CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 291:

  You had setup the VPN Community VPN-Stores'with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways

  A. action:"Key Install" AND 1.1.1.1 AND Main Mode
  B. action:"Key Install- AND 1.1.1.1 ANDQuick Mode
  C. Blade:"VPN" AND VPN-Stores AND Main Mode
  D. Blade:"VPN" AND VPN-Stores AND Quick Mode
  B. action:"Key Install- AND 1.1.1.1 ANDQuick Mode

  ---

  Explanation/Reference:

  The best log filter to see only the IKE Phase 2 agreed networks for both gateways is B. action:"Key Install" AND 1.1.1.1 AND Quick Mode1. This filter will show you the logs that indicate the successful establishment of IKE Phase 2, which is also known as Quick Mode2. In this phase, the Security Gateway and the remote gateway negotiate the IPSec Security Associations (SAs) and exchange the encryption keys for the VPN tunnel2. The action:"Key Install" field shows that the SAs were installed successfully3. The 1.1.1.1 field shows that the logs are related to the remote gateway with that IP address3. The Quick Mode field shows that the logs are related to IKE Phase 2, as opposed to Main Mode, which is IKE Phase 13. To use this filter, you need to go to SmartConsole, open SmartLog, and enter the filter expression in the search box3. References: How to troubleshoot VPN issues with IKEVIEW tool - Check Point Software, IPsec and IKE - Check Point Software, SmartLog R81.20 Administration Guide - Check Point Software

• Question 292:

  Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

  A. TCP Port 18190
  B. TCP Port 18209
  C. TCP Port 19009
  D. TCP Port 18191
  D. TCP Port 18191

  ---

  Explanation/Reference:

  Check Point Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC using TCP port 18191 by default. CDT is a tool that allows you to perform simultaneous configuration changes on multiple gateways or clusters using predefined commands or scripts. References: Check Point Central Deployment Tool (CDT)

• Question 293:

  When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?

  A. ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data
  B. ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments
  C. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud
  D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary
  D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

  ---

  Explanation/Reference:

  ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary. ThreatCloud is a cloud-based service that collects and analyzes threat intelligence from multiple sources, such as Check Point products, third-party vendors, open sources, and customers. ThreatCloud provides real-time updates and feeds to Check Point products, such as SandBlast, which is a solution that detects and prevents zero-day attacks by emulating files in a sandbox environment. By integrating with ThreatCloud, a Threat Emulation appliance can benefit from the shared information about malicious and benign files, and avoid emulating files that are already known to be safe or harmful. This can improve the performance and efficiency of the Threat Emulation appliance. The other options are either incorrect or not relevant to ThreatCloud or Threat Emulation.

• Question 294:

  The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .

  A. TCP 18211
  B. TCP 257
  C. TCP 4433
  D. TCP 443
  D. TCP 443

• Question 295:

  On the following picture an administrator configures Identity Awareness:

  

  After clicking "Next" the above configuration is supported by:

  A. Kerberos SSO which will be working for Active Directory integration
  B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user.
  C. Obligatory usage of Captive Portal.
  D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication.
  B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user.

  ---

  Explanation/Reference:

  After clicking "Next", the above configuration is supported by Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user. This is a feature of Identity Awareness that allows the Security Gateway to identify users and machines on the network and enforce security policies based on their identity. The administrator can configure Identity Awareness to use various methods for acquiring identity, including Active Directory integration, browser-based authentication, terminal servers, and transparent authentication1. References: Check Point Resource Library, page 3.

• Question 296:

  In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

  A. Basic, Optimized, Strict
  B. Basic, Optimized, Severe
  C. General, Escalation, Severe
  D. General, purposed, Strict
  A. Basic, Optimized, Strict

  ---

  Explanation/Reference:

  Threat Prevention has three out-of-the-box profiles: Basic, Optimized, and Strict. These profiles define the default actions for different threat prevention blades, such as Anti-Virus, Anti-Bot, IPS, etc. You cannot change the settings of these profiles, but you can clone them and create new profiles with customized settings. References: Training and Certification | Check Point Software, CCSE section

• Question 297:

  What are the main stages of a policy installation?

  A. Initiation, Conversion and FWD REXEC
  B. Verification, Commit, Installation
  C. Initiation, Conversion and Save
  D. Verification Compilation, Transfer and Commit
  D. Verification Compilation, Transfer and Commit

  ---

  Explanation/Reference:

  The main stages of a policy installation are Verification, Compilation, Transfer, and Commit. Verification is the stage where the policy is checked for syntax errors and conflicts. Compilation is the stage where the policy is translated into a binary format that can be executed by the Security Gateway. Transfer is the stage where the policy is sent from the Security Management Server to the Security Gateway. Commit is the stage where the policy is activated on the Security Gateway3. References: Check Point R81 Security Management Guide

• Question 298:

  There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational.

  When it re-joins the cluster, will it become active automatically?

  A. No, since `maintain' current active cluster member' option on the cluster object properties is enabled by default.
  B. No, since `maintain' current active cluster member' option is enabled by default on the Global Properties.
  C. Yes, since `Switch to higher priority cluster member' option on the cluster object properties is enabled by default.
  D. Yes, since `Switch to higher priority cluster member' option is enabled by default on the Global Properties.
  A. No, since `maintain' current active cluster member' option on the cluster object properties is enabled by default.

  ---

  Explanation/Reference:

  There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational. When it re-joins the cluster, it will not become active automatically, since `maintain current active cluster member' option on the cluster object properties is enabled by default. This option prevents a failback to the original active member after a failover, unless the current active member fails or is manually switched over. This option provides stability and avoids unnecessary failovers. References: R77 ClusterXL Administration Guide, page 23.

• Question 299:

  What are the different command sources that allow you to communicate with the API server?

  A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services
  B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services
  C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
  D. API_cli Tool, Gaia CLI, Web Services
  B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

  ---

  Explanation/Reference:

  You can communicate with the API server using three command sources:

  SmartConsole GUI Console, mgmt_cli Tool, and Gaia CLI. Web Services are not a command source, but a way to access the API server using HTTP requests.

  References: Check Point Management APIs

• Question 300:

  Which component is NOT required to communicate with the Web Services API?

  A. API key
  B. session ID token
  C. content-type
  D. Request payload
  A. API key

  ---

  Explanation/Reference:

  The component that is not required to communicate with the Web Services API is the API key. The Web Services API uses a session ID token for authentication, which is obtained by sending a login request with a valid username and password. The other components are required for sending requests and receiving responses from the Web Services API. The content-type specifies the format of the data being sent or received, such as JSON or XML. The request payload contains the data and parameters for the API call, such as command name, object name, etc. References: [Web Services API Reference Guide]