CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 211:

  Advanced Security Checkups can be easily conducted within:

  A. Reports
  B. Advanced
  C. Checkups
  D. Views
  E. Summary
  A. Reports

  ---

  Explanation/Reference:

  Advanced Security Checkups can be easily conducted within the Reports tab in the Logs and Monitor view in SmartConsole. The Reports tab allows you to generate and view various reports that provide insights into the security status and performance of your network. You can use predefined reports or create custom reports based on your needs. You can also schedule reports to run automatically and send them by email. Some of the predefined reports that can help you conduct advanced security checkups are: Security Overview: This report provides a summary of the security posture of your network, including the number and severity of incidents, the top attacked hosts and services, the top attackers and attack methods, the top detected threats and vulnerabilities, etc. Security Best Practices: This report evaluates your security configuration and policy against the Check Point best practices and provides recommendations for improvement. It covers areas such as firewall policy, NAT policy, VPN policy, identity awareness, threat prevention, etc. Compliance Status: This report assesses your compliance level with various regulations and standards, such as PCI DSS, ISO 27001, NIST 800-53, etc. It shows the compliance score, the compliance status of each requirement, the compliance status of each gateway and blade, etc. Network Activity: This report shows the network activity and traffic patterns on your network, including the top sources and destinations of traffic, the top protocols and applications used, the top bandwidth consumers, etc. System Health: This report monitors the health and performance of your management server and gateways, including the CPU utilization, memory usage, disk space, network interfaces, etc. References: R81 Logging and Monitoring Administration Guide

• Question 212:

  Bob has finished io setup provisioning a secondary security management server. Now he wants to check if the provisioning has been correct. Which of the following Check Point command can be used to check if the security management server has been installed as a primary or a secondary security management server?

  A. cpprod_util MgmtlsPrimary
  B. cpprod_util FwlsSecondary
  C. cpprod_util MgmtlsSecondary
  D. cpprod_util FwlsPrimary
  A. cpprod_util MgmtlsPrimary

  ---

  Explanation/Reference:

  The cpprod_util command is a utility that provides information about the installed Check Point products and their versions. The cpprod_util MgmtIsPrimary option checks if the Security Management Server is installed as a primary or a secondary server in a High Availability cluster2. If the server is primary, the command returns "yes". If the server is secondary, the command returns "no". Therefore, Bob can use this command to verify the provisioning of the secondary Security Management Server. References: 2: cpprod_util

• Question 213:

  What are the methods of SandBlast Threat Emulation deployment?

  A. Cloud, Appliance and Private
  B. Cloud, Appliance and Hybrid
  C. Cloud, Smart-1 and Hybrid
  D. Cloud, OpenServer and Vmware
  A. Cloud, Appliance and Private

  ---

  Explanation/Reference:

  The methods of SandBlast Threat Emulation deployment are Cloud, Appliance, and Private. SandBlast Threat Emulation is a solution that detects and prevents zero-day attacks by emulating files in a sandbox environment and analyzing their behavior for malicious indicators. SandBlast Threat Emulation can be deployed in three different methods: Cloud, Appliance, and Private. Cloud method is when the files are sent to the Check Point cloud service for emulation and analysis. This method does not require any additional hardware or software on the customer's side, and provides the fastest updates and feeds from ThreatCloud. Appliance method is when the files are sent to a dedicated appliance on the customer's network for emulation and analysis. This method provides more control and privacy for the customer, and supports more file types and sizes. Private method is when the files are sent to a private cloud service on the customer's network for emulation and analysis. This method provides the highest level of control and privacy for the customer, and supports customizing the emulation environment and scenarios.

• Question 214:

  What is the purpose of Captive Portal?

  A. It authenticates users, allowing them access to the Gaia OS
  B. It authenticates users, allowing them access to the Internet and corporate resources
  C. It provides remote access to SmartConsole
  D. It manages user permission in SmartConsole
  B. It authenticates users, allowing them access to the Internet and corporate resources

  ---

  Explanation/Reference:

  Captive Portal is a feature of Identity Awareness Software Blade that enables you to identify users who are not authenticated by other methods, such as Active Directory or VPN. Captive Portal redirects users to a web page where they can

  enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity.

  The references are:

  Check Point R81 Identity Awareness Administration Guide, page 9 Configuring Browser-Based Authentication in SmartConsole

• Question 215:

  Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day he wants to use for scripting daily tasks the API services (torn Check Point for the GAIA API. Firstly he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true:

  A. gala_dlish status
  B. status gaiaapi
  C. api_gala status
  D. gala_api status
  D. gala_api status

  ---

  Explanation/Reference:

  https://sc1.checkpoint.com/documents/latest/GaiaAPIs/#api_access~v1.7%20 The correct Check Point command to check if the API services are running for the GAIA operating system is gala_api status. The gala_api command is used to manage the API services in the GAIA operating system, and the status option is used to check the status of the API services.

• Question 216:

  Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

  A. TCP port 19009
  B. TCP Port 18190
  C. TCP Port 18191
  D. TCP Port 18209
  A. TCP port 19009

  ---

  Explanation/Reference:

  Check Point Management (cpm) is the main management process that provides the architecture for a consolidated management console. CPM allows the GUI client and management server to communicate via web services using TCP port 19009 by default. References: CPM process

• Question 217:

  What are the types of Software Containers?

  A. Three; security management, Security Gateway, and endpoint security
  B. Three; Security Gateway, endpoint security, and gateway management
  C. Two; security management and endpoint security
  D. Two; endpoint security and Security Gateway
  A. Three; security management, Security Gateway, and endpoint security

  ---

  Explanation/Reference:

  The Software Container is a logical component in the Software Blade Architecture. There are three types of Software Containers: Security Management, Security Gateway, and Endpoint Security. The container enables the server functionality,

  and defines its purpose ?e.g, management or gateway.

  https://downloads.checkpoint.com/dc/download.htm?ID=11608

• Question 218:

  The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.

  A. ccp
  B. cphaconf
  C. cphad
  D. cphastart
  A. ccp

  ---

  Explanation/Reference:

  The essential means by which state synchronization works to provide failover in the event an active member goes down, ccp is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster. Ccp stands for Cluster Control Protocol, and it is a proprietary protocol that runs on UDP port 8116. Ccp is responsible for exchanging state information, health checks, load balancing decisions, and synchronization network configuration between cluster members. The other options are either commands or daemons that are related to cluster operations, but not the protocol itself.

• Question 219:

  In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

  A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
  B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
  C. Mail, Block Source, Block Destination, External Script, SNMP Trap
  D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
  A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap

  ---

  Explanation/Reference:

  In SmartEvent, the administrator can configure different types of automatic reactions, which include:

  Mail notifications Blocking the source of the event Blocking the event activity Running an external script Sending an SNMP trap So, the correct answer is "Mail, Block Source, Block Event Activity, External Script, SNMP Trap."

  References: Check Point documentation or training materials related to SmartEvent configuration and automatic reactions.

• Question 220:

  NO: 180

  What command can you use to have cpinfo display all installed hotfixes?

  A. cpinfo -hf
  B. cpinfo all
  C. cpinfo et hf
  D. cpinfo installed_jumbo
  B. cpinfo all

  ---

  Explanation/Reference:

  The command cpinfo -y all can be used to have cpinfo display all installed hotfixes. Cpinfo is a tool that collects diagnostic data from a Check Point gateway or management server. The data includes configuration files, logs, status reports, and more. The -y parameter is used to specify which sections of data to include in the cpinfo output. The value all means to include all sections, including the hotfixes section, which shows the list of hotfixes installed on the system. References: Check Point Security Expert R81 Course, cpinfo Utility