Check Point Certified Security Expert Exam Set 9

If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?


Options are :

  • There is no state synchronization on Load Sharing, only on High Availability
  • The processing of all connections handled by the faulty machine is immediately taken over by the other member(s). (Correct)
  • The connections are dropped as Load Sharing does not support High Availability
  • The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).

Answer : The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).

156-315.71 Check Point Security Expert R71 Practice Exam Set 7

What is the offline CPSIZEME upload procedure?


Options are :

  • Find the cpsizeme_of_.pdf, attach it to an e-mail and send it to cpsizeme_upload@checkpoint.com
  • There is no offline upload method
  • Use the webbrowser version of cpsizeme and fax it to Check Point.
  • Find the cpsizeme_of_.xml, attach it to an e-mail and send it to cpsizeme_upload@checkpoint.com (Correct)

Answer : Find the cpsizeme_of_.xml, attach it to an e-mail and send it to cpsizeme_upload@checkpoint.com

How do you run “CPSIZEME” on SPLAT?


Options are :

  • [expert@HostName]# ./cpsizeme (Correct)
  • [expert@HostName]# ./cpsizeme -R
  • [expert@HostName]#>./cpsizeme -h
  • This is not possible on SPLAT

Answer : [expert@HostName]# ./cpsizeme

When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?


Options are :

  • If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
  • It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server. (Correct)
  • It will try to take the policy from one of the other cluster members
  • It compares its local policy to the one on the Security Management Server

Answer : It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.

156-315.77 Check Point Certified Security Expert Exam Set 4

In which case is a Sticky Decision Function relevant?


Options are :

  • Load Sharing – Multicast (Correct)
  • Load Balancing – Forward
  • Load Sharing – Unicast
  • High Availability

Answer : Load Sharing – Multicast

A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence. You will recommend:


Options are :

  • switch to Multicast Mode.
  • turning off SDF (Sticky Decision Function).
  • turning on SDF (Sticky Decision Function). (Correct)
  • configuring flush and ack.

Answer : turning on SDF (Sticky Decision Function).

What is Check Point's CoreXL?


Options are :

  • Multi Core support for Firewall Inspection (Correct)
  • Multiple core interfaces on the device to accelerate traffic
  • TCP-18190
  • A way to synchronize connections across cluster members

Answer : Multi Core support for Firewall Inspection

156-315.77 Check Point Certified Security Expert Exam Set 7

When defining SmartDirectory for High Availability (HA), which of the following should you do?


Options are :

  • Configure Secure Internal Communications with each server and fetch branches from each.
  • Replicate the same information on multiple Active Directory servers. (Correct)
  • Configure a SmartDirectory Cluster object.
  • Configure the SmartDirectory as a single object using the LDAP cluster IP. Actual HA functionality is configured on the servers.

Answer : Replicate the same information on multiple Active Directory servers.

If you are experiencing LDAP issues, which of the following should you check?


Options are :

  • Connectivity between the Gateway and LDAP server (Correct)
  • Overlapping VPN Domains
  • Secure Internal Communications (SIC)
  • Domain name resolution

Answer : Connectivity between the Gateway and LDAP server

How do you upload the results of “CPSIZEME” to Check Point when using a PROXY server with authentication?


Options are :

  • [expert@HostName]# ./cpsizeme –p username:password@proxy_address:port (Correct)
  • [expert@HostName]# ./cpsizeme –a username:password@proxy_address:port
  • [expert@HostName]# ./cpsizeme.exe –p username:password@proxy_address:port
  • [expert@HostName]# ./cpsizeme.exe –a username:password@proxy_address:port

Answer : [expert@HostName]# ./cpsizeme –p username:password@proxy_address:port

Check Point Certified Security Expert Exam Set 12

You can NOT use SmartDashboard’s SmartDirectory features to connect to the LDAP server.

What should you investigate?

1) Verify you have read-only permissions as administrator for the operating system.

2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.

3) Check that the login Distinguished Name configured has at least write permission in the access control configuration of the LDAP server.


Options are :

  • 1, 2, and 3
  • 2 and 3 (Correct)
  • 1 and 2
  • 1 and 3

Answer : 2 and 3

Which process is responsible for full synchronization in ClusterXL?


Options are :

  • cpd on the Security Gateway
  • fwd on the Security Gateway (Correct)
  • Clustering on the Security Gateway
  • fw kernel on the Security Gateway

Answer : fwd on the Security Gateway

Check Point Clustering protocol, works on:


Options are :

  • TCP 18184
  • TCP 8116
  • UDP 8116 (Correct)
  • UDP 18184

Answer : UDP 8116

156-215.75 Check Point Certified Security Administrator Exam Set 4

What is NOT a valid LDAP use in Check Point SmartDirectory?


Options are :

  • External users management
  • Provide user authentication information for the Security Management Server
  • Retrieve gateway CRL’s
  • Enforce user access to internal resources (Correct)

Answer : Enforce user access to internal resources

You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?


Options are :

  • It is not possible to configure High Availability that is not synchronized.
  • Open connections are lost but are automatically recovered whenever the failed machine recovers.
  • Connections cannot be established until cluster members are fully synchronized
  • Open connections are lost but can be reestablished. (Correct)

Answer : Open connections are lost but can be reestablished.

Where do you verify that SmartDirectory is enabled?


Options are :

  • Gateway properties > Smart Directory (LDAP) > Use SmartDirectory (LDAP) for Security Gateways is checked
  • Gateway properties > Authentication > Use SmartDirectory (LDAP) for Security Gateways is checked
  • Global properties > Authentication > Use SmartDirectory (LDAP) for Security Gateways is checked
  • Global properties > Smart Directory (LDAP) > Use SmartDirectory (LDAP) for Security Gateways is checked (Correct)

Answer : Global properties > Smart Directory (LDAP) > Use SmartDirectory (LDAP) for Security Gateways is checked

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 12

The _____ Check Point ClusterXL mode must synchronize the virtual IP and MAC addresses on all clustered interfaces.


Options are :

  • HA Mode Legacy
  • HA Mode New (Correct)
  • Mode Unicast Load Sharing
  • Mode Multicast Load Sharing

Answer : HA Mode New

How are cached usernames and passwords cleared from the memory of a Security Gateway?


Options are :

  • By using the Clear User Cache button in SmartDashboard
  • By installing a Security Policy (Correct)
  • Usernames and passwords only clear from memory after they time out
  • By retrieving LDAP user information using the command fw fetchldap

Answer : By installing a Security Policy

There are several SmartDirectory (LDAP) features that can be applied to further enhance SmartDirectory (LDAP) functionality, which of the following is NOT one of those features?


Options are :

  • Support many Domains under the same account unit (Correct)
  • Encrypted or non-encrypted SmartDirectory (LDAP) Connections usage
  • High Availability, where user information can be duplicated across several servers
  • Support multiple SmartDirectory (LDAP) servers on which many user databases are distributed

Answer : Support many Domains under the same account unit

156-215.77 Check Point Certified Security Administrator Exam Set 2

Which process is responsible for kernel table information sharing across all cluster members?


Options are :

  • fwd daemon (Correct)
  • cpd
  • fw kernel
  • CPHA

Answer : fwd daemon

With the User Directory Software Blade, you can create R77 user definitions on a(n) _____ Server.


Options are :

  • NT Domain
  • LDAP (Correct)
  • Radius
  • RSA ACE/Authentication Manager

Answer : LDAP

Which of the following commands do you run on the AD server to identify the DN name before configuring LDAP integration with the Security Gateway?


Options are :

  • query ldap –name administrator
  • cpquery –name administrator
  • ldapquery –name administrator
  • dsquery user –name administrator (Correct)

Answer : dsquery user –name administrator

Check Point Certified Security Administrator Set 4

An Account Unit is the interface between the _____ and the _____.


Options are :

  • Gateway, Resources
  • Clients, Server (Correct)
  • System, Database
  • Users, Domain

Answer : Clients, Server

A customer called to report one cluster member’s status as Down. What command should you use to identify the possible cause?


Options are :

  • fw ctl debug -m cluster + forward
  • tcpdump/snoop
  • fw ctl pstat
  • cphaprob list (Correct)

Answer : cphaprob list

The User Directory Software Blade is used to integrate which of the following with a R77 Security Gateway?


Options are :

  • Account Management Client server
  • RADIUS server
  • LDAP server (Correct)
  • UserAuthority server

Answer : LDAP server

156-315.77 Check Point Certified Security Expert Exam Set 7

By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:


Options are :

  • The standby Security Management Server starts for the first time.
  • The Security Policy is installed. (Correct)
  • The user data base is installed
  • The Security Policy is saved.

Answer : The Security Policy is installed.

An organization may be distributed across several SmartDirectory (LDAP) servers. What provision do you make to enable a Gateway to use all available resources?

Each SmartDirectory (LDAP) server must be:


Options are :

  • a member in a group that is associated with one Account Unit.
  • represented by a separate Account Unit. (Correct)
  • represented by a separate Account Unit that is a member in the LDAP group.
  • a member in the LDAP group.

Answer : represented by a separate Account Unit.

Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?


Options are :

  • Multi-connection support for VPN-1 cluster members
  • Support for all VPN deployments (except those with third-party VPN peers)
  • Support for Performance Pack acceleration
  • Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections (Correct)

Answer : Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

Your users are defined in a Windows 2008 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?


Options are :

  • A group with a generic user
  • External-user group
  • All Users
  • LDAP group (Correct)

Answer : LDAP group

Which of the following is NOT an advantage of SmartLog?


Options are :

  • SmartLog displays query results across multiple log files, reducing the need to open previous files to view results.
  • SmartLog requires less disk space by consolidating log entries into fewer records. (Correct)
  • SmartLog has a “Top Results” pane showing things like top sources, rules, and users
  • SmartLog creates an index of log entries, increasing query speed.

Answer : SmartLog requires less disk space by consolidating log entries into fewer records.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions