Which Operating Systems are supported for the Endpoint Security VPN?
A. Windows and x86 Solaris
B. Windows and macOS computers
C. Windows and SPARC Solaris
D. Windows and Red Hat Linux
Correct Answer: B
Endpoint Security VPN is a lightweight remote access client that supports Windows and macOS computers. It provides secure connectivity to corporate resources using L2TP/IPSec, SSL, or Check Point's proprietary VPN protocol. Endpoint Security VPN also integrates with other Endpoint Security products such as SandBlast Agent, Full Disk Encryption, Media Encryption, and Firewall. References: Check Point R81 Endpoint Security VPN Administration Guide, page 5
Question 312:
Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the
inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire
mode configuration, chain modules marked with _______ will not apply.
A. ffffffff
B. 00000001
C. 00000002
D. 00000003
Correct Answer: B
For Wire mode configuration, chain modules marked with 00000001 will not apply. Wire mode is a special configuration that allows a Security Gateway to pass traffic without inspection, acting as a bridge between two network segments. In Wire mode, only chain modules that are essential for basic functionality are applied, such as VPN, QoS, ClusterXL, and SecureXL. Chain modules that are related to inspection-based Software Blades, such as Firewall, IPS, Application Control, and so on, are skipped. The chain modules that are skipped are marked with 00000001 in the output of fw ctl chain command. References: Wire Mode
Question 313:
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
A. Application Control
B. Threat Emulation
C. Anti-Virus
D. Advanced Networking Blade
Correct Answer: D
The Advanced Networking Blade is not subscription-based and therefore does not have to be renewed on a regular basis. The Advanced Networking Blade is a software blade that provides advanced routing capabilities for Check Point Security Gateways. It supports dynamic routing protocols such as OSPF, BGP, RIP, and PIM, as well as features such as Policy-Based Routing (PBR), Multicast Routing, and IPv6 support. The Advanced Networking Blade is included in the Next Generation Firewall (NGFW) package and does not require a separate license.
Question 314:
From SecureXL perspective, what are the three paths of traffic flow:
A. Initial Path; Medium Path; Accelerated Path
B. Layer Path; Blade Path; Rule Path
C. Firewall Path; Accelerated Path; Medium Path
D. Firewall Path; Accept Path; Drop Path
Correct Answer: C
From SecureXL perspective, the three paths of traffic flow are Firewall Path, Accelerated Path, and Medium Path. Firewall Path is the path that handles packets that are not processed by SecureXL and are sent to the Firewall kernel for inspection. Accelerated Path is the path that handles packets that are processed by SecureXL and bypass the Firewall kernel. Medium Path is the path that handles packets that are partially processed by SecureXL and partially by the Firewall kernel1. References: Check Point R81 Performance Tuning Administration Guide
Question 315:
Which of the following is true regarding the Proxy ARP feature for Manual NAT?
A. The local.arp file must always be configured
B. Automatic proxy ARP configuration can be enabled
C. fw ctl proxy should be configured
D. Translate Destination on Client Side should be configured
Correct Answer: B
The verified answer is B. Automatic proxy ARP configuration can be enabled. Proxy ARP is a feature that allows a gateway to respond to ARP requests on behalf of another IP address that is not on the same network segment. Proxy ARP is required for manual NAT rules when the NATed IP addresses are not routed to the gateway1. By default, proxy ARP for manual NAT rules has to be configured manually by editing the local.arp file or using the CLISH commands on the gateway2. However, since R80.10, there is an option to enable automatic proxy ARP configuration for manual NAT rules by modifying the files $CPDIR/tmp/.CPprofile.sh and $CPDIR/tmp/.CPprofile.csh on the gateway3. fw ctl proxy is a command that displays the proxy ARP table on the gateway, but it does not configure proxy ARP4. Translate Destination on Client Side is a NAT option that determines whether the destination IP address is translated before or after the routing decision. It does not affect proxy ARP. References: Configuring Proxy ARP for Manual NAT - Check Point Software1 R80.10: Automatic Proxy ARP with Manual NAT rules - checkpointengineer2 Automatic creation of Proxy ARP for Manual NAT rules on Security Gateway R80.103 fw ctl proxy - Check Point Software NAT Properties - Check Point Software
Question 316:
To optimize Rule Base efficiency, the most hit rules should be where?
A. Removed from the Rule Base.
B. Towards the middle of the Rule Base.
C. Towards the top of the Rule Base.
D. Towards the bottom of the Rule Base.
Correct Answer: C
To optimize Rule Base efficiency, the most hit rules should be towards the top of the Rule Base. This is because the Rule Base is processed from top to bottom, and the first rule that matches the traffic is applied. Therefore, placing the most hit rules at the top reduces the number of rules that need to be checked and improves the performance of the firewall. References: R81 Security Management Administration Guide, page 97.
Question 317:
In which scenario will an administrator need to manually define Proxy ARP?
A. When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
B. When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
C. When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
D. When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall's interfaces.
Correct Answer: C
Proxy ARP is a technique that allows a device to respond to ARP requests on behalf of another IP address. Proxy ARP is required for Manual Static NAT when the translated IP address does not belong to one of the firewall's interfaces. This is because the firewall needs to intercept the packets destined to the translated IP address and forward them to the original IP address after applying the NAT rule. Without Proxy ARP, the packets would not reach the firewall and the NAT would not work. Proxy ARP is not required for Automatic Static NAT or Automatic Hide NAT, because these types of NAT use IP addresses that belong to the firewall's interfaces. Proxy ARP is also not required for Manual Hide NAT, because this type of NAT does not change the destination IP address of the packets, only the source IP address. References: Check Point R81 Security Management Administration Guide, page 115
Question 318:
Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:
A. cpexport
B. sysinfo
C. cpsizeme
D. cpinfo
Correct Answer: D
Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called cpinfo. Cpinfo is a utility that collects diagnostic data on a Check Point gateway, management server, or log server. It
generates a file that contains information such as product version, license details, OS details, network configuration, installed hotfixes, status of Check Point processes, firewall tables, etc. This file can be used by Check Point Support to
troubleshoot issues or analyze performance. References:
[Cpinfo Utility]
Question 319:
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?
A. Go to clash-Run cpstop | Run cpstart
B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway
C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
D. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy
Correct Answer: B
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After installation, the administrator needs to perform some additional tasks for it to function properly. The tasks that the administrator needs to perform are: Go to Clish-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway Go to SmartConsole | Install Security Policy The first task is to enable and configure CoreXL, which is a performance enhancement feature that allows running multiple instances of the firewall kernel on multiple CPU cores. CoreXL can be enabled and configured via cpconfig, which is a utility that provides a menu- based interface for various system settings. After enabling CoreXL, the administrator needs to reboot the Security Gateway for the changes to take effect. The second task is to install the security policy on the Security Gateway via SmartConsole, which is a unified graphical user interface for managing Check Point products. Installing the security policy will activate the CoreXL instances and distribute the traffic among them. References: R81 Performance Tuning Administration Guide, page 15; R81 Security Management Administration Guide, page 83.
Question 320:
Which of the following is an authentication method used for Identity Awareness?
A. RSA
B. SSL
C. Captive Portal
D. PKI
Correct Answer: C
Captive Portal is one of the authentication methods used for Identity Awareness, which is a feature of Check Point that enables you to identify users and apply security policy rules based on their identity. Captive Portal redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity. The references are: Machine Authentication and Identity Awareness - Check Point CheckMates Check Point Certified Security Expert R81.20, slide 13 Check Point R81 Identity Awareness Administration Guide, page 9
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.