Tom has been tasked to install Check Point R80 in a distributed deployment.
Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
- A . One machine, but it needs to be installed using SecurePlatform for compatibility purposes
- B . One machine
- C . Two machines
- D . Three machines
In order to test ClusterXL failovers which command would you use on one of the ClusterXL nodes to initiate a failover?
- A . clusterXL_admin down -p
- B . cluster XL_admin up -p
- C . cphaprob -d TEST -s ok register
- D . cphaprob -d TEST -s problem unregister
A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7298.htm#o97358
Which of the following is NOT a valid “fwaccel” parameter?
- A . stat
- B . stats
- C . templates
- D . packets
D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
Which of the following is not one of the relational database domains that stores the management configuration?
- A . User Domain
- B . System Domain
- C . Global Domain
- D . Audit Domain
What file extension should be used with fw monitor to allow the output file to be imported and read in Wireshark?
- A . .cap
- B . .exe
- C . .tgz
- D . .pcap
Where will the usermode core files located?
- A . /var/log/dump/usermode
- B . /var/suroot
- C . $FWDIR/var/log/dump/usermode
- D . $CPDIR/var/log/dump/usermode
A
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92764
How often will a gateway with Performance Pack running by default automatically review and distribute interface affinity between cores?
- A . Every 60 seconds
- B . Interface affinity is determined at gateway build time and does not change
- C . Every 5 minutes
- D . Every 10 seconds
A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
Which of the following features is supported in Check Point’s implementation of IPv6?
- A . Security Servers
- B . QoS
- C . ClusterXL High Availability
- D . SAM
C
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk39374
You verified that Performance Pack is disabled and need to distribute the affinity interfaces.
What command would you run to use static affinity to balance the interfaces between the SND cores?
- A . cpmq set
- B . sim affinity -s
- C . fw ctl affinity -a -l -v
- D . fw ctl affinity -s
Which command would you use to check CoreXL instances for IPv6 traffic?
- A . fwaccel6 stats
- B . fwaccel6 stat
- C . fw ctl multik stat
- D . fw6ctl multik stat
What must be done for the “fw monitor” command to capture packets through the firewall kernel?
- A . SecureXL must be disabled
- B . ClusterXL must be temporarily disabled
- C . Firewall policy must be re-installed
- D . The output file must be transferred to a machine with WireShark
A
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30583
Consider a Check Point Security Gateway under high load.
What mechanism can be used to confirm that important traffic such as control connections are not dropped?
- A . fw debug fgd50 on OPSEC_DEBUG_LEVEL=3
- B . fw ctl multik prioq
- C . fgate Cd load
- D . fw ctl debug Cm fg all
What is the default and maximum number of entries in the ARP Cache Table in a Check Point appliance?
- A . 1,024 and 4,096
- B . 4,096 and 16,384
- C . 4,096 and 65,536
- D . 1,024 and 16,384
D
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73181.htm
Which kernel debug flag should you use to troubleshoot NAT connections?
- A . fw ctl debug + xlate xltrc nat table
- B . fw ctl debug + xltrc xlate nat conn
- C . fw ctl debug + xlate xltrc nat conn drop
- D . fw ctl debug + fwx_alloc nat conn drop
You are working with multiple Security Gateways enforcing an extensive number of rules.
To simplify security administration, which action would you choose?
- A . Eliminate all possible contradictory rules such as the Stealth or Cleanup rules
- B . Create a separate Security Policy package for each remote Security Gateway
- C . Create network objects that restrict all applicable rules to only certain networks
- D . Run separate SmartConsole instances to login and configure each Security Gateway directly
Which type of SecureXL templates is enabled by default on Security Gateways?
- A . Accept
- B . Drop
- C . NAT
- D . VPN
Which one of following commands should you run to display HTTPS packet content together with kernel debug?
- A . fw ctl get int https_inspection_show_decrypted_data_in_debug=1
fw ctl get int ssl_inspection_extra_debug=1 - B . fw set int https_inspection_get_encrypted_data_in_debug 1
fw set int https_inspection_show_debug 1 - C . fw ctl set int https_inspection_show_decrypted_data_in_debug 1
fw ctl set int ssl_inspection_extra_debug 1 - D . fw ctl set int http_inspection_display_encrypted_data_in_debug=1
fw ctl set int http_inspection_extra_debug=1
You issued the command “set ipv6-state on” in order to enable IPv6 protocol on a Security Gateway. The command was executed successfully. After reboot you notice that IPv6 protocol is not enabled.
What do you do to permanently enable IPv6 protocol?
- A . Issue “set ipv6-state on” again; Save configuration and reboot
- B . You need to modify Gateway Properties in SmartConsole and install policy in order to enable IPv6
- C . You need to set “ipv6_state” parameter in $FWDIR/boot/modules/fwkern.conf and reboot
- D . You need to install a valid license to use IPv6 protocol
Where does the translation occur with Hide NAT?
- A . The destination translation occurs at the client side
- B . The source translation occurs at the server side
- C . The source translation occurs at the client side
- D . The destination translation occurs at the server side
Fill in the blank. The tool ____________________ generates a R80 Security Gateway configuration report.
- A . infoCP
- B . infoview
- C . cpinfo
- D . fw cpinfo
Which is the correct “fw monitor” syntax for creating a capture file for loading it into WireShark?
- A . fw monitor Ce “accept <FILTER EXPRESSION>; “>> Output.cap
- B . This cannot be accomplished as it is not supported with R80.10
- C . fw monitor Ce “accept <FILTER EXPRESSION>;” Cfile Output.cap
- D . fw monitor Ce “accept <FILTER EXPRESSION>;” Co Output.cap
How many layers are incorporated in IPS detection and what are they called?
- A . 4 layers C Passive Streaming Library (PSL), Protocol Parsers, Context Management, Protections
- B . 3 layers C Active Streaming Library (ASL), CMI, Protections
- C . 4 layers C Active Streaming Library (ASL), Protocol Parsers, Context Management, Protections
- D . 3 layers C Protocol Parsers, CMI, Protections
What is the command to check the current status of hyper-threading?
- A . fw ctl get int cphwd_hyper_status
- B . fw ctl multik stat
- C . cat/proc/hyperstats
- D . cat/proc/smt_status
D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk93000#To%20check%20SMT%20current%20status
What occurs when Bypass Under Load activated?
- A . Packets are forwarded to the destination without checking the packets against the firewall rule base
- B . Packets are forwarded to the destination without performing IPS analysis
- C . To still ensure a minimum level of data integrity, the system revert to the use of MD5 instead of SHA-1, since former produces an output smaller than the latter
- D . The amount of the state table entries is decreased according to the LRU (least recently used) algorithm
B
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12750.htm
Having a look at the output of the “fwaccel conns” command, the F flag is the indicator for a packet ______________.
- A . getting the routing information according to the Forwarding Information Base (FIB)
- B . being processed by the firewall kernel module
- C . going through the slow path
- D . being forced of using the accelerated path
Of how many packets consists Main Mode in Phase 1?
- A . Three packets
- B . Four packets
- C . Six packets
- D . it depends on the encryption algorithm used. 3DES has three times more packets than DES encryption
What does the command “vpn shell tunnels delete all ike” do?
- A . Delete only outbound_SPI tables
- B . Deletes all IKE and IPSEC SA’s
- C . Deletes all IKE configuration on the Gateway
- D . Deletes all IKE SA’s
When enabling hyper-threading on a Security Gateway, the administrator needs to make sure there is enough _______________ to support additional CoreXL Firewall instances.
- A . drive space
- B . cpu’s
- C . available cache
- D . available memory
D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk93000
You run “cat/proc/smt_status” on your security gateway and the output shows ‘Soft Disable’.
How is your system configured in reference to hyper-threading?
- A . Hyper-threading is disabled in BIOS and cpconfig
- B . Hyper-threading is enabled in BIOS but disabled in cpconfig
- C . Hyper-threading is disabled in BIOS but enabled in cpconfig
- D . Your system does not support Hyper-threading
B
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk93000
Which command is used to enable IPv6 on Security Gateway?
- A . set ipv6-state on
- B . add ipv6 interface on
- C . set ipv6-enable on
- D . set ipv6-state enabled
What is the correct command to turn off an IKE debug?
- A . vpn debug ikeoff
- B . fw ctl debug ikeoff
- C . vpn debug ikeoff 0
- D . fw ctl vpn debug ikeoff
A
Explanation:
Reference: https://community.checkpoint.com/docs/DOC-3023-vpn-troubleshooting-commands
What process(es) should be checked if there is high I/O and you suspect it may be related to the Antivirus Software Blade?
- A . avsp
- B . dlpu and rad processes
- C . cpta
- D . cpm and fwm
Which of the following is NOT a special consideration while running fw monitor on production firewall?
- A . While executing fw monitor, you need to specify an expression so that it captures the required traffic instead of all traffic
- B . While running fw monitor on a busy firewall, the Cci <count> and Cco <count> switches can be used to limit the number of packets captured
- C . While running fw monitor, it resets all the debug flags
- D . During a fw monitor, the firewall will have to process more packets because SecureXL acceleration should be disabled
In R80 spoofing is defined as a method of:
- A . Disguising an illegal IP address behind an authorized IP address through Port Address Translation
- B . Hiding your firewall from unauthorized users
- C . Detecting people using false or wrong authentication logins
- D . Making packets appear as if they come an authorized IP address
Which of the following inputs is suitable for debugging HTTPS inspection issues?
