS false positives?


Options are :

  • Toggle the checkbox in Global Properties > Firewalls > Inspection section.
  • Set the following parameter to true using GuiDBedit: enable_inspect_debug_compilation (Correct)
  • Run command fw ctl set int enable_inspect_debug 1 from the command line.
  • WebUI

Answer : Set the following parameter to true using GuiDBedit: enable_inspect_debug_compilation

156-315.77 Check Point Certified Security Expert Exam Set 6

In R77, Under what circumstances would IPS bypass be enforced?


Options are :

  • Single CoreXL fw instance usage over „Low? threshold, Average Memory over „High? threshold
  • Average CPU over „High? threshold, Average Memory over „High? threshold
  • Average CPU over „High? threshold, Average Memory over „Low? threshold
  • Single CoreXL fw instance usage over „High? threshold, Average Memory over „High? threshold (Correct)

Answer : Single CoreXL fw instance usage over „High? threshold, Average Memory over „High? threshold

You would like to import SNORT rules but to comply with corporate policy you need to test the conversion prior to import. How can you do this?


Options are :

  • Check Point does not support third party signatures.
  • Under the IPS tree Protections > By Protocol > IPS Software Blade > Application Intelligence > SNORT import and select the SNORT import option.
  • SnortConvertor update -f --dry-run (Correct)
  • You must manually review each signature.

Answer : SnortConvertor update -f --dry-run

You are a system administrator and would like to configure Geo Protection on your gateway to comply with a new corporate policy. What must you have to do this?


Options are :

  • DNS resolution on the gateway
  • The latest IPS update
  • Valid IPS contract and software blade licensing (Correct)
  • Geo Protection is enabled by default

Answer : Valid IPS contract and software blade licensing

156-315.71 Check Point Security Expert R71 Practical Exam Set 6

In IPS which of the two initial profiles is the more resource intensive?


Options are :

  • Recommended
  • Prevention
  • Default (Correct)
  • Standard

Answer : Default

You are adding a new gateway into your network. You must make sure that it is running the latest Corporate approved IPS profile. How can you get this information to your new gateway?


Options are :

  • IPS profiles must be manually configured on each gateway.
  • From the command line, run: ips_export_import import -f [-p ]. (Correct)
  • From the command line, run: ips_import -f [-p ].
  • From the Smart Dashboard IPS tab select import IPS profiles and select the gateway to get the profile from

Answer : From the command line, run: ips_export_import import -f [-p ].

“If the machine is under stress, we do not want to leave the stress condition due to a single measurement (which could be an anomaly), but rather wait for a given length of time, before changing the condition.” ...describes which of the following “Bypass under Load” setting kernel parameters?


Options are :

  • ids_assume_stress (Correct)
  • ids_timeout
  • ids_tolerance_stress
  • ide_tolerance_no_stress

Answer : ids_assume_stress

156-315.77 Check Point Certified Security Expert Exam Set 4

What is required when changing the configuration of the number of workers in CoreXL?


Options are :

  • A policy installation
  • A reboot (Correct)
  • cpstop/cpstart
  • evstop/evstart

Answer : A reboot

You are troubleshooting an issue for your HR team. One of the users is using IP 10.10.10.24. They having been trying to access the vacation servers but all connections are failing. You have checked the logs and do not see any dropped traffic. You have a suspicion that the drop is not being logged. What command could you use to confirm this?


Options are :

  • fw -t connections -s
  • fw ctl pstat host 10.10.10.24
  • fw ctl zdebug + log dynlog (Correct)
  • You cannot run a command for this; you must enable logging on all rules

Answer : fw ctl zdebug + log dynlog

When performing a Clean IPS procedure to resolve a corrupt IPS files issue, what file is modified in order for the SDUU process to automatically update the IPS files after completing the procedure?


Options are :

  • asm.C (Correct)
  • objects_5_0.C
  • inspect.C
  • profiles.C

Answer : asm.C

Check Point Certified Security Expert Exam Set 1

You have created a number of profiles and activated the relevant protections. Afterwards, you decide that the „Enterprise gateway? should allow instant messaging. The current profile enabled for Enterprise gateway blocks instant messaging. The profile for the Enterprise gateway is currently being used on the Voyager gateway and the Bird of Prey gateway. What is the best process for making this change on the Enterprise gateway only?


Options are :

  • Create a rule allowing that traffic and install it on the Enterprise gateway
  • Edit the existing profile
  • Create an exception for the Enterprise gateway (Correct)
  • Create a new profile and apply to the Enterprise gateway

Answer : Create an exception for the Enterprise gateway

Where do you run the command get_ips_statistics.sh from?


Options are :

  • $FWDIR/conf on the gateway
  • $FWDIR/scripts on the Management Server (Correct)
  • $FWDIR/scripts on the gateway
  • $FWDIR/conf on the Management Server

Answer : $FWDIR/scripts on the Management Server

What does the output of the commands fw ctl multik stat and fw6ctl multik stat show?


Options are :

  • Information for each kernel instance. The output displays state and processing core number of each instance. (Correct)
  • The number of Firewall Kernels that are installed.
  • Which CPU cores are Kernel and SND bound cores.
  • Only the number of total connections currently being handled by all Kernels on a CoreXL enabled firewalls.

Answer : Information for each kernel instance. The output displays state and processing core number of each instance.

