Summer Sale 60% Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best60

Checkpoint 156-115.77 Check Point Certified Security Master Exam Practice Test

Page: 1 / 30
Total 295 questions

Check Point Certified Security Master Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$48  $119.99

PDF Study Guide

  • Product Type: PDF Study Guide
$42  $104.99
Question 1

You are attempting to establish an FTP session between your computer and a remote server, but it is not being completed successfully. You think the issue may be due to IPS. Viewing SmartView Tracker shows no drops. How would you confirm if the traffic is actually being dropped by the gateway?

Options:

A.

Search the connections table for that connection.

B.

Run a fw monitor packet capture on the gateway.

C.

Look in SmartView Monitor for that connection to see why it’s being dropped.

D.

Run fw ctl zdebug drop on the gateway.

Question 2

Tom is troubleshooting NAT issues using fw monitor and Wireshark. He tries to initiate a connection from the external network to a DMZ server using the public IP which the firewall translates to the actual IP of the server. He analyzes the captured packets using Wireshark and observes that the destination IP is being changed as required by the firewall but does not see the packet leave the external interface. What could be the reason?

Options:

A.

The translation might be happening on the client side and the packet is being routed by the OS back to the external interface.

B.

The translation might be happening on the server side and the packet is being routed by OS back to the external interface.

C.

Packet is dropped by the firewall.

D.

After the translation, the packet is dropped by the Anti-Spoofing Protection.

Question 3

Which flag in the fw monitor command is used to print the position of the kernel chain?

Options:

A.

-all

B.

-k

C.

-c

D.

-p

Question 4

Ann wants to hide FTP traffic behind the virtual IP of her cluster. Where is the relevant file table.def located to make this modification?

Options:

A.

$FWDIR/log/table.def

B.

$FWDIR/conf/table.def

C.

$FWDIR/bin/table.def

D.

$FWDIR/lib/table.def

Question 5

Where would you go to adjust the number of Kernels in CoreXL?

Options:

A.

Cpconfig

B.

fw ctl conf

C.

fw ctl affinity

D.

fw ctl multik stat

Question 6

A firewall has 8 CPU cores and the correct license. CoreXL is enabled. How could you set kernel instance #3 to run on processing core #5?

Options:

A.

This is not possible CoreXL is best left to manage the Kernel to CPU core mappings. It is only when a daemon is bound to a dedicated core that CoreXL will ignore that CPU core when mapping Kernel instances to CPU cores.

B.

fw ctl affinity -s -k 3 5

C.

Run fwaffinity_apply –t 3 -k 5 and then check that the settings have taken affect with the command fw ctl multik stat.

D.

Edit the file fwaffinity.conf and add the line “k3 cpuid 5”

Question 7

A Security Administrator wants to increase the amount of processing cores on a Check Point Security Gateway. He starts by increasing the number of cores, however the number of kernel instances remain the same way. What is the correct process to increase the number of kernel instances?

Options:

A.

Cpconfig- Enable Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cprestart

B.

Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

C.

Cpconfig- Enable Check Point ClusterXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

D.

Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cpstop,cpstart

Question 8

What is required when changing the configuration of the number of workers in CoreXL?

Options:

A.

A reboot

B.

cpstop/cpstart

C.

evstop/evstart

D.

A policy installation

Question 9

You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you see when these were updated?

Options:

A.

In the IPS tree Protections > Select Check for Update.

B.

Check asm_update_version_geo in GuiDBedit.

C.

In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy.

D.

Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv.

Question 10

Which of the following CANNOT be used as a source/destination for an IPS network exception?

Options:

A.

Network Group

B.

Identity Awareness Access Role

C.

Any

D.

IP Address

Question 11

You have spent time configuring the IPS profile on your primary gateway firewall. You want to ensure that this profile can be applied to all gateway firewalls in your environment. How can you share this information between firewalls?

Options:

A.

From the command line, run: ips_export [-o ] [-p ].

B.

IPS profiles must be manually configured on each gateway.

C.

From the Smart Dashboard IPS tab select export IPS profiles and select the gateway to send this export to.

