156-515.65 Check Point Certified Security Expert Plus Exam Set 2

Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?


Options are :

  • Host-based VPN
  • All VPN types
  • Subnet-based VPN
  • Domain-based VPN
  • Route-based VPN (Correct)

Answer : Route-based VPN

The list below provides all the actions Check Point recommends to troubleshoot a problem with an NGX product. A. List Possible Causes B. Identify the Problem C. Collect Related Information D. Consult Various Reference Sources E. Test Causes Individually and Logically Select the answer that shows the order of the recommended actions that make up Check Point'stroubleshooting guidelines?


Options are :

  • B, C, A, E, D (Correct)
  • B, A, D, E, C
  • A, B, C, D, E
  • A, E, B, D, C
  • D, B, A, C, E

Answer : B, C, A, E, D

Assume you have a rule allowing HTTP traffic, on port 80, to a specific Web server in a Demilitarized Zone (DMZ). If an external host port scans the Web server's IP address, what information will be revealed?


Options are :

  • Port 80 is open on the Web server. (Correct)
  • All ports are open on the Security Server.
  • The Web server's file structure is revealed.
  • All ports are open on the Web server.
  • Nothing; the NGX Security Server automatically block all port scans.

Answer : Port 80 is open on the Web server.

156-315.77 Check Point Certified Security Expert Exam Set 3

A SecuRemote/SecureClient tunnel test uses which port?


Options are :

  • UDP 18321
  • TCP 18231
  • UDP 2746
  • UDP 18233
  • UDP 18234 (Correct)

Answer : UDP 18234

Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the Initial Policy?


Options are :

  • fw stat (Correct)
  • fw policy
  • fw monitor
  • cp stat
  • cp policy

Answer : fw stat

Which statement is true for route based VPNs?


Options are :

  • Route-based VPNs replace domain-based VPNs
  • Route-based VPNs are a form of partial overlap VPN Domain
  • Dynamic-routing protocols are not required (Correct)
  • Packets are encrypted or decrypted automatically
  • IP Pool NAT must be configured on each gateway

Answer : Dynamic-routing protocols are not required

Check Point Certified Security Administrator Set 2

ow can you view cpinfo on a SecurePlatform Pro machine?


Options are :

  • tcpdump
  • snoop -i
  • infoview
  • Text editor, such as vi (Correct)
  • infotab

Answer : Text editor, such as vi

Which files should be acquired from a Windows 2003 Server system crash with a Dr. Watson error?


Options are :

  • vmcore.log
  • memory.log
  • core.log
  • info.log
  • drwtsn32.log (Correct)

Answer : drwtsn32.log

Which of the following vpn debug options purges ike.elg and vpnd.elg, and creates a time stamp before starting ike debug and vpn debug at the same time?


Options are :

  • ikefail
  • ike on
  • timeon
  • mon
  • trunc (Correct)

Answer : trunc

156-215.77 Check Point Certified Security Administrator Exam Set 4

Which of the following types of information should an Administrator use tcpdump to view?


Options are :

  • DECnet traffic analysis
  • AppleTalk traffic analysis
  • VLAN trunking analysis
  • NAT traffic analysis
  • Packet-header analysis (Correct)

Answer : Packet-header analysis

NGX Wire Mode allows:


Options are :

  • Peer gateways to fail over existing VPN traffic, by avoiding Stateful Inspection. (Correct)
  • Peer gateways to establish a VPN connection automatically from predefined presharedsecrets.
  • Administrators to verify that each VPN-1 SecureClient is properly configured, before allowing itaccess to the protected domain.
  • Administrators to limit the number of simultaneous VPN connections, to reduce the traffic loadpassing through a Security Gateway.
  • Administrators to monitor VPN traffic for troubleshooting purposes.

Answer : Peer gateways to fail over existing VPN traffic, by avoiding Stateful Inspection.

156-315.77 Check Point Certified Security Expert Exam Set 13

If fwauth.NDB or fwauth.NDB# are corrupt, what will be the result?


Options are :

  • You will not be able to find any users in the SmartDashboard. (Correct)
  • You will not be able to authenticate to the SmartDashboard using the cpconfig createdAdministrator user.
  • You will not be able to push a policy.
  • SIC will fail.

Answer : You will not be able to find any users in the SmartDashboard.

Which of the following is a consequence of using the fw ctl debug all option?


Options are :

  • Loads step-by-step firewall data to a user-defined log file.
  • Option is not recommended because it fills the log buffer with likely irrelevant information. (Correct)
  • Writes limited amounts of data to the console.
  • No debug output will be collected since this is an invalid flag.
  • Provides state information for all ports.

Answer : Option is not recommended because it fills the log buffer with likely irrelevant information.

Which of the following explanations best describes the active log file $FWDIR/log/xx.logptr?


Options are :

  • Pointers to the beginning of each log record (Correct)
  • Real log records
  • Pointers to the beginning of each accounting record
  • Additional temporary pointer file
  • Pointers to the beginning of each log chain

Answer : Pointers to the beginning of each log record

156-315.77 Check Point Certified Security Expert Exam Set 3

Where should you run the cpinfo command in a distributed environment?


