156-515.65 Check Point Certified Security Expert Plus Exam Set 1

When Network Address Translation is used:


Options are :

  • The Security Gateway's ARP file must be modified.
  • It is not necessary to add a static route to the Gateway's routing table. (Correct)
  • It is necessary to add a static route to the Gateway's routing table.
  • VLAN tagging cannot be defined for any hosts protected by the Gateway
  • The Gateway's lmhosts file must be modified.

Answer : It is not necessary to add a static route to the Gateway's routing table.

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

You have implemented a Check Point High Availability solution. You have defined a Gateway Cluster and a group of Security Gateways with synchronized state tables. If the active Security Gateway fails, what happens?


Options are :

  • Clear text connections survive the failure. Encrypted connections must be reestablished.
  • All connections must be re-established with the Security Gateway that assumes control.
  • The control network is flooded with synchronization packets.
  • The remaining Security Gateway force an election to determine who takes over.
  • Encrypted and clear text connections fail over to the Security Gateway that assumes control. (Correct)

Answer : Encrypted and clear text connections fail over to the Security Gateway that assumes control.

In some circumstances, adjusting the number of Security Servers spawned may help in troubleshooting performance issues. Which of the following files would you edit to achieve this?


Options are :

  • fwssd.conf
  • fwd.conf
  • fwm.conf
  • fwauthd.conf (Correct)
  • fwx.conf

Answer : fwauthd.conf

To troubleshoot SmartDashboard issues, you run the command: fw debug fwm on TDERRR_ALL_ALL=4. What does this command do?


Options are :

  • Appends the process-identifier number to the core filename.
  • Sets the fwm to debug on the fly. (Correct)
  • Includes special debugging options for FW1_LOG.
  • Nothing, fwm is not the correct process to debug any known SmartDashboard issues.
  • Captures traffic, including UUID.

Answer : Sets the fwm to debug on the fly.

Check Point Certified Security Administrator Set 1

You have installed SecurePlatform R60 as Security Gateway operating system. As company requirements changed, you need the VTI features of NGX. What should you do?


Options are :

  • Type "pro enable" on your Security Gateway and reboot it (Correct)
  • Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokiaappliances
  • In SmartDashboard click on the OS drop down menu and choose SecurePlatform Pro. Youhave to reboot the Security Gateway in order for the change to take effect
  • You have to re-install your Security Gateway with SecurePlatform Pro R60, as SecurePlatform R60 does not support VTIs
  • Nothing, because SPLAT R60 does support VTIs

Answer : Type "pro enable" on your Security Gateway and reboot it

To cross-reference srfw monitor output what should you do?


Options are :

  • run fw monitor from the Gateway. (Correct)
  • run fw monitor and compare against a known good baseline.
  • run fw monitor on the client.
  • restart the client and run srfw monitor a second time.
  • run srfw monitor a second time.

Answer : run fw monitor from the Gateway.

What does it indicate when a cluster state is "Active attention"?


Options are :

  • Cluster members are running different versions: The newer version member is in the readystate, while the older version member is in the active state.
  • Both cluster members are up and ready.
  • The cluster member is booting: ClusterXL is running, but VPN-1/ NGX is not yet ready.
  • Traffic is being passed, but a problem has been detected: There are no other active members in the cluster. (Correct)

Answer : Traffic is being passed, but a problem has been detected: There are no other active members in the cluster.

Check Point Certified Security Administrator Set 2

How do you run fw ctl debug, to see all information about a cluster?


Options are :

  • fw ctl debug cluster all fw ctl debug > output fw ctl debug uf 1024
  • fw ctl debug on fw ctl debug cluster all fw ctl kdebug > output
  • fw ctl pstat fw ctl debug all fw ctl debug > out
  • fw ctl debug uf 1024 fw ctl debug cluster all fw ctl kdebug > output (Correct)
  • fw ctl debug on fw ctl debug uf 1024 fw ctl debug cluster all fw ctl kdebug > output

Answer : fw ctl debug uf 1024 fw ctl debug cluster all fw ctl kdebug > output

How does fw monitor differ from the INSPECT filter?


Options are :

  • fw monitor captures all packets on the network segment to which an interface is attached. The INSPECT filter implements the Rule Base.
  • fw monitor is a command-line utility that can be used for packet-header analysis, while the INSPECT filter implements the Rule Base.
  • fw monitor allows Administrators to view how traffic would be filtered through a specific Rule Base, if implemented. The INSPECT filter implements the Rule Base.
  • fw monitor tracks changes made to the Rule Base. The INSPECT filter implements the RuleBase.
  • fw monitor monitors traffic passing through a Security Gateway's interfaces. The INSPECTfilter implements the Rule Base. (Correct)

Answer : fw monitor monitors traffic passing through a Security Gateway's interfaces. The INSPECTfilter implements the Rule Base.

You use -0 to set the number of processes to be spawned when troubleshooting Security Server. How many will be spawned?


Options are :

  • The parent process will now spawn the child processes as needed. (Correct)
  • The parent process will not spawn the child processes.
  • The parent process will spawn up to 10000 child processes.
  • No processes will be spawned.

Answer : The parent process will now spawn the child processes as needed.

Check Point Certified Security Administrator Set 3

Policy Server login and Desktop Policy installation will kill which of the following processes on the client machine?


Options are :

  • cpd
  • fw monitor
  • fwd
  • srfw monitor (Correct)
  • fwm

Answer : srfw monitor

When you verify IP forwarding on SecurePlatform Pro using the command more /proc/sys/net/ipv4/ip_forward, what value should stored in the resulting file?


Options are :

  • 0
  • Y
  • 1 (Correct)
  • P
  • 4

Answer : 1

Resource rules that accept HTTP, FTP, and SMTP must:


Options are :

  • Be placed before rules that deny these services.
  • Be placed after rules that deny these services.
  • Replace rules that accept these services.
  • Be placed before rules that accept these services. (Correct)
  • Be placed after rules that accept these services.

Answer : Be placed before rules that accept these services.

Check Point Certified Security Administrator Set 4

userc.C is populated on the SecuRemote/SecureClient during what stage of the SecuRemote/SecureClient packet flow.


Options are :

  • When connecting/encrypting data.
  • When creating a site. (Correct)
  • When connecting/resolving Gateway IP
  • When connecting/IKE negotiation.

Answer : When creating a site.

Which of these issues would you use fw debug fwm as the primary debugging command for troubleshooting?


Options are :

  • Kernel communication issues
  • Policy save issues (Correct)
  • Alerts
  • Logging issues
  • Blocked port issues

Answer : Policy save issues

After a sudden spike in traffic, you receive this system log file message: "kernel: FW-1: Log buffer is full". Which is NOT a solution?


Options are :

  • Disable logging
  • Reconfigure the minimum disk space "stop logging" threshold. (Correct)
  • Increase the log buffer size.
  • Decrease the amount of logging.

Answer : Reconfigure the minimum disk space "stop logging" threshold.

Check Point Certified Security Administrator Set 5

When setting up a High Availability solution using ClusterXL, on which network objects do you define VPN properties?


Options are :

  • On the networks
  • On the Gateway Cluster (Correct)
  • On the synchronization interface
  • On each Security Gateway in the Gateway Cluster
  • On the Management Server

Answer : On the Gateway Cluster

Each module within the NGX kernel contains specific debugging flags. Which of the statements is true concerning kernel-debug flags?


Options are :

  • Each flag is generic and cannot be modified to produce varying levels of information.
  • Debug flags cannot be disabled.
  • Debugging flags can be configured to produce varying levels of information. (Correct)
  • Debug flags require an administrator to set them.
  • Debugging flags are universal across all modules.

Answer : Debugging flags can be configured to produce varying levels of information.

How do you disable all fw debug logging?


Options are :

  • fw ctl debug
  • fw ctl debug (Correct)
  • fw ctl debug uf

Answer : fw ctl debug

Check Point Certified Security Expert Exam Set 1

Which native UNIX utility displays fw monitor output on Solaris?


Options are :

  • Ethereal
  • CapView
  • snoop -i (lowercase) (Correct)
  • tcpdump
  • snoop (lowercase)

Answer : snoop -i (lowercase)

The following is part of a fw ctl pstat output. How much kernel memory is assigned to this system?


Options are :

  • 37 MB
  • 6 MB
  • 12 MB
  • 20 MB (Correct)
  • 5 MB

Answer : 20 MB

What can you do in the advanced mode of GuiDbEdit Query that you cannot do in the simple mode?


Options are :

  • Query by table name.
  • Query by object name.
  • Run a CPMI Query. (Correct)
  • Log when modifications are made.

Answer : Run a CPMI Query.

Check Point Certified Security Expert Exam Set 10

Exhibit: Joey downloads the following Desktop Security Policy to his laptop, and successfully logs in to the Policy Server. Joey then disconnects from the VPN-1 Policy Server. What happens to Joey's laptop?


Options are :

  • A default Desktop Security Policy is loaded on Joey's laptop, which opens up inbound andoutbound connections.
  • There is no default Desktop Security Policy, unless the client connects to the SecurityGateway.
  • A default Desktop Security Policy is loaded on Joey's laptop, which allows Joey to connect tothe Internet. Joey cannot receive any inbound traffic. (Correct)
  • A default Desktop Security Policy is loaded on Joey's laptop, which allows Joey to connect toanywhere, except the Policy Server site's VPN Domain.
  • A default Desktop Security Policy is loaded on Joey's laptop, which allows everyone from theInternet access to Joey's machine. Joey cannot connect to the Internet.

Answer : A default Desktop Security Policy is loaded on Joey's laptop, which allows Joey to connect tothe Internet. Joey cannot receive any inbound traffic.

Which of the following processes is responsible for Policy related functions and communication between a SmartConsole and SmartCenter Server?


Options are :

  • fw monitor
  • cpd
  • fw sam
  • fwd
  • fwm (Correct)

Answer : fwm

When you run the fw monitor -e "accept;" command, what type of traffic is captured?


Options are :

  • All traffic coming in all directions, before and after inbound and outbound kernels. (Correct)
  • All traffic accepted by the Rule Base.
  • Only inbound traffic, before and after the inbound kernel.
  • Only outbound traffic, before and after the outbound kernel.
  • Only inbound traffic, before and after inbound and outbound kernels.

Answer : All traffic coming in all directions, before and after inbound and outbound kernels.

Check Point Certified Security Expert Exam Set 11

You use fwm to input the following command: fwm lock_admin A. What does this command do?


Options are :

  • Uninstalls all Administrators, except the default Administrator
  • Sets the access level of Administrators to "all-access"
  • Locks all Administrator accounts
  • Unlocks all Administrator accounts (Correct)

Answer : Unlocks all Administrator accounts

Gill Bates is in charge of a large enterprise, which requires VPN connections between offices around the world. To achieve this Gill decides to use a dynamic routing protocol to make sure all offices are connected through the VPN community using tunnel interfaces among all peers. Nothing is configured in vpn_route.conf. However, Gill is experiencing connectivity problems and when examining the logs he discovers multiple "out of state" drops. What is the most likely cause of and solution to this problem?


Options are :

  • The firewall security policy drops the traffic. Gill should introduce a Directional VPN rule toallow the VPN traffic
  • In this configuration, NAT is necessary for traffic to be routed correctly. IP pool NAT should beconfigured on each gateway
  • The dynamic routing protocol introduces asymmetric routing in Gill's VPN community. Gillshould use wire mode on the VPN tunnel interfaces (Correct)
  • Asymmetric routing will happen if nothing has been configured in vpn_route.conf. The vpn_route.conf should be configured to prevent asymmetric routing

Answer : The dynamic routing protocol introduces asymmetric routing in Gill's VPN community. Gillshould use wire mode on the VPN tunnel interfaces

Which of the following explanations best describes the command fw lslogs?


Options are :

  • Create a new log file. The old log has moved.
  • Display a remote machine's log-file list. (Correct)
  • Control kernel.
  • Display protected hosts.
  • Send signal to a daemon.

Answer : Display a remote machine's log-file list.

Check Point Certified Security Expert Exam Set 12

Which of the following commands shows full synchronization status?


Options are :

  • cphastop
  • fw hastat
  • cphaprob -I list (Correct)
  • fw ctl stat
  • cphaprob -a if

Answer : cphaprob -I list

After configuring ClusterXL, where do you install the Security Policy?


Options are :

  • Policy installation is not required after configuring ClusterXL. This is automatic in NGX
  • On the Gateway Cluster (Correct)
  • On the backup Security Gateway
  • On each Security Gateway in the Gateway Cluster
  • On the Management Server

Answer : On the Gateway Cluster

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now