CheckPoint Checkpoint Certifications 156-915.80 Questions & Answers

• Question 231:

  You are investigating issues with two gateway cluster members that are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

  A. TCP port 443

  B. TCP port 257

  C. TCP port 256

  D. UDP port 8116

  Correct Answer: C

  Synchronization works in two modes:

  Full sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection.

  Delta sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP multicast or broadcast on port 8116.

  Full sync is used for initial transfers of state information, for many thousands of connections. If a cluster member is brought up after being down, it will perform full sync. After all members are synchronized, only updates are transferred via

  delta sync. Delta sync is quicker than full sync.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7288.htm

  Port info:

  https://www.cpug.org/forums/archive/index.php/t-12704.html

• Question 232:

  Which command shows the current connections distributed by CoreXL FW instances?

  A. fw ctl multik stat

  B. fw ctl affinity -l

  C. fw ctl instances -v

  D. fw ctl iflist

  Correct Answer: A

  The fw ctl multik stat and fw6ctl multik stat (multi-kernel statistics) commands show information for each kernel instance. The state and processing core number of each instance is displayed, along with:

  The number of connections currently being handled.

  The peak number of concurrent connections the instance has handled since its inception.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm

• Question 233:

  When simulating a problem on CLusterXL cluster with cphaprob -d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

  A. cphaprob -d STOP unregister

  B. cphaprob STOP unregister

  C. cphaprob unregister STOP

  D. cphaprob -d unregister STOP

  Correct Answer: A

  esting a failover in a controlled manner using following command;

  # cphaprob -d STOP -s problem -t 0 register

  This will register a problem state on the cluster member this was entered on;

  If you then run;

  # cphaprob list

  this will show an entry named STOP.

  to remove this problematic register run following;

  # cphaprob -d STOP unregister

  Reference: https://fwknowledge.wordpress.com/2013/04/04/manual-failover-of-the-fw-cluster/

• Question 234:

  What happen when IPS profile is set in Detect-Only Mode for troubleshooting?

  A. It will generate Geo-Protection traffic

  B. Automatically uploads debugging logs to Check Point Support Center

  C. It will not block malicious traffic

  D. Bypass licenses requirement for Geo-Protection control

  Correct Answer: C

  It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic. During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12750.htm

• Question 235:

  Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

  A. mgmt_cli add-host "Server_1" ip_ address "10.15.123.10" ?format txt

  B. mgmt_ cli add host name "Server_ 1" ip-address "10.15.123.10" ?format json

  C. mgmt_ cli add object-host "Server_ 1" ip-address "10.15.123.10" ?format json

  D. mgmt_cli add object "Server_ 1" ip-address "10.15.123.10" ?format json

  Correct Answer: B

  mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json "--format json" is optional. By default the output is presented in plain text. Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1%20

• Question 236:

  When defining QoS global properties, which option below is not valid?

  A. Weight

  B. Authenticated timeout

  C. Schedule

  D. Rate

  Correct Answer: C

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_QoS_AdminGuide/14871.htm

• Question 237:

  Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all of the following except?

  A. Create new dashboards to manage 3rd party task

  B. Create products that use and enhance 3rd party solutions.

  C. Execute automated scripts to perform common tasks.

  D. Create products that use and enhance the Check Point Solution.

  Correct Answer: A

  Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to: Use an automated script to perform common tasks Integrate Check Point products with 3rd party solutions Create products that use and enhance the Check Point solution

  Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?HashKey=1522190468_125d63ea5296b7dadd3e4fd81c708cc5andxtn=.pdf

• Question 238:

  What are the three components for Check Point Capsule?

  A. Capsule Docs, Capsule Cloud, Capsule Connect

  B. Capsule Workspace, Capsule Cloud, Capsule Connect

  C. Capsule Workspace, Capsule Docs, Capsule Connect

  D. Capsule Workspace, Capsule Docs, Capsule Cloud

  Correct Answer: D

  Reference: https://www.checkpoint.com/solutions/mobile-security/check-point-capsule/

• Question 239:

  What command would show the API server status?

  A. cpm status

  B. api restart

  C. api status

  D. show api status

  Correct Answer: C

  Reference: https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10

• Question 240:

  You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

  A. fw cti multik dynamic_dispatching on

  B. fw cti multik dynamic_dispatching set_mode 9

  C. fw cti multik set_mode 9

  D. fw cti multik pq enable

  Correct Answer: C

  To fully enable the CoreXL Dynamic Dispatcher on Security Gateway:

  1. Run in Expert mode: [Expert@HostName]# fw ctl multik set_mode 9 Example output: [[email protected]:0]# fw ctl multik set_mode 9 Please reboot the system [[email protected]:0]# Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk105261