CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 121:

  SandBlast agent extends 0 day prevention to what part of the network?

  A. Web Browsers and user devices
  B. DMZ server
  C. Cloud
  D. Email servers
  A. Web Browsers and user devices

  ---

  Explanation/Reference:

  SandBlast agent extends zero-day prevention to web browsers and user devices. Zero-day prevention is a capability that protects devices from unknown and emerging threats that exploit vulnerabilities that have not been patched or disclosed. SandBlast Agent provides zero-day prevention by using various technologies such as threat emulation, threat extraction, anti-exploitation, anti-ransomware, and behavioral analysis. SandBlast Agent protects web browsers and user devices from malicious downloads, phishing links, drive-by downloads, browser exploits, malicious scripts, and more.

• Question 122:

  Which process handles connection from SmartConsole R81?

  A. fwm
  B. cpmd
  C. cpm
  D. cpd
  C. cpm

  ---

  Explanation/Reference:

  The process that handles connection from SmartConsole R81 is cpm. Cpm stands for Check Point Management, and it is the main process that runs on the Security Management Server and interacts with SmartConsole clients. Cpm is responsible for managing policies, objects, logs, tasks, and other management functions. The other processes are either obsolete or irrelevant for SmartConsole connection.

• Question 123:

  On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

  A. 18210
  B. 18184
  C. 257
  D. 18191
  B. 18184

  ---

  Explanation/Reference:

  On R81.20, when configuring Third-Party devices to read the logs using the LEA (Log Export API), the default Log Server uses port 18184. This port can be changed using the lea_server command in expert mode. The other ports are either not related to LEA, or used for different purposes, such as 18210 for CPMI, 257 for FW1_log, and 18191 for SIC. References: [Check Point R81 Logging and Monitoring Administration Guide], [Check Point Ports Used for Communication by Various Check Point Modules]

• Question 124:

  Why is a Central License the preferred and recommended method of licensing?

  A. Central Licensing actually not supported with Gaia.
  B. Central Licensing is the only option when deploying Gala.
  C. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.
  D. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.
  D. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

  ---

  Explanation/Reference:

  Central Licensing is the preferred and recommended method of licensing because it simplifies the license management process and reduces the risk of license issues. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes. This means that you can easily add, remove, or replace gateways without affecting your license status. Central Licensing also allows you to view and manage all your licenses from one central location using SmartConsole or SmartUpdate. Central Licensing is supported with Gaia and is not the only option when deploying Gaia. Central Licensing does not tie to the IP address of a gateway and cannot be changed to any gateway if needed. References: Check Point R81 Licensing and Contract Administration Guide, page 7

• Question 125:

  What object type would you use to grant network access to an LDAP user group?

  A. Access Role
  B. Group Template
  C. SmartDirectory Group
  D. User Group
  A. Access Role

• Question 126:

  What are the two ClusterXL Deployment options?

  A. Distributed and Full High Availability
  B. Broadcast and Multicast Mode
  C. Distributed and Standalone
  D. Unicast and Multicast Mode
  A. Distributed and Full High Availability

  ---

  Explanation/Reference:

  The two ClusterXL Deployment options are Distributed and Full High Availability. Distributed deployment means that each cluster member has its own Security Management Server and synchronizes with other members. Full High Availability deployment means that one cluster member is active and handles all traffic, while the other members are in standby mode and ready to take over in case of a failure. The other options are not valid ClusterXL Deployment options, but rather ClusterXL Modes or ClusterXL Load Sharing Methods. References: [Check Point Security Expert R81 ClusterXL Administration Guide], page 6.

• Question 127:

  True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.

  A. False, this feature has to be enabled in the Global Properties.
  B. True, every administrator works in a session that is independent of the other administrators.
  C. True, every administrator works on a different database that is independent of the other administrators.
  D. False, only one administrator can login with write permission.
  B. True, every administrator works in a session that is independent of the other administrators.

  ---

  Explanation/Reference:

  In R81, more than one administrator can login to the Security Management Server with write permission at the same time. This feature is enabled by default and allows concurrent administration of the security policy. Every administrator works in a session that is independent of the other administrators. Changes made by one administrator are not visible to others until they are published. Administrators can also lock objects to prevent others from editing them until they are unlocked. References: R81 Security Management Administration Guide, page 43.

• Question 128:

  Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. Which of the following statements correctly identify each product's capabilities?

  A. Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating system and Android only
  B. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement.
  C. For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support.
  D. Workspace can support any application, whereas Connect has a limited number of application types which it will support.
  C. For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support.

  ---

  Explanation/Reference:

  According to the Check Point website, Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One- Time Password and certain SSO login support. The other statements are either false or partially true. References: Capsule Connect and Capsule Workspace

• Question 129:

  What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?

  A. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.
  B. Security Gateway failover as well as Security Management Server failover is a manual procedure.
  C. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.
  D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.
  A. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.

  ---

  Explanation/Reference:

  The correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution is: Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure. Security Gateway failover is a feature that allows a cluster of Security Gateways to provide high availability and load balancing for network traffic. If one Security Gateway fails or becomes unreachable, another Security Gateway in the cluster automatically takes over its role and handles the traffic without interrupting the service. Security Management Server failover is a feature that allows a backup Security Management Server to take over the role of the primary Security Management Server in case of failure or disaster. However, this feature requires manual intervention to activate the backup server and restore the database from a backup file.

• Question 130:

  SandBlast appliances can be deployed in the following modes:

  A. using a SPAN port to receive a copy of the traffic only
  B. detect only
  C. inline/prevent or detect
  D. as a Mail Transfer Agent and as part of the traffic flow only
  C. inline/prevent or detect

  ---

  Explanation/Reference:

  SandBlast appliances can be deployed in the following modes:

  C. Inline/prevent or detect

  SandBlast appliances can be deployed in an inline mode where they actively inspect and prevent or detect malicious traffic. In this mode, the appliance sits in the network traffic path and can take actions to block or detect threats in real-time.

  References: Check Point Certified Security Expert R81 Study Guide, Check Point documentation on SandBlast.