Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Checkpoint 156-115.77 Check Point Certified Security Master Exam Practice Test

Demo: 44 questions
Total 295 questions

Check Point Certified Security Master Questions and Answers

Question 1

What is the method to change the number of cores that CoreXL will use?

Options:

A.

cpconfig

B.

SmartDashboard

C.

sysconfig

D.

CoreXL automatically recognizes the number of cores on a system at startup so there is no method or reason to modify the setting.

Question 2

A Security Administrator wants to increase the amount of processing cores on a Check Point Security Gateway. He starts by increasing the number of cores, however the number of kernel instances remain the same way. What is the correct process to increase the number of kernel instances?

Options:

A.

Cpconfig- Enable Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cprestart

B.

Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

C.

Cpconfig- Enable Check Point ClusterXL- Change the number of firewall instances-define how many firewall instances to enable-reboot

D.

Cpconfig- Check Point CoreXL- Change the number of firewall instances-define how many firewall instances to enable-cpstop,cpstart

Question 3

A firewall has 8 CPU cores and the correct license. CoreXL is enabled. How could you set kernel instance #3 to run on processing core #5?

Options:

A.

This is not possible CoreXL is best left to manage the Kernel to CPU core mappings. It is only when a daemon is bound to a dedicated core that CoreXL will ignore that CPU core when mapping Kernel instances to CPU cores.

B.

fw ctl affinity -s -k 3 5

C.

Run fwaffinity_apply –t 3 -k 5 and then check that the settings have taken affect with the command fw ctl multik stat.

D.

Edit the file fwaffinity.conf and add the line “k3 cpuid 5”

Question 4

What command verifies which core each gateway interface and firewall instance is currently running on?

Options:

A.

fw ctl pstat

B.

fw accel stat

C.

show corexl stat

D.

fw ctl affinity -l

Question 5

Which of the following items is NOT part of the columns of the chain modules?

Options:

A.

Inbound/Outbound chain

B.

Function Pointer

C.

Chain position

D.

Module location

Question 6

What command would you use to view which debugs are set in your current working environment?

Options:

A.

“env” and “fw ctl debug”

B.

“cat /proc/etc”

C.

“fw ctl debug all”

D.

“export”

Question 7

True or False: Software blades perform their inspection primarily through the kernel chain modules.

Options:

A.

False. Software blades do not pass through the chain modules.

B.

True. Many software blades have their own dedicated kernel chain module for inspection.

C.

True. All software blades are inspected by the IP Options chain module.

D.

True. Most software blades are inspected by the TCP streaming or Passive Streaming chain module.

Question 8

What causes the SIP Early NAT chain module to appear in the chain?

Options:

A.

The SIP traffic is trying to pass through the firewall.

B.

SIP is configured in IPS.

C.

A VOIP domain is configured.

D.

The default SIP service is used in the Rule Base.

Question 9

Which of these commands can be used to display the IPv6 routes?

Options:

A.

show route

B.

show ipv6 route

C.

show routes all

D.

show route ipv6

Question 10

Which of the following is true about Node / Host objects?

Options:

A.

A Node / Host object can either have IPv4 or IPv6 IP address or have both.

B.

A Node / Host object can either have IPv4 or IPv6 IP address but not have both. Separate objects need to be created for hosts that use dual stack.

C.

A Node / Host object can only have IPv4 IP address. For IPv6, a Node / Host6 object must be used.

D.

Node / Host object does not support IPv6, hence a Network object must be created for IPv6.

Question 11

You enabled IPv6 in your environment and would like to erase all IPv6 connection tables. How can you do it?

Options:

A.

fw tab –t connections –x

B.

fw tab –t connections6 –x

C.

clear connections table ipv6

D.

fw6 tab –t connections –x

Question 12

How do you disable IPv6 on an IPSO gateway?

Options:

A.

Run $FWDIR/scripts/fwipv6_enable off and reboot.

B.

Remove the IPv6 license from the gateway.

C.

You cannot disable IPv6.

D.

In IPSO go to System Management > System Configuration, set IPv6 Support to off, and click Apply.

Question 13

Where in a fw monitor output would you see source address translation occur in cases of automatic Hide NAT?

Options:

A.

Between the “I” and “o”

B.

Hide NAT does not adjust the source IP

C.

Between the “o” and “O”

D.

Between the “i” and “I”

Question 14

By default, the size of the fwx_alloc table is:

Options:

A.

65535

B.

65536

C.

25000

D.

1024

Question 15

Which file should be edited to modify ClusterXL VIP Hide NAT rules, and where?

Options:

A.

$FWDIR/lib/base.def on the cluster members

B.

$FWDIR/lib/table.def on the SMC

C.

$FWDIR/lib/table.def on the cluster members

D.

$FWDIR/lib/base.def on the SMC

Question 16

Server A is subject to automatically static NAT and also resides on a network which is subject to automatic Hide NAT. With regards to address translation what will happen when Server A initiates outbound communication?

Options:

A.

This will cause a policy verification error.

B.

This is called hairpin NAT, the traffic will return to the server.

C.

The static NAT will take precedence.

D.

The Hide NAT will take precedence.

Question 17

You have just taken over as a firewall administrator. Your company is using Geo Protections on your gateway, but you want to verify that the protections are up-to-date. How can you see when these were updated?

Options:

A.

In the IPS tree Protections > Select Check for Update.

B.

Check asm_update_version_geo in GuiDBedit.

C.

In the IPS tree Protections > Geo Protections and check the profile name which is mm/dd/yy.

D.

Check the time stamp of $FWDIR/tmp/geo_location_tmp/updates/IpToCountry.csv.

Question 18

Which of the following IPS Layers is the "brain" of the IPS? That is, what coordinates between different components, decides which protections should run on a certain packet, decides the final action to be performed on the packet and issues an event log?

Options:

A.

Protections

B.

Passive Streaming Library (PSL)

C.

Protocol Parsers

D.

Context Management Interface layer (CMI)

Question 19

In R77, Under what circumstances would IPS bypass be enforced?

Options:

A.

Single CoreXL fw instance usage over ‘High’ threshold, Average Memory over ‘High’ threshold

B.

Single CoreXL fw instance usage over ‘Low’ threshold, Average Memory over ‘High’ threshold

C.

Average CPU over ‘High’ threshold, Average Memory over ‘Low’ threshold

D.

Average CPU over ‘High’ threshold, Average Memory over ‘High’ threshold

Question 20

Your Customer would like to enable IPS in his Corporate Cluster, but he is concerned about high CPU usage because if the IPS inspection. What feature would you configure to disable inspection if a high CPU usage develops?

Options:

A.

It is not possible. In this case no enable IPS

B.

Bypass Under Load. (In IPS Option on Gateway Properties)

C.

Bypass Inspection. (In IPS Option on Gateway Properties)

D.

Disable Inspection. (In IPS Option on Gateway Properties)

Question 21

The command fwaccel stat displays what information?

Options:

A.

Accelerator status, accept templates, drop templates

B.

Accelerated packets, accept templates, dropped packets

C.

Accelerator status, accelerated rules, drop templates

D.

Accelerator status, CoreXL state, drop templates

Question 22

What is the corresponding connection template entered into the SecureXL connection table from the connection: “10.0.0.100:1024 > 216.239.59.59:80”

Options:

A.

“10.0.0.100:1024 > 216.239.59.59:80”

B.

“10.0.0.100:1024 > 216.239.59.59:*”

C.

“10.0.0.100:* > 216.239.59.59:*”

D.

“10.0.0.100:* > 216.239.59.59:80”

Question 23

What command would you use to determine if a particular connection is being accelerated by SecureXL?

Options:

A.

fw tab –t connections –u

B.

fw ctl kdebug

C.

fwaccel stat

D.

fwaccel conns

Question 24

When are rules that include identity awareness access roles accelerated through SecureXL?

Options:

A.

Rules using Identity Awareness are always accelerated.

B.

Only when ‘Unauthenticated Guests’ is included in the access role.

C.

They have no bearing on whether the connection for the rule is accelerated.

D.

Rules using Identity Awareness are never accelerated.

Question 25

When you have your directional VPN enforcement rule set to “Internal_Clear” , what does this represent?

Options:

A.

All interfaces are designated “External”

B.

VOIP traffic

C.

Do not perform directional VPN enforcements on this traffic

D.

All interfaces are designated as “Internal”

Question 26

How does the “Directional Enforcement” rule manage subsequent packet inspection?

Options:

A.

“Directional Enforcement” is only applied to the first packet of the connection, including packets in the opposite direction.

B.

“Directional Enforcement” is applied to all packets in the connection.

C.

“Directional Enforcement” applies only to the first packet of the connection, but does not include the packets in the opposite direction.

D.

“Directional Enforcement” is considered trusted traffic and therefore is not inspected.

Question 27

You are using an IPV6 environment and find that you need additional access control and want to set up some directional VPN rules. How can you restrict access based on destination?

Options:

A.

This can only be done in Traditional Mode VPN.

B.

Directional VPN enforcement feature is not supported for IPv6.

C.

Enable Global Properties > Advanced > IPv6 for directional VPN enforcement.

D.

Set your rule match to “All_gwtogw” and create a new rule.

Question 28

What are the common Best Practices for configuring QoS over a route-based VPN?

Options:

A.

IKE traffic must have a minimum Guarantee of 50% of the external interface throughput.

B.

QoS is not supported.

C.

Ensure the VTI is numbered.

D.

Ensure the VTI is unnumbered.

Question 29

How would you determine the value of 'Maximum concurrent connections' of the NAT Table?

Options:

A.

fwx_alloc

B.

fwx_max_conns

C.

fwx_auth

D.

objects_5_0.C

Question 30

Which command displays FireWall internal statistics about memory and traffic?

Options:

A.

fw getifs

B.

cpstat os –f memory

C.

fw ctl pstat

D.

cpstat os –f cpu

Question 31

Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .

Options:

A.

fw ctl sync stop, fw ctl sync start

B.

fw ctl setsync off, fw ctl setsync start

C.

fw ctl setsync stop, fw ctl setsync on

D.

fw ctl setsync off, fw ctl setsync on

Question 32

You are a system administrator and you are working with Support. Support asked you to enable kernel core dumps on the files. You are unsure if this has already been set. You run the command chkconfig -list kdump.  Does the screen capture tell you if kernel dumps are enabled on this gateway?

Options:

A.

There is not enough information to determine if kernel core files will be generated.

B.

Yes kernel dump has been enabled and kernel files should be captured.

C.

Kdump has nothing to do with kernel core file generation.

D.

All values should be set to “on”. A kernel core dump will not be created.

Question 33

You are setting up VPN between two gateways Local-GW and New-GW and want to use shared secret. For some reason New-GW is not showing up in the shared secret properties under mesh community properties. What is the most likely reason why the New-GW is not displayed?

Options:

A.

Gateway is locally managed by the same management station as Local-GW and shared secret is not supported for this configuration

B.

New-GW has to have Advanced properties > shared secret enabled.

C.

You need to install database by selecting Policy > Install database before gateway can be added.

D.

Gateway is 600 appliance and does not support “shared secret” option.

Question 34

What would the following command fw monitor tell you?

Options:

A.

Only OSPF and FTP traffic between 10.10.10.86 and 192.168.10.4

B.

Only traffic between 10.10.10.86 and 192.168.10.4 on port 21 or port 89

C.

Only accepted traffic between 10.10.10.86 and 192.168.10.4, or any accepted FTP traffic, or any accepted OSPF traffic

D.

Any communication between 10.10.10.86 and 192.168.10.4, or any FTP traffic, or any OSPF traffic

Question 35

Given the following IKEView output, what do we know about QuickMode Packet 1?

Options:

A.

Packet 1 proposes a symmetrical key

B.

Packet 1 proposes a subnet and host ID, an encryption and hash algorithm

C.

Packet 1 Proposes SA life Type, Sa Life Duration, Authentication and Encapsulation Algorithm

D.

Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm, and ID data

Question 36

What debug file would you check to see what IKE version is being used?

Options:

A.

fwpnd.elg

B.

vpn.txt

C.

debug.txt

D.

vpnd.elg

Question 37

You are running some diagnostics on your GAIA gateway. You are reviewing the number of fragmented packets; you notice that there are a lot of large and duplicate packets. Which command did you issue to get this information?

Options:

A.

sysconfig

B.

fw ctl pstat

C.

fw ctl get int fw_frag_stats

D.

cat /proc/cpuinfo

Question 38

From a Best Practices perspective, what percentage of your packets should be accelerated?

Options:

A.

65%

B.

90%

C.

100%

D.

75%

Question 39

You are running an inventory process within your corporate environment (R77) and need to find out CPU, memory, disk space, and information regarding the software blades enabled. What command could you use to easily gather this information?

Options:

A.

cpconfig

B.

fw ctl pstat

C.

SmartView Tracker

D.

cpview

Question 40

You are analyzing your firewall logs, /var/log/messages, and repeatedly see the following kernel message:

'kernel: neighbor table overflow'

What is the cause?

Options:

A.

Arp cache overflow

B.

OSPF neighbor down

C.

Nothing, you can disconsider it.

D.

Cluster member table overflow

Question 41

What is the function of the setting "no_hide_services_ports" in the tables.def files?

Options:

A.

Preventing the secondary member from hiding its presence by not forwarding any packets.

B.

Allowing management traffic to be accepted in an applied rule ahead of the stealth rule.

C.

Hiding the particular tables from being synchronized to the other cluster member.

D.

Preventing outbound traffic from being hidden behind the cluster IP address.

Question 42

Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?

Options:

A.

The source IP of the packet.

B.

The packet has a TTL value of less than 255.

C.

The source MAC address of the packet.

D.

The destination IP of the packet.

Question 43

In order to prevent outgoing NTP traffic from being hidden behind a Cluster IP you should?

Options:

A.

Edit the relevant table.def on the Management Server and add the line no_hide_services_ports = { <17, 123> }; and then push policy.

B.

Edit the relevant table.def on the gateway and add the line no_hide_services_ports = { <17, 123> };.

C.

Edit the relevant table.def on the Management Server and add the line no_hide_services_ports = { <123, 17> }; and then push policy.

D.

Edit the relevant table.def on the gateway and add the line no_hide_services_ports = { <123, 17> }.

Question 44

How can you see a dropped connection and the cause from the kernel?

Options:

A.

fw zdebug drop

B.

fw ctl debug drop on

C.

fw debug drop on

D.

fw ctl zdebug drop

Demo: 44 questions
Total 295 questions