CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 301:

  A user complains that some Internet resources are not available. The Administrator is having issues seeing it packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue?

  A. run fw unloadlocal" on the relevant gateway and check the ping again
  B. run "cpstop" on the relevant gateway and check the ping again
  C. run `'fw log" on the relevant gateway
  D. run `'fw ctl zdebug drop" on the relevant gateway
  D. run `'fw ctl zdebug drop" on the relevant gateway

  ---

  Explanation/Reference:

  The solution to troubleshoot the issue of some Internet resources being unavailable is to run fw ctl zdebug drop on the relevant gateway1. This command lists all dropped packets in real time and explains the reasons for the drop2. It is a powerful tool that can help diagnose connectivity problems and firewall policy issues3. To use this command, you need to access the gateway in expert mode and run fw ctl zdebug + drop2. You can also filter the output by using grep with an IP address or a keyword, for example: fw ctl zdebug + drop | grep 10.10.10.10 or fw ctl zdebug + drop | grep SYN3. This command is a wrapper for the full debugs, and it will run the debug commands for you and will allow you to run debug from one debug module only4. By default, it will use a small debug buffer but if you wish, you can provide the -buf option to use your own size4. To stop the command, press Ctrl+C and then run fw ctl debug 0 to reset the debug state3. Note: Running this command may affect the performance of the firewall, so use it with caution and only when necessary3. References: Solved: is it possible /supported to run fw ctl zdebug on ... - Check ..., How to use the fw ctl zdebug command to view drops on the Security Gateway, Troubleshooting dropped packets in Checkpoint using zdebug, "fw ctl zdebug" - Helpful Command Combinations - Check Point CheckMates

• Question 302:

  What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?

  A. Specific VPN Communities
  B. Remote Access VPN Switch
  C. Mobile Access VPN Domain
  D. Network Access VPN Domain
  D. Network Access VPN Domain

  ---

  Explanation/Reference:

  The "Network Access VPN Domain" feature allows remote-access VPN users to access resources across a site-to-site VPN tunnel. This feature allows remote users to securely access internal network resources as if they were physically connected to the network. This is achieved by adding the remote-access VPN users to a "VPN Domain" that has access to the internal network resources via a site-to-site VPN tunnel. This VPN Domain is also referred to as a "Network Access VPN Domain".

• Question 303:

  In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

  A. Accounting
  B. Suppression
  C. Accounting/Suppression
  D. Accounting/Extended
  C. Accounting/Suppression

  ---

  Explanation/Reference:

  In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. The option that can be added to each Log, Detailed Log and Extended Log is Accounting/Suppression. Accounting/Suppression is a feature that allows administrators to control how often logs are generated for certain rules or connections. Accounting means that logs are generated periodically based on a specified interval or volume. Suppression means that logs are generated only for the first and last packet of a connection or session. Accounting/Suppression can be added to any tracking option to reduce the number of logs and save disk space.

• Question 304:

  Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?

  

  A. set web ssl-port
  B. set Gaia-portal port
  C. set Gaia-portal https-port
  D. set web https-port
  A. set web ssl-port

  ---

  Explanation/Reference:

  The CLISH command to change the default Gaia WebUI Portal port number is set web ssl-port . This command will change the port that the WebUI listens on for HTTPS connections. After changing the port, you need to save the configuration with save config and verify that the change was applied with show web ssl- port. You also need to update the Main URL in the Platform Portal section of the gateway object in SmartConsole and install the policy.

• Question 305:

  Check Point security components are divided into the following components:

  A. GUI Client, Security Gateway, WebUI Interface
  B. GUI Client, Security Management, Security Gateway
  C. Security Gateway, WebUI Interface, Consolidated Security Logs
  D. Security Management, Security Gateway, Consolidate Security Logs
  B. GUI Client, Security Management, Security Gateway

  ---

  Explanation/Reference:

  Check Point security components are divided into the following components: GUI Client, Security Management, Security Gateway. GUI Client is the graphical user interface that allows administrators to configure, manage, and monitor Check Point products and security policies. Security Management is the server that stores and enforces the security policies and provides logging and reporting functions. Security Gateway is the device that inspects and filters network traffic according to the security policies.

• Question 306:

  Is it possible to establish a VPN before the user login to the Endpoint Client?

  A. yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway
  B. no, the user must login first.
  C. yes. you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway
  D. yes, you had to enable Machine Authentication in the Gateway object of the Smart Console
  D. yes, you had to enable Machine Authentication in the Gateway object of the Smart Console

  ---

  Explanation/Reference:

  You can establish a VPN before the user login to the Endpoint Client by enabling Machine Authentication in the Gateway object of the Smart Console1. Machine Authentication is a feature that allows you to authenticate with a machine

  certificate and establish a VPN tunnel before the Windows Logon2. This feature provides the following benefits2:

  It enhances the security of the VPN connection by verifying the identity of the machine before allowing access to the network. It simplifies the user experience by eliminating the need to enter credentials twice (once for the VPN and once for

  the Windows Logon). It enables seamless connectivity to the network resources and domain services, such as Group Policy, login scripts, and mapped drives. Machine Authentication is supported on Check Point Endpoint Security Client for

  Windows with E80.71 and higher versions2. It requires a hotfix on top of R77.30 jumbo 286 on the Security Gateway2. To configure Machine Authentication, you need to do the following steps2:

  Generate and distribute machine certificates to the Endpoint machines using a trusted Certificate Authority (CA).

  Enable Machine Authentication in the Gateway object of the Smart Console and select the CA that issued the machine certificates. Install policy on the Security Gateway and reboot it. Enable Machine Authentication in the Endpoint Security

  Client and select the machine certificate to use.

• Question 307:

  R81.20 management server can manage gateways with which versions installed?

  A. Versions R77 and higher
  B. Versions R76 and higher
  C. Versions R75.20 and higher
  D. Versions R75 and higher
  C. Versions R75.20 and higher

  ---

  Explanation/Reference:

  R81.20 management server can manage gateways with versions R75.20 and higher. However, some features may not be supported on older gateway versions. For example, R81 introduces a new feature called Infinity Threat Prevention, which requires R81 gateways to work properly. Therefore, it is recommended to upgrade your gateways to the latest version to take advantage of all the new features and enhancements in R81.

• Question 308:

  : 131

  Which command is used to display status information for various components?

  A. show all systems
  B. show system messages
  C. sysmess all D. show sysenv all
  D

  ---

  Explanation/Reference:

  The command used to display status information for various components is show sysenv all. This command provides comprehensive status information about the system's environment and various components, including hardware and software components. It can be useful for troubleshooting and monitoring the system's health.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.:

• Question 309:

  If you needed the Multicast MAC address of a cluster, what command would you run?

  A. cphaprob if
  B. cphaconf ccp multicast
  C. cphaconf debug data
  D. cphaprob igmp
  D. cphaprob igmp

  ---

  Explanation/Reference:

  The command cphaprob igmp can be used to display the Multicast MAC address of a cluster. This command shows the IGMP (Internet Group Management Protocol) information for each cluster interface, including the VRID (Virtual Router ID), the Multicast IP address, and the Multicast MAC address3. The other commands do not show the Multicast MAC address information. References: Check Point R81 ClusterXL Administration Guide

• Question 310:

  Fill in the blank: __________ information is included in "Full Log" tracking option, but is not included in "Log" tracking option?

  A. Destination port
  B. Data type
  C. File attributes
  D. Application
  B. Data type

  ---

  Explanation/Reference:

  The Full Log tracking option includes more information than the Log tracking option, such as the data type of the traffic. The data type indicates the type of content that was transferred, such as text, image, video, or audio. The data type can be used for filtering and reporting purposes. The Log tracking option only includes basic information, such as source, destination, service, action, and time.