156-115.80 Sample Questions Answers

30 Seconds

30 minutes

60 minutes

40 Seconds

The sole purpose of the Management server is to store the log files sent by the Security Gateways.

The Management server manages, creates, stores, and distributes the security policy to Security Gateways. It also functions as the Certificate Authority of all managed Check Point products.

The Management server provides the connector for the GUI client and uses exclusively port 257/tcp.

The Management server only functions as the Certificate Authority of all managed Check Point products.

Yes, use the cp_conf command

No, Reset SIC using cpconfig during a change window

Yes, use the vi utility to edit CP HKLM_registry.data Registry File

No, Reset SIC on the Gateway first and then in SmartConsole

vpn debug ikeoff

fw ctl debug ikeoff

vpn debug ikeoff 0

fw ctl vpn debug ikeoff

fw monitor –e “accept IPS_stats;” >> ips_statistics.xml

fw ctl debug –m ips debug_compilation

fw ctl set int enable_ips_debug_output 1

$FWDIR/scripts/get_ips_statistics.sh 10.1.1.1 60

registers the host_monitor device and checks end-to-end connectivity to routes and other network devices.

registers devices with the name of a process specified in the cpha_proc_list file.

registers devices that monitor the IPS blade.

registers the admin_down device and checks the change in the member’s status and provides feedback to the user.

show route –A inet6

ip -6 addr show

netstat –rn –A inet6

ip -6 neigh show

statistics monitoring for vpn encrypted packets

vpn daemon monitor mode

ike monitor

vpn debug mode

Issue “set ipv6 enable”; Save configuration and reboot

Issue “set ipv6-state on”; Save configuration and reboot

Issue “set ipv6 on”; Save configuration and reboot

Issue “set ipv6-state enable”; Save configuration and reboot

fw ctl debug + xlate xltrc nat table

fw ctl debug + xltrc xlate nat conn

fw ctl debug + xlate xltrc nat conn drop

fw ctl debug + fwx_alloc nat conn drop

ips debug traffic –o IPSdebug

ips debug –f /var/log/IPSdebug.txt

debug ips enable –o IPSdebug

ips debug –o IPSdebug

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules

Create a separate Security Policy package for each remote Security Gateway

Create network objects that restrict all applicable rules to only certain networks

Run separate SmartConsole instances to login and configure each Security Gateway directly

fw ctl debug –T –f > debug.txt

fw ctl kdebug –T –l > debug.txt

fw ctl debug –S –t > debug.txt

fw ctl kdebug –T –f > debug.txt

500ms

1000ms

100ms

1500ms

1,024 and 4,096

4,096 and 16,384

4,096 and 65,536

1,024 and 16,384

pdpd

wstlsd

iad

pepd

ipv4 to ipv6 Triple Stack

Hex to Dec translation

6 in 4 Tunneling

NAT-T to NAT6sec

psql_client cpm postgres

psql_client checkpoint postgres

psql_client central_database postgres

In clish: show postgres main

stat

stats

templates

packets

Hyper-threading is disabled in BIOS and cpconfig

Hyper-threading is enabled in BIOS but disabled in cpconfig

Hyper-threading is disabled in BIOS but enabled in cpconfig

Your system does not support Hyper-threading