CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 271:

  In R81, where do you manage your Mobile Access Policy?

  A. Access Control Policy
  B. Through the Mobile Console
  C. Shared Gateways Policy
  D. From the Dedicated Mobility Tab
  B. Through the Mobile Console

  ---

  Explanation/Reference:

  In R81, you manage your Mobile Access Policy from the Mobile Console. The Mobile Console is a separate web-based interface that allows you to configure and monitor Mobile Access features, such as VPN, portal, applications, users, devices, and certificates. The Mobile Console can be accessed from any browser by entering https:///mobileconsole. References: [Mobile Console]

• Question 272:

  Which command shows the current Security Gateway Firewall chain?

  A. show current chain
  B. show firewall chain
  C. fw ctl chain
  D. fw ctl firewall-chain
  C. fw ctl chain

• Question 273:

  Which of the following is an authentication method used for Identity Awareness?

  A. RSA
  B. SSL
  C. Captive Portal
  D. PKI
  C. Captive Portal

  ---

  Explanation/Reference:

  Captive Portal is one of the authentication methods used for Identity Awareness, which is a feature of Check Point that enables you to identify users and apply security policy rules based on their identity. Captive Portal redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity. The references are: Machine Authentication and Identity Awareness - Check Point CheckMates Check Point Certified Security Expert R81.20, slide 13 Check Point R81 Identity Awareness Administration Guide, page 9

• Question 274:

  Which statement is true about ClusterXL?

  A. Supports Dynamic Routing (Unicast and Multicast)
  B. Supports Dynamic Routing (Unicast Only)
  C. Supports Dynamic Routing (Multicast Only)
  D. Does not support Dynamic Routing
  A. Supports Dynamic Routing (Unicast and Multicast)
  B. Supports Dynamic Routing (Unicast Only)
  C. Supports Dynamic Routing (Multicast Only)
  D. Does not support Dynamic Routing

• Question 275:

  Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

  A. logd
  B. fwd
  C. fwm
  D. cpd
  B. fwd

  ---

  Explanation/Reference:

  The fwd process within the Security Management Server is responsible for the receiving of log records from Security Gateway. The fwd process handles the communication with the Security Gateways and log servers via TCP port 2571. The other processes have different roles, such as logd for writing logs to the database, fwm for handling GUI clients, and cpd for infrastructure tasks2. References: Check Point Ports Used for Communication by Various Check Point Modules, Check Point Processes Cheat Sheet ?LazyAdmins

• Question 276:

  Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?

  A. show interface eth0 mq
  B. ethtool A eth0
  C. ifconfig -i eth0 verbose D. ip show Int eth0
  B. ethtool A eth0

  ---

  Explanation/Reference:

  The command to identify the NIC driver before considering about the employment of the Multi-Queue feature is ethtool -i eth0, where eth0 is the name of the network interface. This command displays the information about the driver and firmware version of the NIC, as well as other details such as bus-info and supported features1. The Multi-Queue feature requires a NIC driver that supports multiple transmit and receive queues2. References: : ethtool(8) - Linux man page : How To Configure Multi-Queue NICs | Linode Docs

• Question 277:

  You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

  A. Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.
  B. Data Awareness is not enabled.
  C. Identity Awareness is not enabled.
  D. Logs are arriving from Pre-R81 gateways.
  B. Data Awareness is not enabled.

  ---

  Explanation/Reference:

  The most likely reason why you are not seeing any data type information in your logs even though you have enabled Full Log as a tracking option to a security rule is that Data Awareness is not enabled on your Security Gateway. Data Awareness is a feature that allows you to monitor and control data types that are transferred over HTTP, HTTPS, FTP, SMTP, POP3, or IMAP protocols. Data Awareness can identify over 700 data types, such as credit card numbers, social security numbers, bank account numbers, medical records, etc., and provide visibility into the data usage patterns of your users. Data Awareness can also enforce data loss prevention (DLP) policies to prevent sensitive data from leaving your network or entering your network from untrusted sources. To enable Data Awareness on your Security Gateway, you need to activate the Data Awareness Software Blade in SmartConsole and install the policy on the Security Gateway.

• Question 278:

  Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

  A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
  B. One machine
  C. Two machines
  D. Three machines
  C. Two machines

  ---

  Explanation/Reference:

  Tom will need two machines to install Check Point R81 in a distributed deployment, if he does not include a SmartConsole machine in his calculations. A distributed deployment consists of a Security Management Server that manages one or more Security Gateways. Therefore, Tom will need one machine for the Security Management Server and another machine for the Security Gateway. The other options are either too few or too many machines for a distributed deployment. References: Check Point R81 Installation and Upgrade Guide

• Question 279:

  What could NOT be a reason for synchronization issues in a Management HA environment?

  A. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate
  B. There is a network connectivity failure between the servers
  C. Servers are in Collision Mode. Two servers, both in active state cannot be synchronized either automatically or manually.
  D. The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server
  D. The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server

  ---

  Explanation/Reference:

  The statement that could not be a reason for synchronization issues in a Management HA environment is that the products installed on the servers do not match:

  one device is a Standalone Server while the other is only a Security Management server. This is not a valid reason because Management HA requires that both servers have the same products installed, either both as Standalone Servers or

  both as Security Management servers. The other statements are possible reasons for synchronization issues in a Management HA environment. References: [Check Point Security Expert R81 High Availability Administration Guide], page 11.

• Question 280:

  Office mode means that:

  A. SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
  B. Users authenticate with an Internet browser and use secure HTTPS connection.
  C. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
  D. Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
  D. Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

  ---

  Explanation/Reference:

  Office mode is a feature that allows a security gateway to assign a remote client an IP address from a network that is protected by the security gateway. This way, the remote client can access resources on the internal network as if it was physically connected to it. The IP address is assigned to the remote client after the user authenticates for a tunnel, and it is routable, meaning that it can be reached by other hosts on the network. Office mode is useful for scenarios where the remote client needs to use applications that rely on IP addresses, such as VoIP or file sharing12. References: 1: Support, Support Requests, Training ... - Check Point Software 2: Gaia R81.20 Administration Guide - Check Point Software