CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 321:

  Which command collects diagnostic data for analyzing customer setup remotely?

  A. cpinfo
  B. migrate export
  C. sysinfo
  D. cpview
  A. cpinfo

  ---

  Explanation/Reference:

  CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).

  The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth

  analysis of customer's configuration and environment settings.

  References:

• Question 322:

  Where you can see and search records of action done by R81 SmartConsole administrators?

  A. In SmartView Tracker, open active log
  B. In the Logs and Monitor view, select "Open Audit Log View"
  C. In SmartAuditLog View
  D. In Smartlog, all logs
  B. In the Logs and Monitor view, select "Open Audit Log View"

  ---

  Explanation/Reference:

  The Audit Log is a feature that records all the actions performed by R81 SmartConsole administrators, such as logging in, logging out, publishing, installing policy, creating objects, modifying rules, etc. You can see and search records of

  action done by R81 SmartConsole administrators by following these steps:

  In SmartConsole, go to Logs and Monitor view.

  In the left pane, select Open Audit Log View.

  In the right pane, you will see a table that shows all the audit log records. You can filter, sort, group, or search the records by using the toolbar options. You can also double-click on a record to see more details in a pop-up window.

  References: R81 Logging and Monitoring Administration Guide

• Question 323:

  Alice was asked by Bob to implement the Check Point Mobile Access VPN blade - therefore are some basic configuration steps required - which statement about the configuration steps is true?

  A. 1. Add a rule in the Access Control Policy and install policy 2. Configure Mobile Access parameters in Security Gateway object 3. Enable Mobile Access blade on the Security Gateway object and complete the wizard 4. Connect to the Mobile Access Portal
  B. 1. Connect to the Mobile Access Portal 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Configure Mobile Access parameters in Security Gateway object 4. Add a rule in the Access Control Policy and install policy
  C. 1. Configure Mobile Access parameters in Security Gateway object 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal
  D. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal
  D. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal

  ---

  Explanation/Reference:

  The verified answer is D. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy

  4. Connect to the Mobile Access Portal

  The basic configuration steps for the Check Point Mobile Access VPN blade are as follows1:

  Enable Mobile Access blade on the Security Gateway object and complete the wizard: This step activates the Mobile Access blade on the selected gateway and guides you through the initial configuration, such as defining the portal name,

  the certificate, and the authentication methods.

  Configure Mobile Access parameters in Security Gateway object: This step allows you to customize the Mobile Access settings, such as defining the supported applications, the access roles, the client settings, and the advanced options. Add

  a rule in the Access Control Policy and install policy: This step creates a rule that allows the traffic from the Mobile Access portal to the protected resources and installs the policy on the gateway. Connect to the Mobile Access Portal: This step

  verifies that the Mobile Access portal is accessible and functional from a web browser or a mobile device. The other options are incorrect because they do not follow the correct order or include the necessary steps.

  References:

  Mobile Access Administration Guide R81 - Check Point Software1

• Question 324:

  What is the main objective when using Application Control?

  A. To filter out specific content.
  B. To assist the firewall blade with handling traffic.
  C. To see what users are doing.
  D. Ensure security and privacy of information.
  D. Ensure security and privacy of information.

  ---

  Explanation/Reference:

  The main objective when using Application Control is to ensure security and privacy of information. Application Control is a blade that enables administrators to control access to web applications and web sites based on categories, users, groups, machines, and time. Application Control can also block or limit usage of applications that pose security risks or consume excessive bandwidth2. References: Check Point R81 Application Control Administration Guide

• Question 325:

  What is the minimum number of CPU cores required to enable CoreXL?

  A. 1
  B. 6
  C. 2
  D. 4
  C. 2

  ---

  Explanation/Reference:

  CoreXL is a technology that improves the performance of the Security Gateway by utilizing multiple CPU cores for processing traffic. CoreXL creates multiple instances of the firewall kernel (fwk) that run in parallel on different CPU cores. The

  number of kernel instances can be configured using the cpconfig command on the Security Gateway3. The minimum number of CPU cores required to enable CoreXL is 2, as one core is reserved for SND (Secure Network Distributor) and

  one core is used for running a kernel instance4. If the Security Gateway has only one CPU core, CoreXL cannot be enabled. Therefore, the correct answer is C.

  References: 3: CoreXL Administration Guide 4: [CoreXL Frequently Asked Questions (FAQ)]

• Question 326:

  What is the benefit of Manual NAT over Automatic NAT?

  A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy.
  B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
  C. You have the full control about the priority of the NAT rules
  D. On IPSO and GAIA Gateways, it is handled in a stateful manner
  C. You have the full control about the priority of the NAT rules

  ---

  Explanation/Reference:

  The benefit of Manual NAT over Automatic NAT is that you have full control over the priority of the NAT rules. Manual NAT allows you to create NAT rules that are independent of the security policy and specify the order in which they are applied. Automatic NAT creates NAT rules based on the objects' NAT properties and places them according to predefined criteria. The other options are not benefits of Manual NAT over Automatic NAT. References: : Check Point Software, Getting Started, NAT Rule Base.

• Question 327:

  What two ordered layers make up the Access Control Policy Layer?

  A. URL Filtering and Network
  B. Network and Threat Prevention
  C. Application Control and URL Filtering
  D. Network and Application Control
  D. Network and Application Control

  ---

  Explanation/Reference:

  What two ordered layers make up the Access Control Policy Layer? Network and Application Control are the two ordered layers that make up the Access Control Policy Layer. The Network layer controls network access based on source, destination, service, time, etc. The Application Control layer controls application access based on users, groups, applications, content categories, etc. The Network layer is always processed before the Application Control layer. References: R81 Security Management Administration Guide, page 29.

• Question 328:

  What destination versions are supported for a Multi-Version Cluster Upgrade?

  A. R81.40 and later
  B. R76 and later
  C. R70 and Later
  D. R81.20 and Later
  D. R81.20 and Later

  ---

  Explanation/Reference:

  The destination versions that are supported for a Multi-Version Cluster Upgrade are R81.20 and later. This means that the cluster members can be upgraded from any supported version to R81.20 or higher using the Multi-Version Cluster mode. R81.40, R76, and R70 are not supported destination versions for a Multi-Version Cluster Upgrade. References: : Check Point Software, Getting Started, Supported Upgrade Paths

• Question 329:

  Which Check Point daemon monitors the other daemons?

  A. fwm
  B. cpd
  C. cpwd
  D. fwssd
  C. cpwd

  ---

  Explanation/Reference:

  The Check Point daemon that monitors the other daemons is cpwd (Check Point Watchdog). It is responsible for monitoring the health and status of various Check Point daemons and processes running on the Security Gateway. If any daemon or process stops responding or encounters an issue, cpwd can restart it to ensure the continued operation of the Security Gateway.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 330:

  SmartConsole R81 x requires the following ports to be open for SmartEvent.

  A. 19009, 19090 and 443
  B. 19009, 19004 and 18190
  C. 18190 and 443
  D. 19009, 18190 and 443
  D. 19009, 18190 and 443

  ---

  Explanation/Reference:

  The ports that are required to be open for SmartEvent are 19009, 18190, and 443. TCP port 19009 is used by the CPM process for management communication. TCP port 18190 is used by the CPD process for inter-process communication. TCP port 443 is used by the HTTPS protocol for secure web access. SmartEvent uses these ports to communicate with other components, such as SmartConsole, Security Management Server, Log Server, Correlation Unit, etc. References: [SmartEvent Ports]