CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 251:

  What is the SandBlast Agent designed to do?

  A. Performs OS-level sandboxing for SandBlast Cloud architecture
  B. Ensure the Check Point SandBlast services is running on the end user's system
  C. If malware enters an end user's system, the SandBlast Agent prevents the malware from spreading with the network D. Clean up email sent with malicious attachments
  C. If malware enters an end user's system, the SandBlast Agent prevents the malware from spreading with the network D. Clean up email sent with malicious attachments

  ---

  Explanation/Reference:

  The SandBlast Agent is designed to prevent malware from spreading within the network if it enters an end user's system. SandBlast Agent is a lightweight endpoint security solution that protects devices from advanced threats such as ransomware, phishing, zero-day attacks, and data exfiltration. SandBlast Agent uses various technologies such as behavioral analysis, anti-exploitation, anti-ransomware, threat emulation, threat extraction, and forensics to detect and block malware before it can harm the device or the network. The other options are either not the main purpose or not the functionality of SandBlast Agent.

• Question 252:

  Which command lists all tables in Gaia?

  A. fw tab
  B. fw tab ist
  C. fw-tab
  D. fw tab -1
  C. fw-tab

  ---

  Explanation/Reference:

  The fw tab -s command lists all tables in Gaia. The fw tab command displays information about the firewall tables, such as connections, NAT translations, SAM rules, etc. The -s option shows a summary of all tables. References: fw tab Check Point Support Center

• Question 253:

  What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?

  A. 4 Interfaces ?an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.
  B. 3 Interfaces ?an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.
  C. 1 Interface ?an interface leading to the organization and the Internet, and configure for synchronization.
  D. 2 Interfaces ?a data interface leading to the organization and the Internet, a second interface for synchronization.
  B. 3 Interfaces ?an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.

  ---

  Explanation/Reference:

  According to the Check Point R81 Mobile Access Administration Guide, the recommended number of physical network interfaces in a Mobile Access cluster deployment is three. One interface should be connected to the organization network, one interface should be connected to the Internet, and one interface should be used for synchronization between cluster members. This configuration provides optimal performance and security for Mobile Access traffic.

• Question 254:

  In R81.20 a new feature dynamic log distribution was added. What is this for?

  A. Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy
  B. In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log
  C. Synchronize the log between the primary and secondary management server in case of a Management High Availability
  D. To save disk space in case of a firewall cluster local logs are distributed between the cluster members.
  A. Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy

  ---

  Explanation/Reference:

  Dynamic log distribution is a feature that allows you to configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy. This means that each log is sent to only one Log Server and the load is balanced between the primary Log Servers. If all the primary Log Servers are disconnected, the logs are distributed between the backup Log Servers. If no Log Servers are connected, the gateway writes the logs locally. This feature improves the performance and reliability of logging and reduces the network traffic and disk space consumption. You can enable this feature on the SmartConsole -> Gateways and Servers -> Logs -> Dynamic Log Distribution. The other options are incorrect because they do not describe the dynamic log distribution feature. Option B is wrong because the Management High Availability does not store the logs dynamically on the member with the most available disk space, but rather synchronizes the logs between the members using the cpd process. Option C is wrong because the dynamic log distribution feature does not synchronize the logs between the primary and secondary management server, but rather distributes the logs between the Log Servers. Option D is wrong because the dynamic log distribution feature does not save disk space in case of a firewall cluster, but rather distributes the logs between the Log Servers. The firewall cluster members do not store local logs, but rather send them to the Log Servers.

• Question 255:

  What should the admin do in case the Primary Management Server is temporary down?

  A. Use the VIP in SmartConsole you always reach the active Management Server.
  B. The Secondary will take over automatically Change the IP in SmartConsole to logon to the private IP of the Secondary Management Server.
  C. Run the 'promote_util' to activate the Secondary Management server
  D. Logon with SmartConsole to the Secondary Management Server and choose "Make Active' under Actions in the HA Management Menu
  D. Logon with SmartConsole to the Secondary Management Server and choose "Make Active' under Actions in the HA Management Menu

  ---

  Explanation/Reference:

• Question 256:

  What is the correct Syntax for adding an access-rule via R80 API?

  A. add access-rule layer "Network" action "Allow"
  B. add access-rule layer "Network" position 1 name "Rule 1" service. 1 "SMTP" service.2 "hup"
  C. add access-rule and follow the wizard
  D. add rule position 1 name "Rule 1" policy-package "Standard" add service "http"
  B. add access-rule layer "Network" position 1 name "Rule 1" service. 1 "SMTP" service.2 "hup"

  ---

  Explanation/Reference:

  The correct syntax for adding an access-rule via R80 API is to use the add access-rule command with the layer, position, name, and service parameters. The layer parameter specifies the name of the access control policy layer where the rule will be added. The position parameter specifies the ordinal number in which to place the rule in the rulebase. The name parameter specifies the name of the rule. The service parameter specifies one or more services that match this rule. References: [Check Point Security Expert R81 API Reference Guide], page 18.

• Question 257:

  In ClusterXL Load Sharing Multicast Mode:

  A. only the primary member received packets sent to the cluster IP address
  B. only the secondary member receives packets sent to the cluster IP address
  C. packets sent to the cluster IP address are distributed equally between all members of the cluster
  D. every member of the cluster received all of the packets sent to the cluster IP address
  D. every member of the cluster received all of the packets sent to the cluster IP address

  ---

  Explanation/Reference:

  In ClusterXL Load Sharing Multicast Mode, every member of the cluster receives all of the packets sent to the cluster IP address. This mode uses multicast MAC addresses to distribute packets to all cluster members. Each member decides whether to accept or reject the packet based on a load balancing algorithm. This mode provides better performance and scalability than Unicast mode, but requires a switch that supports multicast MAC addresses.

• Question 258:

  Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.

  A. Better understand the behavior of the Access Control Policy
  B. Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base
  C. Automatically rearrange Access Control Policy based on Hit Count Analysis
  D. Analyze a Rule Base - You can delete rules that have no matching connections
  C. Automatically rearrange Access Control Policy based on Hit Count Analysis

  ---

  Explanation/Reference:

  Hit Count is a feature to track the number of connections that each rule matches, which can help to optimize the Rule Base efficiency and analyze the network traffic behavior. The benefit that is not provided by Hit Count is automatically rearrange Access Control Policy based on Hit Count Analysis. Hit Count does not change the order of the rules automatically, but it allows the administrator to manually move the rules up or down based on the hit count statistics. The administrator can also use the SmartOptimize feature to get suggestions for improving the Rule Base order and performance. References: R81 Security Management Administration Guide, page 97.

• Question 259:

  You pushed a policy to your gateway and you cannot access the gateway remotely any more. What command should you use to remove the policy from the gateway by logging in through console access?

  A. "fw cpstop"
  B. "fw unloadlocal"
  C. "fwundo"
  D. "fw unloadpolicy''
  B. "fw unloadlocal"

  ---

  Explanation/Reference:

  The command that should be used to remove the policy from the gateway by logging in through console access is "fw unloadlocal". This command will unload all security policies from a gateway or cluster member and allow all traffic to pass through it. This command can be useful for troubleshooting purposes or for emergency access to a gateway. References: [Check Point R81 CLI Reference Guide]

• Question 260:

  What is the best sync method in the ClusterXL deployment?

  A. Use 1 cluster + 1st sync
  B. Use 1 dedicated sync interface
  C. Use 3 clusters + 1st sync + 2nd sync + 3rd sync
  D. Use 2 clusters +1st sync + 2nd sync
  B. Use 1 dedicated sync interface

  ---

  Explanation/Reference:

  The best sync method in the ClusterXL deployment is to use one dedicated sync interface. This means that one interface on each cluster member is used exclusively for synchronization traffic, which improves performance and security. Using multiple clusters or sync interfaces is not recommended, as it can cause network congestion or synchronization issues. References: : Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 8.