156-115 Check Point Certified Security Master Practice Test Set 6

Which of the following items is NOT part of the columns of the chain modules?


Options are :

  • Function Pointer
  • Chain position
  • Module location
  • Inbound/Outbound chain (Correct)

Answer : Inbound/Outbound chain

156-315.77 Check Point Certified Security Expert Exam Set 4

Ann wants to hide FTP traffic behind the virtual IP of her cluster. Where is the relevant file
table.def located to make this modification?


Options are :

  • $FWDIR/conf/table.def
  • $FWDIR/bin/table.def
  • $FWDIR/lib/table.def (Correct)
  • $FWDIR/log/table.def

Answer : $FWDIR/lib/table.def

For URL Filtering in the Cloud in R75 and above, what table is used to contain the URL Filtering
cache values?


Options are :

  • urlf_blade_on_gw
  • urlf_cache_tbl
  • url_scheme_tab
  • urlf_cache_table (Correct)

Answer : urlf_cache_table

When finished running a debug on the Management Server using the command fw debug fwm on
how do you turn this debug off?


Options are :

  • fw ctl debug off
  • fw debug off
  • fwm debug off
  • fw debug fwm off (Correct)

Answer : fw debug fwm off

156-315.77 Check Point Certified Security Expert Exam Set 1

Which directory below contains the URL Filtering engine update info? Here you can also go to
see the status of the URL Filtering and Application Control updates.


Options are :

  • $FWDIR/appi/urlf
  • $FWDIR/appi/update (Correct)
  • $FWDIR/update/appi
  • $FWDIR/urlf/update

Answer : $FWDIR/appi/update

Where in a fw monitor output would you see destination address translation occur in cases of
inbound automatic static NAT?


Options are :

  • Static NAT does not adjust the destination IP .
  • Between the o and O
  • Between the I and o
  • Between the i and I (Correct)

Answer : Between the i and I

You have set up a manual NAT rule, however fw monitor shows you that the device still uses the
automatic Hide NAT rule. How should you correct this?


Options are :

  • In Global Properties > NAT ensure that Merge Automatic to Manual NAT is selected.
  • . Move your manual NAT rule above the automatic NAT rule. (Correct)
  • Set the following fwx_alloc_man kernel parameter to 1.
  • In Global Properties > NAT ensure that server side NAT is enabled.

Answer : . Move your manual NAT rule above the automatic NAT rule.

Check Point Certified Security Expert Exam Set 8

The "Hide internal networks behind the Gateway's external IP" option is selected. What defines
what traffic will be NATted?


Options are :

  • The VPN encryption domain of the gateway object
  • The topology configuration of the gateway object (Correct)
  • The network objects configured for the network
  • The Firewall policy of the gateway

Answer : The topology configuration of the gateway object

When viewing a NAT Table, What represents the second hexadecimal number of the 6-tuple:


Options are :

  • Source port
  • Protocol
  • . Source IP (Correct)
  • Destination port

Answer : . Source IP

You are troubleshooting a Security Gateway, attempting to determine which chain is causing a
problem. What command would you use to show all the chains through which traffic passed?


Options are :

  • [Expert@HostName]# fw ctl chain
  • [Expert@HostName]# fw monitor -e "accept;" -p all (Correct)
  • [Expert@HostName]# fw ctl zdebug all
  • [Expert@HostName]# fw ctl debug m

Answer : [Expert@HostName]# fw monitor -e "accept;" -p all

Check Point Certified Security Expert Exam Set 5

What command would give you a summary of all the tables available to the firewall kernel?


Options are :

  • fw tab -s (Correct)
  • fw tab -o
  • A. fw tab
  • fw tab -h

Answer : fw tab -s

What flag option(s) must be used to dump the complete table in friendly format, assuming there
are more than one hundred connections in the table?


Options are :

  • fw tab -t connections -s
  • fw tab -t connect -f -u (Correct)
  • fw tab -t connections -f u
  • . fw tab -t connections -f

Answer : fw tab -t connect -f -u

What command would you use for a packet capture on an absolute position for TCP streaming
(out) 1ffffe0


Options are :

  • fw monitor -pr 1ffffe0 -o monitor.out
  • fw ctl chain -po 1ffffe0 -o monitor.out
  • None of the above
  • fw monitor -e 0x1ffffe0 -o monitor.out
  • fw monitor -po -0x1ffffe0 -o monitor.out (Correct)

Answer : fw monitor -po -0x1ffffe0 -o monitor.out

156-315.77 Check Point Certified Security Expert Exam Set 20

While troubleshooting a DHCP relay issue, you run a fw ctl zdebug drop and see the following
output:
;[cpu_1];[fw_0];fw_log_drop: Packet proto=17 10.216.14.108:67 > 172.31.2.1:67 dropped by
fw_handle_first_packet Reason: fwconn_init_links (INBOUND) failed;
Where 10.216.14.108 is the IP address of the DHCP server and 172.31.2.1 is the VIP of the
Cluster. What is the most likely cause of this drop?


Options are :

  • An outbound collision due to a Rule Base check, and dropped by incorrectly configuring DHCP in the firewall policy.
  • An inbound collision due to a connections table check on pre-existing connections.
  • A link collision due to more than one NAT symbolic link being created for connections returning from the DHCP server back to the VIP of the Cluster. (Correct)
  • . A link collision due to more than one NAT symbolic link being created for outgoing connections to the DHCP server

Answer : A link collision due to more than one NAT symbolic link being created for connections returning from the DHCP server back to the VIP of the Cluster.

You are running a debugging session and you have set the debug environment to
TDERROR_ALL_ALL=5 using the command export TDERROR_ALL_ALL=5. How do you return
the debug value to defaults?


Options are :

  • fw debug 0x1ffffe0
  • unset TDERROR_ALL_ALL (Correct)
  • fw ctl debug 0x1ffffe0
  • export TDERROR_ALL_ALL

Answer : unset TDERROR_ALL_ALL

John is a Security Administrator of a Check Point platform. He has a mis-configuration issue that points to the Rule Base. To obtain information about the issue, John runs the command:


Options are :

  • fw kdebug fwm on and checks the file fwm.elg.
  • fw debug fwm on and checks the file fwm.elg. (Correct)
  • fw kdebug fwm on and checks the file fw.elg.
  • fw debug fw on and checks the file fwm.elg.

Answer : fw debug fwm on and checks the file fwm.elg.

156-215.75 Check Point Certified Security Administrator Exam Set 3

Which commands will properly set the debug level to maximum and then run a policy install in
debug mode for the policy Standard on gateway A-GW from an R77 GAiA Management Server?


Options are :

  • setenv TDERROR_ALL_ALL=5 fwm d load Standard A-GW
  • setenv TDERROR_ALL_ALL=5 fwm d load A-GW Standard
  • export TDERROR_ALL_ALL=5 fwm d load Standard A-GW (Correct)
  • export TDERROR_ALL_ALL=5 fwm d load A-GW Standard

Answer : export TDERROR_ALL_ALL=5 fwm d load Standard A-GW

Since R76 GAiA, what is the method for configuring proxy ARP entries for manual NAT rules?


Options are :

  • SmartDashboard
  • local.arp file
  • WebUI or add proxy ARP ... commands via CLISH . (Correct)
  • SmartView Tracker

Answer : WebUI or add proxy ARP ... commands via CLISH .

Which command should you use to stop kernel module debugging (excluding SecureXL)?


Options are :

  • fw debug fwd off; vpn debug off
  • fw ctl debug 0 (Correct)
  • fw ctl zdebug - all
  • fw debug fwd off

Answer : fw ctl debug 0

156-315.77 Check Point Certified Security Expert Exam Set 6

Where in a fw monitor output would you see source address translation occur in cases of
automatic Hide NAT?