D.

From the command line, run: ips_export_import export [-o ] [-p ].

Question 12

You are a system administrator and would like to configure Geo Protection on your gateway to comply with a new corporate policy. What must you have to do this?

Options:

A.

Valid IPS contract and software blade licensing

B.

DNS resolution on the gateway

C.

Geo Protection is enabled by default

D.

The latest IPS update

Question 13

From which version can you add Proxy ARP entries through the GAiA portal?

Options:

A.

R77.10

B.

R77

C.

R75.40

D.

R76

Question 14

If you need to use a Domain object in the Rule Base, where should this rule be located?

Options:

A.

No higher than the 2nd rule.

B.

The first rule in the Rule Base.

C.

The last rule before the clean up rule.

D.

The last rule after the clean up rule.

Question 15

Where would you find CPU information like model, number of cores, vendor and architecture?

Options:

A.

In the file cpuinfo in the directory /proc.

B.

Right click the gateway object in Smart Dashboard and view properties

C.

WebUI

D.

sysconfig

Question 16

The 'Maximum Entries' value in the GAiA Portal corresponds to the 'gc_thresh3' parameter in the Linux kernel and has value of 1024. Knowing this, you know that gc_thresh2 and gc_thresh1 if are automatically set to the values:

Options:

A.

gc_thresh2=256 and gc_thresh1=128

B.

gc_thresh2=512 and gc_thresh1=256

C.

gc_thresh2=1024 and gc_thresh1=1024

D.

gc_thresh1=256 and gc_thresh2=128

Question 17

After creating and pushing out a new policy, Joe finds that an old connection is still being allowed that should have been closed after his changes. He wants to delete the connection on the gateway, and looks it up with fw tab –t connections –u. Joe finds the connection he is looking for. What command should Joe use to remove this connection?

<0,a128c22,89,a158508,89,11;10001,2281,25,15b,a1,4ecdfeee,ac,691400ac,7b6,3e,ffffffff,3c,3c,0,0,0,0,0,0,0,0,0,0,0,0,0,0>

Options:

A.

fw tab –t connections –x –d “0,a128c22,89,0a158508,89,11"

B.

fw tab –t connections –x –e "0,a128c22,00000089,0a158508,00000089,00000011"

C.

fw tab –t connections –x –d “00000000,a128c22,00000089,0a158508,00000089,00000011"

D.

fw tab –t connections –x –e “0,a128c22,89,0a158508,89,11"

Question 18

Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?

Options:

A.

The source IP of the packet.

B.

The packet has a TTL value of less than 255.

C.

The source MAC address of the packet.

D.

The destination IP of the packet.

Question 19

What is the function of the setting "no_hide_services_ports" in the tables.def files?

Options:

A.

Preventing the secondary member from hiding its presence by not forwarding any packets.

B.

Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.

C.

Hiding the particular tables from being synchronized to the other cluster member.

D.

Preventing outbound traffic from being hidden behind the cluster IP address.

Question 20

Your customer receives an alert from their network operation center, they are seeing ARP and Ping scans of their network originating from the firewall.  What could be the reason for the behaviour?

Options:

A.

Check Point firewalls probe adjacent networking devices during normal operation.

B.

IPS is disabled on the firewalls and there is a known OpenSSL vulnerability that allows a hacker to cause a network scan to originate from the firewall.

C.

One or both of the firewalls in a cluster have stopped receiving CCP packets on an interface.

D.

Check Point's Antibot blade performs anti-bot scans of the surrounding network.

Question 21

What is the best way to see how much traffic went through the firewall that was TCP, UDP and ICMP?

Options:

A.

fwaccel conns

B.

fw tab –t connections –p

C.

fwaccel stats

D.

fw ctl pstat

Question 22

ACME Corp has a cluster consisting of two 13500 appliances. As the Firewall Administrator, you notice that on an output of top, you are seeing high CPU usage of the cores assigned as SNDs, but low CPU usage on cores assigned to individual fw_worker_X processes. What command should you run next to performance tune your cluster?

Options:

A.

fw ctl debug –m cluster + all – this will show you all the connections being processed by ClusterXL and explain the high CPU usage on your appliance.

B.

fwaccel off – this will turn off SecureXL, which is causing your SNDs to be running high in the first place.

C.

fwaccel stats –s – this will show you the acceleration profile of your connections and potentially why your SNDs are running high while other cores are running low.

D.

fw tab –t connections –s – this will show you a summary of your connections table, and allow you to determine whether there is too much traffic traversing your firewall.

Question 23

When a cluster member is completely powered down, how will the other member identify if there is network connectivity?

Options:

A.

The working member will ARP for the default gateway.

B.

The working member will look for replies to traffic sent from internal hosts.

C.

The working member will automatically assume connectivity.

D.

The working member will Ping IPs in the subnet until it gets a response.

Question 24

How would you determine the value of 'Maximum concurrent connections' of the NAT Table?

Options:

A.

fwx_alloc

B.

fwx_max_conns

C.

fwx_auth

D.

objects_5_0.C

Question 25

Which operating systems support Wire mode?

Options:

A.

SecurePlatform and GAIA

B.

Solaris and SecurePlatform

C.

IPSO and SecurePlatform

D.

IPSO and GAIA

Question 26

Where do you configure VTIs on your R77 gateway in VSX mode?

Options:

A.

VTIs are configured in each VS context.

B.

VTIs are configured in VS0 context.

C.

VTIs are not supported in VSX mode.

D.

VTIs are configured in SmartDashboard.

Question 27

You would like to configure unnumbered VTIs and your environment uses load sharing clustering. Would this clustering technology be supported by your unnumbered VTI’s?

Options:

A.

No, unnumbered VTIs only support VRRP HA active-passive mode.

B.

Yes, unnumbered VTIs only support clustering load sharing.

C.

Yes, all HA modes are supported.

D.

No, unnumbered VTIs do not support any HA modes.

Question 28

When configuring a Numbered VPN-Tunnel, what parameters are necessary?

Options:

A.

VPN Tunnel ID, Local Address, Remote Address

B.

Peer, Local Address, Remote Address

C.

VPN Tunnel ID, Peer, Local Address, Remote Address

D.

VPN Tunnel ID, Peer, Physical Device

Question 29

When VPN user-based authentication fails, which of the following debug logs is essential to understanding the issue?

Options:

A.

VPN-1 kernel debug logs

B.

IKE.elg

C.

Vpnd.elg

D.

fw monitor trace

Question 30

You are attempting to establish a VPN tunnel between a Check Point gateway and a 3rd party vendor. When attempting to send traffic to the peer gateway it is failing. You look in SmartView Tracker and see that the failure is due to “Encryption failure: no response from peer”. After running a VPN debug on the problematic gateway, what is one of the files you would want to analyze?

Options:

A.

$FWDIR/log/fw.log

B.

$FWDIR/log/fwd.elg

C.

$FWDIR/log/ike.elg

D.

/var/log/fw_debug.txt

Question 31

What would the following command fw monitor tell you?

Options:

A.

Only OSPF and FTP traffic between 10.10.10.86 and 192.168.10.4

B.

Only traffic between 10.10.10.86 and 192.168.10.4 on port 21 or port 89

C.

Only accepted traffic between 10.10.10.86 and 192.168.10.4, or any accepted FTP traffic, or any accepted OSPF traffic

D.

Any communication between 10.10.10.86 and 192.168.10.4, or any FTP traffic, or any OSPF traffic

Question 32

In IKEView while troubleshooting a VPN issue between your gateway and a partner site you see an entry that states “Invalid ID”. Which of the following is the most likely cause?

Options:

A.

IKEv1 is not supported by the peer.

B.

Time is not matching between two members.

C.

The encryption parameters (hash, encryption type, etc.) do not match.

D.

Wrong subnets are being negotiated.

Question 33

What does the IP Options Strip represent under the fw chain output?

Options:

A.

IP Options Strip is not a valid fw chain output.

B.