Options are :

  • SmartConsole only
  • Security Gateway only
  • Client behind the Security Gateway
  • SmartCenter Server only
  • SmartCenter Server and Security Gateways only (Correct)

Answer : SmartCenter Server and Security Gateways only

Which of the following commands is used to read messages in the debug buffer?


Options are :

  • fw ctl debug
  • fw ctl kdebug (Correct)
  • fw ctl debug uf

Answer : fw ctl kdebug

Exhibit: You create a FTP resource and select the Get check box. Which of the following actions are denied to users, on net-detroit, when using FTP to an external host when the rule action is "accept" and no other permissive ftp rule exists lower in the rule base?


Options are :

  • list
  • change
  • directory
  • mget
  • put (Correct)

Answer : put

156-315.77 Check Point Certified Security Expert Exam Set 5

Which of the following processes controls Secure Internal Communications, Policy installation, and shared-management capabilities between Check Point products and OPSEC-partner products?


Options are :

  • fwd
  • fwm
  • cpd (Correct)
  • fw monitor
  • fwsam

Answer : cpd

The fw ctl debug command is used primarily to troubleshoot _____ problems.


Options are :

  • OPSEC
  • Secure Internal Communications (SIC)
  • Logging
  • Policy-load
  • Kernel (Correct)

Answer : Kernel

If you save the fw monitor output with option, how do you view the output file afterwards?


Options are :

  • Ethereal (Correct)
  • SmartView Tracker
  • SmartView Monitor
  • WINWORD.EXE or OpenOffice
  • The output file is ASCII, so you can use your preferred ASCII editor.

Answer : Ethereal

Check Point Certified Security Expert Exam Set 5

Which one of these is a temporary pointer log file?


Options are :

  • $FWDIR/log/xx.logaccount_ptr
  • $FWDIR/log/xx.logptr
  • $FWDIR/log/xx.logLuuidDB (Correct)
  • $FWDIR/log/xx.log

Answer : $FWDIR/log/xx.logLuuidDB

156-315.65 Check Point Security Administration NGX R65 Exam Set 1

Setting snaplen to 0 will capture how much of the packet data?


Options are :

  • The first protocol level of the packet.
  • The first octet of the packet header.
  • None of the packet.
  • The whole packet. (Correct)

Answer : The whole packet.

The output of tcpdump is a binary file. Which of the following commands will write the tcpdump file into an ASCII file through std_out?


Options are :

  • tcpdump &> (Correct)
  • tcpdump *>
  • tcpdump ?>
  • tcpdump >
  • tcpdump %>

Answer : tcpdump &>

Which of the following explanations best describes the audit log file xx.adtloginitial_ptr?


Options are :

  • Audit log records
  • Pointers to the beginning of each accounting record
  • Pointers to the beginning of each log chain (Correct)
  • Pointers to the beginning of each log record
  • Additional temporary pointer file

Answer : Pointers to the beginning of each log chain

Check Point Certified Security Expert Exam Set 11

Which of the following commands can you run to view packet flow of a VPN-1 SecuRemote/SecureClient connection?


Options are :

  • cpd monitor
  • sc monitor
  • srfw monitor (Correct)
  • fw monitor
  • vpn monitor

Answer : srfw monitor

Which of the following fw monitor commands only captures traffic between IP addresses 192.168.11.1 and 10.10.10.1?


Options are :

  • fw monitor -e "accept src=192.168.11.1 or dst=192.168.11.1 or src=10.10.10.1 or dst=10.10.10.1;"
  • fw monitor -e "accept src=192.168.111 and dst=192.168.11.1; src=10.10.10.1 and dst=10.10.10.1;"
  • fw monitor -e "accept src=192.168.11.1 or dst=192.168.11.1; and src=10.10.10.1 or dst=10.10.10.1;"
  • fw monitor -e "accept (src=192.168.11.1 and dst=10.10.10.1) or (src=10.10.10.1 and dst=192.168.11.1);" (Correct)
  • fw monitor -e "accept src=192.168.11.1 or dst=192.168.11.1; src=10.10.10.1 or dst=10.10.10.1;"

Answer : fw monitor -e "accept (src=192.168.11.1 and dst=10.10.10.1) or (src=10.10.10.1 and dst=192.168.11.1);"

The virtual machine inspects each packet at the following points: -Before the virtual machine, in the inbound direction (i or PREIN) -After the virtual machine, in the inbound direction (I or POSTIN) -Before the virtual machine, in the outbound direction (o or PREOUT) -After the virtual machine, in the outbound direction (O or POSTOUT) If Ethereal displays a packet with i, I, o, and O entries, what does that likely indicate?


Options are :

  • Nothing unusual; the o and O entries only appear if there is a kernel-level error
  • The packet was rejected by the Rule Base.
  • The packet arrived at the kernel and left the Security Gateway successfully. (Correct)
  • The packet was rerouted by the Gateway's OS
  • The packet was destined for the Gateway.

