You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security a
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose? A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules B. Create a separate Security Policy package for each remote Security Gateway C. Create network objects that restrict all applicable […]
Which kernel debug flag should you use to troubleshoot NAT connections?
Which kernel debug flag should you use to troubleshoot NAT connections? A. fw ctl debug + xlate xltrc nat table B. fw ctl debug + xltrc xlate nat conn C. fw ctl debug + xlate xltrc nat conn drop D. fw ctl debug + fwx_alloc nat conn drop
What is the default and maximum number of entries in the ARP Cache Table in a Check Point appliance?
What is the default and maximum number of entries in the ARP Cache Table in a Check Point appliance? A. 1,024 and 4,096 B. 4,096 and 16,384 C. 4,096 and 65,536 D. 1,024 and 16,384 Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73181.htm
Consider a Check Point Security Gateway under high load. What mechanism can be used to confirm that important
Consider a Check Point Security Gateway under high load. What mechanism can be used to confirm that important traffic such as control connections are not dropped? A. fw debug fgd50 on OPSEC_DEBUG_LEVEL=3 B. fw ctl multik prioq C. fgate –d load D. fw ctl debug –m fg all
What must be done for the “fw monitor” command to capture packets through the firewall kernel?
What must be done for the “fw monitor” command to capture packets through the firewall kernel? A. SecureXL must be disabled B. ClusterXL must be temporarily disabled C. Firewall policy must be re-installed D. The output file must be transferred to a machine with WireShark Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30583
Which command would you use to check CoreXL instances for IPv6 traffic?
Which command would you use to check CoreXL instances for IPv6 traffic? A. fwaccel6 stats B. fwaccel6 stat C. fw ctl multik stat D. fw6ctl multik stat
You verified that Performance Pack is disabled and need to distribute the affinity interfaces. What command wo
You verified that Performance Pack is disabled and need to distribute the affinity interfaces. What command would you run to use static affinity to balance the interfaces between the SND cores? A. cpmq set B. sim affinity -s C. fw ctl affinity -a -l -v D. fw ctl affinity -s
Which of the following features is supported in Check Point’s implementation of IPv6?
Which of the following features is supported in Check Point’s implementation of IPv6? A. Security Servers B. QoS C. ClusterXL High Availability D. SAM Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk39374
How often will a gateway with Performance Pack running by default automatically review and distribute interfac
How often will a gateway with Performance Pack running by default automatically review and distribute interface affinity between cores? A. Every 60 seconds B. Interface affinity is determined at gateway build time and does not change C. Every 5 minutes D. Every 10 seconds Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
Where will the usermode core files located?
Where will the usermode core files located? A. /var/log/dump/usermode B. /var/suroot C. $FWDIR/var/log/dump/usermode D. $CPDIR/var/log/dump/usermode Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92764