1
What command sets a specific interface as not accelerated?
fwaccel -n <intetface1 >
fwaccel exempt state <interface1>
noaccel-s<interface1>
nonaccel -s <interface1>
2
When running a debug with fw monitor, which parameter will create a more verbose output?
-d
-D
-i
-i
3
What are the main components of Check Point's Security Management architecture?
Management server Log server, Gateway server. Security server
Management server, Security Gateway. Multi-Domain Server, SmartEvent Server
Management server, management database, log server, automation server
Management Server. Log Server. LDAP Server, Web Server
4
What does SIM handle?
OPSEC connects to SecureXL
FW kernel to SXL kernel hand off
Accelerating packets
Hardware communication to the accelerator
5
VPN issues may result from misconfiguration, communication failure, or incompatible default configurations between peers Which basic command syntax needs to be used for troubleshooting Site-to-Site VPN Issues?
vpn truncon debug
fw debug truncon
vpn debug truncon
cp debug truncon
6
You are in VPN troubleshooting with a Partner and you suspect a mismatch configuration in Diffie- Hellman (DH) group to Phase1. After starting a vpn debug, in which packet would you look to analyze this option in your debug file?
Packet1
Packet5
Packet4
Packet3
7
You run the commands: fw ctl debug 0 fw ctl debug -buf 32000 Which of the following commands would be best to troubleshoot a clustering issue?
fw ctl debug -m CLUSTER + conf stat
fw ctl kdebug -m CLUSTER all
fw ctl zdebug -m cluster + all
fw ctl debug -m cluster + pnote stat if
8
What is true about the ike.elg file?
ike.elg is only present on the security manager
It is a binary file and needs a special app open it.
It contains the name of the communities on the local security gateway
It is a debug file that contains information relevant to IKE phase 1 and phase 2 exchange
9
Wich command would show you the status of the clustered interfaces as well as the virtual interfaces?
cphaprob -i if
cphaprob if stat
cphaprob -i list
cphaprob -a if
10
VPN's allow traffic to pass through the Internet securely by encrypting the traffic as it enters the VPN tunnel and then decrypting the exists. Which process is responsible for Mobile VPN connections?
fwk
vpnk
vpnd
cvpnd
11
Which of the following is contained in the System Domain of the Postgres database?
Trusted GUI clients
User modified configurations such as network objects
Saved queries for applications
Configuration data of log servers
12
If IPS protections that prevent SecureXL from accelerating traffic, such as Network Quota, Fingerprint Scrambling. TTL Masking etc, have to be used, what is a recommended practice to enhance the performance of the gateway?
Upgrade the hardware to include more Cores and Memory
Use the IPS exception mechanism
Disable all such protections
Disable SecureXL and use CoreXL
13
How would you disable CPM debug
Delete $FWDIR/log/tdlog.cpm file
Run fw debug cpm off TDERROR_ALL_ALL=0
Set the Severity level to INFO and run cpm_debug.sh -r
Delete $FWDIR/log/fwm.elg
14
In a high traffic network, which feature allows for more than one traffic path on an interface so that more than one CPU can be used for acceleration?
Multi queue
asic
vlan
interface bonding
15
Which of the following is not one of the relational database domains that stores the management configuration?
Audit Domain
User Domain
System Domain
Global Domain
16
Which command would you use to check CoreXL instances for IPv6 traffic?
fw6 ctl multik stat
fwaccel6 stats
fwaccel6 stat
fw ctl multik stat
17
Consider a Check Point Security Gateway under high load. What mechanism can be used to confirm that important traffic such as control connections are not dropped?
fw ctl multik prioq
fw ctl debug m fg all
fw debug fgd50 on OPSEC_DEBUG_LEVEL=3
fgate -d load
18
What occurs when Bypass Under Load activated?
Packets are forwarded to the destination without performing IPS analysis
Packets are forwarded to the destination without checking the packets against the firewall rule base
The amount of the state table entries is decreased according to the LRU (least recently used) algorithm
To still ensure a minimum level of data integrity, the system revert to the use of MD5 instead of SHA-1, since former produces an output smaller than the latter
19
While using IPS, the network performance is being impacted on a load sharing cluster with asymmetric- routes. What is most likely causing the degradation?
SecureXL has been disabled
A static NAT has been configured and an IPS protection requires the connection be handled on the same cluster member
CoreXL has been disabled
A failure in the sync network protocol
20
Which templates for SecureXL are not enabled by default?
Drop and NAT
Accept and NMR
All templates are disabled by default
All templates are enabled by default
21
You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:
Last policy that was installed.
Default filter.
Standard policy
Initial policy
22
After determining that the IPS Blade is causing high resource utilization in the gateway, which would be an appropriate strategy to improve IPS performance?
Enabling SecureXL
Enabling CoreXL
Disabling SecureXL
Enable Bypass mode
23
How can you print the session SUUID and the UUID of a connection together in fw monitor?
The switches s and u are mutually exclusive and cannot be printed together
fw monitor s u e "accept <FILLTER EXPRESSION>;"
fw s monitor u e "accept <FILTER EXPRESSION>;"
fw monitor uids e "accept <FILTER EXPRESSION>;"
24
Which IPS command debug tool can you use for troubleshooting IPS traffic?
debug ips enable o IPSdebug
ips debug f /var/log/IPSdebug.txt
ips debug traffic o IPSdebug
ips debug -o IPSdebug
25
Which one of the following does not belong to an initial status of a critical device?
problem
restart
init
ok
26
IPS detection incorporates 4 layers. Which of the following is NOT a layer in IPS detection?
Detections
Context Management
Protocol Parsers
Protections
