156-315.77 Check Point Certified Security Expert Exam Set 8

Which parts you can reset the VPN tunnel?


Options are :

  • VPN IKE SA delete VPN shell (Correct)
  • VPN tu command or monitor SmartView
  • None
  • SmartView track only
  • VPN tunnelutil or delete the IKE SA command to the VPN

Answer : VPN IKE SA delete VPN shell

Remote clients using IPSec VPN authenticates the LDAP server to connect to the organization. Each gateway process is responsible for authentication?


Options are :

  • FWM
  • vpnd (Correct)
  • None
  • cvpnd
  • fwd

Answer : vpnd

You have three gateways web-like community. Each of the VPN Domain is defined in the topology of the internal network tab setting all IP addresses behind the Gateway is based Topology information.You want to test the route-based VPN, so you created VTIs among the Gateways and created a static route entries VTIs. However, if you test your VPN, you can find out the VPN still have to go through the regular routed network configuration instead of a domain VTI tunnels.What is the problem and how do you make use of VTI VPN tunnels?


Options are :

  • One priority in the VPN route-based VTI. In order for the VPN VTI, remove the gateway entity from the eye and replaced by an asterisk community
  • None
  • Route-based VPN Domain VTI priority. Troubleshooting static route entries to ensure that they are correctly shows VTI gateway IP
  • Route-based VPN Domain VTI priority. In order for the VPN VTI, using a dynamic routing protocol such as OSPF or BGP route VTI address of the peer static routes instead of
  • One priority in the VPN route-based VTI. In order for the VPN VTI, use a blank group object for each of your gateway VPN Domain YS (Correct)

Answer : One priority in the VPN route-based VTI. In order for the VPN VTI, use a blank group object for each of your gateway VPN Domain YS

156-315.71 Check Point Security Expert R71 Practice Exam Set 4

Which of the following log files only contain information about the negotiation process, the encryption?


Options are :

  • iked.elg
  • None
  • vpnd.elg
  • vpn.elg
  • ike.elg (Correct)

Answer : ike.elg

Every Checkpoint ClusterXL space is used to synchronize the physical interface IP and MAC addresses of all the clustered interfaces.


Options are :

  • Pivot mode Load sharing
  • The new space HA (Correct)
  • None
  • Multicast Operation Mode Load sharing
  • Legacy Mode HA

Answer : The new space HA

Every menu to delete all of CRL's?


Options are :

  • None
  • vpn crl_zap (Correct)
  • cpstop / cpstart
  • vpn flushing
  • vpn crladmin

Answer : vpn crl_zap

Check Point Certified Security Expert Exam Set 7

Which graded parameters to help determine the protections to activate the safety and which can be safely disable? Select the most correct answer


Options are :

  • Type, severity, confidence level of deterioration in performance, Geo data.
  • None
  • Type, severity, confidence level of deterioration in performance.
  • Type, severity, confidence level of deterioration of performance, type Protection. (Correct)
  • The severity, confidence level of deterioration of performance, type Protection.

Answer : Type, severity, confidence level of deterioration of performance, type Protection.

When configuring a permanent tunnel, two gateways in a meshed VPN community, what is the target of the tunnel is managed?


Options are :

  • Only the local security gateway object
  • None
  • Each contributing Security Gateway object
  • Security Management Server
  • VPN Community object (Correct)

Answer : VPN Community object

Frank is concerned about the performance and wants to determine predispositions settings. Her gateway is not running Performance Pack. What does Frank have to do in order to configure these settings?


Options are :

  • Run sim affinity and change the settings
  • None
  • Affinity.conf to customize and change settings
  • Customize $ FWDIR / conf / fwaffinity.conf and change the settings (Correct)
  • Run FW affinity and change the settings

Answer : Customize $ FWDIR / conf / fwaffinity.conf and change the settings

156-315.71 Check Point Security Expert R71 Practice Exam Set 5

Checkpoint specify the QoS rule base two rules: the rule of HTTP with a weight of 40 and the default rule with a weight of 10. If the traffic passes through only the QoS module is an HTTP traffic, which is the percentage of bandwidth allocated to HTTP traffic?


Options are :

  • None
  • 40%
  • 50%
  • 80%
  • 100% (Correct)

Answer : 100%

Gaia, the operating system can be converted to 32-bit or 64-bit, with the proviso that the processor supports 64-bit. Which command to change the 64-bit.


Options are :

  • None
  • set 64 default ed.
  • Ed set the default 64-bit
  • set the bit rate of 64
  • specify the 64-bit edition (Correct)

Answer : specify the 64-bit edition

What is the most common reason for the Quick mode packet error 1 fail any suggestion Selected mistake?


Options are :

  • There is a connection problem.
  • None
  • In the past, created a permanent tunnel has failed.
  • OS and patch level one gateway does not respond to other
  • Encryption Strength settings and seal one peer does not respond to other (Correct)

Answer : Encryption Strength settings and seal one peer does not respond to other

156-215.70 Check Point Certified Security Administrator Exam Set 8

What type of VPN routing based VPN Tunnel Interface (VTI) for routing traffic?


Options are :

  • VPN subnet
  • Host-based VPN
  • Route-based VPN (Correct)
  • Domain-based VPN
  • None

Answer : Route-based VPN

What command VPN crl_zap do?


Options are :

  • Removes all of CRL's gateway cache (Correct)
  • Nothing is not a valid command
  • Deletes the CRL from the cache management
  • None
  • Removes VPN certificates from the cache

Answer : Removes all of CRL's gateway cache

Choose ClusterXL process, which is enabled by default configured as a critical device?


Options are :

  • fwd (Correct)
  • FWM
  • None
  • assld
  • cpp

Answer : fwd

Check Point Certified Security Expert Exam Set 8

How to check Check Point kernel running on the firewall?


Options are :

  • FW ctl get core
  • FW ctl Pstat
  • FW core
  • fw ver -k (Correct)
  • None

Answer : fw ver -k

MicroCorp experienced a security appliance failure. (LEDs on all NICs are turned off.) Age the unit requires that the RMA unit to be different models. Can Restore an existing photo to bring up and running in a new unit?


Options are :

  • No hardware required for installation support is selected. The snapshot stored in this state. (Correct)
  • There is no dynamic restart the update
  • None
  • Do not revert will probably not match your hard drive.
  • Yeah. Everything is dynamically updated reboot.

Answer : No hardware required for installation support is selected. The snapshot stored in this state.

How to Check Point recommended to ensure the sync interface gateways?


Options are :

  • Determine the synchronization of the network is operating in the DMZ.
  • Use a separate synchronization network (Correct)
  • Sync encrypts all traffic between the cluster members.
  • Attach each cluster synchronization interface Endpoint.
  • None

Answer : Use a separate synchronization network

Check Point Certified Security Expert Exam Set 9

SSL VPN remote clients authenticate the LDAP server to connect to the organization. Each gateway process is responsible for authentication?


Options are :

  • vpnd
  • FWM
  • None
  • fwd
  • cvpnd (Correct)

Answer : cvpnd

Which of the following verbose log files contain information about the negotiation process and the other encryption failures?


Options are :

  • vpn.elg
  • None
  • ike.elg
  • iked.elg
  • vpnd.elg (Correct)

Answer : vpnd.elg

Gaia is uncertain if any command, which will list all possible commands.


Options are :

  • show commands (Correct)
  • show configuration
  • None
  • to get all the commands
  • View all | grep commands

Answer : show commands

Check Point Certified Security Expert Exam Set 7

You have driven the firewall policy, and you do not have a firewall. Which command allows you to delete the current policy from the machine?


Options are :

  • None
  • FW purified active
  • FW apply policy
  • FW unloadlocal (Correct)
  • FW purge policy

Answer : FW unloadlocal

Katie has enabled the User Directory and applied the permission Security Management Server, green. Their supervisor has asked him to determine the strength of the password options to the least one number, one symbol, 8 characters long and contain uppercase letter. How did he achieve this?


Options are :

  • Open SmartDashboard, select Global Properties, click the Identity Awareness; Password boxes must be the top mark, Password must be a number, a password must be a symbol, and change the password length of 8 characters.
  • Open SmartDashboard, select Global Properties, select User Authority; Password boxes must be the top mark, Password must be a number and password must be a symbol.
  • Open SmartDashboard, select Global Properties, click User Directory, select the check boxes password must have uppercase character, the password must be a number, a password must be a symbol, and change the password length of 8 characters. (Correct)
  • None
  • Open SmartDashboard, select Global Properties, click User Directory, select the check boxes password must have uppercase character, the password must be a number, and a password must be a symbol.

Answer : Open SmartDashboard, select Global Properties, click User Directory, select the check boxes password must have uppercase character, the password must be a number, a password must be a symbol, and change the password length of 8 characters.

Which of the following is not an internal / native Checkpoint command?


Options are :

  • None
  • FW debug ctl
  • cphaprob
  • fwaccel site
  • tcpdump (Correct)

Answer : tcpdump

156-215.75 Check Point Certified Security Administrator Exam Set 6

Lilly is caused by IKE debug his Security Gateway. He has asked Jack to transfer the file to support. Where is the file located?


Options are :

  • None
  • $ FWDIR / log / ike.elg (Correct)
  • $ FWDIR / log / vpnd.elg
  • $ FWDIR / opt / ike.elg
  • $ FWDIR / opt / vpnd.elg

Answer : $ FWDIR / log / ike.elg

CPD is a key checkpoint process that makes all of the following EXCEPT:


Options are :

  • installation policy
  • SIC (Secure Internal Communication) functionality
  • None
  • Management High Availability (HA) synchronization (Correct)
  • AMON space to pull off Gateway

Answer : Management High Availability (HA) synchronization

What utility would you use to determine a route-based VPN?


Options are :

  • vpn set_slim_server
  • vpn shell (Correct)
  • vpn sw_topology
  • None
  • VPN tu

Answer : vpn shell

Check Point Certified Security Expert Exam Set 12

A process of performing authentication of the smart Dashboard is a:


Options are :

  • cpd
  • FWM (Correct)
  • vpnd
  • cvpnd
  • None

Answer : FWM

156-315.77 Check Point Certified Security Expert Exam Set 8

Usually when you upgrade from Security Management Server, you need to install and configure the new R76 installation on a new computer and then transfer to the database from the original machine.Which of the following statements are true?


Options are :

  • All product databases are included in the migration.
  • Security Management Server on the new machine must be equal or greater than the version of the original machine. (Correct)
  • None
  • Both machines must have the same number of connections has been installed and in use before the transfer can be trying.
  • The new machine should not be installed on more than the original Check Point Security Management Server.

Answer : Security Management Server on the new machine must be equal or greater than the version of the original machine.

Which of the following statements most accurately reflects upgrade_export command?


Options are :

  • None
  • .Used upgrading the security gateway, upgrade exports in cludes modified files, such as directories / lib and / conf.
  • Used primarily in updating the Security Management Server, upgrade to export to store all object databases and directories conf import of a newer version of Security Gateway. (Correct)
  • Update exports is used to upgrade the security gateway, and allows certain files can be included or excluded prior to export.
  • upgrade export-stores configuration data, objects, global capabilities, and database patches before upgrading Security Management Server.

Answer : Used primarily in updating the Security Management Server, upgrade to export to store all object databases and directories conf import of a newer version of Security Gateway.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions