Check Point Certified Security Expert Exam Set 2

Which command would you use to save the IP address and routing information before upgrading a GAiA Gateway?


Options are :

  • ipconfig –a > [filename].txt
  • ifconfig > [filename].txt
  • cp /etc/sysconfig/network.C [location] (Correct)
  • netstat –rn > [filename].txt

Answer : cp /etc/sysconfig/network.C [location]

156-315.77 Check Point Certified Security Expert Exam Set 9

Which three of the following components are required to get a SmartEvent up and running?

1) SmartEvent SIC

2) SmartEvent Correlation Unit

3) SmartEvent Server

4) SmartEvent Analyzer

5) SmartEvent Client


Options are :

  • 2, 3, and 5 (Correct)
  • 3, 4, and 5
  • 1, 2, and 3
  • 1, 2, and 4

Answer : 2, 3, and 5

Which command would you use to save the interface information before upgrading a GAiA Gateway?


Options are :

  • ifconfig > [filename].txt
  • save configuration (Correct)
  • netstat –rn > [filename].txt
  • cp /etc/sysconfig/network.C [location]

Answer : save configuration

Jon is explaining how the inspection module works to a colleague. If a new connection passes through the inspection module and the packet matches the rule, what is the next step in the process?


Options are :

  • Verify if another rule exists
  • Verify if the packet should be rejected.
  • Verify if any logging or alerts are defined. (Correct)
  • Verify if the packet should be moved through the TCP/IP stack.

Answer : Verify if any logging or alerts are defined.

156-315.77 Check Point Certified Security Expert Exam Set 6

What is the correct policy installation process order?

1) Verification

2) Code generation and compilation

3) Initiation

4) Commit

5) Conversion

6) CPTA


Options are :

  • 6, 5, 4, 3, 2, 1
  • 4, 2, 3, 5, 6, 1
  • 1, 2, 3, 4, 5, 6
  • 3, 1, 5, 2, 6, 4 (Correct)

Answer : 3, 1, 5, 2, 6, 4

A Minimal Effort Upgrade of a cluster:


Options are :

  • Requires breaking the cluster and upgrading members independently
  • Upgrades all cluster members except one at the same time.
  • Is only supported in major releases (R70 to R71, R71 to R77).
  • Treats each individual cluster member as an individual gateway (Correct)

Answer : Treats each individual cluster member as an individual gateway

Fill in the blank.

In a zero downtime scenario, which command do you run manually after all cluster members are upgraded?


Options are :

  • netstat –rn > [filename].txt
  • set_ccp broadcast
  • cphaconf set_ccp multicast (Correct)
  • ipconfig -a > [filename].txt

Answer : cphaconf set_ccp multicast

156-315.77 Check Point Certified Security Expert Exam Set 5

Fill in the blank with a numeric value. The default port number for standard TCP connections with the LDAP server is


Options are :

  • 636
  • 389 (Correct)
  • 572
  • 426

Answer : 389

You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations:

Cluster Member 1: OS - GAiA; NICs - QuadCard; Memory - 1 GB; Security Gateway - version: R71 and primary Security Management Server installed, version: R77

Cluster Member 2: OS - GAiA; NICs - 4 Intel 3Com; Memory - 1 GB; Security Gateway only, version: R77

Cluster Member 3: OS - GAiA; NICs - 4 other manufacturers; Memory - 512 MB; Security Gateway only, version: R77

Are these machines correctly configured for a ClusterXL deployment?


Options are :

  • No, Cluster Member 3 does not have the required memory.
  • No, the Security Gateway cannot be installed on the Security Management Server (Correct)
  • Yes, these machines are configured correctly for a ClusterXL deployment.
  • No, the Security Management Server is not running the same operating system as the cluster members.

Answer : No, the Security Gateway cannot be installed on the Security Management Server

Typically, when you upgrade the Security Management Server, you install and configure a fresh R77 installation on a new computer and then migrate the database from the original machine.

What is the correct order of the steps below to successfully complete this procedure?

1) Export databases from source.

2) Connect target to network.

3) Prepare the source machine for export.

4) Import databases to target.

5) Install new version on target.

6) Test target deployment


Options are :

  • 3, 1, 5, 4, 2, 6
  • 3, 5, 1, 4, 6, 2 (Correct)
  • 6, 5, 3, 1, 4, 2
  • 5, 2, 6, 3, 1, 4

Answer : 3, 5, 1, 4, 6, 2

156-215.77 Check Point Certified Security Administrator Exam Set 1

What GUI client would you use to view an IPS packet capture?


Options are :

  • SmartView Tracker. (Correct)
  • SmartView Monitor
  • Smart Reporter
  • Smart Update.

Answer : SmartView Tracker.

Which CLI tool helps on verifying proper ClusterXL sync?


Options are :

  • fw ctl pstat (Correct)
  • fw stat
  • fw ctl sync
  • cphaprob stat

Answer : fw ctl pstat

How would you set the debug buffer size to 1024?


Options are :

  • Run fw ctl set buf 1024
  • Run fw ctl debug -buf 1024 (Correct)
  • Run fw ctl set int print_cons 1024
  • Run fw ctl kdebug 1024

Answer : Run fw ctl debug -buf 1024

156-315.77 Check Point Certified Security Expert Exam Set 9

Fill in the blank.

To verify the SecureXL status, you would enter command _____.


Options are :

  • fwaccel on
  • fwaccel stat (Correct)
  • fwaccel off
  • cligated

Answer : fwaccel stat

When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster members have the same products installed. Which command should you run?


Options are :

  • cpconfig
  • cphaprob fcustat
  • fw ctl conn –a (Correct)
  • fw fcu

Answer : fw ctl conn –a

What process manages the dynamic routing protocols (OSPF, RIP, etc.) on GAiA?


Options are :

  • routed (Correct)
  • arouted
  • There's no separate process, but the Linux default router can take care of that.
  • routerd

Answer : routed

Check Point Certified Security Expert Exam Set 8

Check Point support has asked Tony for a firewall capture of accepted packets. What would be the correct syntax to create a capture file to a filename called monitor.out?


Options are :

  • Run fw monitor -e "accept;" -m monitor.out
  • Run fw monitor -e "accept;" -c monitor.out
  • Run fw monitor -e "accept;" -o monitor.out (Correct)
  • Run fw monitor -e "accept;" -f monitor.out

Answer : Run fw monitor -e "accept;" -o monitor.out

Steve is troubleshooting a connection problem with an internal application. If he knows the source IP address is 192.168.4.125, how could he filter this traffic?


Options are :

  • Run fw monitor -e "accept dst-ip=192.168.4.125;"
  • Run fw monitor -e "accept src=192.168.4.125;" (Correct)
  • Run fw monitor -e "accept ip=192.168.4.125;"
  • Run fw monitor -e "accept src-ip=192.168.4.125;"

Answer : Run fw monitor -e "accept src=192.168.4.125;"

Fill in the blank.

Type the command and syntax you would use to verify that your Check Point cluster is functioning correctly.


Options are :

  • fw ctl setsync off
  • cphaprob -i list
  • fw ctl pstat
  • cphaprob state (Correct)

Answer : cphaprob state

156-315.77 Check Point Certified Security Expert Exam Set 3

When restoring a Security Management Server from a backup file, the restore package can be retrieved from which source?


Options are :

  • Disk, SCP server, or TFTP server
  • HTTP server, FTP server, or TFTP server
  • Local folder, TFTP server, or FTP server (Correct)
  • Local folder, TFTP server, or Disk

Answer : Local folder, TFTP server, or FTP server

Restoring a snapshot-created file on one machine that was created on another requires which of the following to be the same on both machines?


Options are :

  • Windows version, interface configuration, and patch level
  • Windows version, objects database, patch level, and interface configuration
  • State, SecurePlatform version, and objects database
  • State, SecurePlatform version, and patch level (Correct)

Answer : State, SecurePlatform version, and patch level

The connection to the ClusterXL member ‘A’ breaks. The ClusterXL member ‘A’ status is now ‘down’. Afterwards the switch admin set a port to ClusterXL member ‘B’ to ‘down’. What will happen?


Options are :

  • ClusterXL member ‘A’ is asked to come back to cluster
  • Both ClusterXL members share load equally.
  • ClusterXL member ‘B’ also left the cluster.
  • ClusterXL member ‘B’ stays active as last member (Correct)

Answer : ClusterXL member ‘B’ stays active as last member

156-215.70 Check Point Certified Security Administrator Exam Set 7

A Zero Downtime Upgrade of a cluster:


Options are :

  • Treats each individual cluster member as an individual gateway
  • Is only supported in major releases (R70 to R71, R71 to R77).
  • Requires breaking the cluster and upgrading members independently
  • Upgrades all cluster members except one at the same time. (Correct)

Answer : Upgrades all cluster members except one at the same time.

Which command will only show the number of entries in the connection table?


Options are :

  • fw tab -t connections
  • fw tab
  • fw tab -t connections -s (Correct)
  • fw tab -t connections -u

Answer : fw tab -t connections -s

MegaCorp plans to upgrade all of its firewalls. Currently the corporation is a mixture of SecurePlatform and IPSO machines running R71, to the latest code level of GAiA. Many of the firewalls are using VTIs to allow advanced routing configuration to propagate through all the networks. What will the Acme company need to do to make sure VTIs will work once moved to GAiA?


Options are :

  • Convert all the Secure Platform replacements to unnumbered VTIs
  • Convert all of the IPSO replacements to numbered VTIs
  • Move to Domain based routing as GAiA does not support VTIs.
  • Nothing specific as GAiA supports both numbered and unnumbered VTIs (Correct)

Answer : Nothing specific as GAiA supports both numbered and unnumbered VTIs

156-315.77 Check Point Certified Security Expert Exam Set 9

Which three of the following are ClusterXL member requirements?

1) same operating systems

2) same Check Point version

3) same appliance model

4) same policy


Options are :

  • 1, 2, and 4 (Correct)
  • 1, 2, and 3
  • 2, 3, and 4
  • 1, 3, and 4

Answer : 1, 2, and 4

Fill in the blank.

In a zero downtime firewall cluster environment, what command syntax do you run to avoid

switching problems around the cluster for command cphaconf?


Options are :

  • ipconfig -a > [filename].txt
  • set_ccp broadcast (Correct)
  • cphaconf set_ccp multicast
  • cphaprob -a if

Answer : set_ccp broadcast

When using migrate to upgrade a Secure Management Server, which of the following is included in the migration?


Options are :

  • System interface configuration
  • SmartReporter database
  • classes.C file (Correct)
  • SmartEvent database

Answer : classes.C file

156-315.77 Check Point Certified Security Expert Exam Set 4

John is upgrading a cluster from NGX R65 to R77. John knows that you can verify the upgrade process using the pre-upgrade verifier tool. When John is running Pre-Upgrade Verification, he sees the warning message:

Title: Incompatible pattern.

What is happening?


Options are :

  • Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will be aborted
  • Pre-Upgrade Verification tool only shows that message but it is only informational
  • The actual configuration contains user defined patterns in IPS that are not supported in R77. If the patterns are not fixed after upgrade, they will not be used with R77 Security Gateways. (Correct)
  • R77 uses a new pattern matching engine. Incompatible patterns should be deleted before upgrade process to complete it successfully.

Answer : The actual configuration contains user defined patterns in IPS that are not supported in R77. If the patterns are not fixed after upgrade, they will not be used with R77 Security Gateways.

Fill in the blank.

Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member.


Options are :

  • cphaprob state
  • cphaprob -i list
  • fw ctl setsync off (Correct)
  • fw ctl pstat

Answer : fw ctl setsync off

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions