CheckPoint 156-315.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81.20 Online Questions & Answers

• Question 391:

  During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

  A. Dropped without sending a negative acknowledgment
  B. Dropped without logs and without sending a negative acknowledgment
  C. Dropped with negative acknowledgment
  D. Dropped with logs and without sending a negative acknowledgment
  D. Dropped with logs and without sending a negative acknowledgment

  ---

  Explanation

  For packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are dropped with logs and without sending a negative acknowledgment. Firewall Kernel Inspection is the process of applying security policies and rules to network traffic by the Firewall kernel module. If a packet does not match any rule or matches a rule with an action of Drop or Reject, the packet is dropped by the Firewall kernel module. The difference between Drop and Reject is that Drop silently discards the packet without informing the sender, while Reject discards the packet and sends a negative acknowledgment (such as an ICMP message) to the sender. However, both Drop and Reject actions generate logs that record the details of the dropped packets, such as source, destination, protocol, port, rule number, etc. The other options are either incorrect or describe different scenarios.

• Question 392:

  In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following:

  A. The Firewall kernel only touches the packet if the connection is accelerated
  B. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
  C. The Firewall can run the same policy on all cores
  D. The Firewall can run different policies per core
  C. The Firewall can run the same policy on all cores

• Question 393:

  GAiA Software update packages can be imported and installed offline in situation where:

  A. Security Gateway with GAiA does NOT have SFTP access to Internet
  B. Security Gateway with GAiA does NOT have access to Internet.
  C. Security Gateway with GAiA does NOT have SSH access to Internet.
  D. The desired CPUSE package is ONLY available in the Check Point CLOUD.
  B. Security Gateway with GAiA does NOT have access to Internet.

  ---

  Explanation

  According to the Check Point website, GAiA Software update packages can be imported and installed offline in situation where the Security Gateway with GAiA does not have access to Internet. This allows you to manually download the packages from another device and transfer them to the Security Gateway using a USB drive or other media. The other situations are either not relevant or not possible.

  References:

  Offline Software Updates

• Question 394:

  Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company's Developer Team is having random access issue to newly deployed Application Server in DMZ's Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela's desk for an investigation. Pamela decides to use Check Point's Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.

  What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

  A. Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.
  B. Pamela should check SecureXL status on DMZ Security Gateway and if it's turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.
  C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.
  D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.
  A. Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

  ---

  Explanation

  The best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic is: Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

  SecureXL is a technology that accelerates network traffic processing by offloading intensive operations from the Firewall kernel to a dedicated SecureXL device. However, this also means that some traffic might not be seen by fw monitor, which is a tool that captures packets at different inspection points in the Firewall kernel. Therefore, to ensure that fw monitor captures all traffic, SecureXL should be turned OFF before using fw monitor. The other suggestions are either incorrect or less effective in capturing traffic.

• Question 395:

  Which CLI command will reset the IPS pattern matcher statistics?

  A. ips reset pmstat
  B. ips pstats reset
  C. ips pmstats refresh
  D. ips pmstats reset
  D. ips pmstats reset

  ---

  Explanation

  The CLI command to reset the IPS (Intrusion Prevention System) pattern matcher statistics is option

  D: ips pmstats reset. This command will reset the statistics related to the IPS pattern matcher. Options A, B, and C are not the correct syntax for resetting the IPS pattern matcher statistics.

  References:

  Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 396:

  In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?

  A. Pentagon
  B. Combined
  C. Meshed
  D. Star
  D. Star

  ---

  Explanation

  A star VPN community is a type of VPN community that allows a central gateway to create VPN tunnels with multiple satellite gateways or hosts, but does not allow satellite gateways or hosts to create VPN tunnels with each other. This type of community is suitable for hub-and-spoke topologies, where the central gateway acts as the hub and the satellite gateways or hosts act as the spokes. The central gateway can initiate or terminate VPN traffic to any satellite member, but the satellite members can only initiate or terminate VPN traffic to the central gateway.

• Question 397:

  What is the base level encryption key used by Capsule Docs?

  A. RSA 2048
  B. RSA 1024
  C. SHA-256
  D. AES
  A. RSA 2048

  ---

  Explanation

  The base level encryption key used by Capsule Docs is RSA 2048. This means that Capsule Docs uses a 2048-bit RSA public key encryption algorithm to encrypt and decrypt documents. RSA is an asymmetric encryption algorithm that uses two keys: a public key that can be shared with anyone, and a private key that must be kept secret. AES, SHA-256, and RSA 1024 are not the base level encryption keys used by Capsule Docs.

  References:

  Check Point Software, Getting Started, Capsule Docs Encryption.

• Question 398:

  What statement best describes the Proxy ARP feature for Manual NAT in R81.20?

  A. Automatic proxy ARP configuration can be enabled
  B. Translate Destination on Client Side should be configured
  C. fw ctl proxy should be configured
  D. local.arp file must always be configured
  D. local.arp file must always be configured

  ---

  Explanation

  According to the Check Point R81 training course, the Proxy ARP feature for Manual NAT in R81.20 requires the configuration of the local.arp file on the Security Gateway. This file contains the mapping of IP addresses to MAC addresses for NATed hosts. The other options are either incorrect or irrelevant.

  References:

  Certified Security Expert (CCSE) R81.20 Course Overview

• Question 399:

  What could NOT be a reason for synchronization issues in a Management HA environment?

  A. Servers are in Collision Mode. Two servers, both in active state cannot be synchronized either automatically or manually.
  B. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate
  C. There is a network connectivity failure between the servers
  D. The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server.
  B. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate

• Question 400:

  Please choose the path to monitor the compliance status of the Check Point R81.20 based management.

  A. Gateways & Servers --> Compliance View
  B. Compliance blade not available under R81.20
  C. Logs & Monitor --> New Tab --> Open compliance View
  D. Security & Policies --> New Tab --> Compliance View
  C. Logs & Monitor --> New Tab --> Open compliance View

  ---

  Explanation

  The path to monitor the compliance status of the Check Point R81.20 based management is Logs & Monitor > New Tab > Open compliance View. Compliance View is a feature that allows administrators to monitor and assess the compliance level of their Check Point products and security policies based on best practices and industry standards. Compliance View provides a dashboard that shows the overall compliance status, compliance score, compliance trends, compliance issues, compliance reports, and compliance blades for different security aspects, such as data protection, threat prevention, identity awareness, etc. To access Compliance View in R81.20 SmartConsole, administrators need to go to Logs

  & Monitor > New Tab > Open compliance View. The other options are either incorrect or not available in

  R81.20.