CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 261:

  What is the SOLR database for?

  A. Used for full text search and enables powerful matching capabilities
  B. Writes data to the database and full text search
  C. Serves GUI responsible to transfer request to the DLE server
  D. Enables powerful matching capabilities and writes data to the database
  A. Used for full text search and enables powerful matching capabilities

  ---

  Explanation/Reference:

  The SOLR database is used for full text search and enables powerful matching capabilities. The SOLR database is part of the Log Server component, which is responsible for indexing and storing logs received from Security Gateways and other sources. The SOLR database allows users to perform complex queries on the logs using keywords, filters, operators, and expressions. References: Log Server

• Question 262:

  What is the default shell of Gaia CLI?

  A. Monitor
  B. CLI.sh
  C. Read-only
  D. Bash
  A. Monitor

  ---

  Explanation/Reference:

  The default shell of Gaia CLI is clish. Clish stands for Command Line Interface Shell and it is a restrictive shell that controls the number of commands available in the CLI. Clish provides a user-friendly interface that supports command completion, history, and help functions. Clish also supports role-based administration, which means that different users can have different levels of access to Gaia features and commands based on their roles.

• Question 263:

  What is true of the API server on R81.20?

  A. By default the API-server is activated and does not have hardware requirements.
  B. By default the API-server is not active and should be activated from the WebUI.
  C. By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).
  D. By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).
  D. By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

  ---

  Explanation/Reference:

  The true statement about the API server on R81.20 is: By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more). The API server is a web service that allows external applications to interact with the Check Point management server using standard methods such as HTTP(S) requests and JSON objects. The API server is enabled by default on R81.20 management servers that have at least 4 GB of RAM, and on stand-alone servers that have at least 8 GB of RAM. The API server can also be manually enabled or disabled from the WebUI or the CLI.

• Question 264:

  Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

  A. Run cprestart from clish
  B. After upgrading the hardware, increase the number of kernel instances using cpconfig
  C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
  D. Hyperthreading must be enabled in the bios to use CoreXL
  B. After upgrading the hardware, increase the number of kernel instances using cpconfig

  ---

  Explanation/Reference:

  After installing a new multicore CPU to replace the existing single core CPU, the administrator is required to perform one additional task, which is to increase the number of kernel instances using cpconfig. This is because by default, only one kernel instance is enabled on a Security Gateway. To take advantage of multiple cores, the administrator needs to configure more kernel instances according to the number of cores available on the CPU. References: Configuring CoreXL

• Question 265:

  Which of the following is NOT an identity source used for Identity Awareness?

  A. Remote Access
  B. UserCheck
  C. RADIUS
  D. AD Query
  B. UserCheck

  ---

  Explanation/Reference:

• Question 266:

  D18912E1457D5D1DDCBD40AB3BF70D5D

  The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule based and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?

  A. The connection is destined for a server within the network
  B. The connection required a Security server
  C. The packet is the second in an established TCP connection
  D. The packets are not multicast
  B. The connection required a Security server

  ---

  Explanation/Reference:

  The most likely reason that the traffic is not accelerated is that the connection required a Security server. A Security server is a Check Point mechanism that inspects traffic that cannot be directly handled by the kernel. For example, traffic that requires content inspection, such as HTTP, FTP, SMTP, or VPN-1 SecuRemote/SecureClient. When a connection requires a Security server, it cannot be accelerated by SecureXL, which is a technology that offloads the processing of security operations from the CPU to improve performance. The other options are not relevant for acceleration. References: : Check Point Software, Getting Started, SecureXL; : Check Point Software, Getting Started, Security Servers.

• Question 267:

  Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .

  A. On all satellite gateway to satellite gateway tunnels
  B. On specific tunnels for specific gateways
  C. On specific tunnels in the community
  D. On specific satellite gateway to central gateway tunnels
  C. On specific tunnels in the community

  ---

  Explanation/Reference:

  Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or on specific tunnels in the community. Permanent VPN tunnels are always active and prevent VPN tunnel negotiation failures due to idle time or traffic volume. You can configure permanent VPN tunnels in SmartConsole by selecting the Permanent Tunnel option in the VPN Community Properties window.

• Question 268:

  What is required for a certificate-based VPN tunnel between two gateways with separate management systems?

  A. Mutually Trusted Certificate Authorities
  B. Shared User Certificates
  C. Shared Secret Passwords
  D. Unique Passwords
  A. Mutually Trusted Certificate Authorities

  ---

  Explanation/Reference:

  A certificate-based VPN tunnel between two gateways with separate management systems requires mutually trusted certificate authorities. This means that each gateway must have a certificate issued by a certificate authority (CA) that the

  other gateway trusts. The CA can be either an internal CA or an external CA. The CA issues certificates that contain the public key and identity information of the gateway. The gateway uses its private key to sign and encrypt the VPN traffic.

  The other gateway can verify the signature and decrypt the traffic using the public key in the certificate. This ensures the authenticity, integrity, and confidentiality of the VPN tunnel.

  References:

  Remote Access VPN R81.20 Administration Guide, page 12 DeepDive Webinar - R81.20 Seamless VPN Connection to Public Cloud, slide 9

• Question 269:

  With SecureXL enabled, accelerated packets will pass through the following:

  A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
  B. Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device
  C. Network Interface Card and the Acceleration Device
  D. Network Interface Card, OSI Network Layer, and the Acceleration Device
  C. Network Interface Card and the Acceleration Device

  ---

  Explanation/Reference:

  With SecureXL enabled, accelerated packets will pass through the following:

  Network Interface Card and the Acceleration Device. SecureXL is a technology that accelerates network traffic processing by offloading intensive operations from the Firewall kernel to a dedicated SecureXL device. Accelerated packets are

  packets that match certain criteria and can be handled by SecureXL without involving the Firewall kernel. These packets bypass the OSI Network Layer, OS IP Stack, and Check Point Firewall Kernel, and are processed directly by the

  Network Interface Card and the Acceleration Device. The other options are either incorrect or describe non-accelerated packets.

• Question 270:

  What is mandatory for ClusterXL to work properly?

  A. The number of cores must be the same on every participating cluster node
  B. The Magic MAC number must be unique per cluster node
  C. The Sync interface must not have an IP address configured
  D. If you have "Non-monitored Private" interfaces, the number of those interfaces must be the same on all cluster members
  B. The Magic MAC number must be unique per cluster node

  ---

  Explanation/Reference:

  For ClusterXL to work properly, one of the mandatory requirements is that the Magic MAC number must be unique per cluster node. The Magic MAC number is a MAC address that is used by ClusterXL to hide the physical MAC addresses of the cluster members from the network. This way, the cluster can present a single virtual MAC address to the network, and avoid ARP issues when a failover occurs. The Magic MAC number is derived from the Cluster Virtual IP address, which must also be unique per cluster.