CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 151:

  To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

  A. fw ctl Dyn_Dispatch on
  B. fw ctl Dyn_Dispatch enable
  C. fw ctl multik set_mode 4
  D. fw ctl multik set_mode 1
  C. fw ctl multik set_mode 4

  ---

  Explanation/Reference:

  Dynamic Dispatch is a feature that enhances CoreXL performance by dynamically assigning new connections to CoreXL FW instances based on their CPU utilization1. To enable Dynamic Dispatch on Security Gateway without enabling Firewall Priority Queues (FPQ), you need to run the command fw ctl multik set_mode 4 in Expert mode and reboot2. This command will set the CoreXL mode to Dynamic Dispatcher without FPQ. The other options are not correct because:

  A. fw ctl Dyn_Dispatch on: This command does not exist and will return an error message.

  B. fw ctl Dyn_Dispatch enable: This command does not exist and will return an error message.

  D. fw ctl multik set_mode 1: This command will set the CoreXL mode to Static Dispatcher without FPQ, which is the default mode2. This mode will use a static hash function to assign new connections to CoreXL FW instances based on their IP addresses and protocol. References: CoreXL Dynamic Dispatcher, To fully enable Dynamic Dispatcher on a Security Gateway, Running Dynamic Dispatch / Dynamic Split / Dynamic Balancing on VSEC/IaaS in Vmware, Dynamic Balancing for CoreXL

• Question 152:

  What are the two types of tests when using the Compliance blade?

  A. Policy-based tests and Global properties
  B. Global tests and Object-based tests
  C. Access Control policy analysis and Threat Prevention policy analysis
  D. Tests conducted based on the loC XMfcfile and analysis of SOLR documents
  B. Global tests and Object-based tests

  ---

  Explanation/Reference:

  The Check Point Compliance Blade has a library of Check Point-defined tests to use as a baseline for good gateway and policy configuration. A Best Practice test is related to specified regulations in different regulatory standards. It describes compliance status and recommends corrective steps. Global Tests - Examine all applicable configuration settings in the organization. Object-based Tests - Examine the configuration settings for specified objects (gateways, profiles and other objects) https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolution details=andsolutionid=sk120256

• Question 153:

  Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?

  A. SOAP
  B. REST
  C. XLANG
  D. XML-RPC
  B. REST

  ---

  Explanation/Reference:

  The Check Point R81 Identity Awareness Web API uses the REST web services protocol to communicate with external identity sources. REST stands for Representational State Transfer, and it is an architectural style for designing web services that use HTTP methods to access and manipulate resources. The Identity Awareness Web API allows external identity sources to send identity and session information to the Security Gateway, which can then use this information for policy enforcement.

• Question 154:

  Which of these statements describes the Check Point ThreatCloud?

  A. Blocks or limits usage of web applications
  B. Prevents or controls access to web sites based on category
  C. Prevents Cloud vulnerability exploits
  D. A worldwide collaborative security network
  D. A worldwide collaborative security network

  ---

  Explanation/Reference:

  The Check Point ThreatCloud is a worldwide collaborative security network that collects and analyzes threat data from millions of sensors, security gateways, and other sources, and delivers real-time threat intelligence and protection to Check Point products. References: Check Point ThreatCloud

• Question 155:

  NO: 219

  What cloud-based SandBlast Mobile application is used to register new devices and users?

  A. Check Point Protect Application
  B. Management Dashboard
  C. Behavior Risk Engine
  D. Check Point Gateway
  D. Check Point Gateway

  ---

  Explanation/Reference:

  The cloud-based SandBlast Mobile application that is used to register new devices and users is Check Point Gateway. Check Point Gateway is a web portal that allows administrators to enroll devices and users into the SandBlast Mobile service, which is a cloud-based solution that protects mobile devices from advanced threats. Check Point Gateway also allows administrators to configure policies, monitor device status, and generate reports for SandBlast Mobile.

• Question 156:

  In what way are SSL VPN and IPSec VPN different?

  A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
  B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
  C. IPSec VPN does not support two factor authentication, SSL VPN does support this
  D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.
  D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

  ---

  Explanation/Reference:

  The way SSL VPN and IPSec VPN are different is that IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only. SSL VPN and IPSec VPN are two types of VPN technologies that provide secure remote access to network resources over the internet. SSL VPN uses SSL/TLS protocol to establish an encrypted tunnel between the client and the server, and does not require any additional software or hardware on the client side. IPSec VPN uses IPSec protocol to establish an encrypted tunnel between the client and the server, and requires a dedicated virtual adapter on the client side to handle the IPSec traffic. The other options are either incorrect or not relevant to SSL VPN and IPSec VPN.

• Question 157:

  Bob is going to prepare the import of the exported R81.20 management database. Now he wants to verify that the installed tools on the new target security management machine are able to handle the R81.20 release. Which of the following Check Point command is true?

  A. $FWDIR/scripts/migrate_server print_installed_tools -v R77.30
  B. $CPDIR/scripts/migrate_server print_installed_tools -v R81.20
  C. $FWDIR/scripts/migrate_server print_installed_tools -v R81.20
  D. $FWDIR/scripts/migrate_server print_uninstalled_tools -v R81.20
  C. $FWDIR/scripts/migrate_server print_installed_tools -v R81.20

  ---

  Explanation/Reference:

  The correct Check Point command to verify that the installed tools on the new target security management machine are able to handle the R81.20 release is $FWDIR/scripts/migrate_server print_installed_tools -v R81.20. This command will print the list of installed migration tools and their versions, and check if they match the specified version (R81.20 in this case). If the tools are not installed or do not match, the command will print an error message3. References: Check Point R81 Installation and Upgrade Guide

• Question 158:

  The Check Point history feature in R81 provides the following:

  A. View install changes and install specific version
  B. View install changes
  C. Policy Installation Date, view install changes and install specific version
  D. Policy Installation Date only
  A. View install changes and install specific version

  ---

  Explanation/Reference:

  The Check Point history feature in R81 provides the following functions:

  View install changes: This function allows you to view the changes that were made in each policy installation, such as added, modified, or deleted rules, objects, settings, etc. You can also compare the changes between different policy

  installations and filter them by various criteria. Install specific version: This function allows you to install a specific version of the policy from the history, which can be useful for reverting to a previous policy or testing different policies. You can

  also view the changes that will be applied by installing a specific version before installing it. References: R81 Security Management Administration Guide, page 85.

• Question 159:

  Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

  A. /opt/CPshrd-R81/conf/local.arp
  B. /var/opt/CPshrd-R81/conf/local.arp
  C. $CPDIR/conf/local.arp
  D. $FWDIR/conf/local.arp
  D. $FWDIR/conf/local.arp

  ---

  Explanation/Reference:

  The file that contains the host address to be published, the MAC address that needs to be associated with the IP address, and the unique IP of the interface that responds to ARP request is $FWDIR/conf/local.arp. Local.arp is a configuration file that defines static ARP entries for hosts behind NAT devices. This file allows the Security Gateway to respond to ARP requests for NATed hosts with the correct MAC address, and to publish the NATed IP address instead of the real IP address. The other files are either not related or not valid.

• Question 160:

  What kind of information would you expect to see when using the "sim affinity -I" command?

  A. Overview over SecureXL templated connections
  B. The VMACs used in a Security Gateway cluster
  C. Affinity Distribution
  D. The involved firewall kernel modules in inbound and outbound packet chain
  C. Affinity Distribution

  ---

  Explanation/Reference:

  The "sim affinity -I" command is a command that displays the affinity distribution of the Security Gateway's interfaces. Affinity distribution is the assignment of CPU cores to handle the traffic from different interfaces. The "sim affinity -I"

  command shows the following information for each interface:

  The interface name, such as eth0, eth1, etc.

  The interface index, such as 0, 1, 2, etc.

  The interface type, such as physical, bond, VLAN, etc.

  The interface state, such as up or down

  The interface speed, such as 1000 Mbps, 10000 Mbps, etc.

  The interface MTU, such as 1500, 9000, etc.

  The interface MAC address, such as 00:11:22:33:44:55 The interface IP address, such as 192.168.1.1, 10.0.0.1, etc. The interface affinity mask, such as 0x00000001, 0x00000002, etc. The affinity mask is a hexadecimal value that

  represents the CPU cores that are assigned to handle the traffic from the interface. For example, 0x00000001 means that only CPU core 0 is assigned, 0x00000003 means that CPU cores 0 and 1 are assigned, and so on. The "sim affinity -I"

  command can help you to monitor and optimize the performance of your Security Gateway by showing you how the traffic load is distributed among the CPU cores. You can also use the "sim affinity" command with other options to change the

  affinity settings of the interfaces or the firewall instances. For more information, you can refer to the Check Point R81.20 (Titan) Resolved Issues and Enhancements1 or the Solved: Sim Affinity - Check Point CheckMates2.