CheckPoint 156-315.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81.20 Online Questions & Answers

• Question 581:

  What order should be used when upgrading a Management High Availability Cluster?

  A. Secondary Management, then Primary Management
  B. Active Management, then Standby Management
  C. Standby Management, then Active Management
  D. Primary Management, then Secondary Management
  D. Primary Management, then Secondary Management

• Question 582:

  R81.20 management server can manage gateways with which versions installed?

  A. Versions R77 and higher
  B. Versions R76 and higher
  C. Versions R75.20 and higher
  D. Versions R75 and higher
  C. Versions R75.20 and higher

  ---

  Explanation

  R81.20 management server can manage gateways with versions R75.20 and higher. However, some features may not be supported on older gateway versions. For example, R81 introduces a new feature called Infinity Threat Prevention, which requires R81 gateways to work properly. Therefore, it is recommended to upgrade your gateways to the latest version to take advantage of all the new features and enhancements in R81.

• Question 583:

  Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.

  20 SmartConsole application?

  A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.
  B. Firewall, IPS, Threat Emulation, Application Control.
  C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.
  D. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.
  C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.

  ---

  Explanation

  The Threat Prevention profile in Check Point R81.20 SmartConsole application allows you to enforce the following software blades: IPS, Anti-Bot, Anti-Virus, Threat Emulation, and Threat Extraction. These software blades provide comprehensive protection against various types of threats, such as network attacks, malware, ransomware, phishing, and zero-day exploits. You can configure the profile settings for each software blade, such as the action to take, the protection scope, and the exceptions.

  References:

  Check Point Security Expert R81 Course, Threat Prevention Administration Guide

• Question 584:

  Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

  A. Domain-based-VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.
  B. Route-based-The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.
  C. Domain-based-VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.
  D. Domain-based-VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.
  C. Domain-based-VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

  ---

  Explanation

  The statement that is not true about site-to-site VPN domain-based is that a VPN domain is a service or user that can send or receive VPN traffic through a VPN gateway. A VPN domain is a host or network that can send or receive VPN traffic through a VPN gateway, not a service or user. A service or user can be part of a VPN community, which defines the encryption and authentication methods for the VPN traffic.

  References:

  [Check Point Security Expert R81 Administration Guide], page 146.

• Question 585:

  In the R81 SmartConsole, on which tab are Permissions and Administrators defined?

  A. Security Policies
  B. Logs and Monitor
  C. Manage and Settings
  D. Gateways and Servers
  C. Manage and Settings

  ---

  Explanation

  In the R81 SmartConsole, Permissions and Administrators are defined on the Manage and Settings tab.

  The Manage and Settings tab allows administrators to configure various settings and options for the SmartConsole, such as global properties, network objects, services, users and user groups, permissions, licenses, certificates, etc. To define Permissions and Administrators, the administrator can go to the Manage and Settings tab and select Permissions and Administrators from the left pane. This will open a window where the administrator can create, edit, or delete administrators and roles, assign permissions and access profiles, enable multi-domain support, etc. The other options are incorrect because: The Security Policies tab allows administrators to create, edit, or delete security policies for different blades, such as Access Control, Threat Prevention, Identity Awareness, Mobile Access, etc. It also allows administrators to install policies on selected gateways or servers. The Logs and Monitor tab allows administrators to view, filter, analyze, or export logs and reports for different blades, such as Access Control, Threat Prevention, Identity Awareness, Mobile Access, etc. It also allows administrators to monitor the status and performance of gateways and servers. The Gateways and Servers tab allows administrators to add, edit, or delete gateways and servers that are managed by the Security Management Server or the Multi-Domain Security Management Server. It also allows administrators to view the details and configuration of each gateway or server.

• Question 586:

  In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with

  _____________will not apply.

  A. ffff
  B. 1
  C. 3
  D. 2
  D. 2

  ---

  Explanation

  For Stateful Mode configuration, chain modules marked with 2 will not apply. Stateful Mode configuration is a feature that allows administrators to define how packets are processed by different firewall kernel modules in inbound and outbound directions. Chain modules are firewall kernel modules that perform various security functions, such as VPN, IPS, QoS, etc. Each chain module is associated with a key, which specifies the type of traffic applicable to the chain module. The key can be one of the following values: 0 for all packets, 1 for stateful packets, 2 for stateless packets, and 3 for no match packets. For Stateful Mode configuration, only chain modules with key 0 or 1 will apply, as they handle all packets or stateful packets. Chain modules with key 2 will not apply, as they handle stateless packets, which are not relevant for Stateful Mode configuration.

• Question 587:

  Which feature allows distributing traffic across multiple CPU cores?

  A. SecureXL
  B. CoreXL
  C. ClusterXL
  D. IPS
  B. CoreXL

  ---

  Explanation

  CoreXL enables parallel processing by distributing firewall tasks across multiple CPU cores.

• Question 588:

  Which of the following describes how Threat Extraction functions?

  A. Detect threats and provides a detailed report of discovered threats.
  B. Proactively detects threats.
  C. Delivers file with original content.
  D. Delivers PDF versions of original files with active content removed.
  D. Delivers PDF versions of original files with active content removed.

  ---

  Explanation

  Threat Extraction is a software blade that delivers PDF versions of original files with active content removed. Active content, such as macros, scripts, or embedded objects, can be used by attackers to deliver malware or exploit vulnerabilities. Threat Extraction removes or sanitizes the active content from the files and converts them to PDF format, which is safer and more compatible. Threat Extraction can also work together with Threat Emulation to provide both clean and original files to the users.

  References:

  Check Point Security Expert R81 Course, Threat Extraction Administration Guide

• Question 589:

  You pushed a policy to your gateway and you can no longer access the gateway remotely.

  What command should you use to remove the policy from the gateway by logging in through console access?

  A. cpstop
  B. fw unloadlocal
  C. fw unloadpolicy
  D. fw ctl unload
  B. fw unloadlocal

  ---

  Explanation

  The correct command to remove the currently installed policy locally on a Security Gateway is: fw unloadlocal

  This command unloads the Security Policy from the gateway, allowing administrative access (such as SSH) to be restored.

  The other options are incorrect:

  cpstop stops all Check Point services, which is not required to restore access fw unloadpolicy is not a valid command

  fw ctl unload is not a valid command for removing the installed policy

• Question 590:

  Which one of these features is NOT associated with the Check Point URL Filtering and Application Control?

  A. Detects and blocks malware by correlating multiple detection engines before users are affected.
  B. Configure rules to limit the available network bandwidth for specified users or groups.
  C. Use UserCheck to help users understand that certain websites are against the company's security policy.
  D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
  A. Detects and blocks malware by correlating multiple detection engines before users are affected.

  ---

  Explanation

  Detecting and blocking malware by correlating multiple detection engines before users are affected is not a feature associated with the Check Point URL Filtering and Application Control Blade. This feature is part of the Check Point SandBlast Network solution, which uses Threat Emulation and Threat Extraction technologies to prevent zero-day attacks. The other features are part of the URL Filtering and Application Control Blade, which allows you to control access to web applications and sites based on various criteria.

  References:

  URL Filtering and Application Control Administration Guide