CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 331:

  From SecureXL perspective, what are the tree paths of traffic flow:

  A. Initial Path; Medium Path; Accelerated Path
  B. Layer Path; Blade Path; Rule Path
  C. Firewall Path; Accept Path; Drop Path
  D. Firewall Path; Accelerated Path; Medium Path
  D. Firewall Path; Accelerated Path; Medium Path

  ---

  Explanation/Reference:

  SecureXL is a technology that improves the performance of Security Gateway by offloading the processing of some packets from the Firewall kernel to the SecureXL device driver1. SecureXL can handle packets in three different paths,

  depending on the type and state of the packet2:

  Firewall Path: This is the slowest path, where packets are processed by the Firewall kernel and all the inspection blades. This path is used for packets that require full inspection, such as the first packet of a connection, packets that match a

  rule with a UTM blade, or packets that are not eligible for acceleration. Accelerated Path: This is the fastest path, where packets are processed by the SecureXL device driver and bypass the Firewall kernel. This path is used for packets that

  belong to an established connection that is marked for acceleration, and do not require any further inspection by the Firewall or other blades. Medium Path: This is a hybrid path, where packets are processed by both the SecureXL device

  driver and the Firewall kernel, but skip some inspection steps. This path is used for packets that belong to an established connection that is not marked for acceleration, but do not require full inspection by all the blades.

  The other options are not correct because:

  A. Initial Path; Medium Path; Accelerated Path: There is no such thing as Initial Path in SecureXL terminology. The initial packet of a connection is always handled by the Firewall Path. B. Layer Path; Blade Path; Rule Path: These are not paths of traffic flow, but components of the unified policy in R80 and above versions. The Layer Path refers to the order of layers in the policy, the Blade Path refers to the order of blades within a layer, and the Rule Path refers to the order of rules within a blade3. C. Firewall Path; Accept Path; Drop Path: These are not paths of traffic flow, but possible actions that the Firewall can take on a packet. The Firewall Path is one of the paths of traffic flow, but the Accept Path and Drop Path are not. The Accept Path means that the packet is allowed to pass through the Firewall, and the Drop Path means that the packet is blocked by the Firewall4. References: Part 3 - SecureXL, What is CoreXL and SecureXL, SecureXL Fast Accelerator (fw fast_accel) for R80.20 and above, QUANTUM 7000 SECURITY GATEWAY

• Question 332:

  What is false regarding prerequisites for the Central Deployment usage?

  A. The administrator must have write permission on SmartUpdate
  B. Security Gateway must have the latest CPUSE Deployment Agent
  C. No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.
  D. The Security Gateway must have a policy installed
  C. No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.

  ---

  Explanation/Reference:

  Establishing SIC between gateways and the management server is a prerequisite for Central Deployment usage, as the CDT tool will not take care of this automatically1. The administrator must have write permission on SmartUpdate, the Security Gateway must have the latest CPUSE Deployment Agent, and the Security Gateway must have a policy installed2. These are the basic requirements for using the Central Deployment Tool (CDT), which is a utility that lets you manage a deployment of software packages from your Management Server to the multiple managed Security gateways and cluster members at the same time2. The CDT can perform various actions, such as installation of software packages, taking snapshots, running shell scripts, pushing/pulling files, and automating the RMA backup and restore process2. The CDT is supported on Check Point Appliances with R80.40 and higher versions2. References: How to keep your Security Gateways up to date - Check Point Software, Central Deployment Tool (CDT) - Check Point CheckMates.

• Question 333:

  What is the Implicit Clean-up Rule?

  A. A setting is defined in the Global Properties for all policies.
  B. A setting that is configured per Policy Layer.
  C. Another name for the Clean-up Rule.
  D. Automatically created when the Clean-up Rule is defined.
  C. Another name for the Clean-up Rule.

  ---

  Explanation/Reference:

  The Implicit Clean-up Rule is another name for the Clean-up Rule, which is the last rule in every policy layer. The Clean-up Rule defines the default action for traffic that does not match any of the preceding rules in the layer. The default action is to drop the traffic and log it, but it can be changed by the administrator. References: Training and Certification | Check Point Software, Check Point Resource Library

• Question 334:

  Which Queue in the Priority Queue has the maximum priority?

  A. High Priority
  B. Control
  C. Routing
  D. Heavy Data Queue
  C. Routing

  ---

  Explanation/Reference:

  The Priority Queue is a feature that allows the firewall to prioritize certain types of traffic over others, such as control and routing traffic, when the CPU load is high. The Priority Queue has four levels of priority: Control, Routing, High Priority

  and Heavy Data Queue1. The Control level has the highest priority and is reserved for firewall control traffic, such as policy installation and synchronization. The Routing level has the second highest priority and is used for routing protocols,

  such as OSPF and BGP. The High Priority level has the third highest priority and is used for user-defined traffic that needs to be prioritized, such as VoIP or video conferencing. The Heavy Data Queue level has the lowest priority and is used

  for bulk data transfer, such as FTP or HTTP2.

  Therefore, the correct answer is C.

  References: 1: Firewall Priority Queues 2: Firewall Priority Queues setting

• Question 335:

  In the Check Point Security Management Architecture, which component(s) can store logs?

  A. SmartConsole
  B. Security Management Server and Security Gateway
  C. Security Management Server
  D. SmartConsole and Security Management Server
  B. Security Management Server and Security Gateway

  ---

  Explanation/Reference:

  In the Check Point Security Management Architecture, both the Security Management Server and Security Gateway can store logs. The Security Management Server stores logs related to management activities, while the Security Gateway stores logs related to network traffic1. References: Check Point Resource Library, page 3.

• Question 336:

  Name the authentication method that requires token authenticator.

  A. SecurelD
  B. DynamiclD
  C. Radius
  D. TACACS
  A. SecurelD

  ---

  Explanation/Reference:

  The correct answer is A. SecurelD.

  SecurelD is an authentication method that uses a token-based system to generate one- time passwords (OTPs) for users. Users need to have a physical or software token that displays a code that changes periodically. The code is used

  along with a personal identification number (PIN) to authenticate the user. DynamiclD is another authentication method that uses OTPs, but it does not require a token. Instead, it sends the OTP to the user's email or phone number. Radius

  and TACACS are protocols that allow remote authentication of users through a centralized server. They do not use tokens, but they can support different types of authentication methods, such as passwords, certificates, or OTPs.

  References:

  Certified Security Expert (CCSE) R81.20 Course Overview1 What Is Token-Based Authentication? | Okta2

• Question 337:

  Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily (asks the API services from Check Point fof the Management API. Firstly she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:

  A. api mgmt status
  B. api status
  C. status api
  D. status mgmt apt
  A. api mgmt status
  B. api status
  C. status api

• Question 338:

  Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)?

  A. Check Point Security Management HA (Secondary): set cluster member mvc on
  B. Check Point Security Gateway Only: set cluster member mvc on
  C. Check Point Security Management HA (Primary): set cluster member mvc on
  D. Check Point Security Gateway Cluster Member: set cluster member mvc on
  D. Check Point Security Gateway Cluster Member: set cluster member mvc on

  ---

  Explanation/Reference:

  You can enable Multi-Version Cluster (MVC) by running set cluster member mvc on on the Check Point Security Gateway Cluster Member1. MVC is a feature that allows you to upgrade a Security Gateway Cluster to a higher version without

  downtime2. It works by upgrading one cluster member at a time, while the other cluster members continue to operate with the lower version2. MVC supports upgrading from R80.40 and above to R81 and above2. To use MVC, you need to do

  the following steps2:

  Enable MVC on each cluster member by running set cluster member mvc on in Clish and rebooting the gateway.

  Install the higher version on one cluster member using CPUSE or ISO image. Install policy on the upgraded cluster member and verify that it works properly. Repeat the previous steps for the remaining cluster members until all of them are

  upgraded.

  Disable MVC on each cluster member by running set cluster member mvc off in Clish and rebooting the gateway.

  References: Multi-Version Cluster (MVC) - Check Point Software, Multi-Version Cluster (MVC) - Check Point CheckMates

• Question 339:

  When using CPSTAT, what is the default port used by the AMON server?

  A. 18191
  B. 18192
  C. 18194
  D. 18190
  B. 18192

  ---

  Explanation/Reference:

  The default port used by the AMON server when using CPSTAT is 18192. CPSTAT is a command-line tool that allows administrators to monitor various statistics and status information about Check Point products and components, such as CPU usage, memory usage, policy installation, cluster state, etc. CPSTAT uses AMON (Advanced Monitoring) protocol to communicate with AMON server, which is a daemon that runs on Security Gateways or Management Servers and collects and provides AMON data. By default, AMON server listens on TCP port 18192 for incoming CPSTAT requests.

• Question 340:

  Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the

  inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire

  mode configuration, chain modules marked with _______ will not apply.

  A. ffffffff
  B. 00000001
  C. 00000002
  D. 00000003
  B. 00000001

  ---

  Explanation/Reference:

  For Wire mode configuration, chain modules marked with 00000001 will not apply. Wire mode is a special configuration that allows a Security Gateway to pass traffic without inspection, acting as a bridge between two network segments. In Wire mode, only chain modules that are essential for basic functionality are applied, such as VPN, QoS, ClusterXL, and SecureXL. Chain modules that are related to inspection-based Software Blades, such as Firewall, IPS, Application Control, and so on, are skipped. The chain modules that are skipped are marked with 00000001 in the output of fw ctl chain command. References: Wire Mode