Answer : The packet arrived at the kernel and left the Security Gateway successfully.

156-315.77 Check Point Certified Security Expert Exam Set 19

Steve tries to configure Directional VPN Rule Match in the Rule Base. However, the Match column does not have the option to see the Directional Match. Steve sees the following screen. What is the problem?


Options are :

  • Steve must enable directional_match(true) in the objects_5_0.C file on SmartCenter Server.
  • Steve must enable Advanced Routing on each Security Gateway
  • Steve must enable VPN Directional Match on the VPN advanced screen, in Global properties. (Correct)
  • Steve must enable a dynamic-routing protocol, such as OSPF, on the Gateways.
  • Steve must enable VPN Directional Match on the gateway object's VPN tab.

Answer : Steve must enable VPN Directional Match on the VPN advanced screen, in Global properties.

If you run only fw monitor without any parameters, where does the output display?


Options are :

  • In /tmp/log/monitor.out
  • In /var/adm/monitor.out
  • On the console (Correct)
  • In /var/log/monitor.out
  • In $FWDIR/bin

Answer : On the console

To stop the sr_service debug process, you must first stop VPN-1 SecureClient, delete which of the following files, and restart SecureClient?


Options are :

  • sr_auth.all
  • sr_service.all
  • sr_tde.all (Correct)
  • sr_users.all
  • sr_topo.all

Answer : sr_tde.all

156-315.77 Check Point Certified Security Expert Exam Set 1

To start both vpnd.elg and ike.elg, which single vpn debug command would you use?


Options are :

  • vpn debug vpnd.elg +ike
  • vpn debug trunc (Correct)
  • vpn debug ikeon
  • vpn tu
  • vpn debug ikeinit

Answer : vpn debug trunc

Pulling Certificates from an ICA uses which port?


Options are :

  • Port 18211
  • Port 18212
  • Port 18209
  • Port 18210 (Correct)

Answer : Port 18210

When collecting information relating to the perceived problem, what is the most important question to ask?


Options are :

  • What action or state am I trying to achieve?
  • Under what circumstances does this problem occur? (Correct)
  • Is this problem repeatable?
  • Is this problem software or hardware related?
  • Does the problem appear random or can you establish a pattern?

Answer : Under what circumstances does this problem occur?

156-315.77 Check Point Certified Security Expert Exam Set 15

When VPN-1 NGX starts after reboot, with no installed Security Policy, which of these occurs?


Options are :

  • All traffic except SmartConsole/SmartCenter Server connections is blocked. (Correct)
  • All traffic except SmartDefense Console connections is blocked.
  • All traffic is allowed.
  • All traffic is blocked
  • All traffic except HTTP connections is blocked.

Answer : All traffic except SmartConsole/SmartCenter Server connections is blocked.

Which of the following commands would you run to debug a VPN connection?


Options are :

  • debug vpn ike on
  • vpn debug ike
  • vpn debug ikeon (Correct)
  • debug vpn ike
  • debug vpn ikeon

Answer : vpn debug ikeon

Which file provides the data for the host_table output, and is responsible for keeping a record of all internal IPs passing through the internal interfaces of a restricted hosts licensed Security Gateway?


Options are :

  • fwd.h (Correct)
  • fwconn.h
  • hosts.h
  • external.if
  • hosts

Answer : fwd.h

Check Point Certified Security Expert Exam Set 3

Gus is troubleshooting a problem with SMTP. He has enabled debugging on his Security Gateway and needs to copy the *.elg files into an archive to send to Check Point Support. Which of the following files does Gus NOT need to send?


Options are :

  • asmtpd.elg
  • fwd.elg
  • mdq.elg
  • diffserv.elg (Correct)

Answer : diffserv.elg

fw monitor packets are collected from the kernel in a buffer. What happens if the buffer becomes full?


Options are :

  • The information in the buffer is saved and packet capture continues, with new data stored inthe buffer.
  • All packets in it are deleted, and the buffer begins filling from the beginning. (Correct)
  • Packet capture stops.
  • Older packet information is dropped as new packet information is added.

Answer : All packets in it are deleted, and the buffer begins filling from the beginning.

VPN debugging information is written to which of the following files?


Options are :

  • FWDIR/log/fw.elg
  • FWDIR/log/ahttpd.elg
  • $FWDIR/log/ike.elg (Correct)
  • FWDIR/log/authd.elg
  • FWDIR/log/vpn.elg

Answer : $FWDIR/log/ike.elg

156-315.77 Check Point Certified Security Expert Exam Set 2

You modified the *def file on your Security Gateway, but the changes were not applied. Why?


Options are :

  • You did not have the proper authority.
  • The *.def file on the Gateway is read-only.
  • There is more than one *.def file on the Gateway.
  • *.def files must be modified on the SmartCenter Server. (Correct)

Answer : *.def files must be modified on the SmartCenter Server.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions