156-115 Check Point Certified Security Master Practice Exam Set 8

Since R76 GAiA, what is the method for configuring proxy ARP entries for manual NAT rules?


Options are :

  • WebUI or add proxy ARP ... commands via CLISH (Correct)
  • local.arp file
  • SmartDashboard
  • SmartView Tracker

Answer : WebUI or add proxy ARP ... commands via CLISH

Which file should be edited to modify ClusterXL VIP Hide NAT rules, and where?


Options are :

  • $FWDIR/lib/table.def on the SMC (Correct)
  • $FWDIR/lib/table.def on the cluster members
  • $FWDIR/lib/base.def on the cluster members
  • $FWDIR/lib/base.def on the SMC

Answer : $FWDIR/lib/table.def on the SMC

With the default ClusterXL settings what will be the state of an active gateway upon using the command ClusterXL_admin up?


Options are :

  • Down
  • Ready
  • Standby (Correct)
  • Active

Answer : Standby

Each connection allowed by a Security Gateway, will have a real entry and some symbolic link entries in the connections state table. The symbolic link entries point back to the real entry using this:


Options are :

  • 6-tuple. (Correct)
  • memory pointer.
  • serial number of the real entry.
  • date and time of the connection establishment.

Answer : 6-tuple.

In some situations, switches may not play nicely with a Check Point Cluster and it is necessary to change from multicast to broadcast. What command should you invoke to correct the issue?


Options are :

  • set ccp broadcast
  • cphaconf set_ccp broadcast (Correct)
  • cpha_conf set ccp broadcast
  • This can only be changed via GuiDbEdit.

Answer : cphaconf set_ccp broadcast

Which command would a troubleshooter use to verify table connection info (peak, concurrent) and verify information about cluster synchronization state?


Options are :

  • fw ctl pstat
  • Show info all (Correct)
  • fw tab –t connections –s
  • fw ctl multik stat

Answer : Show info all

Which of the following is NOT a cphaprob status?


Options are :

  • “Down Attention” (or “Down!” in VSX mode) (Correct)
  • “Active”
  • “Backup”
  • “Standby”

Answer : “Down Attention” (or “Down!” in VSX mode)

Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?


Options are :

  • The source IP of the packet.
  • The source MAC address of the packet.
  • The packet has a TTL value of less than 255. (Correct)
  • The destination IP of the packet.

Answer : The packet has a TTL value of less than 255.

Which FW-1 kernel flags should be used to properly debug and troubleshoot NAT issues?


Options are :

  • nat, drop, conn, xlate, filter, ioctl
  • nat, xlate, fwd, vm, ld, chain
  • nat, xltrc, xlate, drop, conn, vm (Correct)
  • nat, route, conn, fwd, zeco, err

Answer : nat, xltrc, xlate, drop, conn, vm

After creating and pushing out a new policy, Joe finds that an old connection is still being allowed that should have been closed after his changes. He wants to delete the connection on the gateway, and looks it up with fw tab –t connections –u. Joe finds the connection he is looking for. What command should Joe use to remove this connection? <0,a128c22,89,a158508,89,11;10001,2281,25,15b,a1,4ecdfeee,ac,691400ac,7b6,3e,ffffffff,3c,3 c, 0,0,0,0,0,0,0,0,0,0,0,0,0,0>


Options are :

  • fw tab –t connections –x –d “00000000,a128c22,00000089,0a158508,00000089,00000011"
  • fw tab –t connections –x –e "0,a128c22,00000089,0a158508,00000089,00000011" (Correct)
  • fw tab –t connections –x –d “00000000,a128c22,00000089,0a158508,00000089,00000011"
  • fw tab –t connections –x –d “0,a128c22,89,0a158508,89,11"

Answer : fw tab –t connections –x –e "0,a128c22,00000089,0a158508,00000089,00000011"

Adam wants to find idle connections on his gateway. Which command would be best suited for viewing the connections table?


Options are :

  • fw tab -t connections –s
  • fw tab -t connections
  • fw tab -t connections –x
  • fw tab -t connections -u –f (Correct)

Answer : fw tab -t connections -u –f

Which command should you use to stop kernel module debugging (excluding SecureXL)?


Options are :

  • fw ctl zdebug - all
  • fw debug fwd off
  • fw ctl debug 0 (Correct)
  • fw debug fwd off; vpn debug off

Answer : fw ctl debug 0

In a production environment, your gateway is configured to apply a Hide NAT for all internal traffic destined to the Internet. However, you are setting up a VPN tunnel with a remote gateway, and you are concerned about the encryption domain that you need to define on the remote gateway. Does the remote gateway need to include your production gateway?s external IP in its encryption domain?


Options are :

  • No – all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, will have the same internal source and destination IP addresses. (Correct)
  • No – all packets destined through a VPN will leave with original source and destination packets without translation.
  • Yes – all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, the packet will contain the source IP of the Gateway because of Hide NAT.
  • Yes – The gateway will apply the Hide NAT for this VPN traffic.

Answer : No – all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, will have the same internal source and destination IP addresses.

Which command clears all the connection table entries on a Security Gateway?


Options are :

  • fw tab –t connetion –u
  • fw ctl tab –t connetions –u
  • fw tab –t connections -x (Correct)
  • fw tab –t connetion -s

Answer : fw tab –t connections -x

When viewing a NAT Table, What represents the second hexadecimal number of the 6- tuple:


Options are :

  • Protocol
  • Source port
  • Destination port
  • Source IP (Correct)

Answer : Source IP

What would be a reason for changing the “Magic MAC”?


Options are :

  • To allow the two cluster members to use the same virtual IP address.
  • To allow for automatic upgrades.
  • To allow two or more cluster members to exist on the same network.
  • To allow two or more clusters to exist on the same network. (Correct)

Answer : To allow two or more clusters to exist on the same network.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions