Check Point Certified Security Expert Exam Set 1

You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean?


Options are :

  • CCP packets couldn't be sent to or didn't arrive from neighbor member (Correct)
  • The cluster link is down
  • The physical interface is down
  • The physical interface is administratively set to DOWN.

Answer : CCP packets couldn't be sent to or didn't arrive from neighbor member

156-315.77 Check Point Certified Security Expert Exam Set 22

During a Security Management Server migrate export, the system:


Options are :

  • Creates a backup file that includes the SmartReporter database
  • Saves all system settings and Check Point product configuration settings to a file.
  • Creates a backup file that includes the SmartEvent database.
  • Creates a backup archive for all the Check Point configuration settings. (Correct)

Answer : Creates a backup archive for all the Check Point configuration settings.

A Full Connectivity Upgrade of a cluster:


Options are :

  • Is only supported in minor version upgrades (R70 to R71, R71 to R77). (Correct)
  • Treats each individual cluster member as an individual gateway.
  • Upgrades all cluster members except one at the same time
  • Requires breaking the cluster and upgrading members independently.

Answer : Is only supported in minor version upgrades (R70 to R71, R71 to R77).

Fill in the blank.

Type the command and syntax to configure the Cluster Control Protocol (CCP) to use Broadcast


Options are :

  • cphaconf set_ccp broadcast (Correct)
  • fw ctl setsync off
  • cphaprob state
  • cphaprob -ia list

Answer : cphaconf set_ccp broadcast

Check Point Certified Security Expert Exam Set 3

Fill in the blank.

Write the full fw command and syntax that you would use to troubleshoot ClusterXL sync issues.


Options are :

  • fw tab -t connections -u
  • fw tab -s -t connections (Correct)
  • fw tab -t connections
  • fw tab -t connections -s

Answer : fw tab -s -t connections

Fill in the blank.

Complete this statement. To save interface information before upgrading a Windows Gateway, use command


Options are :

  • cphaconf set_ccp multicast
  • ipconfig -a > [filename].txt (Correct)
  • ifconfig > [filename].txt
  • set_ccp broadcast

Answer : ipconfig -a > [filename].txt

If no flags are defined during a back up on the Security Management Server, where does the system store the *.tgz file?


Options are :

  • /var/CPbackup/backups (Correct)
  • /var/tmp/backups
  • /var/backups
  • /var/opt/backups

Answer : /var/CPbackup/backups

Check Point Certified Security Expert Exam Set 8

Which command would you use to save the interface information before upgrading a GAiA Gateway?


Options are :

  • ipconfig –a > [filename].txt
  • netstat –rn > [filename].txt
  • cp /etc/sysconfig/network.C [location]
  • ifconfig > [filename].txt (Correct)

Answer : ifconfig > [filename].txt

Select the command set best used to verify proper failover function of a new ClusterXL configuration.


Options are :

  • reboot
  • cpstop/cpstart
  • clusterXL_admin down / clusterXL_admin up (Correct)
  • cphaprob -d failDevice -s problem -t 0 register / cphaprob -d failDevice unregister

Answer : clusterXL_admin down / clusterXL_admin up

Fill in the blank.

To verify SecureXL statistics, you would use the command _____.


Options are :

  • fwaccel stats (Correct)
  • fwaccel on
  • cligated
  • fwaccel off

Answer : fwaccel stats

156-315.65 Check Point Security Administration NGX R65 Exam Set 1

To run GAiA in 64bit mode, which of the following is true?

1) Run set edition default 64-bit.

2) Install more than 4 GB RAM.

3) Install more than 4 TB of Hard Disk.


Options are :

  • 1 and 2 (Correct)
  • 1 and 3
  • 1, 2, and 3
  • 2 and 3

Answer : 1 and 2

You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four machines with the following configurations:

Cluster Member 1: OS - GAiA; NICs - QuadCard; Memory - 1 GB; Security Gateway only, version: R77

Cluster Member 2: OS - GAiA; NICs - 4 Intel 3Com; Memory - 1 GB; Security Gateway only, version: R77

Cluster Member 3: OS - GAiA; NICs - 4 other manufacturers; Memory: 512 MB; Security Gateway only, version: R77

Security Management Server: MS Windows 2008; NIC - Intel NIC (1); Security Gateway and primary Security Management Server installed, version: R77

Are these machines correctly configured for a ClusterXL deployment?


Options are :

  • Yes, these machines are configured correctly for a ClusterXL deployment (Correct)
  • No, the Security Management Server is not running the same operating system as the cluster members.
  • No, Cluster Member 3 does not have the required memory
  • No, the Security Gateway cannot be installed on the Security Management Pro Server

Answer : Yes, these machines are configured correctly for a ClusterXL deployment

Which Check Point tool allows you to open a debug file and see the VPN packet exchange details


Options are :

  • PacketDebug.exe
  • IkeView.exe (Correct)
  • VPNDebugger.exe
  • IPSECDebug.exe

Answer : IkeView.exe

156-315.77 Check Point Certified Security Expert Exam Set 6

_____ is the called process that starts when opening SmartView Tracker application


Options are :

  • CPLMD (Correct)
  • fwlogd
  • ogtrackerd
  • FWM

Answer : CPLMD

Can you implement a complete R77 IPv6 deployment without IPv4 addresses?


Options are :

  • Yes, There is no requirement for managing IPv4 addresses (Correct)
  • Yes. Only one TCP stack (IPv6 or IPv4) can be used at the same time
  • No. SmartCenter cannot be accessed from everywhere on the Internet
  • No. IPv4 addresses are required for management

Answer : Yes, There is no requirement for managing IPv4 addresses

You are troubleshooting a HTTP connection problem. You've started fw monitor -o http.pcap. When you open http.pcap with Wireshark there is only one line. What is the most likely reason?


Options are :

  • fw monitor was restricted to the wrong interface.
  • By default only SYN pakets are captured
  • Acceleration was turned on and therefore fw monitor sees only SYN. (Correct)
  • Like SmartView Tracker only the first packet of a connection will be captured by fw monitor

Answer : Acceleration was turned on and therefore fw monitor sees only SYN.

Check Point Certified Security Expert Exam Set 3

Fill in the blank.

Type the full fw command and syntax that will show full synchronization status


Options are :

  • cphaprob state
  • cphaprob -i list
  • fw ctl pstat (Correct)
  • fw ctl setsync off

Answer : fw ctl pstat

Which is NOT a valid option when upgrading Cluster Deployments?


Options are :

  • Minimal Effort Upgrade
  • Full Connectivity Upgrade
  • Zero Downtime
  • Fast path Upgrade (Correct)

Answer : Fast path Upgrade

MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R77 installation. You must propose a plan that meets the following required and desired objectives:

Required: Security Policy repository must be backed up no less frequently than every 24 hours.

Desired: Back up R77 components enforcing the Security Policies at least once a week.

Desired: Back up R77 logs at least once a week.

You develop a disaster recovery plan proposing the following:

Use the utility cron to run the command upgrade_export each night on the Security Management Servers.

Configure the organization's routine backup software to back up files created by the command upgrade_export.

Configure GAiA back up utility to back up Security Gateways every Saturday night.

Use the utility cron to run the command upgrade_export each Saturday night on the log servers.

Configure an automatic, nightly logswitch.

Configure the organization's routine back up software to back up the switched logs every night.

The corporate IT change review committee decides your plan:


Options are :

  • meets the rquired objective but does not meet either deisred objective
  • meets the required objective and only one desired objective
  • meets the required objective and both desired objectives (Correct)
  • does not meet the required objective

Answer : meets the required objective and both desired objectives

Check Point Certified Security Expert Exam Set 10

Fill in the blank.

Type the command and syntax that you would use to view the virtual cluster interfaces of a ClusterXL environment.


Options are :

  • cphaprob -a if (Correct)
  • cphaprob -ia list
  • fw ctl setsync off
  • cphaprob state

Answer : cphaprob -a if

Typically, when you upgrade the Security Management Server, you install and configure a fresh R77 installation on a new computer and then migrate the database from the original machine. When doing this, what is required of the two machines? They must both have the same:


Options are :

  • State.
  • Patch level
  • Products installed (Correct)
  • Interfaces configured

Answer : Products installed

What process manages the dynamic routing protocols (OSPF, RIP, etc.) on GAiA?


Options are :

  • gated (Correct)
  • There's no separate process, but the Linux default router can take care of that.
  • arouted
  • routerd

Answer : gated

156-515.65 Check Point Certified Security Expert Plus Exam Set 1

Fill in the blank.

Type the full cphaprob command and syntax that will show full synchronization status


Options are :

  • fw ctl setsync off
  • fw ctl pstat
  • cphaprob state
  • cphaprob -i list (Correct)

Answer : cphaprob -i list

How do you enable SecureXL (command line) on GAiA?


Options are :

  • fwaccel on (Correct)
  • fw securexl on
  • fwsecurexl on
  • fw accel on

Answer : fwaccel on

MegaCorp is using SmartCenter Server with several gateways. Their requirements result in a heavy log load. Would it be feasible to add the SmartEvent Correlation Unit and SmartEvent Server to their SmartCenter Server?


Options are :

  • No. If SmartCenter is already under stress, the use of a separate server for SmartEvent is recommended. (Correct)
  • No. SmartCenter SIC will interfere with the function of SmartEvent
  • Yes. SmartEvent must be installed on your SmartCenter Server.
  • No, SmartEvent and Smartcenter cannot be installed on the same machine at the same time.

Answer : No. If SmartCenter is already under stress, the use of a separate server for SmartEvent is recommended.

156-215.70 Check Point Certified Security Administrator Exam Set 2

Fill in the blank.

What is the correct command and syntax used to view a connection table summary on a Check Point Firewall?


Options are :

  • fw tab -t connections -s (Correct)
  • fw -i 2 tab -t connections -s
  • fw -i 0 tab -t connections -s
  • fw -i 1 tab -t connections -s

Answer : fw tab -t connections -s

Which command would you use to save the routing information before upgrading a Windows Gateway?


Options are :

  • ifconfig > [filename].txt
  • cp /etc/sysconfig/network.C [location]
  • netstat –rn > [filename].txt (Correct)
  • ipconfig –a > [filename].txt

Answer : netstat –rn > [filename].txt

Which of the following is NOT a valid way to view interface’s IP address settings in GAiA?


Options are :

  • Via the command show configuration in CLISH
  • Viewing the file /config/active (Correct)
  • Using the command ethtool in Expert Mode
  • Via the Gaia WebUI

Answer : Viewing the file /config/active

156-315.77 Check Point Certified Security Expert Exam Set 8

Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL) connections with the LDAP Server is


Options are :

  • 646
  • 666
  • 636 (Correct)
  • 656

Answer : 636

Fill in the blank.

Type the command and syntax to view critical devices on a cluster member in a ClusterXL environment.


Options are :

  • cphaprob -a if
  • cphaprob state
  • cphaprob -ia list (Correct)
  • cphaconf set_ccp broadcast

Answer : cphaprob -ia list

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions