156-315.77 Check Point Certified Security Expert Exam Set 7

Select the command set best used to verify proper failover function of a new ClusterXL configuration.


Options are :

  • cphaprob -d failDevice -s problem -t 0 register / cphaprob -d failDevice unregister
  • cpstop/cpstart
  • reboot
  • clusterXL_admin down / clusterXL_admin up (Correct)

Answer : clusterXL_admin down / clusterXL_admin up

156-315.77 Check Point Certified Security Expert Exam Set 8

Check Point recommends that you back up systems running Check Point products. Run your back ups during maintenance windows to limit disruptions to services, improve CPU usage, and simplify time allotment. Which back up method does Check Point recommend anytime outside a maintenance window?


Options are :

  • snapshot
  • backup
  • migrate export (Correct)
  • backup_export

Answer : migrate export

A Full Connectivity Upgrade of a cluster:


Options are :

  • Treats each individual cluster member as an individual gateway
  • Upgrades all cluster members except one at the same time.
  • Requires breaking the cluster and upgrading members independently.
  • Is only supported in minor version upgrades (R70 to R71, R71 to R77). (Correct)

Answer : Is only supported in minor version upgrades (R70 to R71, R71 to R77).

The process _____ is responsible for Management High Availability synchronization


Options are :

  • FWM (Correct)
  • FWSYNC
  • CPLMD
  • CPD

Answer : FWM

156-315.77 Check Point Certified Security Expert Exam Set 1

An administrator has installed the latest HFA on the system for fixing traffic problems after creating a backup file. A large number of routes were added or modified, causing network problems. The Check Point configuration has not been changed. What would be the most efficient way to revert to a working configuration?


Options are :

  • A back up cannot be restored, because the binary files are missing.
  • Select Snapshot Management from the SecurePlatform boot menu.
  • The restore is not possible because the backup file does not have the same build number (version).
  • Use the command restore and select the appropriate backup file. (Correct)

Answer : Use the command restore and select the appropriate backup file.

What is the correct policy installation process order? 1) Verification 2) Code generation and compilation 3) Initiation 4) Commit 5) Conversion 6) CPTA


Options are :

  • 3, 1, 5, 2, 6, 4 (Correct)
  • 1, 2, 3, 4, 5, 6
  • 4, 2, 3, 5, 6, 1
  • 6, 5, 4, 3, 2, 1

Answer : 3, 1, 5, 2, 6, 4

When using migrate to upgrade a Secure Management Server, which of the following is included in the migration?


Options are :

  • SmartReporter database
  • SmartEvent database
  • System interface configuration
  • classes.C file (Correct)

Answer : classes.C file

156-315.77 Check Point Certified Security Expert Exam Set 10

When restoring a Security Management Server from a backup file, the restore package can be retrieved from which source?


Options are :

  • Disk, SCP server, or TFTP server
  • HTTP server, FTP server, or TFTP server
  • Local folder, TFTP server, or FTP server (Correct)
  • Local folder, TFTP server, or Disk

Answer : Local folder, TFTP server, or FTP server

Can you implement a complete R77 IPv6 deployment without IPv4 addresses?


Options are :

  • No. SmartCenter cannot be accessed from everywhere on the Internet
  • Yes, There is no requirement for managing IPv4 addresses. (Correct)
  • Yes. Only one TCP stack (IPv6 or IPv4) can be used at the same time.
  • No. IPv4 addresses are required for management.

Answer : Yes, There is no requirement for managing IPv4 addresses.

How do you enable SecureXL (command line) on GAiA?


Options are :

  • fw accel on
  • fwsecurexl on
  • fwaccel on (Correct)
  • fw securexl on

Answer : fwaccel on

156-315.77 Check Point Certified Security Expert Exam Set 11

What is the primary benefit of using upgrade_export over either backup or snapshot?


Options are :

  • The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
  • upgrade_export is operating system independent and can be used when backup or snapshot is not available. (Correct)
  • upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
  • upgrade_export has an option to backup the system and SmartView Tracker logs while backup and snapshot will not.

Answer : upgrade_export is operating system independent and can be used when backup or snapshot is not available.

Which of the following methods will provide the most complete backup of an R77 configuration?


Options are :

  • Policy Package Management
  • Copying the directories $FWDIR\conf and $CPDIR\conf to another server
  • Database Revision Control
  • The command migrate_export (Correct)

Answer : The command migrate_export

Which three of the following are ClusterXL member requirements? 1) same operating systems 2) same Check Point version 3) same appliance model 4) same policy


Options are :

  • 1, 2, and 3
  • 1, 3, and 4
  • 1, 2, and 4 (Correct)
  • 2, 3, and 4

Answer : 1, 2, and 4

156-315.77 Check Point Certified Security Expert Exam Set 12

Check Point recommends that you back up systems running Check Point products. Run your back ups during maintenance windows to limit disruptions to services, improve CPU usage, and simplify time allotment. Which back up method does Check Point recommend before major changes, such as upgrades?


Options are :

  • snapshot (Correct)
  • backup
  • upgrade_export
  • migrate export

Answer : snapshot

Which of the following is NOT a valid way to view interfaces IP address settings in GAiA?


Options are :

  • Using the command ethtool in Expert Mode
  • Viewing the file /config/active (Correct)
  • Via the command show configuration in CLISH
  • Via the Gaia WebUI

Answer : Viewing the file /config/active

John is upgrading a cluster from NGX R65 to R77. John knows that you can verify the upgrade process using the pre-upgrade verifier tool. When John is running Pre-Upgrade Verification, he sees the warning message:Title: Incompatible pattern.What is happening?


Options are :

  • The actual configuration contains user defined patterns in IPS that are not supported in R77. If the patterns are not fixed after upgrade, they will not be used with R77 Security Gateways. (Correct)
  • Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will be aborted.
  • Pre-Upgrade Verification tool only shows that message but it is only informational.
  • R77 uses a new pattern matching engine. Incompatible patterns should be deleted before upgrade process to complete it successfully.

Answer : The actual configuration contains user defined patterns in IPS that are not supported in R77. If the patterns are not fixed after upgrade, they will not be used with R77 Security Gateways.

156-315.77 Check Point Certified Security Expert Exam Set 13

Which command would you use to save the IP address and routing information before upgrading a GAiA Gateway?


Options are :

  • ipconfig a > [filename].txt
  • netstat rn > [filename].txt
  • cp /etc/sysconfig/network.C [location] (Correct)
  • ifconfig > [filename].txt

Answer : cp /etc/sysconfig/network.C [location]

The file snapshot generates is very large, and can only be restored to:


Options are :

  • The device that created it, after it has been upgraded.
  • Windows Server class systems.
  • Individual members of a cluster configuration.
  • A device having exactly the same Operating System and hardware as the device that created the file. (Correct)

Answer : A device having exactly the same Operating System and hardware as the device that created the file.

Check Point recommends that you back up systems running Check Point products. Run your back ups during maintenance windows to limit disruptions to services, improve CPU usage, and simplify time allotment. Which back up method does Check Point recommend every couple of months, depending on how frequently you make changes to the network or policy?


Options are :

  • snapshot
  • migrate export
  • upgrade_export
  • backup (Correct)

Answer : backup

156-315.77 Check Point Certified Security Expert Exam Set 14

A snapshot delivers a complete backup of GAiA. How do you restore a local snapshot named MySnapshot.tgz?


Options are :

  • As Expert user, type command snapshot - R to restore from a local file. Then, provide the correct file name.
  • As Expert user, type command revert --file MySnapshot.tgz. (Correct)
  • Reboot the system and call the start menu. Select option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.
  • As Expert user, type command snapshot -r MySnapshot.tgz.

Answer : As Expert user, type command revert --file MySnapshot.tgz.

You are running a R77 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What backup method could be used to quickly put the secondary firewall into production?


Options are :

  • backup
  • migrate_import
  • snapshot (Correct)
  • manual backup

Answer : snapshot

Which command would you use to save the interface information before upgrading a GAiA Gateway?


Options are :

  • cp /etc/sysconfig/network.C [location]
  • ipconfig a > [filename].txt
  • netstat rn > [filename].txt
  • ifconfig > [filename].txt (Correct)

Answer : ifconfig > [filename].txt

156-315.77 Check Point Certified Security Expert Exam Set 15

You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations: Cluster Member 1: OS - GAiA; NICs - QuadCard; Memory - 1 GB; Security Gateway - version: R71 and primary Security Management Server installed, version: R77 Cluster Member 2: OS - GAiA; NICs - 4 Intel 3Com; Memory - 1 GB; Security Gateway only, version: R77 Cluster Member 3: OS - GAiA; NICs - 4 other manufacturers; Memory - 512 MB; Security Gateway only, version: R77 Are these machines correctly configured for a ClusterXL deployment?


Options are :

  • No, the Security Management Server is not running the same operating system as the cluster members.
  • No, the Security Gateway cannot be installed on the Security Management Server. (Correct)
  • Yes, these machines are configured correctly for a ClusterXL deployment.
  • No, Cluster Member 3 does not have the required memory.

Answer : No, the Security Gateway cannot be installed on the Security Management Server.

Which command would you use to save the routing information before upgrading a Windows Gateway?


Options are :

  • ipconfig a > [filename].txt
  • netstat rn > [filename].txt (Correct)
  • ifconfig > [filename].txt
  • cp /etc/sysconfig/network.C [location]

Answer : netstat rn > [filename].txt

When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster members have the same products installed. Which command should you run?


Options are :

  • fw fcu (Correct)
  • cpconfig
  • cphaprob fcustat
  • fw ctl conn a

Answer : fw fcu

156-315.77 Check Point Certified Security Expert Exam Set 16

Your R7x-series Enterprise Security Management Server is running abnormally on Windows Server 2008 R2. You decide to try reinstalling the Security Management Server, but you want to try keeping the critical Security Management Server configuration settings intact (i.e., all Security Policies, databases, SIC, licensing etc.) What is the BEST method to reinstall the Server and keep its critical configuration?


Options are :

  • 1. Insert the R77 CD-ROM and select the option to export the configuration using the latest upgrade utilities. 2. Follow steps suggested by upgrade_verification and re-export the configuration if needed. 3. Save the exported file *.tgz to a local directory c:/temp. 4. Uninstall all packages using Add/Remove Programs and reboot. 5. Install again using the R77 CD-ROM as a primary Security Management Server and reboot. 6. Run upgrade_import to import the configuration. (Correct)
  • 1. Download the latest utility upgrade_export and run from a local directory c:/temp to export the configuration into a *.tgz file. 2. Skip any upgrade_verification warnings since you are not upgrading. 3. Transfer the file *.tgz to another networked machine. 4. Download and run the utility cpclean and reboot. 5. Use the R77 CD-ROM to select option upgrade_import to import the configuration.
  • 1. Create a data base revision control back up using SmartDashboard. 2. Create a compressed archive of the directories %FWDIR%/conf and %FWDIR%/lib and copy them to another networked machine. 3. Uninstall all packages using Add/Remove Programs and reboot. 4. Install again as a primary Security Management Server using the R77 CD-ROM. 5. Reboot and restore the two archived directories over the top of the new installation, choosing to overwrite existing files.
  • 1. Download the latest utility upgrade_export and run from directory c:/temp to export the configuration into a *.tgz file. 2. Follow steps suggested by upgrade_verification. 3. Uninstall all packages using Add/Remove Programs and reboot. 4. Use SmartUpdate to reinstall the Security Management Server and reboot. 5. Transfer file *.tgz back to local directory /temp. 6. Run upgrade_import to import the configuration.

Answer : 1. Insert the R77 CD-ROM and select the option to export the configuration using the latest upgrade utilities. 2. Follow steps suggested by upgrade_verification and re-export the configuration if needed. 3. Save the exported file *.tgz to a local directory c:/temp. 4. Uninstall all packages using Add/Remove Programs and reboot. 5. Install again using the R77 CD-ROM as a primary Security Management Server and reboot. 6. Run upgrade_import to import the configuration.

What step should you take before running migrate_export?


Options are :

  • Install policy and exit SmartDashboard.
  • Run a cpstop on the Security Gateway.
  • Run a cpstop on the Security Management Server.
  • Disconnect all GUI clients (Correct)

Answer : Disconnect all GUI clients

MegaCorp plans to upgrade all of its firewalls. Currently the corporation is a mixture of SecurePlatform and IPSO machines running R71, to the latest code level of GAiA. Many of the firewalls are using VTIs to allow advanced routing configuration to propagate through all the networks. What will the Acme company need to do to make sure VTIs will work once moved to GAiA?


Options are :

  • Move to Domain based routing as GAiA does not support VTIs.
  • Nothing specific as GAiA supports both numbered and unnumbered VTIs. (Correct)
  • Convert all the Secure Platform replacements to unnumbered VTIs.
  • Convert all of the IPSO replacements to numbered VTIs

Answer : Nothing specific as GAiA supports both numbered and unnumbered VTIs.

156-315.77 Check Point Certified Security Expert Exam Set 17

When restoring R77 using the command upgrade_import, which of the following items are NOT restored?


Options are :

  • Route tables (Correct)
  • Gateway topology
  • Licenses
  • User db

Answer : Route tables

A Minimal Effort Upgrade of a cluster:


Options are :

  • Upgrades all cluster members except one at the same time.
  • Requires breaking the cluster and upgrading members independently.
  • Is only supported in major releases (R70 to R71, R71 to R77).
  • Treats each individual cluster member as an individual gateway. (Correct)

Answer : Treats each individual cluster member as an individual gateway.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now