The IP Options Strip removes the IP header of the packet prior to be passed to the other kernel functions.

C.

The IP Options Strip copies the header details to forward the details for further IPS inspections.

D.

IP Options Strip is only used when VPN is involved.

Question 34

When you perform an install database, the status window is filled with large amounts of text. What could be the cause?

Options:

A.

There is an active fw monitor running.

B.

There is an environment variable of TDERROR_ALL_ALL set on the gateway.

C.

There is an active debug on the SmartConsole.

D.

There is an active debug on the FWM process.

Question 35

The command _____________ shows which firewall chain modules are active on a gateway.

Options:

A.

fw stat

B.

fw ctl debug

C.

fw ctl chain

D.

fw ctl multik stat

Question 36

You are running a debugging session and you have set the debug environment to TDERROR_ALL_ALL=5 using the command export TDERROR_ALL_ALL=5. How do you return the debug value to defaults?

Options:

A.

fw ctl debug 0x1ffffe0

B.

fw debug 0x1ffffe0

C.

export TDERROR_ALL_ALL

D.

unset TDERROR_ALL_ALL

Question 37

Which of the following statements are TRUE about SecureXL?

I. SecureXL is able to accelerate all connections through the firewall.

II. Medium path acceleration will still cause some CPU utilization of CoreXL cores.

III. F2F connections represent “forwarded to firewall” connections that are not accelerated and fully processed through the firewall kernel.

IV. Packets going through SecureXL must be inspected by the firewall kernel before being accelerated.

Options:

A.

II and III

B.

I, II, and III

C.

III and IV

D.

I and IV

Question 38

Consider the following Rule Base;

What can be concluded in regards to SecureXL Accept Templates?

Options:

A.

Accept Templates will be disabled on Rule #4

B.

Accept Templates will be fully functional

C.

Accept Templates will be disabled on Rule #6

D.

Accept Templates do not function with VPN communities in the Rule Base

Question 39

Look at the follow Rule Base display. Rule 5 contains a TIME object. What is the effect on the following rules?

Options:

A.

Rule 6 will be eligible but Rule 7 will not.

B.

All subsequent rules below Rule 5 will not be templated, regardless of the rule

C.

No effect. Rules 6 and 7 will be eligible for templating.

D.

The restriction on one rule does not affect later rules with regards to templates.

Question 40

When optimizing a customer firewall Rule Base, what is the BEST way to start the analysis?

Options:

A.

With the command fwaccel stat followed by the command fwaccel stats.

B.

At the top of the Rule Base.

C.

Using the hit count column.

D.

Using the Compliance Software Blade.

Question 41

Which of the following is true when IPv6 is enabled on a Security Gateway?

Options:

A.

An interface on the Gateway can either have IPv4 or IPv6 IP address or have both.

B.

As of version R77, IPv6 is only supported on Security Management Server.

C.

IPv4 will be completely disabled when IPv6 has been enabled.

D.

An interface on the Gateway can either have IPv4 or IPv6 IP address but cannot have both.

Question 42

Which of these commands can be used to display the IPv6 routes?

Options:

A.

show route

B.

show ipv6 route

C.

show routes all

D.

show route ipv6

Question 43

Does R77 SmartDashboard support IPv6?

Options:

A.

Yes provided the operating system on which Smart Dashboard is installed is configured with IPv6.

B.

SmartDashboard does not support IPv6.

C.

IPv6 needs to be tunneled through IPv4 to support IPv6.

D.

R77.20 and above provides the support for Smart Dashboard and IPv6 support.

Question 44

True or False: It is possible to operate a Security Gateway entirely with IPv6 addressing.

Options:

A.

True: All IPv4 features are supported in IPv6’

B.

True: Management can occur over IPv4 or IPv6 thus all gateways can have interfaces configured with valid IP addresses of either type’

C.

False: There are many common IPv4 features that are not supported in IPv6’

D.

False: Management only occurs over IPv4 thus all gateways are required to have interfaces configured with valid IPv4 addresses’

Page: 1 / 30
Total 295 questions