Checkpoint 156-115.77 Check Point Certified Security Master Exam Practice Test

The mechanism configures all IPS protections in ‘Detect Mode’

IPS is disabled completely

The mechanism disables all IPS protections by placing them under ‘exception’

Stateful Inspection is disabled

In the IPS tree Protections > Select Check for Update.

Check asm_update_version_geo in GuiDBedit.

In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy.

Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv.

Network Group

Identity Awareness Access Role

Any

IP Address

$FWDIR/conf on the Management Server

$FWDIR/scripts on the Management Server

$FWDIR/conf on the gateway

$FWDIR/scripts on the gateway

Source port

Protocol

Source IP

Destination port

fw tab -t fwx_alloc -x

fw ctl pstat

fwaccel stats misp

fw ctl debug -m fw + conn drop packet xlate xltrc nat

An inbound collision due to a connections table check on pre-existing connections.

An outbound collision due to a Rule Base check, and dropped by incorrectly configuring DHCP in the firewall policy.

A link collision due to more than one NAT symbolic link being created for outgoing connections to the DHCP server.

A link collision due to more than one NAT symbolic link being created for connections returning from the DHCP server back to the VIP of the Cluster.

Since Hide NAT changes to random high ports it is by definition PAT (Port Address Translation).

Create a manual NAT rule and specify the source and destination ports.

Edit the service in SmartDashboard, click on the NAT tab and specify the translated port.

Port Address Translation is not support in Check Point environment

fw ctl get int fwha_cul_mechanism_enable

fw ctl get int fwha_cul_cluster_short_timeout

fw ctl get int fwha_cul_member_cpu_load_limit

fw ctl get int fwha_cul_policy_freeze_event_timeout_millisec

fwha_magic_mac and fw_forward_magic_mac

fwha_mac_magic and fw_mac_forward_magic

cpha_mac_magic and cp_mac_forward_magic

cpha_magic_mac and cpha_mac_forward_magic

Preventing the secondary member from hiding its presence by not forwarding any packets.

Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.

Hiding the particular tables from being synchronized to the other cluster member.

Preventing outbound traffic from being hidden behind the cluster IP address.

Ready

Down

Standby

Active

fw list kernel modules

fw ctl kernel chain

fw ctl debug -m

fw list modules

There is an active fw monitor running.

There is an environment variable of TDERROR_ALL_ALL set on the gateway.

There is an active debug on the SmartConsole.

There is an active debug on the FWM process.

fwm

cpd

fwd

DAService

fw debug fw on and checks the file fwm.elg.

fw kdebug fwm on and checks the file fwm.elg.

fw debug fwm on and checks the file fwm.elg.

fw kdebug fwm on and checks the file fw.elg.

fwd

fwm

cpwd_admin

cpstat_monitor

This would enable Hide NAT support.

These parameters are mutually exclusive and cannot be used at the same time.

This would enable SecureXL NAT templates.

These are not valid parameters.

fw ctl get int fw_peak_connections

netstat -ni

fw tab -t connections -s

top

free

fw ctl pstat

cat /proc/meminfo

memoryinfo.conf

fwaccel dbg api + verbose add

fwaccel debug –m

fwaccel dbg -m

SecureXL cannot be dubugged and the kernel debug will give enough output to help the firewall administrator to understand the firewalls behaviour. The right command to use is fw ctl debug –m fw.

Rule 6 will be eligible but Rule 7 will not.

All subsequent rules below Rule 5 will not be templated, regardless of the rule

No effect. Rules 6 and 7 will be eligible for templating.

The restriction on one rule does not affect later rules with regards to templates.

The connection is encrypted.

The connection is NATted.

The connection is dropped.

The connection is accelerated.

With the command fwaccel stat followed by the command fwaccel stats.

At the top of the Rule Base.

Using the hit count column.

Using the Compliance Software Blade.

The Accept Remote Access control connections is not enabled in Global Properties > FireWall Implied Rules.

You have selected IKEv2 only in Global Properties > Remote Access > VPN – Authentication and Encryption.

You are not licensed for Endpoint Connect client.

Your remote access community is not configured.

vpn ver –k

vpn compstat

vpn compreset

vpn crlview

$FWDIR/log/fw.log

$FWDIR/log/fwd.elg

$FWDIR/log/ike.elg

/var/log/fw_debug.txt

vpn debug ikeon

vpn debug on TDERR_ALL_ALL=5

vpn debug trunc

vpn debug trunc

show route

show ipv6 route

show routes all

show route ipv6

show ipv6-stat

show ipv6 all

show ipv6 status

show ipv6-status

fw tab –t connections –x

fw tab –t connections6 –x

clear connections table ipv6

fw6 tab –t connections –x

Run $FWDIR/scripts/fwipv6_enable off and reboot.

Remove the IPv6 license from the gateway.

You cannot disable IPv6.

In IPSO go to System Management > System Configuration, set IPv6 Support to off, and click Apply.

fw getperf

SecureXL stat

fwaccel stats

fw ctl pstat

Run commands with syntax fw ctl set int cphwd_nat_templates_support 1 and fw ctl set int cphwd_nat_templates_enabled 1.

Edit file $FWDIR/boot/modules/fwkern.conf with the lines “cphwd_nat_templates_support=1” and “cphwd_nat_templates_enabled=1”.

Set Firewall object > NAT > Advanced

Set Global properties > NAT-Network address translation

fw ctl sync stop, fw ctl sync start

fw ctl setsync off, fw ctl setsync start

fw ctl setsync stop, fw ctl setsync on

fw ctl setsync off, fw ctl setsync on

fw ctl debug –m cluster + all – this will show you all the connections being processed by ClusterXL and explain the high CPU usage on your appliance.

fwaccel off – this will turn off SecureXL, which is causing your SNDs to be running high in the first place.

fwaccel stats –s – this will show you the acceleration profile of your connections and potentially why your SNDs are running high while other cores are running low.

fw tab –t connections –s – this will show you a summary of your connections table, and allow you to determine whether there is too much traffic traversing your firewall.

OSPF,BGP

OSPF

OSPF,BGP,RIPv2

OSPF,BGP,RIPv1,RIPv2

Implement Wire mode.

In Global Properties select Accept other IP protocols stateful replies for unknown services.

Enable Visitor mode.

Create additional explicit rules.

vpn sw_topology

vpn shell

vpn set_slim_server

vpn tu

VTI information on unnumbered interfaces should appear, so there is an issue with your configuration.

VTI information on unnumbered interfaces is not required information for the VPN to work.

VTI information on unnumbered interfaces needs to be entered manually.

In order to fetch VTI information on unnumbered interfaces you must add an explicit rule to the policy.

Cpconfig- Enable Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cprestart

Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

Cpconfig- Enable Check Point ClusterXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cpstop,cpstart

Cpconfig

fw ctl conf

fw ctl affinity

fw ctl multik stat

Only the number of total connections currently being handled by all Kernels on a CoreXL enabled firewalls.

Information for each kernel instance. The output displays state and processing core number of each instance.

Which CPU cores are Kernel and SND bound cores.

The number of Firewall Kernels that are installed.

Check Point QoS

IPv6

Overlapping NAT

Route-based VPN