CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 311:

  Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:

  A. 224.0.0.18
  B. 224 00 5
  C. 224.0.0.102
  D. 224.0.0.22
  A. 224.0.0.18

  ---

  Explanation/Reference:

  The multicast destination assigned by the Internet Assigned Numbers Authority (IANA) for VRRP is 224.0.0.18. This is a reserved multicast address that is used by VRRP routers to communicate with each other and announce their priority

  and state. Firewall policies must be configured to accept VRRP packets on the Gaia platform if it runs Firewall software. Otherwise, VRRP packets will be dropped by default. References:

  [Configuring VRRP on Gaia]

• Question 312:

  To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

  A. Accept Template
  B. Deny Template
  C. Drop Template
  D. NAT Template
  B. Deny Template

  ---

  Explanation/Reference:

  SecureXL templates are a mechanism to accelerate the rate of connection establishment by grouping connections that match a particular service and whose sole differentiating element is the source port. SecureXL templates enable even the very first packets of a TCP handshake to be accelerated, without waiting for the Firewall kernel to create a connection entry. The first packets of the first connection on the same service will be forwarded to the Firewall kernel, which will then create a template of the connection. The template will contain all the relevant information for the connection, such as source and destination IP addresses, destination port, NAT information, policy decision, etc. The template will be used by SecureXL to handle subsequent connections on the same service, without involving the Firewall kernel. This reduces the CPU load and increases the throughput. There are three types of SecureXL templates: Accept, Drop, and NAT. Accept templates are used for connections that are allowed by the Firewall policy. Drop templates are used for connections that are blocked by the Firewall policy. NAT templates are used for connections that require NAT translation. Deny templates are not a valid type of SecureXL template. References: SecureXL NAT Templates in R80.20 and lower, Part 3 - SecureXL, Security Gateway Performance Optimization - Part 5 - SecureXL

• Question 313:

  What command is used to manually failover a Multi-Version Cluster during the upgrade?

  A. clusterXL_admin down in Expert Mode
  B. clusterXL_admin down in Clish
  C. set cluster member state down in Clish
  D. set cluster down in Expert Mode
  B. clusterXL_admin down in Clish

  ---

  Explanation/Reference:

  The command used to manually failover a Multi-Version Cluster during the upgrade is clusterXL_admin down in Clish. This command causes the cluster member to stop passing traffic and switch to the Down state. This triggers a failover to another cluster member that is in the Active or Ready state. This command can be used during a Multi- Version Cluster upgrade to manually control which cluster member handles the traffic. The other options are not valid commands for manually failing over a Multi-Version Cluster. References: : Check Point Software, Getting Started, Manually Failing Over a Cluster Member.

• Question 314:

  An established connection is going to www.google.com. The Application Control Blade Is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?

  A. Slow Path
  B. Fast Path
  C. Medium Path
  D. Accelerated Path
  C. Medium Path

  ---

  Explanation/Reference:

• Question 315:

  The "Hit count" feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to "None"?

  A. No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert.
  B. Yes it will work independently as long as "analyze all rules" tick box is enabled on the Security Gateway.
  C. No, it will not work independently because hit count requires all rules to be logged.
  D. Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.
  D. Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.

  ---

  Explanation/Reference:

  The Hit Count feature allows tracking the number of connections that each rule matches, regardless of the Track option set for the rule. When you enable Hit Count, the Security Management Server collects the data from supported Security Gateways and displays it in SmartConsole. You can use the Hit Count feature to optimize your rule base by identifying unused or rarely used rules, or rules that match too many connections.

• Question 316:

  What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?

  A. test_connectivity_ad
  B. test_ldap_connectivity
  C. test_ad_connectivity
  D. ad_connectivity_test
  C. test_ad_connectivity

  ---

  Explanation/Reference:

  The CLI utility that runs connectivity tests from a Security Gateway to an AD domain controller is test_ad_connectivity -d . This command tests the connectivity between the gateway and the domain controller using LDAP, Kerberos, and WMI protocols. It also verifies the identity awareness configuration and shows the relevant logs3. The other options are not valid commands for testing AD connectivity. References: 3: Check Point Software, Getting Started, Testing Active Directory Connectivity.

• Question 317:

  Main Mode in IKEv1 uses how many packages for negotiation?

  A. 4
  B. depends on the make of the peer gateway
  C. 3
  D. 6
  D. 6

  ---

  Explanation/Reference:

  Main Mode in IKEv1 uses six packets for negotiation1. Main Mode is the default mode for IKE phase I, which establishes a secure channel between the peers. Main Mode performs the following steps2: The peers exchange their security policies and agree on a common set of parameters. The peers generate a shared secret key using the Diffie-Hellman algorithm. The peers authenticate each other using pre-shared keys, digital signatures, or public key encryption. Main Mode is partially encrypted, from the point at which the shared DH key is known to both peers2. Main Mode provides more security than Aggressive Mode, which uses only three packets for negotiation, but is faster and simpler2. References: Check Point gateways always send main IP address as IKE Main Mode ID - Check Point Software, IPsec and IKE - Check Point Software

• Question 318:

  What is the command switch to specify the Gaia API context?

  A. You have to specify it in the YAML file api.yml which is located underneath the /etc. directory of the security management server
  B. You have to change to the zsh-Shell which defaults to the Gaia API context.
  C. No need to specify a context, since it defaults to the Gaia API context.
  D. mgmt_cli --context gaia_api
  D. mgmt_cli --context gaia_api

  ---

  Explanation/Reference:

  The command switch to specify the Gaia API context is mgmt_cli --context gaia_api . This switch allows the user to execute Gaia OS commands through the management API. The Gaia API context is different from the default management API context, which is used to execute commands related to the security policy and objects1. References: Check Point R81 Management API Reference Guide

• Question 319:

  Which one of the following is true about Capsule Connect?

  A. It is a full layer 3 VPN client
  B. It offers full enterprise mobility management
  C. It is supported only on iOS phones and Windows PCs
  D. It does not support all VPN authentication methods
  A. It is a full layer 3 VPN client

  ---

  Explanation/Reference:

  Capsule Connect is a full layer 3 VPN client that provides secure and seamless remote access to corporate networks from iOS and Android devices. It supports all VPN authentication methods, such as certificates, passwords, tokens, and challenge- response. It also supports split tunneling and seamless roaming. References: Capsule Connect Datasheet, Capsule Connect Administration Guide

• Question 320:

  SmartEvent Security Checkups can be run from the following Logs and Monitor activity:

  A. Reports
  B. Advanced
  C. Checkups
  D. Views
  A. Reports

  ---

  Explanation/Reference:

  SmartEvent Security Checkups can be run from the Reports activity in Logs and Monitor. A Security Checkup is a report that analyzes network traffic and security events and provides recommendations for improving security posture. To run a Security Checkup, go to Logs and Monitor > Reports > New Report > Security Checkup. The other activities in Logs and Monitor do not have the option to run a Security Checkup. References: : Check Point Software, Getting Started, Running a Security Checkup Report.