- A . vpn debug cptls on
- B . fw ctl debug Cm fw + conn drop cptls
- C . fw diag debug tls enable
- D . fw debug tls on TDERROR_ALL_ALL=5
B
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108202
Which of the connections cannot be accelerated with SecureXL?
- A . Every NAT’ed connection
- B . Every encrypted connection, such as HTTPS or SSH connections
- C . Every connection destined to the Security Gateways
- D . Every connection through a rule using a time object
Which of the following ports are used for SIC?
- A . 18355 and 18356
- B . 18210 and 18211
- C . 257 and 258
- D . 18192 and 18193
B
Explanation:
Reference: http://digitalcrunch.com/check-point-firewall/list-of-check-point-ports/
Joey’s implementing a new R80.10 firewall cluster into the network. During the implementation he notices that the cluster object is in error state in SmartConsole. He tries to figure out the cause of the problem and runs a ClusterXL kernel debug with command: ‘fw ctl debug Cm cluster + stat pnote conf ccp’ ClusterXL kernel debug shows him following info: fwha_set_new_local_state: Old version HA machines exist around so prevent state change to READY.
How can he solve the problem?
- A . cphaconf cluster_id set <NEW_CLUSTER_ID_VALUE>
- B . cphaprob mmagic
- C . Connect with GuiDBedit Tool to Security Management Server. Go to Table C Network Objects C network_objects. Select the relevant R80.10 Cluster object. Go to Search menu C Find C paste mac_magic. Right-click on the mac_magic the object C select Edit… and change the value to 254. Save changes and install policy.
- D . Connect with GuiDBedit Tool to Security Management Server. Go to Table C Network Objects C network_objects. Select the relevant R80.10 Cluster object. Go to Search menu C Find C paste cluster_magic. Right-click on the cluster_magic the object C select Edit… and change the value between 1 and 253. Save changes and install policy.
D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
Which file would you need to make sure you collect when debugging a VPN that fails to establish that is configured to use IKEv2?
- A . $FWDIR/log/ike2.elg
- B . $FWDIR/log/vpnd.xml.v2
- C . $FWDIR/log/ikev2.xml
- D . $CPDIR/log/ike.elg
What is the name of the table that an administrator would review to investigate a port exhaustion error when using Hide NAT?
- A . dyn_nat_table
- B . connection
- C . nat_dyn_table
- D . fwx_alloc
D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk32224
After determining that the IPS Blade is causing high resource utilization in the gateway, which would be an appropriate strategy to improve IPS performance?
- A . Enabling CoreXL
- B . Enable Bypass mode
- C . Disabling SecureXL
- D . Enabling SecureXL
Which process is responsible for the generation of certificates?
- A . cpm
- B . cpca
- C . dbsync
- D . fwm
B
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638#Security%20Management%20Software%20Blades%20and%20Features%20-%20SmartLog
Which one of the following does not belong to an initial status of a critical device?
- A . restart
- B . problem
- C . init
- D . ok
A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7298.htm
Fill in the blank: The R80 feature _________________ permits blocking specific IP addresses for a specified time period.
- A . Block Port Overflow
- B . Local Interface Spoofing
- C . Suspicious Activity Monitoring
- D . Adaptive Threat Prevention
The Security Gateway is installed on GAiA R80. The default port for the Web User Interface is _____________.
- A . TCP 18211
- B . TCP 257
- C . TCP 4433
- D . TCP 443
What is enabled by the command “vpn debug mon”?
- A . statistics monitoring for vpn encrypted packets
- B . vpn daemon monitor mode
- C . ike monitor
- D . vpn debug mode
Fill in the blank: The R80 utility fw monitoris used to troubleshoot ___________________.
- A . User data base corruption
- B . LDAP conflicts
- C . Traffic issues
- D . Phase two key negotiation
Which daemon would you debug if you have issues acquiring identities via identity sharing and identities with other gateways?
- A . pdpd
- B . wstlsd
- C . iad
- D . pepd
A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/66477.htm
What is the difference between disabling SecureXL by running “fwaccel off” and disabling it via cpconfig?
- A . Disabling SecureXL in cpconfig survives reboot
- B . cpconfig option is available only on the security manager
- C . There is no difference. These are two different ways of accomplishing the same task
- D . “fwaccel off” will survive the reboot but cpconfig will not
A
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
What is the role of FWM process in Check Point R80.10 Security Management architecture?
- A . It is called by CPM process to perform verification and conversion of the database
- B . FWM is used to transfer CPsets from management to the gateway
- C . FWM prepares and loads commit functions to execute the policy
- D . Policy installation command initiated from SmartConsole is sent to FWM
D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101226