CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 241:

  Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all the following except:

  A. Create new dashboards to manage 3rd party task

  B. Create products that use and enhance 3rd party solutions

  C. Execute automated scripts to perform common tasks

  D. Create products that use and enhance the Check Point Solution

  Correct Answer: A

  Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to:

  ?Use an automated script to perform common tasks

  ?Integrate Check Point products with 3rd party solutions ?Create products that use and enhance the Check Point solution References:

• Question 242:

  What is not a purpose of the deployment of Check Point API?

  A. Execute an automated script to perform common tasks

  B. Create a customized GUI Client for manipulating the objects database

  C. Create products that use and enhance the Check Point solution

  D. Integrate Check Point products with 3rd party solution

  Correct Answer: B

  The deployment of Check Point API does not have the purpose of creating a customized GUI Client for manipulating the objects database. The Check Point API is a web service that allows external applications to interact with the Check Point management server using standard methods such as HTTP(S) requests and JSON objects. The Check Point API can be used to execute an automated script to perform common tasks, create products that use and enhance the Check Point solution, and integrate Check Point products with 3rd party solutions. However, creating a customized GUI Client for manipulating the objects database is not a supported or intended use case of the Check Point API.

• Question 243:

  Which tool is used to enable ClusterXL?

  A. SmartUpdate

  B. cpconfig

  C. SmartConsole

  D. sysconfig

  Correct Answer: B

  The tool that is used to enable ClusterXL is cpconfig. ClusterXL is a software-based Load Sharing and High Availability solution that distributes network traffic between clusters of redundant Security Gateways1. ClusterXL can be enabled on

  Check Point Security Gateways running on Gaia OS, SecurePlatform OS, IPSO OS, or X-Series XOS2.

  To enable ClusterXL, the administrator must run the cpconfig command on each cluster member and select the option to enable ClusterXL. This will prompt the administrator to choose the ClusterXL mode (High Availability or Load Sharing)

  and the Cluster Control Protocol (CCP) mode (Broadcast or Multicast). After enabling ClusterXL, the administrator must reboot the cluster members for the changes to take effect34. Therefore, the correct answer is B. The tool that is used to

  enable ClusterXL is cpconfig.

  References:

  1, Introduction to ClusterXL - Check Point Software 2, ClusterXL Requirements and Compatibility - Check Point Software 3, Configuring ClusterXL - Check Point Software 4, How to configure ClusterXL - Check Point Software Technologies

• Question 244:

  Which of the following is NOT a VPN routing option available in a star community?

  A. To satellites through center only.

  B. To center, or through the center to other satellites, to Internet and other VPN targets.

  C. To center and to other satellites through center.

  D. To center only.

  Correct Answer: AD

  A star community is a VPN topology where one or more satellites connect to a center gateway. The center gateway can be a Security Gateway or a Security Management Server. The VPN routing option determines how the traffic is routed between the satellites and the center, and between the satellites themselves. There are three VPN routing options available in a star community12: To center only: The satellites can only communicate with the center gateway, and not with each other or with any other VPN targets. This option is useful for remote access clients that only need to access resources on the center gateway. To center, or through the center to other satellites, to Internet and other VPN targets: The satellites can communicate with the center gateway, and also with other satellites, Internet hosts, and other VPN targets through the center gateway. This option is useful for branch offices that need to access resources on the center gateway, as well as on other branch offices, Internet hosts, and other VPN targets. To center and to other satellites through center: The satellites can communicate with the center gateway, and also with other satellites through the center gateway. However, they cannot communicate with Internet hosts or other VPN targets. This option is useful for branch offices that need to access resources on the center gateway and on other branch offices, but not on Internet hosts or other VPN targets. Therefore, the options A (To satellites through center only) and D (To center only) are not valid VPN routing options in a star community. References: 1: Remote Access VPN R81.20 Administration Guide - Check Point Software, page 13 2: Gaia R81.20 Administration Guide - Check Point Software, page 1030

• Question 245:

  What will be the effect of running the following command on the Security Management Server?

