web analytics

How can you disable SecureXL via the command line (it does not need to survive a reboot)?

How can you disable SecureXL via the command line (it does not need to survive a reboot)? A. fw ctl accel off B. securexl off C. fwaccel off D. fw

Which of the following is NOT accelerated by SecureXL?

Which of the following is NOT accelerated by SecureXL? A. SSH B. HTTPS C. FTP D. Telnet Answer: C

If the number of kernel instances for CoreXL shown is 6, how many cores are in the physical machine?

If the number of kernel instances for CoreXL shown is 6, how many cores are in the physical machine? A. 6 B. 8 C. 3 D. 4 Answer: B

How do new connections get established through a Security Gateway with SecureXL enabled?

How do new connections get established through a Security Gateway with SecureXL enabled? A. New connections are always inspected by the firewall and if they are accepted, the subsequent packets

In a R77 ClusterXL Load Sharing configuration, which type of ARP related problem can force the use of Unicast Mode (Pivot) configuration due to incompatibility on some adjacent routers and switches?

In a R77 ClusterXL Load Sharing configuration, which type of ARP related problem can force the use of Unicast Mode (Pivot) configuration due to incompatibility on some adjacent routers and

What configuration change must you make to change an existing ClusterXL cluster object from Multicast to Unicast mode?

What configuration change must you make to change an existing ClusterXL cluster object from Multicast to Unicast mode? A. Change the cluster mode to Unicast on the cluster object. Reinstall

In which ClusterXL Load Sharing mode, does the pivot machine get chosen automatically by ClusterXL?

In which ClusterXL Load Sharing mode, does the pivot machine get chosen automatically by ClusterXL? A. Hot Standby Load Sharing B. Multicast Load Sharing C. Unicast Load Sharing D. CCP

What is the problem with this configuration?

You are establishing a ClusterXL environment, with the following topology: VIP internal cluster IP = 172.16.10.3; VIP external cluster IP = 192.168.10.3 Cluster Member 1: 4 NICs, 3 enableD. hme0:

What is a requirement for setting up R77 Management High Availability?

What is a requirement for setting up R77 Management High Availability? A. All Security Management Servers must reside in the same LAN. B. State synchronization must be enabled on the

elect the BEST response for the synchronization trigger.

In a R75 Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when: 1) The Security Policy is installed. 2) The Security Policy is saved. 3) The

What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?

What could be a reason why synchronization between primary and secondary Security Management Servers does not occur? A. If the set of installed products differ from each other, the Security

The customer wishes to install a cluster. In his network, there is a switch which is incapable of forwarding multicast. Is it possible to install a cluster in this situation?

The customer wishes to install a cluster. In his network, there is a switch which is incapable of forwarding multicast. Is it possible to install a cluster in this situation?

Included in the client’s network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches. Which of the following answers does NOT lead to a successful solution?

Included in the client’s network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches. Which of the following answers does NOT

You want to upgrade a cluster with two members to R77. The Security Management Server and both members are version NGX R65, with the latest Hotfix Accumulator. What is the correct upgrade procedure?

You want to upgrade a cluster with two members to R77. The Security Management Server and both members are version NGX R65, with the latest Hotfix Accumulator. What is the

Which method of load balancing describes “Round Robin”?

Which method of load balancing describes “Round Robin”? A. Assigns service requests to servers at random. B. Ensures that incoming requests are handled by the server with the fastest response

Which load-balancing method below is NOT valid?

Which load-balancing method below is NOT valid? A. Domain B. They are all valid C. Round Trip D. Random Answer: B

By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members.

By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members. A. Multicast B. Unicast C. Anycast D. Broadcast Answer: A

When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?

When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information? A. Load Sharing based on SPIs B. Load

Which of the following does NOT happen when using Pivot Mode in ClusterXL?

Which of the following does NOT happen when using Pivot Mode in ClusterXL? A. The Pivot forwards the packet to the appropriate cluster member. B. The Pivot’s Load Sharing decision

When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?

When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members? A. Only one member at a time is active. The

Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration?

Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration? A. An error notification will popup

For Management High Availability synchronization, what does the Advance status mean?

For Management High Availability synchronization, what does the Advance status mean? A. The peer SMS has not been synchronized properly. B. The peer SMS is properly synchronized. C. The peer

For Management High Availability, if an Active SMS goes down, does the Standby SMS automatically take over?

For Management High Availability, if an Active SMS goes down, does the Standby SMS automatically take over? A. Yes, if you set up VRRP B. Yes, if you set up

In Management High Availability, what is an Active SMS?

In Management High Availability, what is an Active SMS? A. Active Security Master Server B. Active Smart Master Server C. Active Smart Management Server D. Active Security Management Server Answer:

Which of the following is NOT a possible cause of this?

You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R77. cphaprob stat shows: Cluster Mode: New High Availability (Active Up) Member Unique Address Assigned

By default Check Point High Availability components send updates about their state every:

By default Check Point High Availability components send updates about their state every: A. 0.5 second. B. 1 second. C. 5 seconds. D. 0.1 second. Answer: D

What is the behavior of ClusterXL in a High Availability environment?

What is the behavior of ClusterXL in a High Availability environment? A. Both members respond to the virtual IP address, and both members pass traffic when using their physical addresses.

Check Point New Mode HA is a(n) _____ solution.

Check Point New Mode HA is a(n) _____ solution. A. primary-domain B. hot-standby C. acceleration D. load-balancing Answer: B

What is a Sticky Connection?

What is a Sticky Connection? A. A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet. B. A Sticky Connection is

If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?

If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down? A. The processing of all connections handled by the faulty machine is

When using ClusterXL in Load Sharing, what is the default sharing method based on?

When using ClusterXL in Load Sharing, what is the default sharing method based on? A. IPs B. IPs, SPIs C. IPs, Ports D. IPs, Ports, SPIs Answer: D

You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?

You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover? A. Open connections are lost but can be reestablished. B. It is not

Organizations are sometimes faced with the need to locate cluster members in different geographic locations that are distant from each other. A typical example is replicated data centers whose location is widely separated for disaster recovery purposes. What are the restrictions of this solution?

Organizations are sometimes faced with the need to locate cluster members in different geographic locations that are distant from each other. A typical example is replicated data centers whose location

When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?

When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member? A. It will not check for any updated policy and load the

When synchronizing clusters, which of the following statements is NOT true?

When synchronizing clusters, which of the following statements is NOT true? A. In the case of a failover, accounting information on the failed member may be lost despite a properly

When synchronizing clusters, which of the following statements is NOT true?

When synchronizing clusters, which of the following statements is NOT true? A. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

In ClusterXL, _____ is defined by default as a critical device.

In ClusterXL, _____ is defined by default as a critical device. A. fwm B. assld C. cpp D. fwd Answer: D

A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence. You will recommend:

A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence. You will recommend: A. turning off SDF

A customer called to report one cluster member’s status as Down. What command should you use to identify the possible cause?

A customer called to report one cluster member’s status as Down. What command should you use to identify the possible cause? A. tcpdump/snoop B. cphaprob list C. fw ctl pstat

Check Point Clustering protocol, works on:

Check Point Clustering protocol, works on: A. UDP 18184 B. TCP 8116 C. UDP 8116 D. TCP 18184 Answer: C

How does a cluster member take over the VIP after a failover event?

How does a cluster member take over the VIP after a failover event? A. Gratuitous ARP B. Broadcast storm C. arp -s D. Ping the sync interface Answer: A

A connection is said to be Sticky when:

A connection is said to be Sticky when: A. A copy of each packet in the connection sticks in the connection table until a corresponding reply packet is received from

Included in the customer’s network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He is not sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.

Included in the customer’s network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He

Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?

Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing? A. Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections B. Multi-connection support for VPN-1 cluster

_____ is a proprietary Check Point protocol. It is the basis for Check Point ClusterXL inter-module communication.

_____ is a proprietary Check Point protocol. It is the basis for Check Point ClusterXL inter-module communication. A. CPP B. CPHA C. CKPP D. CCP Answer: D

The _____ Check Point ClusterXL mode must synchronize the virtual IP and MAC addresses on all clustered interfaces.

The _____ Check Point ClusterXL mode must synchronize the virtual IP and MAC addresses on all clustered interfaces. A. HA Mode Legacy B. HA Mode New C. Mode Unicast Load

By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:

By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when: A. The Security Policy is installed. B. The user data base is installed.

Which process is responsible for kernel table information sharing across all cluster members?

Which process is responsible for kernel table information sharing across all cluster members? A. cpd B. fwd daemon C. CPHA D. fw kernel Answer: B

Which process is responsible for full synchronization in ClusterXL?

Which process is responsible for full synchronization in ClusterXL? A. cpd on the Security Gateway B. fwd on the Security Gateway C. fw kernel on the Security Gateway D. Clustering

Which process is responsible for delta synchronization in ClusterXL?

Which process is responsible for delta synchronization in ClusterXL? A. fwd on the Security Gateway B. fw kernel on the Security Gateway C. Clustering on the Security Gateway D. cpd