Check Point Certified Security Expert Exam Set 10

A ClusterXL configuration is limited to _____ members


Options are :

  • 2
  • 8 (Correct)
  • There is no limit.
  • 16

Answer : 8

156-315.77 Check Point Certified Security Expert Exam Set 6

Which of the following is NOT a LDAP server option in SmartDirectory?


Options are :

  • Standard_DS (Correct)
  • Novell_DS
  • OPSEC_DS
  • Netscape_DS

Answer : Standard_DS

In a Cluster, some features such as VPN only function properly when:


Options are :

  • all cluster members have the same number of interfaces configured
  • all cluster members have the same policy.
  • all cluster members have the same Hot Fix Accumulator pack installed
  • all cluster membersí clocks are synchronized (Correct)

Answer : all cluster membersí clocks are synchronized

_____ is a proprietary Check Point protocol. It is the basis for Check Point ClusterXL inter-module communication.


Options are :

  • CKPP
  • CPHA
  • CPP
  • CCP (Correct)

Answer : CCP

156-315.77 Check Point Certified Security Expert Exam Set 11

Included in the customerís network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He is not sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.


Options are :

  • The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to configure it with the clusterXL_SDF_enable command
  • Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products (Correct)
  • ClusterXL always supports the Sticky Decision Function in the Load Sharing mode
  • The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to enable the Sticky Decision Function in the SmartDashboard cluster object in the ClusterXL page, Advanced Load Sharing Configuration window.

Answer : Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products

A connection is said to be Sticky when:


Options are :

  • A connection is not terminated by either side by FIN or RST packet.
  • All the connection packets are handled, in either direction, by a single cluster member. (Correct)
  • The connection information sticks in the connection table even after the connection has ended.
  • A copy of each packet in the connection sticks in the connection table until a corresponding reply packet is received from the other side

Answer : All the connection packets are handled, in either direction, by a single cluster member.

How does a cluster member take over the VIP after a failover event?


Options are :

  • Gratuitous ARP (Correct)
  • Broadcast storm
  • arp -s
  • Ping the sync interface

Answer : Gratuitous ARP

156-315.77 Check Point Certified Security Expert Exam Set 10

If your firewall is performing a lot of IPS inspection and the CPUs assigned to fw_worker_thread are at or near 100%, which of the following could you do to improve performance?


Options are :

  • Add more Disk Drives
  • Add more RAM to the system.
  • Assign more CPU cores to CoreXL (Correct)
  • Assign more CPU cores to SecureXL

Answer : Assign more CPU cores to CoreXL

When synchronizing clusters, which of the following statements is NOT true?


Options are :

  • Only cluster members running on the same OS platform can be synchronized
  • An SMTP resource connection using CVP will be maintained by the cluster (Correct)
  • User Authentication connections will be lost by the cluster
  • In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.

Answer : An SMTP resource connection using CVP will be maintained by the cluster

Can the smallest appliance handle all Blades simultaneously?


Options are :

  • It depends on required SPU for customer environment. (Correct)
  • Depends on number of concurrent sessions
  • Depends on the number of protected clients and throughput.
  • Firewall throughput is the only relevant factor.

Answer : It depends on required SPU for customer environment.

156-215.75 Check Point Certified Security Administrator Exam Set 8

Each entry in SmartDirectory has a unique _____.


Options are :

  • Container
  • Organizational Unit
  • Distinguished Name (Correct)
  • Schema

Answer : Distinguished Name

The set of rules that governs the types of objects in the directory and their associated attributes is called the:


Options are :

  • Smart Database
  • Access Control List
  • Schema (Correct)
  • LDAP Policy

Answer : Schema

When using ClusterXL in Load Sharing, what is the default sharing method based on?


Options are :

  • IPs, SPIs
  • IPs
  • IPs, Ports
  • IPs, Ports, SPIs (Correct)

Answer : IPs, Ports, SPIs

156-315.77 Check Point Certified Security Expert Exam Set 5

Which of the following is NOT a feature of ClusterXL?


Options are :

  • Transparent upgrades
  • Transparent failover in case of device failures
  • Zero downtime for mission-critical environments with State Synchronization
  • Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway) (Correct)

Answer : Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway)

Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.


Options are :

  • Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
  • Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit (Correct)
  • Configure a server object for the LDAP Account Unit, and create an LDAP resource object
  • Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.

Answer : Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit

Which statements about Management HA are correct?

1) Primary SmartCenter describes first installed SmartCenter

2) Active SmartCenter is always used to administrate with SmartConsole

3) Active SmartCenter describes first installed SmartCenter

4) Primary SmartCenter is always used to administrate with SmartConsole


Options are :

  • 1 and 4
  • 1 and 2 (Correct)
  • 3 and 4
  • 2 and 3

Answer : 1 and 2

Check Point Certified Security Administrator Set 1

When a packet is flowing through the security gateway, which one of the following is a valid inspection path?


Options are :

  • Acceleration Path
  • Firewall Path
  • Small Path
  • Medium Path (Correct)

Answer : Medium Path

Which describes the function of the account unit?


Options are :

  • An Account Unit is the administration account on the LDAP server that SmartDirectory uses to access to (LDAP) server
  • An Account Unit is the Check Point account that SmartDirectory uses to access an (LDAP) server
  • An Account Unit is a system account on the Check Point gateway that SmartDirectory uses to access an (LDAP) server
  • An Account Unit is the interface which allows interaction between the Security Management server and Security Gateways, and the SmartDirectory (LDAP) server. (Correct)

Answer : An Account Unit is the interface which allows interaction between the Security Management server and Security Gateways, and the SmartDirectory (LDAP) server.

_____ is NOT a ClusterXL mode


Options are :

  • New
  • Legacy
  • Broadcast (Correct)
  • Unicast

Answer : Broadcast

Check Point Certified Security Expert Exam Set 12

Which process is responsible for delta synchronization in ClusterXL?


Options are :

  • fw kernel on the Security Gateway (Correct)
  • fwd process on the Security Gateway
  • cpd process on the Security Gateway
  • Clustering process on the Security Gateway

Answer : fw kernel on the Security Gateway

Where multiple SmartDirectory servers exist in an organization, a query from one of the clients for user information is made to the servers based on a priority. By what category can this priority be defined?


Options are :

  • Gateway or Domain
  • Gateway or Account Unit (Correct)
  • Location or Account Unit
  • Location or Domain

Answer : Gateway or Account Unit

When using SmartDashboard to manage existing users in SmartDirectory, when are the changes applied?


Options are :

  • At database synchronization
  • At policy installation
  • Instantaneously (Correct)
  • Never, you cannot manage users through SmartDashboard

Answer : Instantaneously

156-315.77 Check Point Certified Security Expert Exam Set 9

In SmartDirectory, what is each LDAP server called?


Options are :

  • LDAP Server
  • Account Unit (Correct)
  • LDAP Unit
  • Account Server

Answer : Account Unit

How frequently does CPSIZEME run by default?


Options are :

  • 1 hour
  • weekly
  • 24 hours (Correct)
  • 12 hours

Answer : 24 hours

What is the supported ClusterXL configuration when configuring a cluster synchronization network on a VLAN interface?


Options are :

  • It is not supported on a VLAN tag.
  • It is supported on VLAN tag 4096
  • It is supported on VLAN tag 4095.
  • It is supported on the lowest VLAN tag of the VLAN interface (Correct)

Answer : It is supported on the lowest VLAN tag of the VLAN interface

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

Organizations are sometimes faced with the need to locate cluster members in different geographic locations that are distant from each other. A typical example is replicated data centers whose location is widely separated for disaster recovery purposes. What are the restrictions of this solution?


Options are :

  • There is one restriction: The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).
  • There is one restriction: The synchronization network must guarantee no more than 100 ms latency.
  • There are no restrictions
  • There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs. (Correct)

Answer : There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.

Which is the lowest Gateway version manageable by SmartCenter R77?


Options are :

  • S71
  • R65 (Correct)
  • R60A
  • R55

Answer : R65

In ClusterXL, _____ is defined by default as a critical device.


Options are :

  • fwd (Correct)
  • fwm
  • cpp
  • assld

Answer : fwd

156-215.77 Check Point Certified Security Administrator Exam Set 5

When synchronizing clusters, which of the following statements is NOT true?


Options are :

  • In the case of a failover, accounting information on the failed member may be lost despite properly working synchronization
  • Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails. (Correct)
  • Only cluster members running on the same OS platform can be synchronized.
  • The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.

Answer : Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

The challenges to IT involve deployment, security, management, and what else?


Options are :

  • Assessments
  • Maintenance
  • Compliance (Correct)
  • Transparency

Answer : Compliance

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions