CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 161:

  Which process is used mainly for backward compatibility of gateways in R81.X? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.

  A. cpm
  B. fwd
  C. cpd
  D. fwm D18912E1457D5D1DDCBD40AB3BF70D5D
  D. fwm D18912E1457D5D1DDCBD40AB3BF70D5D

  ---

  Explanation/Reference:

  The process that is used mainly for backward compatibility of gateways in R81.X is fwm. The fwm daemon handles communication with GUI-client, database manipulation, policy compilation and Management HA synchronization for legacy gateways that do not support the cpm daemon. The cpm daemon is the new Check Point Management Server daemon that handles these tasks for R80 and higher gateways. The cpd daemon is the Check Point Management daemon that handles communication between SmartConsole applications and Security Management Servers. The fwd daemon is the Firewall Daemon that handles communication between Security Gateways and Security Management Servers2. References: 2: Check Point Software, Getting Started, Processes.

• Question 162:

  What technologies are used to deny or permit network traffic?

  A. Stateful Inspection, Firewall Blade, and URL/Application Blade
  B. Packet Filtering, Stateful Inspection, and Application Layer Firewall
  C. Firewall Blade, URL/Application Blade, and IPS
  D. Stateful Inspection, URL/Application Blade, and Threat Prevention
  B. Packet Filtering, Stateful Inspection, and Application Layer Firewall

  ---

  Explanation/Reference:

  Packet filtering, stateful inspection, and application layer firewall are technologies used to deny or permit network traffic based on different criteria. Packet filtering is a basic firewall technology that examines the header of each packet and compares it to a set of rules to decide whether to allow or drop it. Stateful inspection is an advanced firewall technology that tracks the state and context of each connection and applies security rules based on the connection information. Application layer firewall is a firewall technology that inspects the content and behavior of applications and protocols at the application layer of the OSI model and enforces granular policies based on the application identity, user identity, and content type. References: Check Point R81 Firewall Administration Guide, page 9-10

• Question 163:

  Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?

  A. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build
  B. In WebUI Status and Actions page or by running the following command in CLISH: show installer status version
  C. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build
  D. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent
  A. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build

  ---

  Explanation/Reference:

  To verify the CPUSE agent build, you can use either of these methods:

  In WebUI Status and Actions page

  By running the following command in CLISH: show installer status build The CPUSE agent build indicates the version of the CPUSE agent that is installed on the machine. The CPUSE agent is responsible for downloading, verifying, installing,

  and removing packages on Gaia OS. It is recommended to keep the CPUSE agent up-to-date to ensure a smooth installation and upgrade process.

  References: [CPUSE Agent]

• Question 164:

  Which feature is NOT provided by all Check Point Mobile Access solutions?

  A. Support for IPv6
  B. Granular access control
  C. Strong user authentication
  D. Secure connectivity
  A. Support for IPv6

  ---

  Explanation/Reference:

  The feature that is not provided by all Check Point Mobile Access solutions is support for IPv6. Check Point Mobile Access is a comprehensive solution that provides secure remote access to corporate applications and resources using various methods, such as SSL VPN, IPsec VPN, clientless VPN, and mobile VPN. However, not all of these methods support IPv6, which is the latest version of the Internet Protocol that uses 128-bit addresses. According to the Check Point Mobile Access R81 Administration Guide1, only the following Mobile Access methods support IPv6: SSL Network Extender (SNX) - a thin client that enables remote users to connect securely to the corporate network using SSL/TLS VPN. Mobile VPN - a full VPN client that enables remote users to connect securely to the corporate network using IPsec VPN. Capsule Connect - a mobile VPN app for iOS and Android devices that enables remote users to connect securely to the corporate network using IPsec VPN. The following Mobile Access methods do not support IPv6: Clientless VPN - a web-based method that enables remote users to access web applications and services using a web browser without installing any software on their devices. Endpoint Security VPN - a full VPN client that enables remote users to connect securely to the corporate network using IPsec VPN and also provides endpoint security features such as firewall, anti-virus, anti-malware, etc. Capsule Workspace - a mobile app for iOS and Android devices that enables remote users to access email, calendar, contacts, and corporate applications securely without requiring a VPN connection.

• Question 165:

  To optimize Rule Base efficiency, the most hit rules should be where?

  A. Removed from the Rule Base.
  B. Towards the middle of the Rule Base.
  C. Towards the top of the Rule Base.
  D. Towards the bottom of the Rule Base.
  C. Towards the top of the Rule Base.

  ---

  Explanation/Reference:

  To optimize Rule Base efficiency, the most hit rules should be towards the top of the Rule Base. This is because the Rule Base is processed from top to bottom, and the first rule that matches the traffic is applied. Therefore, placing the most hit rules at the top reduces the number of rules that need to be checked and improves the performance of the firewall. References: R81 Security Management Administration Guide, page 97.

• Question 166:

  Which of the following is NOT a valid type of SecureXL template?

  A. Accept Template
  B. Deny template
  C. Drop Template
  D. NAT Template
  B. Deny template

  ---

  Explanation/Reference:

  The type of SecureXL template that is not valid among the options is Deny template. SecureXL templates are pre-allocated data structures that store information about connections that match certain criteria. They are used to accelerate the processing of packets that belong to those connections. The valid types of SecureXL templates are Accept, Drop, NAT, and Crypt. The Accept template is used for connections that are allowed by the Firewall policy. The Drop template is used for connections that are blocked by the Firewall policy. The NAT template is used for connections that require Network Address Translation. The Crypt template is used for connections that require encryption or decryption. References: [SecureXL Templates]

• Question 167:

  Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig'' to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary and Secondary" Which configuration option does she need to look for:

  A. Certificate's Fingerprint
  B. Random Pool
  C. CA Authority
  D. Certificate Authority
  D. Certificate Authority

  ---

  Explanation/Reference:

  Certificate Authority (CA) is a service that issues and manages digital certificates for secure communication between Check Point components. CA can be installed on a Security Management Server or on a dedicated server. CA can be configured as primary or secondary in a High Availability cluster. The cpconfig command is used to run the Check Point Configuration Tool on Gaia OS, which allows users to configure various settings for Check Point products. One of the configuration options is Certificate Authority, which shows if CA is installed on the server and if it is primary or secondary5. Therefore, Alice needs to look for this option to check the CA status. References: 5: cpconfig

• Question 168:

  What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI?

  A. set config-lock on override
  B. Click the Lock icon in the WebUI
  C. "set rbac rw = 1''
  D. lock database override
  C. "set rbac rw = 1''

• Question 169:

  What is the biggest benefit of policy layers?

  A. To break one policy into several virtual policies
  B. Policy Layers and Sub-Policies enable flexible control over the security policy
  C. They improve the performance on OS kernel version 3.0
  D. To include Threat Prevention as a sub policy for the firewall policy
  B. Policy Layers and Sub-Policies enable flexible control over the security policy

  ---

  Explanation/Reference:

  The biggest benefit of policy layers is that they enable flexible control over the security policy. Policy layers and sub-policies allow administrators to break one policy into several virtual policies, each with its own set of rules and actions. Policy layers can be ordered, shared, and reused across different policies. Policy layers can also include Threat Prevention as a sub-policy for the firewall policy. References: [Check Point R81 Security Management Guide]

• Question 170:

  What state is the Management HA in when both members have different policies/databases?

  A. Synchronized
  B. Never been synchronized
  C. Lagging
  D. Collision
  D. Collision

  ---

  Explanation/Reference:

  The state of the Management HA when both members have different policies/databases is Collision. This state indicates that there is a conflict between the members and they need to be synchronized manually. The other states are not applicable in this scenario. The Synchronized state indicates that both members have identical policies/databases and are ready for failover. The Never been synchronized state indicates that the members have never been synchronized since they were configured as HA pair. The Lagging state indicates that one member has a newer policy/database than the other member and needs to be synchronized automatically. References: [Management High Availability]

  https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityManagement_WebAdminGui de/ html_frameset.htm?topic=documents/R77/CP_R77_SecurityManagement_WebAdminGuid e/98838