CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 21:

  Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?

  A. fw tab -t connections -s
  B. fw tab -t connections
  C. fw tab -t connections -c
  D. fw tab -t connections -f
  B. fw tab -t connections

  ---

  Explanation/Reference:

  The command that may impact performance briefly and should not be used during heavy traffic times of day is fw tab -t connections. This command displays all the entries in the connections table, which can be very large and consume a lot of CPU resources. The other commands are less intensive and can be used safely. The command fw tab -t connections -s displays only the statistics of the connections table, such as number of entries, peak size, etc. The command fw tab -t connections -c clears all the entries in the connections table. The command fw tab -t connections -f displays only the entries that match a filter expression. References: [fw tab Command]

• Question 22:

  Which firewall daemon is responsible for the FW CLI commands?

  A. fwd
  B. fwm
  C. cpm
  D. cpd
  A. fwd

  ---

  Explanation/Reference:

  Which firewall daemon is responsible for the FW CLI commands? The firewall daemon that is responsible for the FW CLI commands is fwd. This daemon handles the communication between the firewall kernel and the user space processes, such as SmartConsole, SmartView Tracker, etc. The FW CLI commands are used to control and monitor various aspects of the firewall, such as connections, policy installation, logs, NAT, etc. The FW CLI commands are executed with the prefix fw, such as fw stat, fw tab, fw monitor, etc. References: R81 Command Line Interface Reference Guide, page 13.

• Question 23:

  Vanessa is a Firewall administrator. She wants to test a backup of her company's production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup

  via SmartConsole in lab environment.

  Which details she need to fill in System Restore window before she can click OK button and test the backup?

  A. Server, SCP, Username, Password, Path, Comment, Member
  B. Server, TFTP, Username, Password, Path, Comment, All Members
  C. Server, Protocol, Username, Password, Path, Comment, All Members
  D. Server, Protocol, username Password, Path, Comment, Member
  C. Server, Protocol, Username, Password, Path, Comment, All Members

  ---

  Explanation/Reference:

  According to the Check Point website, Vanessa needs to fill in the following details in the System Restore window before she can click OK button and test the backup: Server, Protocol, Username, Password, Path, Comment, All Members. These details specify the source and destination of the backup file, as well as the scope of the restore operation. The other options are either missing or incorrect details. References: System Restore

• Question 24:

  The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be?

  A. field_name:string
  B. name field:string
  C. name_field:string
  D. field name:string
  A. field_name:string

  ---

  Explanation/Reference:

  The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, the syntax is field_name:string. For example, to search for all rules that have a comment containing "VPN", the syntax is comment:VPN. The other options are not valid syntaxes for searching for a value in a field3. References: 3: Check Point Software, Getting Started, Searching for Text Strings.

• Question 25:

  The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

  A. Secure Internal Communication (SIC)
  B. Restart Daemons if they fail
  C. Transfers messages between Firewall processes
  D. Pulls application monitoring status
  D. Pulls application monitoring status

  ---

  Explanation/Reference:

  The CPD daemon is a Firewall Kernel Process that does not pull application monitoring status. The CPD daemon is responsible for Secure Internal Communication (SIC), restarting daemons if they fail, transferring messages between Firewall processes, and managing policy installation. References: CPD process

• Question 26:

  While using the Gaia CLI. what is the correct command to publish changes to the management server?

  A. json publish
  B. mgmt publish
  C. mgmt_cli commit D. commit
  B. mgmt publish

  ---

  Explanation/Reference:

  While using the Gaia CLI, the correct command to publish changes to the management server is mgmt publish. This command publishes all changes made by all administrators since the last publish operation. The json publish command is not valid in Gaia CLI. The mgmt_cli commit command is used to publish changes made by a specific administrator session. The commit command is used to save configuration changes in Gaia CLI. References: Publishing Changes

• Question 27:

  Which of the following statements about SecureXL NAT Templates is true?

  A. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.
  B. DROP Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.
  C. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if Accept Templates are disabled.
  D. ACCEPT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.
  A. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.

  ---

  Explanation/Reference:

  NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled1. According to the web search results, NAT Templates are a feature of SecureXL that accelerates the performance of the Security Gateway by offloading CPU-intensive operations to the SecureXL device2. NAT Templates are supported for Static NAT and Hide NAT using the existing SecureXL Templates mechanism1. NAT Templates are disabled by default on Check Point Security Gateway R80.10 and below, but they are not relevant to SecureXL in versions R80.20 and above, as all template handling has moved to the Firewall1. NAT Templates can be enabled or disabled by setting the relevant kernel parameters in $FWDIR/boot/modules/fwkern.conf file1. References: SecureXL NAT Templates in R80.20 and lower - Check Point Software, SecureXL - Check Point Software

• Question 28:

  You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

  A. Inspect/Bypass
  B. Inspect/Prevent
  C. Prevent/Bypass
  D. Detect/Bypass
  A. Inspect/Bypass

  ---

  Explanation/Reference:

  You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines an Inspect or Bypass action for the file types. The Inspect action means that the file will be sent to the Threat Emulation engine for analysis, and the Bypass action means that the file will not be sent and will be allowed or blocked based on other Threat Prevention blades1. The other options are not valid actions for file types in Threat Prevention profiles. References: Check Point R81 Threat Prevention Administration Guide

• Question 29:

  In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

  A. Publish changes
  B. Save changes
  C. Install policy
  D. Install database
  C. Install policy

  ---

  Explanation/Reference:

  In order for changes made to policy to be enforced by a Security Gateway, an administrator must perform the action of installing policy. Installing policy is the process of transferring the policy package from the Security Management Server to the Security Gateway. Publishing changes is the process of saving changes to the database and making them available to other administrators. Saving changes is the process of saving changes to a session without publishing them2. References: Check Point R81 Security Management Guide

• Question 30:

  On R81.20 the IPS Blade is managed by:

  A. Threat Protection policy
  B. Anti-Bot Blade
  C. Threat Prevention policy
  D. Layers on Firewall policy
  C. Threat Prevention policy

  ---

  Explanation/Reference:

  On R81.20 the IPS Blade is managed by the Threat Prevention policy. The Threat Prevention policy is a unified policy that includes Anti-virus, IPS, Anti-bot, and Threat Emulation software blades. The IPS blade provides protection against network attacks and exploits by inspecting the traffic and blocking malicious packets. The IPS blade can be configured with different profiles and exceptions to suit different security needs. References: R81 Threat Prevention Administration Guide, page 15.