Check Point Certified Security Master v6.1 (156-115.77)

Page:    1 / 20   
Total 302 questions

Which definition best describes the file table.def function? It is a placeholder for:

  • A. definitions of various kernel tables for Security Gateways.
  • B. definitions of various kernel tables for Management Servers.
  • C. user defined implied rules for Security Gateways.
  • D. user defined implied rules for Management Servers.


Answer : A

Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source
IP of a gateway in the cluster is being spoofed?

  • A. The source IP of the packet.
  • B. The packet has a TTL value of less than 255.
  • C. The source MAC address of the packet.
  • D. The destination IP of the packet.


Answer : B

Each connection allowed by a Security Gateway, will have a real entry and some symbolic link entries in the connections state table. The symbolic link entries point back to the real entry using this:

  • A. serial number of the real entry.
  • B. 6-tuple.
  • C. memory pointer.
  • D. date and time of the connection establishment.


Answer : B

Explanation:

C3O3 - ClusterXL -

After creating and pushing out a new policy, Joe finds that an old connection is still being allowed that should have been closed after his changes. He wants to delete the connection on the gateway, and looks it up with fw tab t connections u. Joe finds the connection he is looking for. What command should Joe use to remove this connection?
<0,a128c22,89,a158508,89,11;10001,2281,25,15b,a1,4ecdfeee,ac,691400ac,7b6,3e,ffffffff,
3c,3c,0,0,0,0,0,0,0,0,0,0,0,0,0,0>

  • A. fw tab –t connections –x –d “0,a128c22,89,0a158508,89,11"
  • B. fw tab –t connections –x –e "0,a128c22,00000089,0a158508,00000089,00000011"
  • C. fw tab –t connections –x –d “00000000,a128c22,00000089,0a158508,00000089,00000011"
  • D. fw tab –t connections –x –e “0,a128c22,89,0a158508,89,11"


Answer : B

How can you see a dropped connection and the cause from the kernel?

  • A. fw zdebug drop
  • B. fw ctl debug drop on
  • C. fw debug drop on
  • D. fw ctl zdebug drop


Answer : D

How do you clear the connections table?

  • A. Run the command fw tab –t connections –x
  • B. In Gateway Properties > Optimizations click Clear connections table
  • C. Run the command fw tab –t conns –c
  • D. Run the command fw tab –t connections –c


Answer : A

Your cluster member is showing a state of "Ready". Which of the following is NOT a reason one would expect for this behaviour?

  • A. One cluster member is configured for 32 bit and the other is configured for 64 bit
  • B. CoreXL is configured differently on the two machines
  • C. The firewall that is showing "Ready" has been upgraded but the other firewall has not yet been upgraded
  • D. Firewall policy has not yet been installed to the firewall


Answer : D

Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70 and R77 versions. A change was made to the file $FWDIR/lib/tables.def on one of the domains. However, it was found that the change was not applied to the R70 firewalls.
What could be the problem?

  • A. Changes to the table.def can only be applied to firewalls matching the Management Server version. The customer needs to upgrade the firewalls to the same version as the firewall.
  • B. R70 is end of life and is not supported. Most functions will work, but modifying the table.def will not.
  • C. In order to make changes on R70 machines you need work within GuiDBedit
  • D. To support R70, the file in the compatibility directory should have been modified.


Answer : D

Of the following answer choices, which best describes a possible effect of expanding the connections table?

  • A. Increased memory consumption
  • B. Decreased memory consumption
  • C. Increased connection duration
  • D. Decreased connection duration


Answer : A

Which command should you use to stop kernel module debugging (excluding SecureXL)?

  • A. fw ctl debug 0
  • B. fw ctl zdebug - all
  • C. fw debug fwd off; vpn debug off
  • D. fw debug fwd off


Answer : A

Using the default values in R77 how many kernel instances will there be on a 16-core gateway?

  • A. 16
  • B. 8
  • C. 12
  • D. 14


Answer : D

Your customer reports that the time on the standby cluster member is not correct. After failing over and making it active, the time is now correct. NTP has been configured on both machines, so it is expected that both machines be in sync with the NTP server. Upon investigating, it was found that the standby member was never able to communicate with the NTP server while it was in standby configuration. What could be the problem?

  • A. You should be syncing your backup to the primary for time settings.
  • B. NTP is not supported in active-passive mode.
  • C. Traffic from the standby member was hidden behind the cluster IP address and was therefore returning to the active member.
  • D. Routing prevents the standby member from performing functions such as peering with dynamic routing and obtaining NTP updates.


Answer : C

Which command should you run to debug the VPN-1 kernel module?

  • A. fw debug vpn on
  • B. vpn debug on TDERROR_ALL_ALL=5
  • C. fw ctl zdebug crypt kbuf
  • D. fw ctl debug -m VPN all


Answer : D

Which command would a troubleshooter use to verify table connection info (peak, concurrent) and verify information about cluster synchronization state?

  • A. fw tab –t connections –s
  • B. fw ctl pstat
  • C. fw ctl multik stat
  • D. Show info all


Answer : D

Adam wants to find idle connections on his gateway. Which command would be best suited for viewing the connections table?

  • A. fw tab -t connections
  • B. fw tab -t connections -u –f
  • C. fw tab -t connections –x
  • D. fw tab -t connections –s


Answer : B

Page:    1 / 20   
Total 302 questions