When troubleshooting a performance problem on multicore firewall that is using CoreXL, what command checks the number of connections each core is processing?

Options are :

• fw ctl multik stat (Correct)
• sim affinity -l
• cat fwkern.conf
• fw CTL pstat

Answer : fw ctl multik stat

What is the difference between “connection establishment acceleration” (templating) and “traffic acceleration”?

Options are :

• “Connection establishment acceleration” only accelerates a single connection, while “traffic acceleration” accelerates similar traffic.
• “Traffic acceleration” only accelerates a single connection, while “connection establishment acceleration” accelerates similar traffic. (Correct)
• These are the same technologies with different names.
• “Traffic acceleration” is accelerated through hardware, and “connection establishment acceleration” is accelerated in software.

Answer : “Traffic acceleration” only accelerates a single connection, while “connection establishment acceleration” accelerates similar traffic.

156-315.77 Check Point Certified Security Expert Exam Set 8

Why would you not see a CoreXL configuration option in cpconfig?

Options are :

• CoreXL is not licensed.
• CoreXL is not enabled in the gateway object.
• The gateway only has one processor core. (Correct)
• CoreXL is disabled via policy.

Answer : The gateway only has one processor core.

Which command will allow you to change firewall affinity and survive a reboot with no further modification?

Options are :

• fw affinity –l
• sim affinity –s (Correct)
• sim affinity –l
• fw ctl affinity –s

Answer : sim affinity –s

How does the Check Point Security Administrator enable NAT Templates?

Options are :

• Set Firewall object > NAT > Advanced
• Run commands with syntax fw ctl set int cphwd_nat_templates_support 1 and fw ctl set int cphwd_nat_templates_enabled 1
• Set Global properties > NAT-Network address translation
• Edit file $FWDIR/boot/modules/fwkern.conf with the lines “cphwd_nat_templates_support=1” and “cphwd_nat_templates_enabled=1”. (Correct)

Answer : Edit file $FWDIR/boot/modules/fwkern.conf with the lines “cphwd_nat_templates_support=1” and “cphwd_nat_templates_enabled=1”.

Check Point Certified Security Administrator Set 3

To check what is currently set in the Firewall kernel debug input the command:

Options are :

• fw ctl debug –x
• fw ctl debug (Correct)
• fw ctl pstat
• fw ctl multistate

Answer : fw ctl debug

You want to verify that the majority of your connections are being optimized by SecureXL. What command would you run to establish this information?

Options are :

• sim_dbg -s
• fwaccel conns -s (Correct)
• fw tab -t connections -s
• fw ctl pstat

Answer : fwaccel conns -s

Which command displays FireWall internal statistics about memory and traffic?

Options are :

• cpstat os –f memory
• fw getifs
• cpstat os –f cpu
• fw ctl pstat (Correct)

Answer : fw ctl pstat

156-315.71 Check Point Security Expert R71 Practice Exam Set 5

ACME Corp has a cluster consisting of two 13500 appliances. As the Firewall Administrator, you notice that on an output of top, you are seeing high CPU usage of the cores assigned as SNDs, but low CPU usage on cores assigned to individual fw_worker_X processes. What command should you run next to performance tune your cluster?

Options are :

• fw ctl debug –m cluster + all – this will show you all the connections being processed by ClusterXL and explain the high CPU usage on your appliance.
• fw tab –t connections –s – this will show you a summary of your connections table, and allow you to determine whether there is too much traffic traversing your firewall.
• fwaccel stats –s – this will show you the acceleration profile of your connections and potentially why your SNDs are running high while other cores are running low. (Correct)
• fwaccel off – this will turn off SecureXL, which is causing your SNDs to be running high in the first place

Answer : fwaccel stats –s – this will show you the acceleration profile of your connections and potentially why your SNDs are running high while other cores are running low.

From a Best Practices perspective, what percentage of your packets should be accelerated?

Options are :

• 75%
• 65%
• 90% (Correct)
• 100%

Answer : 90%

How would you determine the value of 'Maximum concurrent connections' of the NAT Table?

Options are :

• fwx_max_conns
• fwx_auth
• fwx_alloc (Correct)
• objects_5_0.C

Answer : fwx_alloc

156-315.77 Check Point Certified Security Expert Exam Set 7

What is one way to check cluster status on two gateways running in HA mode?

Options are :

• cphaprob stat (Correct)
• show cluster
• show cluster ha status
• cp ha prob stat

Answer : cphaprob stat

In a ClusterXL cluster with delayed synchronization, which of the following is not true?

Options are :

• The length of time for the delay can be edited. (Correct)
• Delayed Synchronization is performed only for connections matching a SecureXL Connection
• Delayed Synchronization is disabled if the Track option in the rule is set to Log or Account.
• It applies only to TCP services whose Protocol Type is set to HTTP or None.

Answer : The length of time for the delay can be edited.

What command displays the Connections Table for a specified CoreXL firewall instance?

Options are :

• fw tab –t connection | grep fw
• fw tab –t connections –s
• fw tab –t connections
• fw -i FW_INSTANCE_ID tab -t connections [flags] (Correct)

Answer : fw -i FW_INSTANCE_ID tab -t connections [flags]

Check Point Certified Security Expert Exam Set 5

What will be the outcome if you set the kernel parameters cphwd_nat_templates_enabled and cphwd_nat_templates_support?

Options are :

• This would enable SecureXL NAT templates. (Correct)
• These parameters are mutually exclusive and cannot be used at the same time.
• These are not valid parameters.
• This would enable Hide NAT support.

Answer : This would enable SecureXL NAT templates.

A firewall has 8 CPU cores and the correct license. CoreXL is enabled. How could you set kernel instance #3 to run on processing core #5?

Options are :

• fw ctl affinity -s -k 3 5 (Correct)
• Edit the file fwaffinity.conf and add the line “k3 cpuid 5”
• Run fwaffinity_apply –t 3 -k 5 and then check that the settings have taken affect with the command fw ctl multik stat.
• This is not possible CoreXL is best left to manage the Kernel to CPU core mappings. It is only when a daemon is bound to a dedicated core that CoreXL will ignore that CPU core when mapping Kernel instances to CPU cores.

Answer : fw ctl affinity -s -k 3 5

CoreXL on IPSO R77.20 does NOT support which of the following features?

Options are :

• Overlapping NAT
• Check Point QoS (Correct)
• IPv6
• Route-based VPN

Answer : Check Point QoS

Check Point Certified Security Expert Exam Set 2

What command verifies which core each gateway interface and firewall instance is currently running on?

Options are :

• show corexl stat
• fw ctl pstat
• fw ctl affinity -l (Correct)
• fw accel stat

Answer : fw ctl affinity -l

Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .

Options are :

• fw ctl setsync stop, fw ctl setsync on
• fw ctl sync stop, fw ctl sync start
• fw ctl setsync off, fw ctl setsync on
• fw ctl setsync off, fw ctl setsync start (Correct)

Answer : fw ctl setsync off, fw ctl setsync start

What type of connections cannot be templated?

Options are :

• Complex connections such as FTP, H323, SQL, ETC (Correct)
• UDP because it is not connection oriented
• Any connections that contain Hide NAT
• TCP

Answer : Complex connections such as FTP, H323, SQL, ETC

Check Point Certified Security Administrator Set 1

Jane wants to create a VPN using OSPF. Which VPN configuration would you recommend she use?

Options are :

• Site-to-site VPN
• Domain-based VPN
• Route-based VPN (Correct)
• Remote-access VPN

Answer : Route-based VPN

Where would you go to adjust the number of Kernels in CoreXL?

Options are :

• Cpconfig (Correct)
• fw ctl multik stat
• fw ctl affinity
• fw ctl conf

Answer : Cpconfig

Which routing protocols are not supported with GAIA OS running VTIs?

Options are :

• Static routes
• BGP
• OSPF
• RIPv1; RIPv2 (Correct)

Answer : RIPv1; RIPv2

156-315.77 Check Point Certified Security Expert Exam Set 3

You are finding that some users are complaining about slow connection speed. You would like to review a summary of your connections, including which connections are accelerated and those that are not. What command could you use?

Options are :

• fw ctl pstat
• fw tab -t connections -s
• fwaccel stats -s (Correct)
• fwaccel perf

Answer : fwaccel stats -s

What is the best way to see how a firewall is performing while processing packets in the firewall path, including resource usage?

Options are :

• fw getperf
• fwaccel stats
• fw ctl pstat (Correct)
• SecureXL stat

Answer : fw ctl pstat

When a cluster member is completely powered down, how will the other member identify if there is network connectivity?

Options are :

• The working member will look for replies to traffic sent from internal hosts.
• The working member will Ping IPs in the subnet until it gets a response. (Correct)
• The working member will ARP for the default gateway.
• The working member will automatically assume connectivity.

Answer : The working member will Ping IPs in the subnet until it gets a response.

156-315.77 Check Point Certified Security Expert Exam Set 16

Which command will NOT display information related to memory usage?

Options are :

• free
• memoryinfo.conf (Correct)
• fw ctl pstat
• cat /proc/meminfo

Answer : memoryinfo.conf

156-315.77 Check Point Certified Security Expert Exam Set 6

You have a requirement to implement a strict security policy. With this in mind, you must create a stealth rule. How will this impact your packet acceleration?

Options are :

• NAT templates will not work.
• There will be no impact, since stealth rules do not affect SecureXL. (Correct)
• Using a stealth rule disables SecureXL.
• There will be no impact as long as the rule is not logged.

Answer : There will be no impact, since stealth rules do not affect SecureXL.

What is the command to check how many connections the firewall has detected for the SecureXL device?

Options are :

• fw tab –t connections –s
• fw tab -t cphwd_db –s (Correct)
• fw tab –t connection –s | grep template
• fwaccel conns

Answer : fw tab -t cphwd_db –s

What do the „F? flags mean in the output of fwaccel conns?

Options are :

• Fast path packets
• Flag set for debug
• Forward to firewall (Correct)
• Flow established

Answer : Forward to firewall

156-315.77 Check Point Certified Security Expert Exam Set 1

Recommended Readings

• 156-315.77 Check Point Certified Security Expert Exam Set 5
• 156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 2
• Check Point Certified Security Administrator Set 5
• Check Point Certified Security Expert Exam Set 7
• Check Point Certified Security Expert Exam Set 7
• 156-315.77 Check Point Certified Security Expert Exam Set 22
• 156-315.77 Check Point Certified Security Expert Exam Set 6
• Check Point Certified Security Administrator Set 3
• 156-315.77 Check Point Certified Security Expert Exam Set 23
• 156-315.77 Check Point Certified Security Expert Exam Set 4
• 156-315.77 Check Point Certified Security Expert Exam Set 4