CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 191:

  After the initial installation on Check Point appliance, you notice that the Management- interface and default gateway are incorrect.

  Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

  A. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config
  B. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config
  C. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config
  D. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config
  A. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

  ---

  Explanation/Reference:

  To set the IP address and default gateway of the Management interface on a Check Point appliance, you can use the following commands:

  set interface Mgmt ipv4-address 192.168.80.200 mask-length 24 - This command sets the IPv4 address of the Management interface to 192.168.80.200 and the subnet mask to 255.255.255.0 (24 bits). set static-route default nexthop

  gateway address 192.168.80.1 on - This command sets the default gateway to 192.168.80.1 and enables the static route. save config - This command saves the configuration changes to the appliance. These commands are documented in

  the Check Point appliance initial installation guide, which you can find in the web search results.

  The other options are incorrect because they use invalid syntax or parameters for the commands. For example, option B uses add static-route instead of set static-route, option C uses 0.0.0.0. instead of 0.0.0.0, and option D uses add static-

  route default instead of set static-route default.

• Question 192:

  Identify the API that is not supported by Check Point currently.

  A. R81 Management API
  B. Identity Awareness Web Services API
  C. Open REST API
  D. OPSEC SDK
  C. Open REST API

  ---

  Explanation/Reference:

  Check Point currently supports four types of APIs: R81 Management API, Identity Awareness Web Services API, OPSEC SDK, and Gaia REST API. The Open REST API is not a valid option. References: Check Point APIs

• Question 193:

  Which 3 types of tracking are available for Threat Prevention Policy?

  A. SMS Alert, Log, SNMP alert
  B. Syslog, None, User-defined scripts
  C. None, Log, Syslog
  D. Alert, SNMP trap, Mail
  D. Alert, SNMP trap, Mail

  ---

  Explanation/Reference:

  The three types of tracking available for Threat Prevention Policy are Alert, SNMP trap, and Mail. These tracking options can be configured in the Threat Prevention tab of the SmartConsole, under the Policy section. The tracking options determine how the system notifies the administrator of events that match the policy rules. References: Configuring Threat Prevention Policy

• Question 194:

  Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.

  A. WMI
  B. Eventvwr
  C. XML
  D. Services.msc
  A. WMI

  ---

  Explanation/Reference:

  Identity Awareness AD-Query is using the Microsoft WMI API to learn users from AD. WMI stands for Windows Management Instrumentation, and it is an API that allows remote management and monitoring of Windows systems. Identity Awareness AD- Query is a feature that enables the Security Gateway to query Active Directory servers for user and computer information, such as login events, group membership, and IP addresses. By using the WMI API, Identity Awareness AD-Query can receive real-time notifications from Active Directory servers without installing any agents or scripts on them.

• Question 195:

  After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

  A. cvpnd_restart
  B. cvpnd_restart
  C. cvpnd restart
  D. cvpnrestart
  B. cvpnd_restart

  ---

  Explanation/Reference:

  The cvpnd_restart command is used to restart the daemon after making modifications to the $CVPNDIR/conf/cvpnd.C file. The cvpnd daemon is responsible for managing the communication between the Check Point components and the Content Vectoring Protocol (CVP) server. The CVP server is an external server that provides content inspection and filtering services for Check Point gateways. The $CVPNDIR/conf/cvpnd.C file contains the configuration settings for the cvpnd daemon, such as the CVP server IP address, port number, timeout value, and debug level. References: Check Point Security Expert R81 Course, Content Inspection Using ICAP, cvpnd daemon debug file

• Question 196:

  Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

  A. Dynamic ID
  B. RADIUS
  C. Username and Password
  D. Certificate
  A. Dynamic ID

• Question 197:

  Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

  A. Block Port Overflow
  B. Local Interface Spoofing
  C. Suspicious Activity Monitoring
  D. Adaptive Threat Prevention
  C. Suspicious Activity Monitoring

  ---

  Explanation/Reference:

  Suspicious Activity Rules Solution Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access). The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation.

• Question 198:

  Which two of these Check Point Protocols are used by SmartEvent Processes?

  A. ELA and CPD
  B. FWD and LEA
  C. FWD and CPLOG
  D. ELA and CPLOG
  D. ELA and CPLOG

  ---

  Explanation/Reference:

  SmartEvent Processes use two Check Point Protocols: ELA (Event Log Agent) and CPLOG (Check Point Log). ELA collects logs from Security Gateways and forwards them to the Log Server. CPLOG is used by the Log Server to communicate with the SmartEvent Server. References: [SmartEvent Architecture]

• Question 199:

  You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

  A. fw ctl multik dynamic_dispatching on
  B. fw ctl multik dynamic_dispatching set_mode 9
  C. fw ctl multik set_mode 9
  D. fw ctl multik pq enable
  C. fw ctl multik set_mode 9

  ---

  Explanation/Reference:

  To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. You can enable them by using the command fw ctl multik set_mode

  9. This command sets the SecureXL mode to 9, which means that Priority Queues are enabled and Dynamic Dispatcher is fully enabled. References: SecureXL Mechanism

• Question 200:

  Which command shows only the table names of all kernel tables?

  A. fwtab-t
  B. fw tab -s
  C. fw tab -n
  D. fw tab -k
  B. fw tab -s

  ---

  Explanation/Reference:

  The command fw tab is used to display the contents of the kernel tables1. The command has several options that can modify the output. The option -s shows only the table names and the number of entries in each table1. For example:

  

  The option -t shows the contents of a specific table, given by its name or ID1. For example:

  

  The option -n shows the numeric values of the fields in the tables, instead of resolving them to names1. For example:

  

  The option -k shows the kernel references for each entry in the table1. For example:

  

  Therefore, the correct answer is B, as it shows only the table names of all kernel tables. References: 1: CLI R81.20 Reference Guide - Check Point Software