CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 321:

  Check Point ClusterXL Active/Active deployment is used when:

  A. Only when there is Multicast solution set up.

  B. There is Load Sharing solution set up.

  C. Only when there is Unicast solution set up.

  D. There is High Availability solution set up.

  Correct Answer: B

  Check Point ClusterXL Active/Active deployment is used when there is Load Sharing solution set up. Load Sharing is a ClusterXL mode that allows distributing the network traffic between all cluster members, while still providing high availability in case of failures. Load Sharing can be configured as either Unicast or Multicast, depending on the network topology and switches support. References: R81 ClusterXL Administration Guide, page 9.

• Question 322:

  The WebUI offers several methods for downloading hotfixes via CPUSE except:

  A. Automatic

  B. Force override

  C. Manually

  D. Scheduled

  Correct Answer: B

  The WebUI offers three methods for downloading hotfixes via CPUSE: Automatic, Manually, and Scheduled. Force override is not a valid method for downloading hotfixes. Force override is an option that can be used when installing a hotfix to override the compatibility check and force the installation of the hotfix. References: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent)

• Question 323:

  Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy:

  A. ReverseCLIProxy

  B. ReverseProxyCLI

  C. ReverseProxy

  D. ProxyReverseCLI

  Correct Answer: C

  Mobile Access Gateway can be configured as a reverse proxy for internal web applications. Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. The Security Gateway then forwards the requests to the

  internal web servers and returns the responses to the users. To enable reverse proxy mode on the Mobile Access Gateway, the administrator needs to run the ReverseProxy command on the command line interface of the Security Gateway5.

  Therefore, the correct answer is C.

  References: 5: Reverse Proxy Mode

• Question 324:

  Why would an administrator see the message below?

  

  A. A new Policy Package created on both the Management and Gateway will be deleted and must be backed up first before proceeding.

  B. A new Policy Package created on the Management is going to be installed to the existing Gateway.

  C. A new Policy Package created on the Gateway is going to be installed on the existing Management.

  D. A new Policy Package created on the Gateway and transferred to the Management will be overwritten by the Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.

  Correct Answer: B

  A Policy Package is a set of rules and settings that define how a Security Gateway enforces security on traffic that passes through it. A Policy Package can be created on either the Management Server or the Security Gateway, but it must be

  installed on both to take effect. When a new Policy Package is created on the Management Server, it must be installed on an existing Security Gateway that has a different Policy Package installed. The message below warns the administrator

  that installing a new Policy Package will overwrite the existing one on the Security Gateway.

  https://www.bing.com/images/blob?bcid=qMoRhR0dzSkGmg The message also advises the administrator to back up their existing configuration before proceeding with the installation.

• Question 325:

  Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?

  A. show interface eth0 mq

  B. ethtool A eth0

  C. ifconfig -i eth0 verbose

  D. ip show Int eth0

  Correct Answer: B

  The command to identify the NIC driver before considering about the employment of the Multi-Queue feature is ethtool -i eth0, where eth0 is the name of the network interface. This command displays the information about the driver and firmware version of the NIC, as well as other details such as bus-info and supported features1. The Multi-Queue feature requires a NIC driver that supports multiple transmit and receive queues2. References: : ethtool(8) - Linux man page : How To Configure Multi-Queue NICs | Linode Docs

• Question 326:

  You need to change the MAC-address on eth2 interface of the gateway. What is the correct way to change MAC-address in Check Point Gaia?

  A. In CLISH run: set interface eth2 mac-addr 11:11:11:11:11:11

  B. In expert-mode run ifconfig eth1 hw 11:11:11:11 11 11

  C. In CLISH run set interface eth2 hw-addr 11 11 11:11:11 11

  D. In expert-mode run: ethtool -4 eth2 mac 11 11:11:11:11:11

  Correct Answer: A

  The correct way to change MAC-address in Check Point Gaia is to run the command set interface eth2 mac-addr 11:11:11:11:11:11 in CLISH mode. This command will change the MAC address of the eth2 interface to 11:11:11:11:11:11 and save the configuration. The other commands are either incorrect or not supported in Gaia. The ifconfig command is used in Expert mode to configure network interfaces, but it does not support changing MAC addresses. The ethtool command is used in Expert mode to query and control network device driver and hardware settings, but it does not support changing MAC addresses. The set interface eth2 hw-addr command is not a valid command in CLISH mode. References: [Changing MAC Address]

• Question 327:

  Which firewall daemon is responsible for the FW CLI commands?

  A. fwd

  B. fwm

  C. cpm

  D. cpd

  Correct Answer: A

  Which firewall daemon is responsible for the FW CLI commands? The firewall daemon that is responsible for the FW CLI commands is fwd. This daemon handles the communication between the firewall kernel and the user space processes, such as SmartConsole, SmartView Tracker, etc. The FW CLI commands are used to control and monitor various aspects of the firewall, such as connections, policy installation, logs, NAT, etc. The FW CLI commands are executed with the prefix fw, such as fw stat, fw tab, fw monitor, etc. References: R81 Command Line Interface Reference Guide, page 13.

• Question 328:

  Which command will reset the kernel debug options to default settings?

  A. fw ctl dbg -a 0

  B. fw ctl dbg resetall

  C. fw ctl debug 0

  D. fw ctl debug set 0

  Correct Answer: C

  The command fw ctl debug 0 will reset the kernel debug options to default settings. This command will disable all the debug flags and clear the debug buffer. It is recommended to use this command before and after performing a kernel

  debug, to avoid any interference or confusion with other debug outputs. The command fw ctl debug 0 is also equivalent to fw ctl debug -buf 0.

  References:

  Best Practices - HTTPS Inspection - Check Point Software, section "How to perform a Kernel Debug"

  LOGGINGAND MONITORING R81 - Check Point Software, page 104

• Question 329:

  Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true:

  A. fwaccel suspend

  B. fwaccel standby

  C. fwaccel off

  D. fwaccel templates

  Correct Answer: C

  You can disable the SecureXL mechanism temporarily for further diagnostic by running fwaccel off on the Security Gateway1. This command disables SecureXL, which is an acceleration solution that maximizes the performance of the Firewall by offloading CPU-intensive operations to the SecureXL device2. Disabling SecureXL can help you troubleshoot connectivity or policy issues, as it forces all traffic to go through the Firewall kernel and bypass the SecureXL device1. To run this command, you need to access the Security Gateway in expert mode and run fwaccel off1. To enable SecureXL again, you can run fwaccel on1. Note that disabling SecureXL may affect the performance of the Security Gateway, so use it with caution and only when necessary1. References: How to enable/disable Check Point SecureXL via CLI - Check Point Software, SecureXL - Check Point Software

• Question 330:

  The "Hit count" feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to "None"?

  A. No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert.

  B. Yes it will work independently as long as "analyze all rules" tick box is enabled on the Security Gateway.

  C. No, it will not work independently because hit count requires all rules to be logged.

  D. Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.

  Correct Answer: D

  The Hit Count feature allows tracking the number of connections that each rule matches, regardless of the Track option set for the rule. When you enable Hit Count, the Security Management Server collects the data from supported Security Gateways and displays it in SmartConsole. You can use the Hit Count feature to optimize your rule base by identifying unused or rarely used rules, or rules that match too many connections.