156-115 Check Point Certified Security Master Practice Exam Set 6

How to check the overall SecureXL statistics:


Options are :

  • cat /proc/ppk/statistics (Correct)
  • fwaccel stat
  • fwaccel on
  • fwaccel conns

Answer : cat /proc/ppk/statistics

Running the command fw ctl pstat –l would return what information?


Options are :

  • General Security Gateway statistics (Correct)
  • Additional hmem details
  • Additional kmem details
  • Additional smem details

Answer : General Security Gateway statistics

Where can you configure OSPF on a GAiA firewall?


Options are :

  • WebUI (Correct)
  • SmartDashboard
  • cpconfig
  • sysconfig

Answer : WebUI

When are rules that include identity awareness access roles accelerated through SecureXL?


Options are :

  • They have no bearing on whether the connection for the rule is accelerated. (Correct)
  • Rules using Identity Awareness are never accelerated.
  • Only when „Unauthenticated Guests? is included in the access role.
  • Rules using Identity Awareness are always accelerated.

Answer : They have no bearing on whether the connection for the rule is accelerated.

Which of the following statements are TRUE about SecureXL? I. SecureXL is able to accelerate all connections through the firewall. II. Medium path acceleration will still cause some CPU utilization of CoreXL cores. III. F2F connections represent “forwarded to firewall” connections that are not accelerated and fully processed through the firewall kernel. IV. Packets going through SecureXL must be inspected by the firewall kernel before being accelerated.


Options are :

  • II and III (Correct)
  • I, II, and III
  • III and IV
  • I and IV

Answer : II and III

You are analyzing your firewall logs, /var/log/messages, and repeatedly see the following kernel message: 'kernel: neighbor table overflow' What is the cause?


Options are :

  • Cluster member table overflow
  • Nothing, you can disconsider it.
  • Arp cache overflow (Correct)
  • OSPF neighbor down

Answer : Arp cache overflow

What is the corresponding connection template entered into the SecureXL connection table from the connection: “10.0.0.100:1024 > 216.239.59.59:80”


Options are :

  • “10.0.0.100:* > 216.239.59.59:80” (Correct)
  • “10.0.0.100:* > 216.239.59.59:*”
  • “10.0.0.100:1024 > 216.239.59.59:*”
  • “10.0.0.100:1024 > 216.239.59.59:80”

Answer : “10.0.0.100:* > 216.239.59.59:80”

what command other than fw ctl pstat, will display your peak concurrent connections?


Options are :

  • fw ctl get int fw_peak_connections
  • top
  • netstat -ni
  • fw tab -t connections -s (Correct)

Answer : fw tab -t connections -s

What command should a firewall administrator use to begin debugging SecureXL?


Options are :

  • SecureXL cannot be dubugged and the kernel debug will give enough output to help the firewall administrator to understand the firewalls behaviour. The right command to use is fw ctl debug –m fw.
  • fwaccel dbg -m (Correct)
  • fwaccel dbg api + verbose add
  • fwaccel debug –m

Answer : fwaccel dbg -m

From which version can you add Proxy ARP entries through the GAiA portal?


Options are :

  • R77
  • R77.10
  • R76
  • R75.40 (Correct)

Answer : R75.40

You are running some diagnostics on your GAIA gateway. You are reviewing the number of fragmented packets; you notice that there are a lot of large and duplicate packets. Which command did you issue to get this information?


Options are :

  • fw ctl pstat (Correct)
  • fw ctl get int fw_frag_stats
  • sysconfig
  • cat /proc/cpuinfo

Answer : fw ctl pstat

The 'Maximum Entries' value in the GAiA Portal corresponds to the 'gc_thresh3' parameter in the Linux kernel and has value of 1024. Knowing this, you know that gc_thresh2 and gc_thresh1 if are automatically set to the values:


Options are :

  • gc_thresh1=256 and gc_thresh2=128
  • gc_thresh2=512 and gc_thresh1=256 (Correct)
  • gc_thresh2=256 and gc_thresh1=128
  • gc_thresh2=1024 and gc_thresh1=1024

Answer : gc_thresh2=512 and gc_thresh1=256

What command would you use to determine if a particular connection is being accelerated by SecureXL?


Options are :

  • fwaccel conns (Correct)
  • fw tab –t connections –u
  • fw ctl kdebug
  • fwaccel stat

Answer : fwaccel conns

Your company has grown significantly over the past few months. You are seeing that new connections are being dropped but note that the connections table is not full. You suspect that the kernel memory allocated to the firewall has reached its full capacity. To check the “Machine Capacity Summary” statistics, you use command:


Options are :

  • cat /proc/net/capacity
  • ps -aux
  • top
  • fw ctl pstat (Correct)

Answer : fw ctl pstat

You have just configured HA and find that connections are not being synced. When you have a failover, users complain that they are losing their connections. What command could you run to see the state synchronization statistics?


Options are :

  • cphaprob stat
  • fw ctl pstat (Correct)
  • fw ctl get int fw_state_sync_stats
  • fw sync stats

Answer : fw ctl pstat

A firewall administrator knows the details of the packet header for an already established connection going through a firewall. What command will show if SecureXL will accelerate that packet?


Options are :

  • fwaccel conns
  • fw ctl zdebug + sxl error warning asm
  • fwaccel templates (Correct)
  • fw tab –t connections –f | grep „dest. port #? | grep „source port #? | grep „dest. IP address?

Answer : fwaccel templates

Where would you find CPU information like model, number of cores, vendor and architecture?


Options are :

  • In the file cpuinfo in the directory /proc. (Correct)
  • WebUI
  • Right click the gateway object in Smart Dashboard and view properties
  • sysconfig

Answer : In the file cpuinfo in the directory /proc.

In order to perform some connection troubleshooting, you run the command fw monitor –e accept dport = 443. You do NOT see the TCP ACK packet. Why is this?


Options are :

  • The connection is NATted.
  • The connection is dropped.
  • The connection is accelerated. (Correct)
  • The connection is encrypted.

Answer : The connection is accelerated.

What considerations are required when configuring IPV6 with Wire mode?


Options are :

  • You must use internal IPv6 addressing space to use Wire mode.
  • IPV6 is not supported in Wire mode. (Correct)
  • IPV6 must be configured on both end points.
  • IPv6 in Wire mode is only supported in R77.

Answer : IPV6 is not supported in Wire mode.

In an HA cluster, you modify the number of cores given to CoreXL on only one member using cpconfig and then issue a reboot. What is the expected ClusterXL status of this member when it comes up?


Options are :

  • Standby (Correct)
  • Down
  • Ready
  • Active

Answer : Standby

You have a user-defined SMTP trap configured to send an alert to your mail server, and you also have SmartView Monitor configured to trigger the alert whenever policy is pushed to your gateway. However, you are not getting any mails even when you test for pushing policy. What process should you troubleshoot on the Management Server?


Options are :

  • cpstat_monitor (Correct)
  • fwm
  • cpwd_admin
  • . fwd

Answer : cpstat_monitor

What command show the same information as fwaccel stats –l?


Options are :

  • cat /proc/ppk/statistics (Correct)
  • cphaprob –a hconf
  • cat /proc/ppk/cpls
  • fwaccell stats –s –u -k

Answer : cat /proc/ppk/statistics

You find that your open server SecurePlatform system is lagging although you know you have plenty of memory and the complexity of the Rule Base has not changed significantly. You think that upgrading the CPU frequency speed could help your performance. Which command could help you see what speed and model of CPU you are using?


Options are :

  • fw tab
  • cat /proc/cpuinfo (Correct)
  • top
  • sysconfig

Answer : cat /proc/cpuinfo

Your gateway object is currently defined with a max connection count of 25k connections in Smart Dashboard. Which of the following commands would show you the current and peak connection counts?


Options are :

  • fw ctl pstat (Correct)
  • show connections all
  • fw ctl chain
  • fw ctl conn

Answer : fw ctl pstat

Which of the following is a valid synchronization status as an output to fw ctl pstat?


Options are :

  • Sync member down
  • Communicating
  • Unable to receive sync packets (Correct)
  • Synchronized

Answer : Unable to receive sync packets

What does the command fwaccel templates do?


Options are :

  • The Rule Base mapping between actual rules and the template built up in Layer 2.
  • Starts firewall acceleration after fwaccel off was run or SecureXL was enabled by using the command cpconfig.
  • Shows templates existing in the SecureXL device. This is so that an administrator can look for the template that matches the specific traffic. (Correct)
  • That SecureXL has been enabled in the cpconfig command menu.

Answer : Shows templates existing in the SecureXL device. This is so that an administrator can look for the template that matches the specific traffic.

Which information CANNOT be displayed by issuing the command cat /proc/cpuinfo?


Options are :

  • NFS_Unstable (Correct)
  • fpu
  • vendor_id
  • CPU family

Answer : NFS_Unstable

Under which scenario would you most likely consider the use of Multi-Queue?


Options are :

  • When most of the processing is done in CoreXL
  • When most of the traffic is accelerated. (Correct)
  • When trying to increase session rate.
  • When IPS is heavily used.

Answer : When most of the traffic is accelerated.

When optimizing a customer firewall Rule Base, what is the BEST way to start the analysis?


Options are :

  • At the top of the Rule Base.
  • With the command fwaccel stat followed by the command fwaccel stats. (Correct)
  • Using the hit count column.
  • Using the Compliance Software Blade.

Answer : With the command fwaccel stat followed by the command fwaccel stats.

Your ARP cache is overflowing negatively impacting users experience on your network. Which command can you issue to increase the ARP cache on the fly? You do not need this to survive reboot.


Options are :

  • echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 (Correct)
  • arp cache table > 1024
  • You cannot increase the size of the ARP cache on the fly.
  • Modify the /etc/sysctl.conf: net.ipv4.neigh.default.gc_thresh3 = 1024.

Answer : echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions