CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 131:

  What is the mechanism behind Threat Extraction?

  A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

  B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

  C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

  D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

  Correct Answer: D

  Threat Extraction is a technology that removes potentially malicious features that are known to be risky from files (macros, embedded objects and more), rather than determining their maliciousness. By cleaning the file before it enters the organization, Threat Extraction preemptively prevents both known and unknown threats, providing better protection against zero-day attacks1. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast2. The other options are either incorrect or irrelevant to the mechanism behind Threat Extraction. References: Threat Extraction (CDR) - Check Point Software, Check Point Document Threat Extraction Technology

• Question 132:

  Which statement is NOT TRUE about Delta synchronization?

  A. Using UDP Multicast or Broadcast on port 8161

  B. Using UDP Multicast or Broadcast on port 8116

  C. Quicker than Full sync

  D. Transfers changes in the Kernel tables between cluster members.

  Correct Answer: A

  The statement that is not true about Delta synchronization is Using UDP Multicast or Broadcast on port 8161. Delta synchronization is a mechanism that transfers only the changes in the kernel tables between cluster members, instead of sending the entire tables. It uses UDP Multicast or Broadcast on port 8116, not 81612. The other statements are true about Delta synchronization. References: Check Point R81 ClusterXL Administration Guide

• Question 133:

  Advanced Security Checkups can be easily conducted within:

  A. Reports

  B. Advanced

  C. Checkups

  D. Views

  E. Summary

  Correct Answer: A

  Advanced Security Checkups can be easily conducted within the Reports tab in the Logs and Monitor view in SmartConsole. The Reports tab allows you to generate and view various reports that provide insights into the security status and performance of your network. You can use predefined reports or create custom reports based on your needs. You can also schedule reports to run automatically and send them by email. Some of the predefined reports that can help you conduct advanced security checkups are: Security Overview: This report provides a summary of the security posture of your network, including the number and severity of incidents, the top attacked hosts and services, the top attackers and attack methods, the top detected threats and vulnerabilities, etc. Security Best Practices: This report evaluates your security configuration and policy against the Check Point best practices and provides recommendations for improvement. It covers areas such as firewall policy, NAT policy, VPN policy, identity awareness, threat prevention, etc. Compliance Status: This report assesses your compliance level with various regulations and standards, such as PCI DSS, ISO 27001, NIST 800-53, etc. It shows the compliance score, the compliance status of each requirement, the compliance status of each gateway and blade, etc. Network Activity: This report shows the network activity and traffic patterns on your network, including the top sources and destinations of traffic, the top protocols and applications used, the top bandwidth consumers, etc. System Health: This report monitors the health and performance of your management server and gateways, including the CPU utilization, memory usage, disk space, network interfaces, etc. References: R81 Logging and Monitoring Administration Guide

• Question 134:

  What is not a component of Check Point SandBlast?

  A. Threat Emulation

  B. Threat Simulator

  C. Threat Extraction

  D. Threat Cloud

  Correct Answer: B

  Threat Simulator is not a component of Check Point SandBlast. Check Point SandBlast is a solution that provides advanced protection against zero-day threats using four components: Threat Emulation, Threat Extraction, Threat Cloud, and Threat Prevention. References: Check Point SandBlast Network

• Question 135:

  What are the different command sources that allow you to communicate with the API server?

  A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

  B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

  C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

  D. API_cli Tool, Gaia CLI, Web Services

  Correct Answer: B

  You can communicate with the API server using three command sources:

  SmartConsole GUI Console, mgmt_cli Tool, and Gaia CLI. Web Services are not a command source, but a way to access the API server using HTTP requests.

  References: Check Point Management APIs

• Question 136:

  Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

  A. 50%

  B. 75%

  C. 80%

  D. 15%

  Correct Answer: D

  Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to a certain threshold. In this case, the correct threshold is specified as option D: 15%. So, when the available disk space reaches or falls below 15%, old log entries should be deleted to free up space.

  Options A, B, and C do not represent the recommended threshold for deleting old log entries according to Check Point's best practices.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 137:

  You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

  A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

  B. Create a separate Security Policy package for each remote Security Gateway.

  C. Create network objects that restricts all applicable rules to only certain networks.

  D. Run separate SmartConsole instances to login and configure each Security Gateway directly.

  Correct Answer: B

  To simplify security administration when working with multiple Security Gateways enforcing an extensive number of rules, you would choose to create a separate Security Policy package for each remote Security Gateway. A Security Policy package is a set of rules and objects that can be assigned to one or more Security Gateways. This allows you to manage different policies for different gateways from the same Management Server1. The other options are either not effective or not feasible for simplifying security administration. References: Check Point R81 Security Management Administration Guide

• Question 138:

  To fully enable Dynamic Dispatcher on a Security Gateway:

  A. run fw ctl multik set_mode 9 in Expert mode and then Reboot.

  B. Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu.

  C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

  D. run fw multik set_mode 1 in Expert mode and then reboot.

  Correct Answer: A

  To fully enable Dynamic Dispatcher on a Security Gateway, you need to run the following command in Expert mode then reboot:

  

  This command sets the multi-core mode to 9, which means that Dynamic Dispatcher is enabled without Firewall Priority Queues. Dynamic Dispatcher is a feature that optimizes the performance of Security Gateways with multiple CPU cores by dynamically allocating traffic to different cores based on their load and priority. Dynamic Dispatcher can improve the throughput and scalability of the Security Gateway, especially for traffic that is not accelerated by SecureXL. The other commands are not valid or do not enable Dynamic Dispatcher. References: R81 Performance Tuning Administration Guide

• Question 139:

  What is the limitation of employing Sticky Decision Function?

  A. With SDF enabled, the involved VPN Gateways only supports IKEv1

  B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

  C. With SDF enabled, only ClusterXL in legacy mode is supported

  D. With SDF enabled, you can only have three Sync interfaces at most

  Correct Answer: B

  Sticky Decision Function (SDF) is a feature that ensures that VPN traffic is handled by the same core on a Security Gateway with multiple CPU cores. This improves the performance and stability of VPN tunnels by avoiding out-of-order packets and reducing encryption overhead. However, the limitation of employing SDF is that acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF. This means that SDF may reduce the overall throughput and scalability of the Security Gateway. Therefore, SDF should be used only when necessary and only on gateways that are dedicated to VPN traffic. References: R81 Performance Tuning Administration Guide

• Question 140:

  In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

  A. Big l

  B. Little o

  C. Little i

  D. Big O

  Correct Answer: A

  The inspection point Big l is the first point immediately following the tables and rule base check of a packet coming from outside of the network. It is also the last point before the packet leaves the Security Gateway to the internal network1. The other inspection points are either before or after the rule base check, or in a different direction of traffic flow2. References: Check Point R81 Security Gateway Architecture and Packet Flow, 156-315.81 Checkpoint Exam Info and Free Practice Test - ExamTopics