CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 221:

  Using ClusterXL, what statement is true about the Sticky Decision Function?

  A. Can only be changed for Load Sharing implementations
  B. All connections are processed and synchronized by the pivot
  C. Is configured using cpconfig
  D. Is only relevant when using SecureXL
  A. Can only be changed for Load Sharing implementations

  ---

  Explanation/Reference:

  The Sticky Decision Function in ClusterXL is primarily used in Load Sharing implementations. In Load Sharing, the pivot member is responsible for determining the destination of new connections and ensures that traffic from the same source IP address is directed to the same cluster member. This ensures session stickiness for the same source IP, improving load sharing efficiency.

  References: Check Point Certified Security Expert R81 documentation and learning resources.

• Question 222:

  Which utility allows you to configure the DHCP service on Gaia from the command line?

  A. ifconfig
  B. dhcp_ofg
  C. sysconfig
  D. cpconfig
  C. sysconfig

  ---

  Explanation/Reference:

  The utility that allows you to configure the DHCP service on Gaia from the command line is sysconfig. This utility provides a menu-based interface for configuring various system settings, including network interfaces, routing, DNS, NTP, SNMP, SSH, etc. One of the options in sysconfig is DHCP Server Configuration, which allows you to enable or disable the DHCP service, define DHCP scopes, set lease time, etc. References: Gaia Administration Guide R81, page 29.

• Question 223:

  What is the valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration?

  A. 1-254
  B. 1-255
  C. 0-254
  D. 0 ?255
  B. 1-255

  ---

  Explanation/Reference:

  The valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration is 1-255. The VRID is a unique number that identifies a virtual router in a VRRP group. It is used to associate routers

  and their virtual IP addresses. The VRID must be the same for all routers in the same VRRP group.

  References: [Configuring VRRP on Gaia]

• Question 224:

  By default, the R81 web API uses which content-type in its response?

  A. Java Script
  B. XML
  C. Text
  D. JSON
  D. JSON

  ---

  Explanation/Reference:

  By default, the R81 web API uses JSON as the content-type in its response. JSON stands for JavaScript Object Notation and is a lightweight data-interchange format that is easy to read and write. XML, Java Script, and Text are not the

  default content-types for the R81 web API. References: : Check Point Software, Getting Started, Web API; :

  JSON.org, Introducing JSON.

• Question 225:

  Default port numbers for an LDAP server is________ for standard connections and ________ SSL connections.

  A. 443; 389
  B. 636; 8080
  C. 290; 3389
  D. 389; 636
  D. 389; 636

  ---

  Explanation/Reference:

• Question 226:

  In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

  A. ffff
  B. 1
  C. 3
  D. 2
  D. 2

  ---

  Explanation/Reference:

  For Stateful Mode configuration, chain modules marked with 2 will not apply. Stateful Mode configuration is a feature that allows administrators to define how packets are processed by different firewall kernel modules in inbound and outbound directions. Chain modules are firewall kernel modules that perform various security functions, such as VPN, IPS, QoS, etc. Each chain module is associated with a key, which specifies the type of traffic applicable to the chain module. The key can be one of the following values: 0 for all packets, 1 for stateful packets, 2 for stateless packets, and 3 for no match packets. For Stateful Mode configuration, only chain modules with key 0 or 1 will apply, as they handle all packets or stateful packets. Chain modules with key 2 will not apply, as they handle stateless packets, which are not relevant for Stateful Mode configuration.

• Question 227:

  Matt wants to upgrade his old Security Management server to R81.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade?

  A. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine
  B. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine
  C. Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine
  D. Size of the /var/log folder of the target machine must be at least 25GB or more
  B. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

  ---

  Explanation/Reference:

  One of the requirements for a successful upgrade using the Advanced Upgrade with Database Migration is that the size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine. This is to ensure that there is enough space to copy the log files from the source machine to the target machine during the upgrade process. References: Advanced Upgrade with Database Migration

• Question 228:

  How often does Threat Emulation download packages by default?

  A. Once a week
  B. Once an hour
  C. Twice per day
  D. Once per day
  D. Once per day

  ---

  Explanation/Reference:

  Threat Emulation downloads packages by default once per day. The packages contain updates for the Threat Emulation engine, signatures, and images. The download frequency can be changed in the Threat Prevention policy settings. References: Threat Emulation Administration Guide, Threat Prevention R81 Release Notes

• Question 229:

  CoreXL is supported when one of the following features is enabled:

  A. Route-based VPN
  B. IPS
  C. IPv6
  D. Overlapping NAT
  B. IPS

  ---

  Explanation/Reference:

  CoreXL is supported when one of the following features is enabled: IPS. CoreXL does not support Check Point Suite with these features: Route-based VPN, IPv6, Overlapping NAT, QoS, Content Awareness, Application Control, URL Filtering, Identity Awareness, HTTPS Inspection, DLP, Anti-Bot, Anti-Virus, Threat Emulation. References: CoreXL

• Question 230:

  What is the mechanism behind Threat Extraction?

  A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
  B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.
  C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
  D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.
  D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

  ---

  Explanation/Reference:

  Threat Extraction is a technology that removes potentially malicious features that are known to be risky from files (macros, embedded objects and more), rather than determining their maliciousness. By cleaning the file before it enters the organization, Threat Extraction preemptively prevents both known and unknown threats, providing better protection against zero-day attacks1. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast2. The other options are either incorrect or irrelevant to the mechanism behind Threat Extraction. References: Threat Extraction (CDR) - Check Point Software, Check Point Document Threat Extraction Technology