156-315.77 Check Point Certified Security Expert Exam Set 1

You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you see when these were updated?


Options are :

  • Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv. (Correct)
  • In the IPS tree Protections > Select Check for Update.
  • Check asm_update_version_geo in GuiDBedit.
  • In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy.

Answer : Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv.

You want to enable OSPF on Secure Platform, but you notice that the required gated daemon is not running. How can you enable this?


Options are :

  • Add an OSPF rule to your Rule Base.
  • Enter cpconfig, type Y to enable OSPF, type Y to restart Check Point services.
  • Enter cpconfig, type Y to enable Advanced Routing, type Y to restart Check Point services. (Correct)
  • At the command prompt enter tellpm gated

Answer : Enter cpconfig, type Y to enable Advanced Routing, type Y to restart Check Point services.

Check Point Certified Security Administrator Set 4

What is the method to change the number of cores that CoreXL will use?


Options are :

  • SmartDashboard
  • sysconfig
  • cpconfig (Correct)
  • CoreXL automatically recognizes the number of cores on a system at startup so there is no method or reason to modify the setting.

Answer : cpconfig

What is the best way to see how much traffic went through the firewall that was TCP, UDP and ICMP?


Options are :

  • fwaccel conns
  • fw ctl pstat (Correct)
  • fw tab –t connections –p
  • fwaccel stats

Answer : fw ctl pstat

You are configuring dynamic VPN routing using OSPF. You have defined the gateways, created a fully meshed VPN Community that includes all participating Gateways; created a rule to accept OSPF and configured dynamic routing. OSPF adjacencies are not establishing. Which of the following could explain why?


Options are :

  • Check Point does not support dynamic VPN routing using OSPF.
  • You have overlapping encryption domains.
  • You have not configured VTIs. (Correct)
  • You must to create a VPN star community.

Answer : You have not configured VTIs.

156-315.77 Check Point Certified Security Expert Exam Set 1

PXL is considered to be what type of acceleration?


Options are :

  • Medium Path (Correct)
  • Slow Path
  • PXL is not related to acceleration
  • Fast Path

Answer : Medium Path

f the number of Firewall Workers for CoreXL is set higher on one member of a cluster than the other, the cluster will be in what state?


Options are :

  • Active/Ready (Correct)
  • Active Attention/Down
  • Active/Down
  • Active/Standby

Answer : Active/Ready

A Rule Base has been improperly configured with a rule which disables templating at the top of the Rule Base. How will this impact traffic acceleration?


Options are :

  • Templates are disabled but throughput acceleration is still taking place. (Correct)
  • Templates are disabled for this rule but it does not impact the rest of the Rule Base.
  • Templates are disabled, and throughput acceleration only functions for rules above this one.
  • SecureXL is disabled.

Answer : Templates are disabled but throughput acceleration is still taking place.

Check Point Certified Security Expert Exam Set 10

A Security Administrator wants to increase the amount of processing cores on a Check Point Security Gateway. He starts by increasing the number of cores, however the number of kernel instances remain the same way. What is the correct process to increase the number of kernel instances?


Options are :

  • Cpconfig- Enable Check Point ClusterXL- Change the number of firewall instances- define how many firewall instances to enable-reboot
  • Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-reboot (Correct)
  • Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cpstop,cpstart
  • Cpconfig- Enable Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cprestart

Answer : Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

What does “cphwd_nat_templates_enabled=1” do when entered into fwkern.conf?


Options are :

  • Enables NAT templates when SecureXL is turned on. (Correct)
  • Enables NAT templates at all times
  • Disables NAT templates when SecureXL is turned on.
  • Disables NAT templates at all times.

Answer : Enables NAT templates when SecureXL is turned on.

The CoreXL software architecture includes the Secure Network Dispatcher (SND). One of the responsibilities of SND is to:


Options are :

  • Dispatch the packet securely through the VPN link
  • Distribute non-accelerated packets among kernel instances (Correct)
  • Processing outgoing traffic from the network interfaces
  • Dispatch the packet securely through the physical link

Answer : Distribute non-accelerated packets among kernel instances

156-315.77 Check Point Certified Security Expert Exam Set 8

You are running an inventory process within your corporate environment (R77) and need to find out CPU, memory, disk space, and information regarding the software blades enabled. What command could you use to easily gather this information?


Options are :

  • fw ctl pstat
  • SmartView Tracker
  • cpview (Correct)
  • cpconfig

Answer : cpview

What command would you use to check if CoreXL is enabled?


Options are :

  • fw ctl pstat
  • cpconfig
  • fw ctl multik stat (Correct)
  • fw ctl affinity -1

Answer : fw ctl multik stat

What should you do after editing fwkern.conf to enable NAT templates?


Options are :

  • Reboot (Correct)
  • Install policy
  • Make sure the change shows up in Smartview Monitor
  • Install database

Answer : Reboot

156-215.77 Check Point Certified Security Administrator Exam Set 6

Which file holds global Kernel values to survive reboot in a Check Point R77 gateway?


Options are :

  • $FWDIR/boot/fwkern.conf
  • $FWDIR/conf/fwkern.conf
  • $FWDIR/boot/modules/fwkern.conf (Correct)
  • $FWDIR/boot/confwkern.conf

Answer : $FWDIR/boot/modules/fwkern.conf

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions