CheckPoint 156-115-80 practice test

What must be done for the “fw monitor” command to capture packets through the firewall kernel?

• A. SecureXL must be disabled
• B. ClusterXL must be temporarily disabled
• C. Firewall policy must be re-installed
• D. The output file must be transferred to a machine with WireShark

Consider a Check Point Security Gateway under high load. What mechanism can be used to confirm
that important traffic such as control connections are not dropped?

• A. fw debug fgd50 on OPSEC_DEBUG_LEVEL=3
• B. fw ctl multik prioq
• C. fgate –d load
• D. fw ctl debug –m fg all

What is the default and maximum number of entries in the ARP Cache Table in a Check Point
appliance?

• A. 1,024 and 4,096
• B. 4,096 and 16,384
• C. 4,096 and 65,536
• D. 1,024 and 16,384

Which kernel debug flag should you use to troubleshoot NAT connections?
A. fw ctl debug + xlate xltrc nat table
B. fw ctl debug + xltrc xlate nat conn
C. fw ctl debug + xlate xltrc nat conn drop
D. fw ctl debug + fwx_alloc nat conn drop

You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify
security administration, which action would you choose?

• A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules
• B. Create a separate Security Policy package for each remote Security Gateway
• C. Create network objects that restrict all applicable rules to only certain networks
• D. Run separate SmartConsole instances to login and configure each Security Gateway directly

Which type of SecureXL templates is enabled by default on Security Gateways?

• A. Accept
• B. Drop
• C. NAT
• D. VPN

Which one of following commands should you run to display HTTPS packet content together with
kernel debug?

• A. fw ctl get int https_inspection_show_decrypted_data_in_debug=1 fw ctl get int ssl_inspection_extra_debug=1 B. fw set int https_inspection_get_encrypted_data_in_debug fw set int https_inspection_show_debug 1
• C. fw ctl set int https_inspection_show_decrypted_data_in_debug 1 fw ctl set int ssl_inspection_extra_debug 1
• D. fw ctl set int http_inspection_display_encrypted_data_in_debug=1 fw ctl set int http_inspection_extra_debug=1

You issued the command “set ipv6-state on” in order to enable IPv6 protocol on a Security Gateway.
The command was executed successfully. After reboot you notice that IPv6 protocol is not enabled.
What do you do to permanently enable IPv6 protocol?

• A. Issue “set ipv6-state on” again; Save configuration and reboot
• B. You need to modify Gateway Properties in SmartConsole and install policy in order to enable IPv6
• C. You need to set “ipv6_state” parameter in $FWDIR/boot/modules/fwkern.conf and reboot
• D. You need to install a valid license to use IPv6 protocol

Where does the translation occur with Hide NAT?

• A. The destination translation occurs at the client side
• B. The source translation occurs at the server side
• C. The source translation occurs at the client side
• D. The destination translation occurs at the server side

Fill in the blank. The tool
generates a R80 Security Gateway configuration report.

• A. infoCP
• B. infoview
• C. cpinfo
• D. fw cpinfo