CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 131:

  Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

  A. 50%
  B. 75%
  C. 80%
  D. 15%
  D. 15%

  ---

  Explanation/Reference:

  Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to a certain threshold. In this case, the correct threshold is specified as option D: 15%. So, when the available disk space reaches or falls below 15%, old log entries should be deleted to free up space.

  Options A, B, and C do not represent the recommended threshold for deleting old log entries according to Check Point's best practices.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 132:

  How can SmartView application accessed?

  A. http:///smartview
  B. http://:4434/smartview/
  C. https:///smartview/
  D. https://:4434/smartview/
  C. https:///smartview/

  ---

  Explanation/Reference:

  SmartView is a web-based application that allows you to view and analyze logs, reports, and events from multiple Check Point products. You can access SmartView by using the following URL:

  

  You need to use HTTPS protocol and the default port 443. You also need to enter the IP address of the Security Management Server that hosts the SmartView application. You cannot use the host name of the Security Management Server or a different port number. References: SmartView R81 Administration Guide

• Question 133:

  The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to___________via____________

  A. cpd, fwm
  B. cpm, cpd
  C. fwm, cpd
  D. cpwd, fwssd
  C. fwm, cpd

  ---

  Explanation/Reference:

  The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to fwm via cpd. The fwm process is responsible for managing the log files and the cpd process is responsible for communication between processes. The other options are incorrect because they involve processes that are not related to logging or communication. References: Check Point Certified Security Expert R81.20 Course Overview, sk163413: Support, Support Requests, Training ... - Check Point Software, Check Point Certified Security Expert R81.20

• Question 134:

  The following command is used to verify the CPUSE version:

  A. HostName:0>show installer status build
  B. [Expert@HostName:0]#show installer status
  C. [Expert@HostName:0]#show installer status build
  D. HostName:0>show installer build
  A. HostName:0>show installer status build

  ---

  Explanation/Reference:

  The correct command to verify the CPUSE (Check Point Update Service Engine) version is:

  

  Option B is incorrect because it uses the "[Expert@HostName:0]#" prompt, which is typically used for expert mode commands, but the CPUSE version can be checked using the "show installer status build" command in standard mode.

  Option C is incorrect because it uses the "[Expert@HostName:0]#" prompt, and while it includes the "build" parameter, it's not the standard command to check the CPUSE version.

  Option D is incorrect because it uses the "HostName:0>" prompt, but it lacks the "show" command and uses "build" instead of "status build."

  References: Check Point Certified Security Expert R81 documentation

• Question 135:

  What traffic does the Anti-bot feature block?

  A. Command and Control traffic from hosts that have been identified as infected
  B. Command and Control traffic to servers with reputation for hosting malware
  C. Network traffic that is directed to unknown or malicious servers
  D. Network traffic to hosts that have been identified as infected
  A. Command and Control traffic from hosts that have been identified as infected

  ---

  Explanation/Reference:

  The traffic that the Anti-bot feature blocks is command and control traffic from hosts that have been identified as infected. Anti-bot is a blade that detects and prevents botnet attacks by using a cloud-based service that provides up-to-date threat intelligence. When Anti-bot detects a host that is communicating with a malicious command and control server, it blocks the traffic and generates an alert. The other options are not the types of traffic that Anti-bot blocks. References: Check Point Software, Getting Started, Anti-Bot.

• Question 136:

  What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

  A. Stateful Mode
  B. VPN Routing Mode
  C. Wire Mode
  D. Stateless Mode
  C. Wire Mode

  ---

  Explanation/Reference:

  Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".

  References: VPN Administration Guide

• Question 137:

  Alice and Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS):

  A. set mdps split brain on
  B. set mdps split plane on
  C. set mdps mgmt plane on
  D. set mdps data plane off
  C. set mdps mgmt plane on

  ---

  Explanation/Reference:

  The correct command for enabling the management data plane separation (MDPS) is set mdps mgmt plane on. This command enables routing separation between management and data planes on a security gateway. This means that management traffic will use a different routing table than data traffic, which can improve security and performance. References: [Check Point Security Expert R81 Administration Guide], page 76.

• Question 138:

  SmartEvent uses it's event policy to identify events. How can this be customized?

  A. By modifying the firewall rulebase
  B. By creating event candidates
  C. By matching logs against exclusions
  D. By matching logs against event rules
  D. By matching logs against event rules

  ---

  Explanation/Reference:

  SmartEvent uses its event policy to identify events. The event policy can be customized by matching logs against event rules. Event rules define the conditions and actions for generating events. You can create, edit, delete, enable, or disable event rules in the SmartEvent Policy tab of the SmartConsole. References: [SmartEvent Administration Guide]

• Question 139:

  What solution is multi-queue intended to provide?

  A. Improve the efficiency of traffic handling by SecureXL SNDs
  B. Reduce the confusion for traffic capturing in FW Monitor
  C. Improve the efficiency of CoreXL Kernel Instances
  D. Reduce the performance of network interfaces
  C. Improve the efficiency of CoreXL Kernel Instances

  ---

  Explanation/Reference:

  The solution that multi-queue is intended to provide is to improve the efficiency of CoreXL Kernel Instances. Multi-queue is a feature that allows each CoreXL Kernel Instance to process traffic from multiple interfaces, instead of being bound to a single interface. This improves the load balancing and performance of the Security Gateway, especially when there are high traffic volumes or asymmetric routing1. References: 1: Check Point Software, Getting Started, Multi-Queue.

• Question 140:

  What are the two modes for SNX (SSL Network Extender)?

  A. Network Mode and Application Mode
  B. Visitor Mode and Office Mode
  C. Network Mode and Hub Mode
  D. Office Mode and Hub Mode
  A. Network Mode and Application Mode

  ---

  Explanation/Reference:

  SNX (SSL Network Extender) is a thin VPN client installed on an endpoint user computer that provides secure remote access to a corporate network. It can be used with Mobile Access blade or the IPsec VPN blade via the Mobile Access or SNX portals1. SNX has two modes: Network Mode and Application Mode2. Network Mode: In this mode, SNX creates a virtual network adapter on the endpoint computer and assigns it an IP address from the internal network. This allows the endpoint computer to access all the resources on the internal network as if it was physically connected to it. Network Mode supports all IP-based applications, including TCP and UDP applications2. Application Mode: In this mode, SNX does not create a virtual network adapter on the endpoint computer, but instead intercepts the traffic of specific applications and forwards it to the Security Gateway. Application Mode supports only TCP- based applications that are defined in the Mobile Access policy. Application Mode is useful when Network Mode is not supported or when granular control over the applications is required2. References: : SSL Network Extender : SNX Modes