web analytics

After running a VPN debug on the problematic gateway, what is one of the files you would want to analyze?

You are attempting to establish a VPN tunnel between a Check Point gateway and a 3rd party vendor. When attempting to send traffic to the peer gateway it is failing.

Check Point Best Practices suggest that when you finish a kernel debug, you should run the command _____________________ .

Check Point Best Practices suggest that when you finish a kernel debug, you should run the command _____________________ . A. fw debug 0 B. fw debug off C. fw ctl

Which program could you use to analyze Phase I and Phase II packet exchanges?

Which program could you use to analyze Phase I and Phase II packet exchanges? A. vpnView B. Check PointView C. IKEView D. vpndebugView Answer: C Section: (none)

What is the log file that shows the processes that participate in the tunnel initiation stage?

What is the log file that shows the processes that participate in the tunnel initiation stage? A. $FWDIR/log/ikev2.xmll B. $FWDIR/log/ike.xmll C. $FWDIR/log/vpnd.elg D. $FWDIR/log/ike.elg Answer: C

What is the log file that shows the keep alive packets during the debug process?

What is the log file that shows the keep alive packets during the debug process? A. $FWDIR/log/ikev2.xmll B. $FWDIR/log/ike.xmll C. $FWDIR/log/ike.elg D. $FWDIR/log/vpnd.elg Answer: C

What file contains IKEv2 debug messages?

What file contains IKEv2 debug messages? A. $FWDIR/log/ikev2 B. $FWDIR/log/ike.xml C. $FWDIR/log/vpnd.elg D. $FWDIR/log/ike.elg Answer: A

What debug file would you check to see what IKE version is being used?

What debug file would you check to see what IKE version is being used? A. fwpnd.elg B. vpn.txt C. debug.txt D. vpnd.elg Answer: D

Which command displays compression/decompression statistics?

Which command displays compression/decompression statistics? A. vpn ver ­k B. vpn compstat C. vpn compreset D. vpn crlview Answer: B

The file ike.elg is a log file used to log IKE negotiations during VPN tunnel establishment. Where is this file located?

The file ike.elg is a log file used to log IKE negotiations during VPN tunnel establishment. Where is this file located? A. /opt/CPshrd-R77/log B. /opt/CPsuite-R77/fw1/log C. /var/log/opt/CPsuite-R77/fg1/log D. /opt/CPsuite-R77/fg1/log Answer:

You are in VPN troubleshooting with a Partner and you suspect a mismatch configuration in Diffie-Hellman (DH) group to Phase1. After starting a vpn debug, in which packet would you look to analyze this option in your debug file?

You are in VPN troubleshooting with a Partner and you suspect a mismatch configuration in Diffie-Hellman (DH) group to Phase1. After starting a vpn debug, in which packet would you

Which command will you run to list established VPN tunnels?

Which command will you run to list established VPN tunnels? A. fw tab -t vpn_active B. vpn compstat C. fw tab -t vpn_routing D. vpn tu Answer: D

What is the function of the setting “no_hide_services_ports” in the tables.def files?

What is the function of the setting “no_hide_services_ports” in the tables.def files? A. Preventing the secondary member from hiding its presence by not forwarding any packets. B. Allowing management traffic

Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70 and R77 versions. A change was made to the file $FWDIR/lib/tables.def on one of the domains. However, it was found that the change was not applied to the R70 firewalls. What could be the problem?

Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70 and R77 versions. A change was made to the file $FWDIR/lib/tables.def on one of the

Upon investigating, it was found that the standby member was never able to communicate with the NTP server while it was in standby configuration. What could be the problem?

Your customer reports that the time on the standby cluster member is not correct. After failing over and making it active, the time is now correct. NTP has been configured

You run the command fw tab -t connections -s on both members in the cluster. Both members report differing values for “vals” and “peaks”. Which may NOT be a reason for this difference?

You run the command fw tab -t connections -s on both members in the cluster. Both members report differing values for “vals” and “peaks”. Which may NOT be a reason

Which of the following commands would be best to troubleshoot a clustering issue?

You run the commands: fw ctl debug 0 fw ctl debug -buf 32000 Which of the following commands would be best to troubleshoot a clustering issue? A. fw ctl zdebug

What would be a reason to use the command cphaosu stat?

What would be a reason to use the command cphaosu stat? A. To determine the number of connections from OPSEC software using Open Source Licenses. B. To decide when to

Which is NOT a valid upgrade method in an R77 GAiA ClusterXL deployment?

Which is NOT a valid upgrade method in an R77 GAiA ClusterXL deployment? A. Optimal Service Upgrade B. Full Connectivity Upgrade C. Minimal Effort Upgrade D. Automatic Incremental Upgrade Answer:

How many sync interfaces are supported on Check Point R77 GAiA?

How many sync interfaces are supported on Check Point R77 GAiA? A. 3 B. 4 C. 2 D. 1 Answer: D

What are the kernel parameters that control “Magic MACs”?

What are the kernel parameters that control “Magic MACs”? A. fwha_magic_mac and fw_forward_magic_mac B. fwha_mac_magic and fw_mac_forward_magic C. cpha_mac_magic and cp_mac_forward_magic D. cpha_magic_mac and cpha_mac_forward_magic Answer: B

What would be a reason for changing the “Magic MAC”?

What would be a reason for changing the “Magic MAC”? A. To allow for automatic upgrades. B. To allow two or more cluster members to exist on the same network.

Which of the following is NOT a cphaprob status?

Which of the following is NOT a cphaprob status? A. “Standby” B. “Active” C. “Backup” D. “Down Attention” (or “Down!” in VSX mode) Answer: D

Your cluster member is showing a state of “Ready”. Which of the following is NOT a reason one would expect for this behaviour?

Your cluster member is showing a state of “Ready”. Which of the following is NOT a reason one would expect for this behaviour? A. One cluster member is configured for

Your customer receives an alert from their network operation center, they are seeing ARP and Ping scans of their network originating from the firewall. What could be the reason for the behaviour?

Your customer receives an alert from their network operation center, they are seeing ARP and Ping scans of their network originating from the firewall. What could be the reason for

Which definition best describes the file table.def function? It is a placeholder for:

Which definition best describes the file table.def function? It is a placeholder for: A. definitions of various kernel tables for Security Gateways. B. definitions of various kernel tables for Management

Which command would a troubleshooter use to verify table connection info (peak, concurrent) and verify information about cluster synchronization state?

Which command would a troubleshooter use to verify table connection info (peak, concurrent) and verify information about cluster synchronization state? A. fw tab ­t connections ­s B. fw ctl pstat

From the output of the following cphaprob -i list, what is the most likely cause of the clustering issue?

From the output of the following cphaprob -i list, what is the most likely cause of the clustering issue? Cluster B> cphaprob -i list Built-in Devices: Device Name: Interface Active

Adam wants to find idle connections on his gateway. Which command would be best suited for viewing the connections table?

Adam wants to find idle connections on his gateway. Which command would be best suited for viewing the connections table? A. fw tab -t connections B. fw tab -t connections

Of the following answer choices, which best describes a possible effect of expanding the connections table?

Of the following answer choices, which best describes a possible effect of expanding the connections table? A. Increased memory consumption B. Decreased memory consumption C. Increased connection duration D. Decreased

In order to prevent outgoing NTP traffic from being hidden behind a Cluster IP you should?

In order to prevent outgoing NTP traffic from being hidden behind a Cluster IP you should? A. Edit the relevant table.def on the Management Server and add the line no_hide_services_ports

How do you clear the connections table?

How do you clear the connections table? A. Run the command fw tab ­t connections ­x B. In Gateway Properties > Optimizations click Clear connections table C. Run the command

Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?

Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed? A. The source IP of the

Each connection allowed by a Security Gateway, will have a real entry and some symbolic link entries in the connections state table. The symbolic link entries point back to the real entry using this:

Each connection allowed by a Security Gateway, will have a real entry and some symbolic link entries in the connections state table. The symbolic link entries point back to the

When viewing connections using the command fw tab -t connections, all entries are displayed with a 6- tuple key, the elements of the 6-tuple include the following EXCEPT:

When viewing connections using the command fw tab -t connections, all entries are displayed with a 6- tuple key, the elements of the 6-tuple include the following EXCEPT: A. destination

Using the default values in R77 how many kernel instances will there be on a 16-core gateway?

Using the default values in R77 how many kernel instances will there be on a 16-core gateway? A. 16 B. 8 C. 12 D. 14 Answer: D

What command should Joe use to remove this connection?

After creating and pushing out a new policy, Joe finds that an old connection is still being allowed that should have been closed after his changes. He wants to delete

How can you see a dropped connection and the cause from the kernel?

How can you see a dropped connection and the cause from the kernel? A. fw zdebug drop B. fw ctl debug drop on C. fw debug drop on D. fw

Which command clears all the connection table entries on a Security Gateway?

Which command clears all the connection table entries on a Security Gateway? A. fw tab ­t connetion ­u B. fw ctl tab ­t connetions ­u C. fw tab ­t connetion

When you have edited the local.arp configuration, to support a manual NAT, what must be done to ensure proxy arps for both manual and automatic NAT rules function?

When you have edited the local.arp configuration, to support a manual NAT, what must be done to ensure proxy arps for both manual and automatic NAT rules function? A. In

What mechanism solves asymmetric routing issues in a load sharing cluster?

What mechanism solves asymmetric routing issues in a load sharing cluster? A. Flush and ACK B. Stateful Inspection C. SYN Defender D. State Synchronization Answer: A

Which of the following commands shows the high watermark threshold for triggering the cluster under load mechanism in R77?

Which of the following commands shows the high watermark threshold for triggering the cluster under load mechanism in R77? A. fw ctl get int fwha_cul_mechanism_enable B. fw ctl get int

Which command can be used to see all active modules on the Security Gateway:

Which command can be used to see all active modules on the Security Gateway: A. fw ctl zdebug drop B. fw ctl debug -h C. fw ctl chain D. fw

Which command should you run to debug the VPN-1 kernel module?

Which command should you run to debug the VPN-1 kernel module? A. fw debug vpn on B. vpn debug on TDERROR_ALL_ALL=5 C. fw ctl zdebug crypt kbuf D. fw ctl

Which command should you use to stop kernel module debugging (excluding SecureXL)?

Which command should you use to stop kernel module debugging (excluding SecureXL)? A. fw ctl debug 0 B. fw ctl zdebug – all C. fw debug fwd off; vpn debug

With the default ClusterXL settings what will be the state of an active gateway upon using the command ClusterXL_admin up?

With the default ClusterXL settings what will be the state of an active gateway upon using the command ClusterXL_admin up? A. Ready B. Down C. Standby D. Active Answer: C

The “Hide internal networks behind the Gateway’s external IP” option is selected. What defines what traffic will be NATted?

The “Hide internal networks behind the Gateway’s external IP” option is selected. What defines what traffic will be NATted? A. The Firewall policy of the gateway B. The network objects

Does the remote gateway need to include your production gateway’s external IP in its encryption domain?

In a production environment, your gateway is configured to apply a Hide NAT for all internal traffic destined to the Internet. However, you are setting up a VPN tunnel with

Does the problem lie on the Check Point Gateway?

While troubleshooting a connectivity issue with an internal web server, you know that packets are getting to the upstream router, but when you run a tcpdump on the external interface

Ann wants to hide FTP traffic behind the virtual IP of her cluster. Where is the relevant file table.def located to make this modification?

Ann wants to hide FTP traffic behind the virtual IP of her cluster. Where is the relevant file table.def located to make this modification? A. $FWDIR/log/table.def B. $FWDIR/conf/table.def C. $FWDIR/bin/table.def

By default, the size of the fwx_alloc table is:

By default, the size of the fwx_alloc table is: A. 65535 B. 65536 C. 25000 D. 1024 Answer: C