Options are :

  • Between the o and O (Correct)
  • Between the I and o
  • Hide NAT does not adjust the source IP
  • Between the i and I

Answer : Between the o and O

Which file should be edited to modify ClusterXL VIP Hide NAT rules, and where?


Options are :

  • $FWDIR/lib/table.def on the cluster members
  • $FWDIR/lib/base.def on the SMC
  • $FWDIR/lib/table.def on the SMC (Correct)
  • $FWDIR/lib/base.def on the cluster members .

Answer : $FWDIR/lib/table.def on the SMC

When using the command fw monitor, what command ensures the capture is accurate?


Options are :

  • fwaccel off (Correct)
  • fw accel off
  • fwaccel on
  • export TDERROR_ALL_ALL=5

Answer : fwaccel off

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

In a production environment, your gateway is configured to apply a Hide NAT for all internal traffic
destined to the Internet. However, you are setting up a VPN tunnel with a remote gateway, and
you are concerned about the encryption domain that you need to define on the remote gateway.
Does the remote gateway need to include your production gateways external IP in its encryption
domain?


Options are :

  • . No all packets destined through a VPN will leave with original source and destination packets without translation.
  • Yes The gateway will apply the Hide NAT for this VPN traffic.
  • Yes all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, the packet will contain the source IP of the Gateway because of Hide NAT
  • No all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, will have the same internal source and destination IP addresses (Correct)

Answer : No all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, will have the same internal source and destination IP addresses

What command would you use to view which debugs are set in your current working environment?


Options are :

  • export
  • env and fw ctl debug (Correct)
  • fw ctl debug all
  • cat /proc/etc

Answer : env and fw ctl debug

Tom is troubleshooting NAT issues using fw monitor and Wireshark. He tries to initiate a
connection from the external network to a DMZ server using the public IP which the firewall
translates to the actual IP of the server. He analyzes the captured packets using Wireshark and
observes that the destination IP is being changed as required by the firewall but does not see the
packet leave the external interface. What could be the reason?


Options are :

  • After the translation, the packet is dropped by the Anti-Spoofing Protection
  • The translation might be happening on the server side and the packet is being routed by OS back to the external interface. (Correct)
  • The translation might be happening on the client side and the packet is being routed by the OS back to the external interface.
  • Packet is dropped by the firewall.

Answer : The translation might be happening on the server side and the packet is being routed by OS back to the external interface.

Check Point Certified Security Expert Exam Set 12

When you perform an install database, the status window is filled with large amounts of text. What
could be the cause?


Options are :

  • There is an active debug on the SmartConsole
  • There is an active fw monitor running.
  • There is an environment variable of TDERROR_ALL_ALL set on the gateway.
  • There is an active debug on the FWM process. (Correct)

Answer : There is an active debug on the FWM process.

The command that lists the firewall kernel modules on a Security Gateway is:


Options are :

  • fw list modules
  • fw ctl kernel chain
  • fw ctl debug -m (Correct)
  • fw list kernel modules

Answer : fw ctl debug -m

Which FW-1 kernel flags should be used to properly debug and troubleshoot NAT issues?


Options are :

  • nat, drop, conn, xlate, filter, ioctl
  • nat, xlate, fwd, vm, ld, chain
  • . nat, xltrc, xlate, drop, conn, vm (Correct)
  • nat, route, conn, fwd, zeco, err

Answer : . nat, xltrc, xlate, drop, conn, vm

156-315.77 Check Point Certified Security Expert Exam Set 9

When troubleshooting and trying to understand which chain is causing a problem on the Security
Gateway, you should use the command:


Options are :

  • fw ctl zdebug drop
  • fw monitor -e "accept;" -p all (Correct)
  • fw tab t connections
  • fw ctl chain

Answer : fw monitor -e "accept;" -p all

The command fw ctl kdebug <params> is used to:


Options are :

  • read the kernel debug buffer to obtain debug messages. (Correct)
  • select specific kernel modules for debugging
  • enable kernel debugging.
  • . list enabled debug parameters.

Answer : read the kernel debug buffer to obtain debug messages.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions