156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

What command will allow you to disable sync on a cluster firewall member?


Options are :

  • fw ctl setsync off (Correct)
  • fw ctl syncstat off
  • fw ctl syncstat stop
  • fw ctl setsync 0

Answer : fw ctl setsync off

Check Point Certified Security Expert Exam Set 4

Included in the customer's network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He is not sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.


Options are :

  • The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to enable the Sticky Decision Function in the SmartDashboard cluster object in the ClusterXL page, Advanced Load Sharing Configuration window.
  • Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products. (Correct)
  • ClusterXL always supports the Sticky Decision Function in the Load Sharing mode.
  • The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to configure it with the clusterXL_SDF_enable command.

Answer : Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products.

What is a requirement for setting up R76 Management High Availability?


Options are :

  • All Security Management Servers must have the same number of NICs.
  • All Security Management Servers must reside in the same LAN.
  • State synchronization must be enabled on the secondary Security Management Server.
  • All Security Management Servers must have the same operating system. (Correct)

Answer : All Security Management Servers must have the same operating system.

How can you view the virtual cluster interfaces of a Cluster XL environment?


Options are :

  • cphaprob -a if (Correct)
  • cphaprob -ia list
  • cphaprob -a list
  • cphaprob -ia if

Answer : cphaprob -a if

Check Point Certified Security Expert Exam Set 10

Organizations are sometimes faced with the need to locate cluster members in different geographic locations that are distant from each other. A typical example is replicated data centers whose location is widely separated for disaster recovery purposes. What are the restrictions of this solution?


Options are :

  • There is one restriction: The synchronization network must guarantee no more than 100 ms latency.
  • There is one restriction: The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).
  • There are no restrictions.
  • There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs. (Correct)

Answer : There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.

By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:


Options are :

  • The standby Security Management Server starts for the first time.
  • The Security Policy is saved.
  • The Security Policy is installed. (Correct)
  • The user data base is installed.

Answer : The Security Policy is installed.

You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure? 1. Change the version, in the General Properties of the gateway-cluster object. 2. Upgrade the SmartCenter Server, and reboot after upgrade. 3. Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade. 4. Reinstall the Security Policy.


Options are :

  • 1, 2, 3, 4
  • 2, 3, 1, 4 (Correct)
  • 1, 3, 2, 4
  • 3, 2, 1, 4
  • 2, 4, 3, 1

Answer : 2, 3, 1, 4

Check Point Certified Security Administrator Set 4

In Management High Availability, what is an Active SMS?


Options are :

  • Active Smart Master Server
  • Active Security Master Server
  • Active Smart Management Server
  • Active Security Management Server (Correct)

Answer : Active Security Management Server

For Management High Availability synchronization, what does the Advance status mean?


Options are :

  • The peer SMS is properly synchronized.
  • The peer SMS has not been synchronized properly.
  • The peer SMS is more up-to-date. (Correct)
  • The active SMS and its peer have different installed policies and databases.

Answer : The peer SMS is more up-to-date.

In a R76 ClusterXL Load Sharing configuration, which type of ARP related problem can force the use of Unicast Mode (Pivot) configuration due to incompatibility on some adjacent routers and switches?


Options are :

  • MGCP MAC address response to a Multicast IP request
  • Unicast MAC address response to a Multicast IP request
  • Multicast MAC address response to a RARP request
  • Multicast MAC address response to a Unicast IP request (Correct)

Answer : Multicast MAC address response to a Unicast IP request

156-315.77 Check Point Certified Security Expert Exam Set 15

In which ClusterXL Load Sharing mode, does the pivot machine get chosen automatically by ClusterXL?


Options are :

  • Unicast Load Sharing (Correct)
  • Multicast Load Sharing
  • CCP Load Sharing
  • Hot Standby Load Sharing

Answer : Unicast Load Sharing

Included in the client's network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches. Which of the following answers does NOT lead to a successful solution?


Options are :

  • Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.
  • Configure static CAMs to allow multicast traffic on specific ports.
  • ClusterXL supports IGMP snooping by default. There is no need to configure anything. (Correct)
  • Disable IGMP registration in switches that rely on IGMP packets

Answer : ClusterXL supports IGMP snooping by default. There is no need to configure anything.

Which of the following commands can be used to troubleshoot ClusterXL sync issues?


Options are :

  • fw debug cxl connections > file_name
  • fw ctl -s -t connections > file_name
  • fw tab -u connections > file_name
  • fw tab -s -t connections > file_name (Correct)

Answer : fw tab -s -t connections > file_name

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 5

Which of the following does NOT happen when using Pivot Mode in ClusterXL?


Options are :

  • The Pivot forwards the packet to the appropriate cluster member.
  • The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.
  • The Pivot's Load Sharing decision function decides which cluster member should handle the packet.
  • The Security Gateway analyzes the packet and forwards it to the Pivot (Correct)

Answer : The Security Gateway analyzes the packet and forwards it to the Pivot

By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members.


Options are :

  • Broadcast
  • Unicast
  • Multicast (Correct)
  • Shoutcast

Answer : Multicast

In a R76 Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when: 1. The Security Policy is installed. 2. The Security Policy is saved. 3. The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active. 4. A scheduled event occurs. 5. The user database is installed. Select the BEST response for the synchronization trigger.


Options are :

  • 1,2,5
  • 1,3,4
  • 1, 2, 3, 4
  • 1,2,4 (Correct)

Answer : 1,2,4

Check Point Certified Security Administrator Set 1

When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?


Options are :

  • All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory. (Correct)
  • Only one member at a time is active. The active cluster member processes all packets
  • All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.
  • All cluster members process all packets and members synchronize with each other.

Answer : All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.

You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?


Options are :

  • It is not possible to configure High Availability that is not synchronized
  • Old connections are lost but can be reestablished. (Correct)
  • Connections cannot be established until cluster members are fully synchronized.
  • Old connections are lost but are automatically recovered whenever the failed machine recovers.

Answer : Old connections are lost but can be reestablished.

What cluster mode is represented in this case? 1). (local) 172.168.1.1 100$ active 2). 172.14*.1.2 0$ standby


Options are :

  • 3rd party cluster
  • HA (New mode) (Correct)
  • Load Sharing (multicast mode)
  • Load Sharing Unicast (Pivot) mode

Answer : HA (New mode)

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 1

Which of the following commands will stop acceleration on a Security Gateway running on SecurePlatform?


Options are :

  • fw accel off
  • perf_pack off
  • fwaccel off (Correct)
  • splat_accel off

Answer : fwaccel off

The ________ Check Point ClusterXL mode must synchronize the physical interface IP and MAC addresses on all clustered interfaces.


Options are :

  • Multicast Mode Load Sharing
  • Pivot Mode Load Sharing
  • New Mode HA
  • Legacy Mode HA (Correct)

Answer : Legacy Mode HA

Check Point Clustering protocol, works on:


Options are :

  • UDP 8116 (Correct)
  • TCP 8116
  • TCP 19864
  • UDP 500

Answer : UDP 8116

156-315.71 Check Point Security Expert R71 Practice Exam Set 1

To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:


Options are :

  • ccp broadcast
  • set_ccp cpcluster broadcast
  • clusterconfig set_ccp broadcast
  • cphaconf set_ccp broadcast (Correct)

Answer : cphaconf set_ccp broadcast

When synchronizing clusters, which of the following statements is NOT true?


Options are :

  • The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.
  • Only cluster members running on the same OS platform can be synchronized.
  • Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails. (Correct)
  • In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.

Answer : Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

How can you view the critical devices on a cluster member in a Cluster XL environment?


Options are :

  • cphaprob -ia if
  • cphaprob -a list
  • cphaprob -a if
  • cphaprob -ia list (Correct)

Answer : cphaprob -ia list

156-215.70 Check Point Certified Security Administrator Exam Set 1

Which method of load balancing describes "Round Robin"?


Options are :

  • Assigns service requests to the next server in a series. (Correct)
  • Ensures that incoming requests are handled by the server with the fastest response time.
  • Assigns service requests to servers at random
  • Measures the load on each server to determine which server has the most available resources.

Answer : Assigns service requests to the next server in a series.

A connection is said to be Sticky when:


Options are :

  • A copy of each packet in the connection sticks in the connection table until a corresponding reply packet is received from the other side.
  • A connection is not terminated by either side by FIN or RST packet.
  • All the connection packets are handled, in either direction, by a single cluster member (Correct)
  • The connection information sticks in the connection table even after the connection has ended.

Answer : All the connection packets are handled, in either direction, by a single cluster member

When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?


Options are :

  • It compares its local policy to the one on the Security Management Server.
  • It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server. (Correct)
  • If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
  • It will try to take the policy from one of the other cluster members.

Answer : It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.

156-315.65 Check Point Security Administration NGX R65 Exam Set 2

Check Point New Mode HA is a(n) _________ solution


Options are :

  • acceleration
  • hot-standby (Correct)
  • primary-domain
  • load-balancing

Answer : hot-standby

In ClusterXL, _______ is defined by default as a critical device.


Options are :

  • PROT_SRV.EXE
  • Filter (Correct)
  • protect.exe
  • fw.d

Answer : Filter

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions