Check Point Certified Security Expert v8.1

Page:    1 / 24   
Exam contains 354 questions

What is the primary benefit of using upgrade_export over either backup or snapshot?

  • A. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
  • B. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
  • C. upgrade_export has an option to backup the system and SmartView Tracker logs while backup and snapshot will not.
  • D. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.


Answer : B

In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why?

  • A. sglondon_1 because it the first configured object with the lowest IP.
  • B. sglondon_2 because sglondon_1 has highest IP.
  • C. sglondon_1, because it is up again, sglondon_2 took over during reboot.
  • D. sglondon_2 because it has highest priority.


Answer : D

What is the correct policy installation process order?
1.Verification
2.Code generation and compilation
3.Initiation
4.Commit
5. Conversion
6. CPTA

  • A. 1, 2, 3, 4, 5, 6
  • B. 3, 1, 5, 2, 6, 4
  • C. 4, 2, 3, 5, 6, 1
  • D. 6, 5, 4, 3, 2, 1


Answer : B

Security server configuration settings are stored in _______________ .

  • A. $FWDIR/conf/fwauthd.conf
  • B. $FWDIR/conf/AMT.conf
  • C. $FWDIR/conf/fwopsec.conf
  • D. $FWDIR/conf/Fwauth.c


Answer : A

You have pushed a policy to your firewall and you are not able to access the firewall. What command will allow you to remove the current policy from the machine?

  • A. fw purge active
  • B. fw purge policy
  • C. fw fetch policy
  • D. fw unloadlocal


Answer : B

Which is the lowest Gateway version manageable by SmartCenter R77?

  • A. R65
  • B. S71
  • C. R55
  • D. R60A


Answer : A

When a packet is flowing through the security gateway, which one of the following is a valid inspection path?

  • A. Acceleration Path
  • B. Small Path
  • C. Firewall Path
  • D. Medium Path


Answer : D

You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of
40, and the Default Rule with a weight of 10. If the only traffic passing through your QoS
Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?

  • A. 80%
  • B. 50%
  • C. 40%
  • D. 100%


Answer : B

How could you compare the Fingerprint shown to the Fingerprint on the server? Run cpconfig and select:
Exhibit:


  • A. the Certificate Authority option and view the fingerprint.
  • B. the GUI Clients option and view the fingerprint.
  • C. the Certificate's Fingerprint option and view the fingerprint.
  • D. the Server Fingerprint option and view the fingerprint.


Answer : C

Fill in the blank. In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2 Internal host 10.4.8.108 pings 10.4.8.3, and receives replies.


Review the ARP table from the internal Windows host 10.4.8.108. According to the output, which member is the standby machine?



Answer : 10.4.8.1

Fill in the blank. You can set Acceleration to ON or OFF using command syntax
___________ .



Answer : fwaccel off/on

How do you upload the results of CPSIZEME to Check Point when using a PROXY server with authentication?



Answer : B

You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window. What must you enable to see the Directional Match?
Exhibit:


  • A. directional_match (true) in the objects_5_0.C file on Security Management Server
  • B. VPN Directional Match on the Gateway object’s VPN tab
  • C. VPN Directional Match on the VPN advanced window, in Global Properties
  • D. Advanced Routing on each Security Gateway


Answer : C

Which protocol can be used to provide logs to third-party reporting?

  • A. CPMI (Check Point Management Interface)
  • B. LEA (Log Export API)
  • C. AMON (Application Monitoring)
  • D. ELA (Event Logging API)


Answer : B

Which of the following is NOT a feature of ClusterXL?

  • A. Transparent upgrades
  • B. Zero downtime for mission-critical environments with State Synchronization
  • C. Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway)
  • D. Transparent failover in case of device failures


Answer : A

Page:    1 / 24   
Exam contains 354 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.