156-115.77 Check Point Certified Security Master

Page 1   
Question 1

The user tried to connect in SmartDashboard and did not work. You started a FWM debug
and receive the logs below:

What is the error cause?

  • A. IP not defined in $FWDIR/conf/gui-clients
  • B. Wrong user and password
  • C. Wrong password
  • D. Wrong user

Answer : D

Question 2

Which directory below contains the URL Filtering engine update info? Here you can also go
to see the status of the URL Filtering and Application Control updates.

  • A. $FWDIR/urlf/update
  • B. $FWDIR/appi/update
  • C. $FWDIR/appi/urlf
  • D. $FWDIR/update/appi

Answer : B

Question 3

You are running a debugging session and you have set the debug environment to
TDERROR_ALL_ALL=5 using the command export TDERROR_ALL_ALL=5. How do you
return the debug value to defaults?

  • A. fw ctl debug 0x1ffffe0
  • B. fw debug 0x1ffffe0
  • C. export TDERROR_ALL_ALL
  • D. unset TDERROR_ALL_ALL

Answer : D

Question 4

The command fw ctl kdebug <params> is used to:

  • A. list enabled debug parameters.
  • B. read the kernel debug buffer to obtain debug messages.
  • C. enable kernel debugging.
  • D. select specific kernel modules for debugging.

Answer : B

Question 5

The command fw monitor -p all displays what type of information?

  • A. It captures all points of the chain as the packet goes through the firewall kernel.
  • B. This is not a valid command.
  • C. The -p is used to resolve MAC address in the firewall capture.
  • D. It does a firewall monitor capture on all interfaces.

Answer : A

Question 6

What command would give you a summary of all the tables available to the firewall kernel?

  • A. fw tab
  • B. fw tab -s
  • C. fw tab -h
  • D. fw tab -o

Answer : B

Question 7

You are troubleshooting a Security Gateway, attempting to determine which chain is
causing a problem. What command would you use to show all the chains through which
traffic passed?

  • A. [Expert@HostName]# fw ctl chain
  • B. [Expert@HostName]# fw monitor -e "accept;" -p all
  • C. [Expert@HostName]# fw ctl debug –m
  • D. [Expert@HostName]# fw ctl zdebug all

Answer : B

Question 8

What does the IP Options Strip represent under the fw chain output?

  • A. IP Options Strip is not a valid fw chain output.
  • B. The IP Options Strip removes the IP header of the packet prior to be passed to the other kernel functions.
  • C. The IP Options Strip copies the header details to forward the details for further IPS inspections.
  • D. IP Options Strip is only used when VPN is involved.

Answer : B

Question 9

The command _____________ shows which firewall chain modules are active on a

  • A. fw stat
  • B. fw ctl debug
  • C. fw ctl chain
  • D. fw ctl multik stat

Answer : C

Question 10

The command that lists the firewall kernel modules on a Security Gateway is:

  • A. fw list kernel modules
  • B. fw ctl kernel chain
  • C. fw ctl debug -m
  • D. fw list modules

Answer : C

Question 11

Which of the following items is NOT part of the columns of the chain modules?

  • A. Inbound/Outbound chain
  • B. Function Pointer
  • C. Chain position
  • D. Module location

Answer : A

Question 12

When performing a fwm debug, to which directory are the logs written?

  • A. $FWDIR/log
  • B. $FWDIR/log/fwm.elg
  • C. $FWDIR/conf/fwm.elg
  • D. $CPDIR/log/fwm.elg

Answer : B

Question 13

What command would you use to view which debugs are set in your current working
A. env and fw ctl debug
B. cat /proc/etc
C. fw ctl debug all
D. export

Answer : A Topic 2, NAT

Question 14

How do you set up Port Address Translation?

  • A. Since Hide NAT changes to random high ports it is by definition PAT (Port Address Translation).
  • B. Create a manual NAT rule and specify the source and destination ports.
  • C. Edit the service in SmartDashboard, click on the NAT tab and specify the translated port.
  • D. Port Address Translation is not support in Check Point environment

Answer : B

Question 15

While troubleshooting a connectivity issue with an internal web server, you know that
packets are getting to the upstream router, but when you run a tcpdump on the external
interface of the gateway, the only traffic you observe is ARP requests coming from the
upstream router. Does the problem lie on the Check Point Gateway?

  • A. Yes – This could be due to a misconfigured route on the firewall.
  • B. No – This is a layer 2 connectivity issue and has nothing to do with the firewall.
  • C. No The firewall is not dropping the traffic, therefore the problem does not lie with the firewall.
  • D. Yes – This could be due to a misconfigured Static NAT in the firewall policy.

Answer : D

Page 1