156-115 Check Point Certified Security Master Practice Exam Set 8

Since R76 GAiA, what is the method for configuring proxy ARP entries for manual NAT rules?

Options are :

  • WebUI or add proxy ARP ... commands via CLISH (Correct)
  • local.arp file
  • SmartDashboard
  • SmartView Tracker

Answer : WebUI or add proxy ARP ... commands via CLISH

Which file should be edited to modify ClusterXL VIP Hide NAT rules, and where?

Options are :

  • $FWDIR/lib/table.def on the SMC (Correct)
  • $FWDIR/lib/table.def on the cluster members
  • $FWDIR/lib/base.def on the cluster members
  • $FWDIR/lib/base.def on the SMC

Answer : $FWDIR/lib/table.def on the SMC

With the default ClusterXL settings what will be the state of an active gateway upon using the command ClusterXL_admin up?

Options are :

  • Down
  • Ready
  • Standby (Correct)
  • Active

Answer : Standby

Each connection allowed by a Security Gateway, will have a real entry and some symbolic link entries in the connections state table. The symbolic link entries point back to the real entry using this:

Options are :

  • 6-tuple. (Correct)
  • memory pointer.
  • serial number of the real entry.
  • date and time of the connection establishment.

Answer : 6-tuple.

In some situations, switches may not play nicely with a Check Point Cluster and it is necessary to change from multicast to broadcast. What command should you invoke to correct the issue?

Options are :

  • set ccp broadcast
  • cphaconf set_ccp broadcast (Correct)
  • cpha_conf set ccp broadcast
  • This can only be changed via GuiDbEdit.

Answer : cphaconf set_ccp broadcast

Which command would a troubleshooter use to verify table connection info (peak, concurrent) and verify information about cluster synchronization state?

Options are :

  • fw ctl pstat
  • Show info all (Correct)
  • fw tab –t connections –s
  • fw ctl multik stat

Answer : Show info all

Which of the following is NOT a cphaprob status?

Options are :

  • “Down Attention” (or “Down!” in VSX mode) (Correct)
  • “Active”
  • “Backup”
  • “Standby”

Answer : “Down Attention” (or “Down!” in VSX mode)

Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?

Options are :

  • The source IP of the packet.
  • The source MAC address of the packet.
  • The packet has a TTL value of less than 255. (Correct)
  • The destination IP of the packet.

Answer : The packet has a TTL value of less than 255.

Which FW-1 kernel flags should be used to properly debug and troubleshoot NAT issues?

Options are :

  • nat, drop, conn, xlate, filter, ioctl
  • nat, xlate, fwd, vm, ld, chain
  • nat, xltrc, xlate, drop, conn, vm (Correct)
  • nat, route, conn, fwd, zeco, err

Answer : nat, xltrc, xlate, drop, conn, vm

After creating and pushing out a new policy, Joe finds that an old connection is still being allowed that should have been closed after his changes. He wants to delete the connection on the gateway, and looks it up with fw tab –t connections –u. Joe finds the connection he is looking for. What command should Joe use to remove this connection? <0,a128c22,89,a158508,89,11;10001,2281,25,15b,a1,4ecdfeee,ac,691400ac,7b6,3e,ffffffff,3c,3