156-315.77 Check Point Certified Security Expert Exam Set 1

Included in the customer’s network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He is not sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.


Options are :

  • The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to enable the Sticky Decision Function in the SmartDashboard cluster object in the ClusterXL page, Advanced Load Sharing Configuration window.
  • ClusterXL always supports the Sticky Decision Function in the Load Sharing mode.
  • The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to configure it with the clusterXL_SDF_enable command.
  • Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products.

Answer : Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products.

156-315.77 Check Point Certified Security Expert Exam Set 2

Which process is responsible for kernel table information sharing across all cluster members?


Options are :

  • fwd daemon
  • cpd
  • CPHA
  • fw kernel

Answer : fwd daemon

When using ClusterXL in Load Sharing, what is the default sharing method based on?


Options are :

  • IPs, Ports
  • IPs, Ports, SPIs
  • IPs, SPIs
  • IPs

Answer : IPs, Ports, SPIs

By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members.


Options are :

  • Broadcast
  • Multicast
  • Unicast
  • Anycast

Answer : Multicast

156-315.77 Check Point Certified Security Expert Exam Set 3

When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?


Options are :

  • Load Sharing based on SPIs
  • Load Sharing based on IP addresses, ports, and serial peripheral interfaces
  • Load Sharing based on IP addresses, ports, and security parameter indexes
  • Load Sharing based on ports, VTI, and IP addresses

Answer : Load Sharing based on IP addresses, ports, and security parameter indexes

Which method of load balancing describes “Round Robin”?


Options are :

  • Measures the load on each server to determine which server has the most available resources.
  • Assigns service requests to the next server in a series.
  • Ensures that incoming requests are handled by the server with the fastest response time.
  • Assigns service requests to servers at random.

Answer : Assigns service requests to the next server in a series.

The _____ Check Point ClusterXL mode must synchronize the virtual IP and MAC addresses on all clustered interfaces.


Options are :

  • Mode Unicast Load Sharing
  • Mode Multicast Load Sharing
  • HA Mode Legacy
  • HA Mode New

Answer : HA Mode New

156-315.77 Check Point Certified Security Expert Exam Set 4

You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?


Options are :

  • Open connections are lost but are automatically recovered whenever the failed machine recovers.
  • Open connections are lost but can be reestablished.
  • It is not possible to configure High Availability that is not synchronized.
  • Connections cannot be established until cluster members are fully synchronized.

Answer : Open connections are lost but can be reestablished.

How does a cluster member take over the VIP after a failover event?


Options are :

  • Broadcast storm
  • arp -s
  • Ping the sync interface
  • Gratuitous ARP

Answer : Gratuitous ARP

Which load-balancing method below is NOT valid?


Options are :

  • They are all valid
  • Random
  • Round Trip
  • Domain

Answer : They are all valid

156-315.77 Check Point Certified Security Expert Exam Set 5

A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence. You will recommend:


Options are :

  • turning off SDF (Sticky Decision Function).
  • switch to Multicast Mode.
  • configuring flush and ack.
  • turning on SDF (Sticky Decision Function).

Answer : turning on SDF (Sticky Decision Function).

When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?


Options are :

  • If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
  • It will try to take the policy from one of the other cluster members.
  • It compares its local policy to the one on the Security Management Server.
  • It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.

Answer : It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.

For Management High Availability, if an Active SMS goes down, does the Standby SMS automatically take over?


Options are :

  • Yes, if you set up SecureXL
  • Yes, if you set up ClusterXL
  • No, the transition should be initiated manually
  • Yes, if you set up VRRP

Answer : No, the transition should be initiated manually

156-315.77 Check Point Certified Security Expert Exam Set 6

By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:


Options are :

  • The Security Policy is saved.
  • The Security Policy is installed.
  • The user data base is installed.
  • The standby Security Management Server starts for the first time.

Answer : The Security Policy is installed.

You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R77. cphaprob stat shows: Cluster Mode: New High Availability (Active Up) Member Unique Address Assigned Load State 1 (local) 172.16.185.21 100% Active 2 172.16.185.22 0% Ready Which of the following is NOT a possible cause of this?


Options are :

  • Member 1 is at a lower version than member 2
  • Member 1 has CoreXL disabled and member 2 does not
  • You have a different number of cores defined for CoreXL between the two members
  • You have not run cpconfig on member 2 yet.

Answer : You have not run cpconfig on member 2 yet.

By default Check Point High Availability components send updates about their state every:


Options are :

  • 5 seconds.
  • 0.1 second.
  • 0.5 second.
  • 1 second

Answer : 0.1 second.

156-315.77 Check Point Certified Security Expert Exam Set 7

What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?


Options are :

  • If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.
  • You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
  • You are using different time zones.
  • You did not activate synchronization within Global Properties.

Answer : If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.

Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration?


Options are :

  • The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated.
  • An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.
  • Allows for faster seamless failover: from active-to-active instead of standby-to-active.
  • Creates a High Availability implementation between the Gateways installed on the Security Management Servers.

Answer : An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.

You want to upgrade a cluster with two members to R77. The Security Management Server and both members are version NGX R65, with the latest Hotfix Accumulator. What is the correct upgrade procedure? 1) Change the version in the General Properties of the Gateway-cluster object. 2) Upgrade the Security Management Server, and reboot. 3) Run cpstop on one member, while leaving the other member running. Upgrade one member at a time and reboot after upgrade. 4) Install the Security Policy.


Options are :

  • 2, 4, 3, 1
  • 2, 3, 1, 4
  • 3, 2, 1, 4
  • 1, 3, 2, 4

Answer : 2, 3, 1, 4

156-315.77 Check Point Certified Security Expert Exam Set 8

Check Point Clustering protocol, works on:


Options are :

  • UDP 8116
  • TCP 18184
  • TCP 8116
  • UDP 18184

Answer : UDP 8116

Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?


Options are :

  • Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections
  • Support for Performance Pack acceleration
  • Support for all VPN deployments (except those with third-party VPN peers)
  • Multi-connection support for VPN-1 cluster members

Answer : Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections

Organizations are sometimes faced with the need to locate cluster members in different geographic locations that are distant from each other. A typical example is replicated data centers whose location is widely separated for disaster recovery purposes. What are the restrictions of this solution?


Options are :

  • There is one restriction: The synchronization network must guarantee no more than 100 ms latency.
  • There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.
  • There are no restrictions.
  • There is one restriction: The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).

Answer : There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.

156-315.77 Check Point Certified Security Expert Exam Set 1

When synchronizing clusters, which of the following statements is NOT true?


Options are :

  • Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.
  • In the case of a failover, accounting information on the failed member may be lost despite properly working synchronization.
  • The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.
  • Only cluster members running on the same OS platform can be synchronized.

Answer : Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

The customer wishes to install a cluster. In his network, there is a switch which is incapable of forwarding multicast. Is it possible to install a cluster in this situation?


Options are :

  • Yes, you can toggle on ClusterXL between broadcast and multicast by setting the multicast mode using the command cphaconf set_ccp multicast on¦off. The default setting is broadcast.
  • No, the customer needs to replace the switch with a new switch, which supports multicast forwarding.
  • Yes, the ClusterXL changes automatically to the broadcast mode if the multicast is not forwarded.
  • Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast.

Answer : Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast.

If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?


Options are :

  • There is no state synchronization on Load Sharing, only on High Availability.
  • The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).
  • The connections are dropped as Load Sharing does not support High Availability.
  • The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).

Answer : The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).

156-315.77 Check Point Certified Security Expert Exam Set 10

When synchronizing clusters, which of the following statements is NOT true?


Options are :

  • In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
  • User Authentication connections will be lost by the cluster.
  • An SMTP resource connection using CVP will be maintained by the cluster.
  • Only cluster members running on the same OS platform can be synchronized.

Answer : An SMTP resource connection using CVP will be maintained by the cluster.

What is the behavior of ClusterXL in a High Availability environment?


Options are :

  • Both members respond to the virtual IP address, but only the active member is able to pass traffic.
  • Both members respond to the virtual IP address, and both members pass traffic when using their physical addresses.
  • The active member responds to the virtual IP address.nd is the only member that passes traffic E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses.
  • The active member responds to the virtual IP address.nd both members pass traffic when using their physical addresses.

Answer : The active member responds to the virtual IP address.nd is the only member that passes traffic E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses.

Check Point New Mode HA is a(n) _____ solution.


Options are :

  • load-balancing
  • acceleration
  • primary-domain
  • hot-standby

Answer : hot-standby

156-315.77 Check Point Certified Security Expert Exam Set 11

In Management High Availability, what is an Active SMS?


Options are :

  • Active Security Management Server
  • Active Smart Master Server
  • Active Security Master Server
  • Active Smart Management Server

Answer : Active Security Management Server

Which of the following does NOT happen when using Pivot Mode in ClusterXL?


Options are :

  • The Pivot’s Load Sharing decision function decides which cluster member should handle the packet.
  • The Pivot forwards the packet to the appropriate cluster member.
  • The Security Gateway analyzes the packet and forwards it to the Pivot.
  • The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.

Answer : The Security Gateway analyzes the packet and forwards it to the Pivot.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions