New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Checkpoint 156-115.77 Check Point Certified Security Master Exam Practice Test

Demo: 44 questions
Total 295 questions

Check Point Certified Security Master Questions and Answers

Question 1

When the IPS ‘Bypass under Load’ mechanism detects that the certain CPU and memory usage thresholds have been reached, which of the following occurs?

Options:

A.

The mechanism configures all IPS protections in ‘Detect Mode’

B.

IPS is disabled completely

C.

The mechanism disables all IPS protections by placing them under ‘exception’

D.

Stateful Inspection is disabled

Question 2

You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you see when these were updated?

Options:

A.

In the IPS tree Protections > Select Check for Update.

B.

Check asm_update_version_geo in GuiDBedit.

C.

In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy.

D.

Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv.

Question 3

Which of the following CANNOT be used as a source/destination for an IPS network exception?

Options:

A.

Network Group

B.

Identity Awareness Access Role

C.

Any

D.

IP Address

Question 4

Where do you run the command get_ips_statistics.sh from?

Options:

A.

$FWDIR/conf on the Management Server

B.

$FWDIR/scripts on the Management Server

C.

$FWDIR/conf on the gateway

D.

$FWDIR/scripts on the gateway

Question 5

When viewing a NAT Table, What represents the second hexadecimal number of the 6-tuple:

Options:

A.

Source port

B.

Protocol

C.

Source IP

D.

Destination port

Question 6

Remote VPN clients can initiate connections with internal hosts, but internal hosts are unable to initiate connections with the remote VPN clients, even though the policy is configured to allow it. You think that this is caused by NAT. What command can you run to see if NAT is occurring on a packet?

Options:

A.

fw tab -t fwx_alloc -x

B.

fw ctl pstat

C.

fwaccel stats misp

D.

fw ctl debug -m fw + conn drop packet xlate xltrc nat

Question 7

While troubleshooting a DHCP relay issue, you run a fw ctl zdebug drop and see the following output:

;[cpu_1];[fw_0];fw_log_drop: Packet proto=17 10.216.14.108:67 > 172.31.2.1:67 dropped by fw_handle_first_packet Reason: fwconn_init_links (INBOUND) failed;

Where 10.216.14.108 is the IP address of the DHCP server and 172.31.2.1 is the VIP of the Cluster. What is the most likely cause of this drop?

Options:

A.

An inbound collision due to a connections table check on pre-existing connections.

B.

An outbound collision due to a Rule Base check, and dropped by incorrectly configuring DHCP in the firewall policy.

C.

A link collision due to more than one NAT symbolic link being created for outgoing connections to the DHCP server.

D.

A link collision due to more than one NAT symbolic link being created for connections returning from the DHCP server back to the VIP of the Cluster.

Question 8

How do you set up Port Address Translation?

Options:

A.

Since Hide NAT changes to random high ports it is by definition PAT (Port Address Translation).

B.

Create a manual NAT rule and specify the source and destination ports.

C.

Edit the service in SmartDashboard, click on the NAT tab and specify the translated port.

D.

Port Address Translation is not support in Check Point environment

Question 9

Which of the following commands shows the high watermark threshold for triggering the cluster under load mechanism in R77?

Options:

A.

fw ctl get int fwha_cul_mechanism_enable

B.

fw ctl get int fwha_cul_cluster_short_timeout

C.

fw ctl get int fwha_cul_member_cpu_load_limit

D.

fw ctl get int fwha_cul_policy_freeze_event_timeout_millisec

Question 10

What are the kernel parameters that control “Magic MACs”?

Options:

A.

fwha_magic_mac and fw_forward_magic_mac

B.

fwha_mac_magic and fw_mac_forward_magic

C.

cpha_mac_magic and cp_mac_forward_magic

D.

cpha_magic_mac and cpha_mac_forward_magic

Question 11

What is the function of the setting "no_hide_services_ports" in the tables.def files?

Options:

A.

Preventing the secondary member from hiding its presence by not forwarding any packets.

B.

Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.

C.

Hiding the particular tables from being synchronized to the other cluster member.

D.

Preventing outbound traffic from being hidden behind the cluster IP address.

Question 12

With the default ClusterXL settings what will be the state of an active gateway upon using the command ClusterXL_admin up?

Options:

A.

Ready

B.

Down

C.

Standby

D.

Active

Question 13

The command that lists the firewall kernel modules on a Security Gateway is:

Options:

A.

fw list kernel modules

B.

fw ctl kernel chain

C.

fw ctl debug -m

D.

fw list modules

Question 14

When you perform an install database, the status window is filled with large amounts of text. What could be the cause?

Options:

A.

There is an active fw monitor running.

B.

There is an environment variable of TDERROR_ALL_ALL set on the gateway.

C.

There is an active debug on the SmartConsole.

D.

There is an active debug on the FWM process.

Question 15

Which process should you debug when SmartDashboard authentication is rejected?

Options:

A.

fwm

B.

cpd

C.

fwd

D.

DAService

Question 16

John is a Security Administrator of a Check Point platform. He has a mis-configuration issue that points to the Rule Base. To obtain information about the issue, John runs the command:

Options:

A.

fw debug fw on and checks the file fwm.elg.

B.

fw kdebug fwm on and checks the file fwm.elg.

C.

fw debug fwm on and checks the file fwm.elg.

D.

fw kdebug fwm on and checks the file fw.elg.

Question 17

You have a user-defined SMTP trap configured to send an alert to your mail server, and you also have SmartView Monitor configured to trigger the alert whenever policy is pushed to your gateway. However, you are not getting any mails even when you test for pushing policy. What process should you troubleshoot on the Management Server?

Options:

A.

fwd

B.

fwm

C.

cpwd_admin

D.

cpstat_monitor

Question 18

What will be the outcome if you set the kernel parameters cphwd_nat_templates_enabled and cphwd_nat_templates_support?

Options:

A.

This would enable Hide NAT support.

B.

These parameters are mutually exclusive and cannot be used at the same time.

C.

This would enable SecureXL NAT templates.

D.

These are not valid parameters.

Question 19

what command other than fw ctl pstat, will display your peak concurrent connections?

Options:

A.

fw ctl get int fw_peak_connections

B.

netstat -ni

C.

fw tab -t connections -s

D.

top

Question 20

Which command will NOT display information related to memory usage?

Options:

A.

free

B.

fw ctl pstat

C.

cat /proc/meminfo

D.

memoryinfo.conf

Question 21

What command should a firewall administrator use to begin debugging SecureXL?

Options:

A.

fwaccel dbg api + verbose add

B.

fwaccel debug –m

C.

fwaccel dbg -m

D.

SecureXL cannot be dubugged and the kernel debug will give enough output to help the firewall administrator to understand the firewalls behaviour. The right command to use is fw ctl debug –m fw.

Question 22

Look at the follow Rule Base display. Rule 5 contains a TIME object. What is the effect on the following rules?

Options:

A.

Rule 6 will be eligible but Rule 7 will not.

B.

All subsequent rules below Rule 5 will not be templated, regardless of the rule

C.

No effect. Rules 6 and 7 will be eligible for templating.

D.

The restriction on one rule does not affect later rules with regards to templates.

Question 23

In order to perform some connection troubleshooting, you run the command fw monitor –e accept dport = 443. You do NOT see the TCP ACK packet. Why is this?

Options:

A.

The connection is encrypted.

B.

The connection is NATted.

C.

The connection is dropped.

D.

The connection is accelerated.

Question 24

When optimizing a customer firewall Rule Base, what is the BEST way to start the analysis?

Options:

A.

With the command fwaccel stat followed by the command fwaccel stats.

B.

At the top of the Rule Base.

C.

Using the hit count column.

D.

Using the Compliance Software Blade.

Question 25

You are experiencing an issue where Endpoint Connect client connects successfully however, it disconnects every 20 seconds. What is the most likely cause of this issue?

Options:

A.

The Accept Remote Access control connections is not enabled in Global Properties > FireWall Implied Rules.

B.

You have selected IKEv2 only in Global Properties > Remote Access > VPN – Authentication and Encryption.

C.

You are not licensed for Endpoint Connect client.

D.

Your remote access community is not configured.

Question 26

Which command displays compression/decompression statistics?

Options:

A.

vpn ver –k

B.

vpn compstat

C.

vpn compreset

D.

vpn crlview

Question 27

You are attempting to establish a VPN tunnel between a Check Point gateway and a 3rd party vendor. When attempting to send traffic to the peer gateway it is failing. You look in SmartView Tracker and see that the failure is due to “Encryption failure: no response from peer”. After running a VPN debug on the problematic gateway, what is one of the files you would want to analyze?

Options:

A.

$FWDIR/log/fw.log

B.

$FWDIR/log/fwd.elg

C.

$FWDIR/log/ike.elg

D.

/var/log/fw_debug.txt

Question 28

You want to run VPN debug that will generate both ike.elg and vpn.elg files. What is the best command that can be used to achieve this goal?

Options:

A.

vpn debug ikeon

B.

vpn debug on TDERR_ALL_ALL=5

C.

vpn debug trunc

D.

vpn debug trunc

Question 29

Which of these commands can be used to display the IPv6 routes?

Options:

A.

show route

B.

show ipv6 route

C.

show routes all

D.

show route ipv6

Question 30

Which of these commands can be used to display the IPv6 status?

Options:

A.

show ipv6-stat

B.

show ipv6 all

C.

show ipv6 status

D.

show ipv6-status

Question 31

You enabled IPv6 in your environment and would like to erase all IPv6 connection tables. How can you do it?

Options:

A.

fw tab –t connections –x

B.

fw tab –t connections6 –x

C.

clear connections table ipv6

D.

fw6 tab –t connections –x

Question 32

How do you disable IPv6 on an IPSO gateway?

Options:

A.

Run $FWDIR/scripts/fwipv6_enable off and reboot.

B.

Remove the IPv6 license from the gateway.

C.

You cannot disable IPv6.

D.

In IPSO go to System Management > System Configuration, set IPv6 Support to off, and click Apply.

Question 33

What is the best way to see how a firewall is performing while processing packets in the firewall path, including resource usage?

Options:

A.

fw getperf

B.

SecureXL stat

C.

fwaccel stats

D.

fw ctl pstat

Question 34

How does the Check Point Security Administrator enable NAT Templates?

Options:

A.

Run commands with syntax fw ctl set int cphwd_nat_templates_support 1 and fw ctl set int cphwd_nat_templates_enabled 1.

B.

Edit file $FWDIR/boot/modules/fwkern.conf with the lines “cphwd_nat_templates_support=1” and “cphwd_nat_templates_enabled=1”.

C.

Set Firewall object > NAT > Advanced

D.

Set Global properties > NAT-Network address translation

Question 35

Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .

Options:

A.

fw ctl sync stop, fw ctl sync start

B.

fw ctl setsync off, fw ctl setsync start

C.

fw ctl setsync stop, fw ctl setsync on

D.

fw ctl setsync off, fw ctl setsync on

Question 36

ACME Corp has a cluster consisting of two 13500 appliances. As the Firewall Administrator, you notice that on an output of top, you are seeing high CPU usage of the cores assigned as SNDs, but low CPU usage on cores assigned to individual fw_worker_X processes. What command should you run next to performance tune your cluster?

Options:

A.

fw ctl debug –m cluster + all – this will show you all the connections being processed by ClusterXL and explain the high CPU usage on your appliance.

B.

fwaccel off – this will turn off SecureXL, which is causing your SNDs to be running high in the first place.

C.

fwaccel stats –s – this will show you the acceleration profile of your connections and potentially why your SNDs are running high while other cores are running low.

D.

fw tab –t connections –s – this will show you a summary of your connections table, and allow you to determine whether there is too much traffic traversing your firewall.

Question 37

Which Dynamic Routing Protocols are supported in GAiA in a Route-based VPN configuration?

Options:

A.

OSPF,BGP

B.

OSPF

C.

OSPF,BGP,RIPv2

D.

OSPF,BGP,RIPv1,RIPv2

Question 38

You are having issues with dynamic routing after a failover. The traffic is now coming from the backup and is being dropped as out of state. What is the BEST configuration to avoid stateful inspection dropping your dynamic routing traffic?

Options:

A.

Implement Wire mode.

B.

In Global Properties select Accept other IP protocols stateful replies for unknown services.

C.

Enable Visitor mode.

D.

Create additional explicit rules.

Question 39

What utility would you use to configure route-based VPNs?

Options:

A.

vpn sw_topology

B.

vpn shell

C.

vpn set_slim_server

D.

vpn tu

Question 40

In the gateway object, under topology you select the “Get All Members Interfaces with Topology” option and your newly configured unnumbered VTIs are not populated. Why is this information missing?

Options:

A.

VTI information on unnumbered interfaces should appear, so there is an issue with your configuration.

B.

VTI information on unnumbered interfaces is not required information for the VPN to work.

C.

VTI information on unnumbered interfaces needs to be entered manually.

D.

In order to fetch VTI information on unnumbered interfaces you must add an explicit rule to the policy.

Question 41

A Security Administrator wants to increase the amount of processing cores on a Check Point Security Gateway. He starts by increasing the number of cores, however the number of kernel instances remain the same way. What is the correct process to increase the number of kernel instances?

Options:

A.

Cpconfig- Enable Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cprestart

B.

Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

C.

Cpconfig- Enable Check Point ClusterXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

D.

Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cpstop,cpstart

Question 42

Where would you go to adjust the number of Kernels in CoreXL?

Options:

A.

Cpconfig

B.

fw ctl conf

C.

fw ctl affinity

D.

fw ctl multik stat

Question 43

What does the output of the commands fw ctl multik stat and fw6ctl multik stat show?

Options:

A.

Only the number of total connections currently being handled by all Kernels on a CoreXL enabled firewalls.

B.

Information for each kernel instance. The output displays state and processing core number of each instance.

C.

Which CPU cores are Kernel and SND bound cores.

D.

The number of Firewall Kernels that are installed.

Question 44

CoreXL on IPSO R77.20 does NOT support which of the following features?

Options:

A.

Check Point QoS

B.

IPv6

C.

Overlapping NAT

D.

Route-based VPN

Demo: 44 questions
Total 295 questions