156-315.13 Check Point Security Expert R76(GAiA) Exam Set 8

Your network includes ClusterXL running Multicast mode on two members, as shown in this topology: Your network is expanding, and you need to add new interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for interface 10.10.10.0/24 is 10.10.10.3. What is the correct procedure to add these interfaces?


Options are :

  • 1. Use the ifconfig command to configure and enable the new interface. 2. Run cpstop and cpstart on both members at the same time. 3. Update the topology in the cluster object for the cluster and both members. 4. Install the Security Policy.
  • 1. Disable "Cluster membership" from one Gateway via cpconfig. 2. Configure the new interface via sysconfig from the "non-member" Gateway. 3. RE. enable "Cluster membership" on the Gateway. 4. Perform the same step on the other Gateway. 5. Update the topology in the cluster object for the cluster and members. 6. Install the Security Policy.
  • 1. Use sysconfig to configure the new interfaces on both members. 2. Update the topology in the cluster object for the cluster and both members. 3. Install the Security Policy.
  • 1. Run cpstop on one member, and configure the new interface via sysconfig. 2. Run cpstart on the member. Repeat the same steps on another member. 3. Update the new topology in the cluster object for the cluster and members. 4. Install the Security Policy.

Answer : 1. Run cpstop on one member, and configure the new interface via sysconfig. 2. Run cpstart on the member. Repeat the same steps on another member. 3. Update the new topology in the cluster object for the cluster and members. 4. Install the Security Policy.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 9

What is a "sticky" connection?


Options are :

  • A Sticky Connection is a VPN connection that remains up until you manually bring it down.
  • A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
  • A Sticky Connection is a connection that remains the same.
  • A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.

Answer : A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.

Your customer asks you about the Performance Pack. You explain to him that a Performance Pack is a software acceleration product which improves the performance of the Security Gateway. You may enable or disable this acceleration by either: 1) The command cpconfig 2) The command fwaccel onŠoff What is the difference between these two commands?


Options are :

  • The command cpconfig works on the Security Platform only. The command fwaccel can be used on all platforms.
  • The fwaccel command determines the default setting. The command cpconfig can dynamically change the setting, but after the reboot it reverts to the default setting.
  • The cpconfig command enables acceleration. The command fwaccel can dynamically change the setting, but after the reboot it reverts to the default setting
  • Both commands function identically

Answer : The cpconfig command enables acceleration. The command fwaccel can dynamically change the setting, but after the reboot it reverts to the default setting

The customer wishes to install a cluster. In his network, there is a switch which is incapable of forwarding multicast. Is it possible to install a cluster in this situation?


Options are :

  • Yes, the ClusterXL changes automatically to the broadcast mode if the multicast is not forwarded.
  • No, the customer needs to replace the switch with a new switch, which supports multicast forwarding.
  • Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast.
  • Yes, you can toggle on ClusterXL between broadcast and multicast by setting the multicast mode using the command cphaconf set_ccp multicast onŠoff. The default setting is broadcast.

Answer : Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast.

156-315.65 Check Point Security Administration NGX R65 Exam Set 1

You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76 installed in a distributed deployment. Can they be members of a Gateway Cluster?


Options are :

  • No, because the appliances must be of the same model (both should be IP565 or IP395).
  • No, because IP does not have a cluster option.
  • Yes, as long as they have the same IPSO and Check Point versions.
  • No, because the Security Gateways must be installed in a stand-alone installation.

Answer : Yes, as long as they have the same IPSO and Check Point versions.

What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?


Options are :

  • If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.
  • You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
  • You are using different time zones.
  • You did not activate synchronization within Global Properties.

Answer : If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.

For Management High Availability, if an Active SMS goes down, does the Standby SMS automatically take over?


Options are :

  • Yes, if you set up SecureXL
  • Yes, if you set up ClusterXL
  • Yes, if you set up VRRP
  • No, the transition should be initiated manually

Answer : No, the transition should be initiated manually

156-315.65 Check Point Security Administration NGX R65 Exam Set 2

A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence. I will recommend:


Options are :

  • changing the load on each member
  • configuring flush and ack
  • turning off SDF (Sticky Decision Function)
  • turning on SDF (Sticky Decision Function)

Answer : turning on SDF (Sticky Decision Function)

If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?


Options are :

  • The connections are dropped as Load Sharing does not support High Availability.
  • The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).
  • The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).
  • There is no state synchronization on Load Sharing, only on High Availability.

Answer : The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).

Which of the following commands shows full synchronization status?


Options are :

  • fw ctl pstat
  • fw hastat
  • fw ctl iflist
  • cphaprob -a if

Answer : fw ctl pstat

156-315.65 Check Point Security Administration NGX R65 Exam Set 3

__________ is a proprietary Check Point protocol. It is the basis for Check Point ClusterXL inter-module communication.


Options are :

  • HA OPCODE
  • CCP
  • RDP
  • CKPP

Answer : CCP

In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why?


Options are :

  • Sglondon_2 because it has highest priority
  • Sglondon_1 because it the first configured object with the lowest IP
  • Sglondon_2 because I has highest IP
  • Sglondon_1, because it is up again, sglondon_2 took over during reboot

Answer : Sglondon_2 because it has highest priority

What is the proper command for importing users into the R76 User Database?


Options are :

  • fwm importdb
  • fwm dbimport
  • fwm importusrs
  • fwm import

Answer : fwm dbimport

156-315.65 Check Point Security Administration NGX R65 Exam Set 4

By default Check Point High Availability components send updates about their state every:


Options are :

  • 5 seconds.
  • 1 second.
  • 0.1 second.
  • 0.5 second.

Answer : 0.1 second.

Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?


Options are :

  • Support for Performance Pack acceleration
  • Multi-connection support for VPN-1 cluster members
  • Support for all VPN deployments (except those with third-party VPN peers)
  • Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections

Answer : Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections

A customer is calling saying one member's status is Down. What will you check?


Options are :

  • fw ctl debug -m cluster + forward (forwarding layer debug)
  • tcpdump/snoop (CCP traffic)
  • fw ctl pstat (check sync)
  • cphaprob list (verify what critical device is down)

Answer : cphaprob list (verify what critical device is down)

156-315.65 Check Point Security Administration NGX R65 Exam Set 5

You are establishing a ClusterXL environment, with the following topology: External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream router connects to the same VLAN switch. Internal interfaces 172.16.10.1 and 172.16.10.2 connect to a hub. 10.10.10.0 is the synchronization network. The Security Management Server is located on the internal network with IP 172.16.10.3. What is the problem with this configuration?


Options are :

  • Cluster members cannot use the VLAN switch. They must use hubs.
  • There is an IP address conflict.
  • The Cluster interface names must be identical across all cluster members
  • The Security Management Server must be in the dedicated synchronization network, not the internal network.

Answer : There is an IP address conflict.

What is the behavior of ClusterXL in a High Availability environment?


Options are :

  • Both members respond to the virtual address and both members pass traffic.
  • The active member responds to the virtual address and, using sync network forwarding, both members pass traffic.
  • The active member responds to the virtual address and is the only member that passes traffic.
  • Both members respond to the virtual address but only the active member is able to pass traffic.

Answer : The active member responds to the virtual address and is the only member that passes traffic.

How do new connections get established through a Security Gateway with SecureXL enabled?


Options are :

  • New connections are always inspected by the firewall and if they are accepted, the subsequent packets of the same connection will be passed through SecureXL
  • New connection packets never reach the SecureXL module.
  • The new connection will be first inspected by SecureXL and if it does not match the drop table of SecureXL, then it will be passed to the firewall module for a rule match.
  • If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match.

Answer : If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match.

156-315.65 Check Point Security Administration NGX R65 Exam Set 6

In ClusterXL, _______ is defined by default as a critical device.


Options are :

  • assld
  • cpp
  • fwm
  • fwd

Answer : fwd

When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?


Options are :

  • Load Sharing based on ports, VTI, and IP addresses
  • Load Sharing based on IP addresses, ports, and serial peripheral interfaces
  • Load Sharing based on SPIs
  • Load Sharing based on IP addresses, ports, and security parameter indexes

Answer : Load Sharing based on IP addresses, ports, and security parameter indexes

What configuration change must you make to change an existing ClusterXL cluster object from Multicast to Unicast mode?


Options are :

  • Change the cluster mode to Unicast on each of the cluster-member objects.
  • Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
  • Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
  • Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.

Answer : Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.

156-315.65 Check Point Security Administration NGX R65 Exam Set 7

You are the MegaCorp Security Administrator. This company uses a firewall cluster, consisting of two cluster members. The cluster generally works well but one day you find that the cluster is behaving strangely. You assume that there is a connectivity problem with the cluster synchronization cluster link (cross-over cable). Which of the following commands is the best for testing the connectivity of the crossover cable?


Options are :

  • arping
  • ifconfig -a
  • ping
  • telnet

Answer : arping

How does a cluster member take over the VIP after a failover event?


Options are :

  • Broadcast storm
  • iflist -renew
  • Gratuitous ARP
  • Ping the sync interface

Answer : Gratuitous ARP

Which of the listed load-balancing methods is NOT valid?


Options are :

  • Round Trip
  • They are all valid
  • Domain
  • Random

Answer : They are all valid

156-315.71 Check Point Security Expert R71 Practical Exam Set 1

When using ClusterXL in Load Sharing, what is the default method?


Options are :

  • IPs, Ports, SPIs
  • IPs, Ports
  • IPs
  • IPs, SPIs

Answer : IPs, Ports, SPIs

When synchronizing clusters, which of the following statements is NOT true?


Options are :

  • In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
  • An SMTP resource connection using CVP will be maintained by the cluster.
  • User Authentication connections will be lost by the cluster
  • Only cluster members running on the same OS platform can be synchronized.

Answer : An SMTP resource connection using CVP will be maintained by the cluster.

Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration?


Options are :

  • An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.
  • The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated.
  • Allows for faster seamless failover: from active-to-active instead of standby-to-active.
  • Creates a High Availability implementation between the Gateways installed on the Security Management Servers.

Answer : An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.

156-315.71 Check Point Security Expert R71 Practical Exam Set 2

Which of the following commands shows full synchronization status?


Options are :

  • cphaprob -i list
  • cphaprob -a if
  • fw hastat
  • fw ctl iflist

Answer : cphaprob -i list

You want to verify that your Check Point cluster is working correctly. Which command line tool can you use?


Options are :

  • cphaconf state
  • cphastart -status
  • cphainfo -s
  • cphaprob state

Answer : cphaprob state

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions