CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 151:

  When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

  A. None, Security Management Server would be installed by itself.

  B. SmartConsole

  C. SecureClient

  D. Security Gateway

  E. SmartEvent

  Correct Answer: D

  When doing a Stand-Alone Installation, you would install the Security Management Server with the Security Gateway as the other Check Point architecture component. A Stand-Alone Installation is where the Security Management Server and the Security Gateway are installed on the same machine2. The other options are either not Check Point architecture components, or not suitable for a Stand-Alone Installation. References: Check Point R81 Installation and Upgrade Guide

• Question 152:

  The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

  A. fwd via cpm

  B. fwm via fwd

  C. cpm via cpd

  D. fwd via cpd

  Correct Answer: A

  The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via the cpm process. The cpm process is the main management process that handles database operations, policy installation, and communication with GUI clients via TCP port 190093. The other options are either incorrect or irrelevant to the log flow. References: Certified Security Expert (CCSE) R81.20 Course Overview, Check Point Ports Used for Communication by Various Check Point Modules

• Question 153:

  What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

  A. Anti-Bot is the only countermeasure against unknown malware

  B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command and Control Centers

  C. Anti-Bot is the only signature-based method of malware protection.

  D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command and Control Center.

  Correct Answer: D

  Anti-Bot is a post-infection malware protection that detects and blocks botnet communications from infected hosts to Command and Control servers. It is different from other Threat Prevention mechanisms that prevent malware from entering the network or executing on the hosts. References: Anti-Bot Software Blade

• Question 154:

  The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

  A. add host name ip-address

  B. add hostname ip-address

  C. set host name ip-address

  D. set hostname ip-address

  Correct Answer: A

  The API command add host name ip-address can be used in a script to create 100 new host objects with different IP addresses. This command adds a new host object with the specified name and IP address to the database. The other commands are either not valid or not suitable for creating new host objects. References: Check Point - Management API reference

• Question 155:

  You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

  A. restore_backup

  B. import backup

  C. cp_merge

  D. migrate import

  Correct Answer: D

  The command migrate import can be used to restore a backup of Check Point configurations without the OS information. This command imports the configuration from a file that was created using the migrate export command, which backs up only the Check Point configuration and not the OS settings. The other commands are either not valid or not suitable for restoring a backup without the OS information. References: Check Point R81 Installation and Upgrade Guide

• Question 156:

  Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

  A. Detects and blocks malware by correlating multiple detection engines before users are affected.

  B. Configure rules to limit the available network bandwidth for specified users or groups.

  C. Use UserCheck to help users understand that certain websites are against the company's security policy.

  D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

  Correct Answer: A

  Detecting and blocking malware by correlating multiple detection engines before users are affected is not a feature associated with the Check Point URL Filtering and Application Control Blade. This feature is part of the Check Point SandBlast Network solution, which uses Threat Emulation and Threat Extraction technologies to prevent zero- day attacks. The other features are part of the URL Filtering and Application Control Blade, which allows you to control access to web applications and sites based on various criteria. References: URL Filtering and Application Control Administration Guide

• Question 157:

  Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

  A. 15 sec

  B. 60 sec

  C. 5 sec

  D. 30 sec

  Correct Answer: B

  Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every 60 seconds based on the current traffic load. This ensures optimal performance and load balancing of SecureXL instances. References: SecureXL Mechanism

• Question 158:

  In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

  A. fw ctl sdstat

  B. fw ctl affinity

  C. fw ctl multik stat

  D. cpinfo

  Correct Answer: B

  The fw ctl affinity -l -a -r -v command is the most accurate CLI command to get info about assignment (FW, SND) of all CPUs in your SGW. This command displays the affinity settings of all interfaces and processes in a verbose mode, including the Firewall (FW) and Secure Network Distributor (SND) instances. References: CoreXL Administration Guide

• Question 159:

  What command verifies that the API server is responding?

  A. api stat

  B. api status

  C. show api_status

  D. app_get_status

  Correct Answer: B

  The API server is a service that runs on the Security Management Server and enables external applications to communicate with the Check Point management database using REST APIs. You can verify that the API server is responding by using the following command in Expert mode:

  

  This command will display the current status of the API server, such as running, stopped, or initializing. It will also show the API version, port number, and SSL certificate information. References: Check Point R81 REST API Reference Guide

• Question 160:

  When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

  A. SecureID

  B. SecurID

  C. Complexity

  D. TacAcs

  Correct Answer: B

  When requiring certificates for mobile devices, the authentication method should be set to one of the following:

  Username and Password

  RADIUS

  SecurID (RSA SecurID)

  So, the correct answer is option B, "SecurID."

  Options A, C, and D are not standard authentication methods for mobile devices in this context.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.