Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R77 installation benefits. Your plan must meet the following required and desired objectives:
Required ObjectivE. The Security Policy repository must be backed up no less frequently than every 24 hours.
Desired ObjectivE. The R77 components that enforce the Security Policies should be backed up at least once a week.
Desired ObjectivE. Back up R77 logs at least once a week.
Your disaster recovery plan is as follows:
- Use the cron utility to run the command upgrade_export each night on the Security Management Servers.
- Configure the organization's routine back up software to back up the files created by the command upgrade_export.
- Configure the GAiA back up utility to back up the Security Gateways every Saturday night.
- Use the cron utility to run the command upgrade_export each Saturday night on the log servers.
- Configure an automatic, nightly logswitch.
- Configure the organization's routine back up software to back up the switched logs every night.
Upon evaluation, your plan:
A. Meets the required objective and only one desired objective.
B. Meets the required objective but does not meet either desired objective.
C. Does not meet the required objective.
D. Meets the required objective and both desired objectives.
Answer: D
Monday 3 February 2020
Monday 30 September 2019
CheckPoint 156-215.77 Question Answer
Which of the following commands can provide the most complete restoration of a R77 configuration?
A. upgrade_import
B. cpinfo -recover
C. cpconfig
D. fwm dbimport -p <export file>
Answer: A
When restoring R77 using the command upgrade_import, which of the following items are NOT restored?
A. SIC Certificates
B. Licenses
C. Route tables
D. Global properties
Answer: C
A. upgrade_import
B. cpinfo -recover
C. cpconfig
D. fwm dbimport -p <export file>
Answer: A
When restoring R77 using the command upgrade_import, which of the following items are NOT restored?
A. SIC Certificates
B. Licenses
C. Route tables
D. Global properties
Answer: C
Sunday 2 September 2018
CheckPoint 156-215.77 Question Answer
Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
A. On a GAiA Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object's Logs and Masters window, enable Schedule log switch, and select the Time object.
C. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
D. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logs and Masters window, to schedule a logswitch.
Answer: B
Which of the following methods will provide the most complete backup of an R77 configuration?
A. Policy Package Management
B. Copying the directories $FWDIR\conf and $CPDIR\conf to another server
C. Execute command upgrade_export
D. Database Revision Control
Answer: C
A. On a GAiA Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object's Logs and Masters window, enable Schedule log switch, and select the Time object.
C. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
D. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logs and Masters window, to schedule a logswitch.
Answer: B
Which of the following methods will provide the most complete backup of an R77 configuration?
A. Policy Package Management
B. Copying the directories $FWDIR\conf and $CPDIR\conf to another server
C. Execute command upgrade_export
D. Database Revision Control
Answer: C
Friday 23 February 2018
CheckPoint 156-215.77 Question Answer
Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources' servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.
B. When selecting the Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.
C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the firewall via Specific Targets.
D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.
Answer: C
You have a diskless appliance platform. How do you keep swap file wear to a minimum?
A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
C. Use PRAM flash devices, eliminating the longevity.
D. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
Answer: D
A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.
B. When selecting the Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.
C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the firewall via Specific Targets.
D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.
Answer: C
You have a diskless appliance platform. How do you keep swap file wear to a minimum?
A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
C. Use PRAM flash devices, eliminating the longevity.
D. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
Answer: D
Thursday 21 December 2017
CheckPoint 156-215.77 Question Answer
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
As expert user, issue these commands:
A. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field
B. As expert user, issue the command:
C. # IP link set eth0 addr 00:0C:29:12:34:56
D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
Answer: C
As expert user, issue these commands:
A. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field
B. As expert user, issue the command:
C. # IP link set eth0 addr 00:0C:29:12:34:56
D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
Answer: C
Wednesday 8 November 2017
CheckPoint 156-215.77 Question Answer
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.
A. /etc/sysconfig/netconf.C
B. /etc/conf/route.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
Answer: A
A. /etc/sysconfig/netconf.C
B. /etc/conf/route.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
Answer: A
Friday 27 October 2017
CheckPoint 156-215.77 Question Answer
The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?
A. Type fwm unlock_admin from the Security Management Server command line.
B. Type fwm unlock_admin -u from the Security Gateway command line.
C. Type fwm lock_admin -u <account name> from the Security Management Server command line.
D. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
Answer: C
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
B. Reinstall the Security Management Server and restore using upgrade_import.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Answer: C
A. Type fwm unlock_admin from the Security Management Server command line.
B. Type fwm unlock_admin -u from the Security Gateway command line.
C. Type fwm lock_admin -u <account name> from the Security Management Server command line.
D. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
Answer: C
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
B. Reinstall the Security Management Server and restore using upgrade_import.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Answer: C
Subscribe to:
Posts (Atom)