CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 141:

  Which view is NOT a valid CPVIEW view?

  A. IDA
  B. RAD
  C. PDP
  D. VPN
  C. PDP

  ---

  Explanation/Reference:

  PDP is not a valid CPVIEW view. CPVIEW is a command-line tool that shows the status of different system parameters, such as CPU, memory, disk, network, and firewall. The valid views are IDA, RAD, VPN, FW, QoS, and others. PDP is a process that handles identity awareness and authentication. References: Check Point R81 Gaia Administration Guide, Check Point Identity Awareness Administration Guide R81

• Question 142:

  Which one of the following is NOT a configurable Compliance Regulation?

  A. GLBA
  B. CJIS
  C. SOCI
  D. NCIPA
  C. SOCI

  ---

  Explanation/Reference:

  The Check Point Compliance Blade is a security management tool that monitors the compliance status of the Security Gateways and Security Management Servers with various regulatory standards1. The Compliance Blade supports the following regulatory standards2: GLBA: The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, is a US federal law that requires financial institutions to protect the privacy and security of their customers' personal information. CJIS: The Criminal Justice Information Services Division, also known as CJIS, is a division of the US Federal Bureau of Investigation that provides criminal justice information services to law enforcement, national security, and intelligence agencies. CJIS has a set of security policies and requirements that govern the access, use, and protection of the CJIS data. NCIPA: The National Counterintelligence and Security Center Insider Threat Program Maturity Framework, also known as NCIPA, is a US government framework that provides guidance and best practices for establishing and enhancing insider threat programs within federal agencies. NCIPA defines five levels of maturity for insider threat programs, from initial to optimized. SOCI: This is not a valid option for a configurable Compliance Regulation. There is no such regulatory standard with this acronym. However, there is a similar acronym, SOC 2, which stands for Service Organization Control 2, which is a set of standards and criteria for auditing the security, availability, processing integrity, confidentiality, and privacy of service providers that store, process, or transmit customer data3. Therefore, the correct answer is C, as SOCI is not a configurable Compliance Regulation. References: 1: ATRG: Compliance Blade (R80.10 and higher) - Check Point Software 3 2: Check Point R81 - Check Point Software 1 3: SOC 2 Compliance Checklist: What You Need to Know - Varonis

• Question 143:

  Which of the following is NOT an alert option?

  A. SNMP
  B. High alert
  C. Mail
  D. User defined alert
  B. High alert

  ---

  Explanation/Reference:

  High alert is not an alert option in Check Point. Alert options are ways to notify the administrator or other parties when a security event occurs. The available alert options are SNMP, Mail, User defined alert, Log, Popup alert, and User alert. References: Training and Certification | Check Point Software, Check Point Resource Library

• Question 144:

  How can you see historical data with cpview?

  A. cpview -f
  B. cpview -e
  C. cpview -t
  D. cpview -d
  C. cpview -t

  ---

  Explanation/Reference:

  To see historical data with cpview, you can use the cpview -t command, where is the date and time you want to view. For example, cpview -t Jan 01 2023 12:00:00 will show you the cpview data for January 1st, 2023 at noon. You can also enter a partial date, such as Jan 02, to see the data for the whole day. This feature is available in R77.10 and higher versions of Check Point software1. You can also access the historical data by pressing the "t" key while running cpview in live mode and entering the desired date and time1. The historical data is stored in the CPViewDB.dat file in the /var/log/CPView_history directory on your gateway2. You can export this file and import it into other tools for visualization, such as Grafana3.

• Question 145:

  What needs to be configured if the NAT property `Translate destination or client side' is not enabled in Global Properties?

  A. A host route to route to the destination IP.
  B. Use the file local.arp to add the ARP entries for NAT to work.
  C. Nothing, the Gateway takes care of all details necessary.
  D. Enabling `Allow bi-directional NAT' for NAT to work correctly.
  C. Nothing, the Gateway takes care of all details necessary.

  ---

  Explanation/Reference:

  The NAT property `Translate destination or client side' is used to determine whether the destination IP address of a packet should be translated on the client side or the server side of a connection. If this property is not enabled, then the destination IP address is translated on the server side, which means that the gateway takes care of all details necessary for NAT to work. The gateway will send an ARP request for the translated IP address and will reply to any ARP requests for that address. Therefore, there is no need to configure a host route, use the local.arp file, or enable bi-directional NAT for NAT to work correctly. References: R81 Security Management Administration Guide, page 1010.

• Question 146:

  True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway.

  A. True, CLI is the prefer method for Licensing
  B. False, Central License are handled via Security Management Server
  C. False, Central Licenses are installed via Gaia on Security Gateways
  D. True, Central License can be installed with CPLIC command on a Security Gateway
  D. True, Central License can be installed with CPLIC command on a Security Gateway

  ---

  Explanation/Reference:

  In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway using the CPLIC command. The CPLIC command allows you to add, delete, or list Central Licenses on a Security Gateway from the command line. You need to provide the IP address of the Security Management Server and the license string as parameters for the CPLIC command.

• Question 147:

  Which Mobile Access Solution is clientless?

  A. Mobile Access Portal
  B. Checkpoint Mobile
  C. Endpoint Security Suite
  D. SecuRemote
  A. Mobile Access Portal

  ---

  Explanation/Reference:

  Mobile Access Portal is a clientless solution that provides secure web access to corporate resources from any device and any browser. Mobile Access Portal uses SSL encryption and authentication to protect the data and the identity of the

  users. Mobile Access Portal supports various types of web applications, such as webmail, file shares, intranet sites, and web-based applications.

  The references are:

  Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 15 Check Point R81 Mobile Access Blade Administration Guide, page 7 [Check Point Mobile Access Software Blade]

• Question 148:

  How many layers make up the TCP/IP model?

  A. 2
  B. 7
  C. 6
  D. 4
  D. 4

  ---

  Explanation/Reference:

  The TCP/IP model is a four-layer model that describes how data is transmitted over a network. The four layers are: Application, Transport, Internet, and Network Access. The Application layer provides services and protocols for applications to communicate with each other. The Transport layer provides reliable or unreliable data delivery between hosts. The Internet layer provides routing and addressing of packets across networks. The Network Access layer provides physical and logical access to the network media. References: Training and Certification | Check Point Software, Check Point Resource Library

• Question 149:

  What are scenarios supported by the Central Deployment in SmartConsole?

  A. Installation of Jumbo Hotfix on a ClusterXL environment in High Availability Mode
  B. Upgrading a Dedicated SmartEvent Server
  C. Upgrading a Dedicated Log Server to R81
  D. Upgrading a Standalone environment
  A. Installation of Jumbo Hotfix on a ClusterXL environment in High Availability Mode

• Question 150:

  An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.

  Why does it not allow him to specify the pre-shared secret?

  A. IPsec VPN blade should be enabled on both Security Gateway.
  B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
  C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
  D. The Security Gateways are pre-R75.40.
  C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.

  ---

  Explanation/Reference:

  When two Security Gateways are managed by the same Security Management Server, they use certificate based authentication to establish a VPN tunnel. This is because the Security Management Server acts as an internal certificate authority (ICA) that can issue and revoke certificates for the Security Gateways. The Security Management Server also maintains a trust relationship with the Security Gateways, which is based on a one-time password (OTP) that is used to initialize secure internal communication (SIC). Therefore, there is no need to use a pre-shared secret for authentication between two Security Gateways managed by the same SMS.