CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 121:

  From SecureXL perspective, what are the tree paths of traffic flow:

  A. Initial Path; Medium Path; Accelerated Path
  B. Layer Path; Blade Path; Rule Path
  C. Firewall Path; Accept Path; Drop Path
  D. Firewall Path; Accelerated Path; Medium Path
  D. Firewall Path; Accelerated Path; Medium Path

  ---

  Explanation/Reference:

  The correct answer is D because from SecureXL perspective, the three paths of traffic flow are Firewall Path, Accelerated Path, and Medium Path. The Firewall Path is used when SecureXL is disabled or traffic is not eligible for acceleration.

  The Accelerated Path is used when SecureXL handles the entire connection and bypasses the Firewall kernel. The Medium Path is used when SecureXL handles part of the connection and forwards packets to the Firewall kernel for further

  inspection3. The other options are not valid paths of traffic flow from SecureXL perspective.

  References: Check Point R81 Performance Tuning Administration Guide

• Question 122:

  CPU-level of your Security gateway is peaking to 100% causing problems with traffic. You suspect that the problem might be the Threat Prevention settings. The following Threat Prevention Profile has been created.

  

  How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

  A. Set High Confidence to Low and Low Confidence to Inactive.
  B. Set the Performance Impact to Medium or lower.
  C. The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.
  D. Set the Performance Impact to Very Low Confidence to Prevent.
  B. Set the Performance Impact to Medium or lower.

  ---

  Explanation/Reference:

  The BEST way to tune the profile in order to lower the CPU load still maintaining security at good level is to set the Performance Impact to Medium or lower. This will reduce the number of packets that are inspected by the Threat Prevention blades, while still providing a high level of protection . Setting High Confidence to Low and Low Confidence to Inactive will lower the security level, as it will allow more traffic that may be malicious. The problem is likely with the Threat Prevention Profile, as it can have a significant impact on the CPU utilization of the Security Gateway. Adding more memory to the appliance will not solve the problem, as memory is not the bottleneck in this case. Setting the Performance Impact to Very Low Confidence to Prevent will increase the CPU load, as it will inspect more packets and block more traffic that may be false positives. References: Threat Prevention Administration Guide, Check Point R81.10

• Question 123:

  True or False: The destination server for Security Gateway logs depends on a Security Management Server configuration.

  A. False, log servers are configured on the Log Server General Properties
  B. True, all Security Gateways will only forward logs with a SmartCenter Server configuration
  C. True, all Security Gateways forward logs automatically to the Security Management Server
  D. False, log servers are enabled on the Security Gateway General Properties
  B. True, all Security Gateways will only forward logs with a SmartCenter Server configuration

  ---

  Explanation/Reference:

  The destination server for Security Gateway logs depends on a Security Management Server configuration. This is true because the Security Management Server defines the log servers that receive logs from the Security Gateways. The log servers can be either the Security Management Server itself or a dedicated Log Server.

  References: Check Point R81 Logging and Monitoring Administration Guide, Check Point R81 Quantum Security Gateway Guide

• Question 124:

  Which message indicates IKE Phase 2 has completed successfully?

  A. Quick Mode Complete
  B. Aggressive Mode Complete
  C. Main Mode Complete
  D. IKE Mode Complete
  A. Quick Mode Complete

  ---

  Explanation/Reference:

  Quick Mode Complete is the message that indicates IKE Phase 2 has completed successfully2. IKE Phase 2 is also known as Quick Mode or Child SA in IKEv1 and IKEv2 respectively. Aggressive Mode and Main Mode are part of IKE Phase 1, which establishes the IKE SA. IKE Mode is not a valid term for IKE negotiation. References: How to Analyze IKE Phase 2 VPN Status Messages, IKEv2 Phase 1 (IKE SA) and Phase 2 (Child SA) Message Exchanges, Understand IPsec IKEv1 Protocol

• Question 125:

  You have discovered suspicious activity in your network. What is the BEST immediate action to take?

  A. Create a policy rule to block the traffic.
  B. Create a suspicious action rule to block that traffic.
  C. Wait until traffic has been identified before making any changes.
  D. Contact ISP to block the traffic.
  B. Create a suspicious action rule to block that traffic.

  ---

  Explanation/Reference:

  The BEST immediate action to take when you have discovered suspicious activity in your network is to create a suspicious action rule to block that traffic. A suspicious action rule is a special type of rule that is triggered when a predefined condition is met, such as a malicious file download, a ransomware attack, or a data exfiltration attempt. A suspicious action rule can block the traffic, quarantine the source, or send an alert to the administrator. Creating a policy rule to block the traffic may not be effective if the traffic does not match the rule criteria or if the policy installation is delayed. Waiting until traffic has been identified before making any changes may allow the threat to spread or cause more damage. Contacting ISP to block the traffic may not be feasible or timely, and may also affect legitimate traffic. References: Check Point R81 Security Gateway Technical Administration Guide

• Question 126:

  Fill in the blanks: A Check Point software license consists of a__________ and _______.

  A. Software blade; software container
  B. Software package: signature
  C. Signature; software blade
  D. Software container software package
  A. Software blade; software container

  ---

  Explanation/Reference:

  A Check Point software license consists of a Software blade and a Software container. A Software blade is a modular security feature that delivers security functionality to the gateway or management server. A Software container is a set of

  Software blades that can be purchased as a bundle.

  References: : Check Point R81 Security Management Administration Guide, page 14.

• Question 127:

  Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ___________.

  A. Captive Portal and Transparent Kerberos Authentication
  B. UserCheck
  C. User Directory
  D. Captive Portal
  A. Captive Portal and Transparent Kerberos Authentication

  ---

  Explanation/Reference:

  Browser-based Authentication sends users to a web page to acquire identities using Captive Portal and Transparent Kerberos Authentication. Captive Portal is a web page that prompts users to enter their credentials. Transparent Kerberos Authentication is a method that automatically authenticates users who have a valid Kerberos ticket from the Active Directory domain controller. UserCheck is a feature that allows users to interact with the security policy, not a method of authentication. User Directory is a component that integrates with external user databases, not a web page for authentication. Captive Portal alone is not enough to fill in the blank, as it is only one of the methods used by Browser-based Authentication.

• Question 128:

  What is the most recommended installation method for Check Point appliances?

  A. SmartUpdate installation
  B. DVD media created with Check Point ISOMorphic
  C. USB media created with Check Point ISOMorphic
  D. Cloud based installation
  C. USB media created with Check Point ISOMorphic

  ---

  Explanation/Reference:

  USB media created with Check Point ISOMorphic is the most recommended installation method for Check Point appliances, as it provides a fast and easy way to install the Gaia operating system and the latest software version. SmartUpdate installation requires an existing Gaia installation and does not support fresh installations. DVD media created with Check Point ISOMorphic is less convenient than USB media, as it requires burning the image to a DVD and inserting it into the appliance. Cloud based installation is not applicable for Check Point appliances, as it is intended for cloud environments such as AWS or Azure. References: INSTALLATION AND UPGRADE GUIDE R81.10, Chassis R81 Installation and Upgrade Guide, Check Point R81.10

• Question 129:

  Which Check Point Software Wade provides visibility of users, groups and machines while also providing access control through identity-based policies?

  A. Firewall
  B. Identity Awareness
  C. Application Control
  D. URL Filtering
  B. Identity Awareness

  ---

  Explanation/Reference:

  Identity Awareness is the Check Point software blade that provides visibility of users, groups and machines while also providing access control through identity-based policies. Identity Awareness enables administrators to define granular access rules based on user or machine identity, rather than just IP addresses. Identity Awareness also allows administrators to monitor user activity and generate reports based on user or machine identity.

• Question 130:

  Security Gateway software blades must be attached to what?

  A. Security Gateway
  B. Security Gateway container
  C. Management server
  D. Management container
  B. Security Gateway container

  ---

  Explanation/Reference:

  Security Gateway software blades must be attached to a Security Gateway container. A Security Gateway container is a logical object that represents a physical or virtual machine that runs the Security Gateway software. A software blade is a modular security feature that can be enabled or disabled eway container. A software blade can provide functions such as firewall, VPN, IPS, anti-virus, anti-bot, application control, URL filtering, etc.References: [Security Gateway Containers], [Software Blades]