What is the correct command to observe the Sync traffic in a VRRP environment?
A. fw monitor "accept[12:4,b]=224.0.0.18;"
B. fw monitor "accept port(6118;"
C. fw monitor "accept proto=mcVRRP;"
D. fw monitor "accept dst=224.0.0.18;"
Correct Answer: D
The correct command to observe the Sync traffic in a VRRP environment is fw monitor "accept dst=224.0.0.18;". This command captures the packets that have the destination IP address of 224.0.0.18, which is the multicast address used by VRRP for synchronization. The other commands are either not valid or not specific to VRRP Sync traffic. References: [Check Point R81 ClusterXL Administration Guide], Check Point R81 Performance Tuning Administration Guide
Question 142:
Which two of these Check Point Protocols are used by SmartEvent Processes?
A. ELA and CPD
B. FWD and LEA
C. FWD and CPLOG
D. ELA and CPLOG
Correct Answer: D
SmartEvent Processes use two Check Point Protocols: ELA (Event Log Agent) and CPLOG (Check Point Log). ELA collects logs from Security Gateways and forwards them to the Log Server. CPLOG is used by the Log Server to communicate with the SmartEvent Server. References: [SmartEvent Architecture]
Question 143:
In R81 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Correct Answer: D
In R81, spoofing is defined as a method of making packets appear as if they come from an authorized IP address. Spoofing can be used by attackers to bypass security policies or hide their identity. Check Point firewalls use anti-spoofing mechanisms to prevent spoofed packets from entering or leaving the network. References: Security Gateway R81 Administration Guide:
Question 144:
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's machine via the web browser. What are the two modes of SNX?
A. Application and Client Service
B. Network and Application
C. Network and Layers
D. Virtual Adapter and Mobile App
Correct Answer: B
SSL Network Extender (SNX) has two modes of operation: Network Mode and Application Mode. Network Mode provides full network connectivity to the remote user, while Application Mode provides access to specific applications on the corporate network. References: [SSL Network Extender]
Question 145:
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
A. Inspect/Bypass
B. Inspect/Prevent
C. Prevent/Bypass
D. Detect/Bypass
Correct Answer: A
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines an Inspect or Bypass action for the file types. The Inspect action means that the file will be sent to the Threat Emulation engine for analysis, and the Bypass action means that the file will not be sent and will be allowed or blocked based on other Threat Prevention blades1. The other options are not valid actions for file types in Threat Prevention profiles. References: Check Point R81 Threat Prevention Administration Guide
Question 146:
NAT rules are prioritized in which order?
1.
Automatic Static NAT
2.
Automatic Hide NAT
3.
Manual/Pre-Automatic NAT
4.
Post-Automatic/Manual NAT rules
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
Correct Answer: A
NAT rules are prioritized in the following order:
Automatic Static NAT: This is the highest priority NAT rule and it translates the source or destination IP address to a different IP address without changing the port number. It is configured in the network object properties. Automatic Hide NAT:
This is the second highest priority NAT rule and it translates the source IP address and port number to a different IP address and port number. It is configured in the network object properties. Manual/Pre-Automatic NAT: This is the third
highest priority NAT rule and it allows you to create custom NAT rules that are not possible with automatic NAT. It is configured in the NAT policy rulebase before the automatic NAT rules. Post-Automatic/Manual NAT rules: This is the lowest
priority NAT rule and it allows you to create custom NAT rules that are not possible with automatic NAT. It is configured in the NAT policy rulebase after the automatic NAT rules.
Question 147:
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Correct Answer: C
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".
References: VPN Administration Guide
Question 148:
Which features are only supported with R81.20 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control and URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Correct Answer: C
The features that are only supported with R81.20 Gateways and not with R77.x are described in option C:
"C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence."
This feature, known as Rule Base Layers, allows for greater flexibility and control in organizing and prioritizing security rules within the rule base.
Options A, B, and D do not specifically pertain to features introduced in R81.20 and are available in earlier versions as well.
References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.
Question 149:
The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Correct Answer: D
Question 150:
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
A. Secure Internal Communication (SIC)
B. Restart Daemons if they fail
C. Transfers messages between Firewall processes
D. Pulls application monitoring status
Correct Answer: D
The CPD daemon is a Firewall Kernel Process that does not pull application monitoring status. The CPD daemon is responsible for Secure Internal Communication (SIC), restarting daemons if they fail, transferring messages between Firewall processes, and managing policy installation. References: CPD process
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.