CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 241:

  Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

  A. Symmetric routing
  B. Failovers
  C. Asymmetric routing
  D. Anti-Spoofing
  C. Asymmetric routing

  ---

  Explanation/Reference:

  Sticky Decision Function (SDF) is required to prevent asymmetric routing in an Active-Active cluster. Asymmetric routing occurs when packets from a source to a destination follow a different path than packets from the destination to the source. This can cause problems with stateful inspection and NAT. SDF ensures that packets from the same connection are handled by the same cluster member1. References: Check Point R81 ClusterXL Administration Guide

• Question 242:

  On what port does the CPM process run?

  A. TCP 857
  B. TCP 18192
  C. TCP 900
  D. TCP 19009
  D. TCP 19009

  ---

  Explanation/Reference:

  The port that the CPM process runs on is TCP 19009. CPM stands for Check Point Management, and it is the main process that runs on the Security Management Server and interacts with SmartConsole clients. CPM is responsible for managing policies, objects, logs, tasks, and other management functions. CPM listens on TCP port 19009 for incoming connections from SmartConsole clients. The other ports are either used by other processes or not related to CPM.

• Question 243:

  You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

  A. TCP port 443
  B. TCP port 257
  C. TCP port 256
  D. UDP port 8116
  C. TCP port 256

  ---

  Explanation/Reference:

  The FWD daemon uses TCP port 256 to do a Full Synchronization between gateway cluster members. This port is also used for other synchronization types, such as Delta Synchronization and Accelerated Synchronization. The FWD daemon is responsible for synchronizing the connections table, NAT table, and VPN keys between cluster members. References: ClusterXL Administration Guide, SK25977 - Ports Used by Check Point Software

• Question 244:

  Which VPN routing option uses VPN routing for every connection a satellite gateway handles?

  A. To satellites through center only
  B. To center only
  C. To center and to other satellites through center
  D. To center, or through the center to other satellites, to Internet and other VPN targets
  D. To center, or through the center to other satellites, to Internet and other VPN targets

  ---

  Explanation/Reference:

  This VPN routing option uses VPN routing for every connection a satellite gateway handles, regardless of the destination. This means that all traffic from the satellite gateway will go through the VPN tunnel to the center gateway, and then be routed to the appropriate destination, whether it is another satellite, the Internet, or another VPN target. This option provides the highest level of security and control, but also consumes more bandwidth and processing power.

• Question 245:

  Which of the following is true regarding the Proxy ARP feature for Manual NAT?

  A. The local.arp file must always be configured
  B. Automatic proxy ARP configuration can be enabled
  C. fw ctl proxy should be configured
  D. Translate Destination on Client Side should be configured
  B. Automatic proxy ARP configuration can be enabled

  ---

  Explanation/Reference:

  The verified answer is B. Automatic proxy ARP configuration can be enabled. Proxy ARP is a feature that allows a gateway to respond to ARP requests on behalf of another IP address that is not on the same network segment. Proxy ARP is required for manual NAT rules when the NATed IP addresses are not routed to the gateway1. By default, proxy ARP for manual NAT rules has to be configured manually by editing the local.arp file or using the CLISH commands on the gateway2. However, since R80.10, there is an option to enable automatic proxy ARP configuration for manual NAT rules by modifying the files $CPDIR/tmp/.CPprofile.sh and $CPDIR/tmp/.CPprofile.csh on the gateway3. fw ctl proxy is a command that displays the proxy ARP table on the gateway, but it does not configure proxy ARP4. Translate Destination on Client Side is a NAT option that determines whether the destination IP address is translated before or after the routing decision. It does not affect proxy ARP. References: Configuring Proxy ARP for Manual NAT - Check Point Software1 R80.10: Automatic Proxy ARP with Manual NAT rules - checkpointengineer2 Automatic creation of Proxy ARP for Manual NAT rules on Security Gateway R80.103 fw ctl proxy - Check Point Software NAT Properties - Check Point Software

• Question 246:

  Fill in the blank: An identity server uses a __________ for user authentication.

  A. Shared secret
  B. Certificate
  C. One-time password
  D. Token
  A. Shared secret

  ---

  Explanation/Reference:

• Question 247:

  You need to see which hotfixes are installed on your gateway, which command would you use?

  A. cpinfo all
  B. cpinfo hotfix
  C. cpinfo hotfix
  D. cpinfo all
  D. cpinfo all

  ---

  Explanation/Reference:

  The command cpinfo all displays information about all the hotfixes that are installed on the gateway1. This command also shows the hotfix ID, description, installation date, and status for each hotfix2. The other commands are not valid options for this task. The command cpinfo all shows the hardware information of the gateway3. The commands cpinfo hotfix and cpinfo hotfix do not exist and will return an error message. References: Hotfix installer - Configuration Manager, How to keep your Security Gateways up to date, Solved: Does it always need to have the higher hotfix vers...

• Question 248:

  Which blades and or features are not supported in R81?

  A. SmartEvent Maps
  B. SmartEvent
  C. Identity Awareness
  D. SmartConsole Toolbars
  A. SmartEvent Maps

  ---

  Explanation/Reference:

  According to the Check Point website, SmartEvent Maps is a feature that was supported in previous versions of SmartEvent, but is not supported in R81. SmartEvent Maps displayed a graphical representation of security events on a world map. The other options are either supported or not valid features in R81. References: SmartEvent Maps

• Question 249:

  Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.

  What will happen to the changes already made?

  A. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.
  B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
  C. Tom's changes will be lost since he lost connectivity and he will have to start again.
  D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.
  A. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.

  ---

  Explanation/Reference:

  Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.

  This is because SmartConsole has a feature called Concurrent Administration, which allows multiple administrators to work on the same Security Policy simultaneously, without blocking each other or creating conflicts. Concurrent

  Administration uses a locking mechanism to prevent multiple administrators from modifying the same rule or object at the same time. When an administrator clicks on a rule or an object, it becomes locked and a lock icon appears next to it.

  The lock icon shows the name of the administrator who is working on that rule or object, and prevents other administrators from editing it until it is unlocked12. Concurrent Administration also has a feature called Session Persistence, which

  preserves the changes made by an administrator in case of a network failure or a SmartConsole crash. When an administrator reconnects to the Management Server after a network failure or a SmartConsole crash, they can resume their

  work from where they left off, without losing any changes. The changes are stored locally on the administrator's machine until they are published to the Management Server13.

  Therefore, if Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity, his changes will not be lost. They will be stored

  locally on his machine and he can resume his work when he reconnects to the Management Server.

• Question 250:

  SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

  A. This statement is true because SecureXL does improve all traffic.
  B. This statement is false because SecureXL does not improve this traffic but CoreXL does.
  C. This statement is true because SecureXL does improve this traffic.
  D. This statement is false because encrypted traffic cannot be inspected.
  C. This statement is true because SecureXL does improve this traffic.

  ---

  Explanation/Reference:

  SecureXL is a performance-enhancing technology used in Check Point firewalls. It improves the throughput of both non-encrypted firewall traffic and encrypted VPN traffic. The statement in option C is true because SecureXL does improve

  both types of traffic by offloading processing to dedicated hardware acceleration, optimizing firewall and VPN operations.

  Option C correctly states that SecureXL improves this traffic, making it the verified answer.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.