CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 351:

  What Factor preclude Secure XL Templating?

  A. Source Port Ranges/Encrypted Connections
  B. IPS
  C. ClusterXL in load sharing Mode
  D. CoreXL
  A. Source Port Ranges/Encrypted Connections

  ---

  Explanation/Reference:

  SecureXL Templating is a feature that accelerates the processing of packets that belong to the same connection or session by creating a template for the first packet and applying it to the subsequent packets. SecureXL Templating is precluded by factors that prevent the creation of a template, such as source port ranges, encrypted connections, NAT, QoS, etc. References: SecureXL Mechanism

• Question 352:

  Access roles allow the firewall administrator to configure network access according to:

  A. a combination of computer or computer groups and networks.
  B. All of the above.
  C. remote access clients.
  D. users and user groups.
  B. All of the above.

  ---

  Explanation/Reference:

  Access roles are objects that define a set of users, machines, or networks that can access a specific network resource. You can create access roles based on any combination of the following criteria:

  Users and user groups: You can use users and user groups from various sources, such as LDAP, RADIUS, local database, etc.

  Computers or computer groups: You can use computers or computer groups that are identified by their IP address, MAC address, or hostname. Networks: You can use networks that are defined by their IP address range, subnet mask, or

  gateway.

  You can use access roles in the Source or Destination column of an Access Control rule to allow or deny network access based on the identity of the users, machines, or networks.

  The references are:

  Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 11 Check Point R81 Quantum Security Gateway Guide, page 139 Check Point R81 Identity Awareness Administration Guide, page 9

• Question 353:

  After having saved the Clish Configuration with the "save configuration config.txt" command, where can you find the config.txt file?

  A. You will find it in the home directory of your user account (e.g. /home/admin/)
  B. You can locate the file via SmartConsole > Command Line.
  C. You have to launch the WebUI and go to "Config" -> "Export Config File" and specifiy the destination directory of your local file system.
  D. You cannot locate the file in the file system since Clish does not have any access to the bash file system
  A. You will find it in the home directory of your user account (e.g. /home/admin/)

  ---

  Explanation/Reference:

  You will find the config.txt file in the home directory of your user account (e.g. /home/admin/)1. The save configuration config.txt command is a Clish command that saves the current Gaia configuration to a text file2. The file is stored in the home directory of the user who executed the command, and it can be accessed by using the cat or less commands in expert mode1. The file can also be transferred to another machine by using the scp or sftp commands1. The config.txt file contains the Clish commands that are needed to restore the Gaia configuration to the same state as when the file was saved2. The file can be used for backup, migration, or troubleshooting purposes2. References: How to backup and restore Gaia configuration - Check Point Software, Gaia R81.20 Administration Guide - Check Point Software

• Question 354:

  Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?

  A. enable DLP and select.exe and .bat file type
  B. enable .exe and .bat protection in IPS Policy
  C. create FW rule for particular protocol
  D. tecli advanced attributes set prohibited_file_types exe.bat
  D. tecli advanced attributes set prohibited_file_types exe.bat

  ---

  Explanation/Reference:

• Question 355:

  What is false regarding a Management HA environment?

  A. Only one Management Server should be active, while any others be in standby mode
  B. It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior.
  C. SmartConsole can connect to any management server in Readonly mode.
  D. Synchronization will occur automatically with each Publish event if the Standby servers are available.
  B. It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior.

  ---

  Explanation/Reference:

  It is false that it is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior. In fact, SIC is required between the primary and secondary management server for Management HA to work properly. SIC ensures secure communication between the management servers and allows the standby server to receive updates from the active server. Without SIC, the standby server will not be able to synchronize with the active server and will not be ready to take over in case of a failover.

