CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 281:

  What is the name of the secure application for Mail/Calendar for mobile devices?

  A. Capsule Workspace
  B. Capsule Mail
  C. Capsule VPN
  D. Secure Workspace
  A. Capsule Workspace

  ---

  Explanation/Reference:

  The secure application for Mail/Calendar for mobile devices in Check Point is called "Capsule Workspace." Capsule Workspace provides secure access to email and calendar data on mobile devices while maintaining security policies and controls.

  References: Check Point Certified Security Expert R81 documentation and learning resources.

• Question 282:

  What API command below creates a new host object with the name "My Host" and IP address of "192 168 0 10"?

  A. set host name "My Host" ip-address "192.168.0.10"
  B. new host name "My Host" ip-address "192 168.0.10"
  C. create host name "My Host" ip-address "192.168 0.10"
  D. mgmt.cli -m add host name "My Host" ip-address "192.168.0 10"
  A. set host name "My Host" ip-address "192.168.0.10"

  ---

  Explanation/Reference:

  Check Point API is an interface that allows users to automate tasks and manage Check Point products using RESTful web service calls. Check Point API uses JSON format for requests and responses. To create a new host object with the

  name "My Host" and IP address of "192.168.0.10", users need to use the set host command with the name and ip-address parameters6. The command syntax is:

  set host name "My Host" ip-address "192.168.0.10"

  Therefore, the correct answer is A.

  References: 6: Check Point API reference

• Question 283:

  Which is the correct order of a log flow processed by SmartEvent components?

  A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
  B. Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
  C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
  D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
  D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client

  ---

  Explanation/Reference:

  The correct order of a log flow processed by SmartEvent components is:

  Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client. The Firewall generates logs for traffic and security events. The Log Server receives and stores the logs from the Firewall. The Correlation Unit

  analyzes the logs and generates SmartEvent events based on predefined or custom rules. The SmartEvent Server Database stores the events generated by the Correlation Unit. The SmartEvent Client displays the events and reports from

  the SmartEvent Server Database. References: :

  Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 12; : Check Point Software, Training and Certification, SmartEvent Introduction.

• Question 284:

  

  What can we infer about the recent changes made to the Rule Base?

  A. Rule 7 was created by the `admin' administrator in the current session
  B. 8 changes have been made by administrators since the last policy installation
  C. The rules 1, 5 and 6 cannot be edited by the `admin' administrator
  D. Rule 1 and object webserver are locked by another administrator
  D. Rule 1 and object webserver are locked by another administrator

  ---

  Explanation/Reference:

  Based on the image provided by the user, we can infer that rule 1 and object webserver are locked by another administrator. This is because they have red lock icons next to them, which indicate that they are being edited by another administrator in another session. The lock icons prevent other administrators from modifying these objects until the changes are published or discarded by the original administrator. The lock icons also show the name of the administrator who locked the objects when hovered over with the mouse cursor. The other options are incorrect because: Rule 7 was not created by the `admin' administrator in the current session, but by another administrator in another session. This is because it has a blue lock icon next to it, which indicates that it was added by another administrator in another session. The blue lock icon prevents other administrators from deleting this rule until the changes are published or discarded by the original administrator. 8 changes have not been made by administrators since the last policy installation, but in the current session by the `admin' administrator. This is because there is a yellow number 8 next to the Install Policy button, which indicates that there are 8 unpublished changes in the current session by the `admin' administrator. These changes will be published or discarded when the `admin' administrator clicks on Publish or Discard buttons. The rules 1, 5 and 6 can be edited by the `admin' administrator, but only after unlocking them from another administrator who locked them in another session. This is because they have red lock icons next to them, which indicate that they are being edited by another administrator in another session. The `admin' administrator can unlock these rules by right-clicking on them and selecting Unlock from the menu. However, this will discard the changes made by the original administrator who locked them.

• Question 285:

  Both ClusterXL and VRRP are fully supported by Gaia R81.20 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?

  A. cphaprob stat
  B. cphaprob if
  C. cphaprob list
  D. cphaprob all show stat
  D. cphaprob all show stat

  ---

  Explanation/Reference:

  The command cphaprob all show stat is not related to redundancy and functions. This command does not exist in ClusterXL or VRRP. The other commands are valid commands for checking the status of cluster members, interfaces, and synchronization. ClusterXL and VRRP are both high availability solutions that provide redundancy and load balancing for Check Point gateways. References: Check Point Security Expert R81 Course, ClusterXL Administration Guide, VRRP Administration Guide

• Question 286:

  Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

  A. User Directory
  B. Captive Portal and Transparent Kerberos Authentication
  C. Captive Portal
  D. UserCheck
  B. Captive Portal and Transparent Kerberos Authentication

  ---

  Explanation/Reference:

  Browser-based Authentication is a method of acquiring identities from unidentified users by sending them to a web page where they can log in and authenticate. Browser-based Authentication uses two techniques to acquire identities: Captive Portal and Transparent Kerberos Authentication1. Captive Portal is a simple method that attempts authentication through a web interface before granting a user access to Intranet resources. When a user tries to access a protected resource, they are redirected to a web page where they have to enter their credentials. The credentials are verified by the Identity Awareness Security Gateway or an external authentication server. If the authentication is successful, the user's identity is associated with their IP address and they are allowed to access the resource12. Transparent Kerberos Authentication is a more seamless method that leverages the existing Kerberos infrastructure in the network. When a user tries to access a protected resource, the Identity Awareness Security Gateway intercepts the Kerberos ticket request and extracts the user's identity from it. The user's identity is then associated with their IP address and they are allowed to access the resource without any additional prompts. This method requires that the Identity Awareness Security Gateway is configured as a trusted proxy in the Active Directory domain12. Therefore, the correct answer is B. Browser-based Authentication sends users to a web page to acquire identities using Captive Portal and Transparent Kerberos Authentication. References: 1, THE IMPORTANCE OF ACCESS ROLES - Check Point Software, page 2 2, Browser-based Authentication Check Point - Bing 3, How to Configure Client Authentication - Check Point Software, page 1 4, Identity Sources - Check Point Software 5, Configuring Browser-Based Authentication - Check Point Software 6, Two Factor Authentication - Check Point Software

• Question 287:

  Which TCP port does the CPM process listen on?

  A. 18191
  B. 18190
  C. 8983
  D. 19009
  D. 19009

  ---

  Explanation/Reference:

  The TCP port that the CPM process listens on is 19009. The CPM process is the Check Point Management process that handles all management operations on the Security Management Server, such as policy installation, database synchronization, logging, etc. It communicates with other processes and clients using TCP port 19009. The other ports are used by different processes or services. TCP port 18191 is used by the FWM process for management communication. TCP port 18190 is used by the CPD process for inter-process communication. TCP port 8983 is used by the Solr process for SmartLog indexing. References: [Check Point Ports]

• Question 288:

  What is UserCheck?

  A. Messaging tool used to verify a user's credentials.
  B. Communication tool used to inform a user about a website or application they are trying to access.
  C. Administrator tool used to monitor users on their network.
  D. Communication tool used to notify an administrator when a new user is created.
  B. Communication tool used to inform a user about a website or application they are trying to access.

  ---

  Explanation/Reference:

  UserCheck is a communication tool used to inform a user about a website or application they are trying to access. UserCheck allows administrators to interact with users in real time, informing them of the security policy and the actions they need to take. UserCheck can also enable users to self-remediate incidents or request exceptions from the administrator. References: Training and Certification | Check Point Software, Check Point Resource Library

• Question 289:

  How can you grant GAiAAPI Permissions for a newly created user?

  A. Assign the user a permission profile in SmartConsole
  B. Assign the user the admin RBAC role in dish
  C. No need to grant access since every user has access by default.
  D. In bash, use the following command: "gaia_api access --user Tom -enable true"
  A. Assign the user a permission profile in SmartConsole

  ---

  Explanation/Reference:

  To grant GAiAAPI permissions for a newly created user, you need to assign the user a permission profile in SmartConsole. A permission profile defines the access level and scope of actions that a user can perform using the GAiAAPI. You can choose from predefined permission profiles or create your own custom profiles. You cannot grant GAiAAPI permissions using dish or bash commands. References: [Check Point Security Expert R81 API Reference Guide], page 9.

• Question 290:

  What is the most recommended way to install patches and hotfixes?

  A. CPUSE Check Point Update Service Engine
  B. rpm -Uv
  C. Software Update Service
  D. UnixinstallScript
  A. CPUSE Check Point Update Service Engine

  ---

  Explanation/Reference:

  The most recommended way to install patches and hotfixes is CPUSE (Check Point Update Service Engine). CPUSE is a tool that automates the process of upgrading and installing software packages on Check Point devices. CPUSE can work in online mode or offline mode. Online mode requires an Internet connection to download the packages from Check Point servers. Offline mode allows you to download the packages manually from another device and transfer them to the target device using a USB drive or SCP. References: Check Point Security Expert R81 Course, CPUSE Administration Guide