Check Point Certified Security Expert v8.1 (156-315.77)

Page:    1 / 24   
Total 354 questions

You find that Gateway fw2 can NOT be added to the cluster object.


What are possible reasons for that?
1) fw2 is a member in a VPN community.
2) ClusterXL software blade is not enabled on fw2.
3) fw2 is a DAIP Gateway.

  • A. 2 or 3
  • B. 1 or 2
  • C. 1 or 3
  • D. All


Answer : C

In which case is a Sticky Decision Function relevant?

  • A. Load Balancing - Forward
  • B. High Availability
  • C. Load Sharing - Multicast
  • D. Load Sharing - Unicast


Answer : A

The process ___________ is responsible for all other security server processes run on the
Gateway.

  • A. CPD
  • B. FWM
  • C. FWD
  • D. FWSSD


Answer : C

Your R7x-series Enterprise Security Management Server is running abnormally on
Windows Server 2008 R2. You decide to try reinstalling the Security Management Server, but you want to try keeping the critical Security Management Server configuration settings intact (i.e., all Security Policies, databases, SIC, licensing etc.) What is the BEST method to reinstall the Server and keep its critical configuration?

  • A. 1. Insert the R77 CD-ROM and select the option to export the configuration using the latest upgrade utilities. 2. Follow steps suggested by upgrade_verification and re-export the configuration if needed. 3. Save the exported file *.tgz to a local directory c:/temp. 4. Uninstall all packages using Add/Remove Programs and reboot. 5. Install again using the R77 CD-ROM as a primary Security Management Server and reboot. 6. Run upgrade_import to import the configuration.
  • B. 1. Create a data base revision control back up using SmartDashboard. 2. Create a compressed archive of the directories %FWDIR%/conf and %FWDIR%/lib and copy them to another networked machine. 3. Uninstall all packages using Add/Remove Programs and reboot. 4. Install again as a primary Security Management Server using the R77 CD-ROM. 5. Reboot and restore the two archived directories over the top of the new installation, choosing to overwrite existing files.
  • C. 1. Download the latest utility upgrade_export and run from a local directory c:/temp to export the configuration into a *.tgz file. 2. Skip any upgrade_verification warnings since you are not upgrading. 3. Transfer the file *.tgz to another networked machine. 4. Download and run the utility cpclean and reboot. 5. Use the R77 CD-ROM to select option upgrade_import to import the configuration.
  • D. 1. Download the latest utility upgrade_export and run from directory c:/temp to export the configuration into a *.tgz file. 2. Follow steps suggested by upgrade_verification. 3. Uninstall all packages using Add/Remove Programs and reboot. 4. Use SmartUpdate to reinstall the Security Management Server and reboot. 5. Transfer file *.tgz back to local directory /temp. 6. Run upgrade_import to import the configuration.


Answer : A

Type the command and syntax that you would use to view the virtual cluster interfaces of a
ClusterXL environment.



Answer : cphaprob -a if

Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member.



Answer : fw ctl setsync off

The process ________ is responsible for GUIClient communication with the SmartCenter.

  • A. CPGUI
  • B. CPD
  • C. FWD
  • D. FWM


Answer : D

Which of the following is NOT an advantage of SmartLog?

  • A. SmartLog has a “Top Results” pane showing things like top sources, rules, and users.
  • B. SmartLog displays query results across multiple log files, reducing the need to open previous files to view results.
  • C. SmartLog requires less disk space by consolidating log entries into fewer records.
  • D. SmartLog creates an index of log entries, increasing query speed.


Answer : C

Fill in the blank. To remove site-to-site IKE and IPSEC keys you would enter command
____ ___ and select the option to delete all IKE and IPSec SAs.



Answer : vpn tu

The connection to the ClusterXL member A breaks. The ClusterXL member A status is now down. Afterwards the switch admin set a port to ClusterXL member B to down.
What will happen?

  • A. ClusterXL member ‘B’ also left the cluster.
  • B. ClusterXL member ‘B’ stays active as last member.
  • C. Both ClusterXL members share load equally.
  • D. ClusterXL member ‘A’ is asked to come back to cluster.


Answer : B

Paul has just joined the MegaCorp security administration team. Natalie, the administrator, creates a new administrator account for Paul in SmartDashboard and installs the policy.
When Paul tries to login it fails. How can Natalie verify whether Pauls IP address is predefined on the security management server?

  • A. Login to Smart Dashboard, access Properties of the SMS, and verify whether Pauls IP address is listed.
  • B. Type cpconfig on the Management Server and select the option “GUI client List” to see if Paul’s IP address is listed.
  • C. Login in to Smart Dashboard, access Global Properties, and select Security Management, to verify whether Pauls IP address is listed.
  • D. Access the WEBUI on the Security Gateway, and verify whether Pauls IP address is listed as a GUI client.


Answer : B

The process ________________ compiles $FWDIR/conf/*.W files into machine language.

  • A. fwd
  • B. fw gen
  • C. cpd
  • D. fwm


Answer : B

Which of the following statements accurately describes the migrate command?

  • A. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
  • B. Used primarily when upgrading the Security Management Server, migrate stores all object databases and the conf directories for importing to a newer version of the Security Gateway.
  • C. Used when upgrading the Security Gateway, upgrade_export includes modified files, such as in the directories /lib and /conf.
  • D. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.


Answer : B

A ClusterXL configuration is limited to ___ members.

  • A. There is no limit.
  • B. 16
  • C. 6
  • D. 2


Answer : C

Which Check Point tool allows you to open a debug file and see the VPN packet exchange details.

  • A. PacketDebug.exe
  • B. VPNDebugger.exe
  • C. IkeView.exe
  • D. IPSECDebug.exe


Answer : C

Page:    1 / 24   
Total 354 questions