  References:

  Solved: Management HA - Check Point CheckMates, section "Synchronizing Active and Standby Servers"

  CheckPoint Management Server R81 HA Configuration | Udemy, section "How to set it up in the PNET lab environment"

  Check Point R81, section "Management High Availability"

• Question 356:

  What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

  A. Source address, Destination address, Source port, Destination port, Protocol
  B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
  C. Source address, Destination address, Source port, Destination port
  D. Source address, Destination address, Destination port, Protocol
  A. Source address, Destination address, Source port, Destination port, Protocol

  ---

  Explanation/Reference:

  The attributes that SecureXL will check after the connection is allowed by Security Policy are Source address, Destination address, Source port, Destination port, Protocol. These are the five tuple parameters that define a connection and are used by SecureXL to accelerate the traffic. The other options are either missing some of the parameters or include irrelevant ones, such as MAC addresses1. References: Check Point R81 SecureXL Administration Guide

• Question 357:

  Which of the following describes how Threat Extraction functions?

  A. Detect threats and provides a detailed report of discovered threats.
  B. Proactively detects threats.
  C. Delivers file with original content.
  D. Delivers PDF versions of original files with active content removed.
  D. Delivers PDF versions of original files with active content removed.

  ---

  Explanation/Reference:

  Threat Extraction is a software blade that delivers PDF versions of original files with active content removed. Active content, such as macros, scripts, or embedded objects, can be used by attackers to deliver malware or exploit vulnerabilities. Threat Extraction removes or sanitizes the active content from the files and converts them to PDF format, which is safer and more compatible. Threat Extraction can also work together with Threat Emulation to provide both clean and original files to the users. References: Check Point Security Expert R81 Course, Threat Extraction Administration Guide

• Question 358:

  In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

  A. SND is a feature to accelerate multiple SSL VPN connections
  B. SND is an alternative to IPSec Main Mode, using only 3 packets
  C. SND is used to distribute packets among Firewall instances
  D. SND is a feature of fw monitor to capture accelerated packets
  C. SND is used to distribute packets among Firewall instances

  ---

  Explanation/Reference:

  Secure Network Distributor (SND) is a relevant feature of the Security Gateway because it is used to distribute packets among Firewall instances. SND is a technology that improves the performance and scalability of the Security Gateway by using multiple cores to handle concurrent connections. SND consists of two components: SND driver and Firewall instances. SND driver is responsible for receiving packets from network interfaces and distributing them to Firewall instances based on a load balancing algorithm. Firewall instances are responsible for inspecting packets according to security policies and forwarding them to their destinations. The other options are either incorrect or not related to SND.

• Question 359:

  What is the correct description for the Dynamic Balancing / Split feature?

  A. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)
  B. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)
  C. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)
  D. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)
  D. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

  ---

  Explanation/Reference:

  The correct description for the Dynamic Balancing / Split feature is:

  Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load.

  It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

  The Dynamic Balancing / Split feature is a performance-enhancing daemon that balances the load between CoreXL SNDs and CoreXL Firewalls. It monitors the average CPU utilization of CoreXL Firewall and SND instances and

  automatically increases or decreases the number of CoreXL Firewall instances. The Dynamic Balancing Daemon (dsd) has three stages in each iteration: Examine the current CPU utilization, Calculate the optimal split, and Apply the new

  split1.

  The Dynamic Balancing / Split feature is supported on Check Point Appliances, such as Quantum Appliances, Quantum Maestro, Quantum Security Gateways, and Quantum LightSpeed Appliances in KPPAK mode2. It is not supported on

  Quantum Spark appliances, which are designed for small and medium businesses. It is also not supported on Open Server platforms, which are general-purpose servers that run Check Point software on top of third-party operating systems.

  References: Dynamic Balancing for CoreXL; Maestro and Dynamic Balancing (Dynamic Split); Dynamic Balancing available on R80.40; [Quantum Spark Appliances]; [Open Server]

• Question 360:

  Session unique identifiers are passed to the web api using which http header option?

  A. X-chkp-sid
  B. Accept-Charset
  C. Proxy-Authorization
  D. Application
  A. X-chkp-sid

  ---

  Explanation/Reference:

  Session unique identifiers are passed to the web API using the X-chkp-sid HTTP header option. The web API is a service that runs on the Security Management Server and enables external applications to communicate with the Check Point management database using REST APIs. To use the web API, you need to create a session with the management server by sending a login request with your credentials. The management server will respond with a session unique identifier (SID) that represents your session. You need to pass this SID in every subsequent request to the web API using the X-chkp-sid HTTP header option. This way, the management server can identify and authenticate your session and perform the requested operations. References: Check Point R81 REST API Reference Guide