  

  A. Remove the installed Security Policy.

  B. Remove the local ACL lists.

  C. No effect.

  D. Reset SIC on all gateways.

  Correct Answer: A

  Running the command fw unloadlocal on the Security Management Server will remove the installed Security Policy from the local firewall module. This command is useful for troubleshooting purposes when there is a problem with the policy installation or enforcement. However, it will also expose the Security Management Server to potential attacks, so it should be used with caution. References: Training and Certification | Check Point Software, R81 CCSA and CCSE exams released featuring Promo for... - Check Point ...

• Question 246:

  What is UserCheck?

  A. Messaging tool used to verify a user's credentials.

  B. Communication tool used to inform a user about a website or application they are trying to access.

  C. Administrator tool used to monitor users on their network.

  D. Communication tool used to notify an administrator when a new user is created.

  Correct Answer: B

  UserCheck is a communication tool used to inform a user about a website or application they are trying to access. UserCheck allows administrators to interact with users in real time, informing them of the security policy and the actions they need to take. UserCheck can also enable users to self-remediate incidents or request exceptions from the administrator. References: Training and Certification | Check Point Software, Check Point Resource Library

• Question 247:

  Which file gives you a list of all security servers in use, including port number?

  A. $FWDIR/conf/conf.conf

  B. $FWDIR/conf/servers.conf

  C. $FWDIR/conf/fwauthd.conf

  D. $FWDIR/conf/serversd.conf

  Correct Answer: C

  The file that gives you a list of all security servers in use, including port number, is $FWDIR/conf/fwauthd.conf. Security servers are processes that handle application-level protocols such as HTTP, FTP, SMTP, etc., and perform security checks on them. Fwauthd.conf is a configuration file that defines which security servers are enabled, which ports they listen on, and which inspection points they are attached to.

• Question 248:

  What key is used to save the current CPView page in a filename format cpview_"cpview process ID".cap"number of captures"?

  A. S

  B. W

  C. C

  D. Space bar

  Correct Answer: C

  The key C is used to save the current CPView page in a filename format cpview_"cpview process ID".cap"number of captures". This is a feature of CPView that allows the user to capture the current page for later analysis or troubleshooting. The file is saved in the /var/log directory on the Security Gateway. References: Check Point Resource Library, page 3.

• Question 249:

  SandBlast agent extends 0 day prevention to what part of the network?

  A. Web Browsers and user devices

  B. DMZ server

  C. Cloud

  D. Email servers

  Correct Answer: A

  SandBlast agent extends zero-day prevention to web browsers and user devices. Zero-day prevention is a capability that protects devices from unknown and emerging threats that exploit vulnerabilities that have not been patched or disclosed. SandBlast Agent provides zero-day prevention by using various technologies such as threat emulation, threat extraction, anti-exploitation, anti-ransomware, and behavioral analysis. SandBlast Agent protects web browsers and user devices from malicious downloads, phishing links, drive-by downloads, browser exploits, malicious scripts, and more.

• Question 250:

  Please choose the path to monitor the compliance status of the Check Point R81.20 based management.

  A. Gateways and Servers --> Compliance View

  B. Compliance blade not available under R81.20

  C. Logs and Monitor --> New Tab --> Open compliance View

  D. Security and Policies --> New Tab --> Compliance View

  Correct Answer: C

  The path to monitor the compliance status of the Check Point R81.20 based management is Logs and Monitor > New Tab > Open compliance View. Compliance View is a feature that allows administrators to monitor and assess the compliance level of their Check Point products and security policies based on best practices and industry standards. Compliance View provides a dashboard that shows the overall compliance status, compliance score, compliance trends, compliance issues, compliance reports, and compliance blades for different security aspects, such as data protection, threat prevention, identity awareness, etc. To access Compliance View in R81.20 SmartConsole, administrators need to go to Logs and Monitor > New Tab > Open compliance View. The other options are either incorrect or not available in R81.20.