CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 361:

  Which of the following processes pulls the application monitoring status from gateways?

  A. cpd
  B. cpwd
  C. cpm
  D. fwm
  A. cpd

  ---

  Explanation/Reference:

  The process that pulls the application monitoring status from gateways is cpd1. The cpd process is responsible for the communication between the Security Management Server and the Security Gateway2. It handles tasks such as policy installation, status reporting, logging, and synchronization2. The cpd process also monitors the application status of the Security Gateway, such as CPU, memory, disk space, and processes3. The cpd process sends this information to the Security Management Server, which displays it in SmartConsole and SmartView Monitor3. References: How to troubleshoot issues with Check Point Application Control and URL Filtering blades - Check Point Software, Processes and Daemons in Gaia OS - Check Point Software, Monitoring Device Status - Check Point Software

• Question 362:

  The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used?

  A. In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.
  B. In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up
  C. In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up
  D. In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.
  C. In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up

  ---

  Explanation/Reference:

  The correct way to check if the web service is enabled, running and which port is used is to use option C. In dish, run show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode, run netstat -anp | grep httpd2 to see if the httpd2 is up1. The httpd2 service is responsible for the Gaia Web Management Interface2. If the web daemon is disabled, you can enable it by running set web daemon- enable on in dish3. If the httpd2 service is down, you can start it by running service httpd2 start in expert mode4. References: Gaia WebUI and CLI - Check Point CheckMates, Gaia R81.20 Administration Guide - Check Point Software, Gaia R81 Administration Guide - Check Point Software, How to restart Gaia Portal (WebUI) process - Check Point Software

• Question 363:

  When synchronizing clusters, which of the following statements is FALSE?

  A. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.
  B. Only cluster members running on the same OS platform can be synchronized.
  C. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
  D. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.
  B. Only cluster members running on the same OS platform can be synchronized.

  ---

  Explanation/Reference:

  The statement that only cluster members running on the same OS platform can be synchronized is false. Cluster members can be synchronized even if they run on different OS platforms, as long as they have the same Check Point version and hotfixes installed. The other statements are true. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails. References: R81 ClusterXL Administration Guide, page 9-10; [R81 Security Gateway Architecture], page 23

• Question 364:

  Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

  A. Full
  B. Custom
  C. Light
  D. Complete
  A. Full

  ---

  Explanation/Reference:

  The type of Endpoint Identity Agent that includes packet tagging and computer authentication is Full. Packet tagging is a feature that allows the Endpoint Identity Agent to add a tag to the packets sent by the user's device, which contains the user's identity information. This way, the Security Gateway can identify the user without requiring additional authentication methods. Computer authentication is a feature that allows the Endpoint Identity Agent to authenticate the user's device using a certificate, which ensures that only authorized devices can access the network resources. The Full Endpoint Identity Agent supports both packet tagging and computer authentication, as well as other features such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and VPN. The references are: Check Point R81 Identity Awareness Administration Guide, page 15 Endpoint Identity Agent - Check Point CheckMates Check Point Identity Agent - All flavors for Windows OS in a single package (Full, Light, v1 and v2 for Terminal Server)

• Question 365:

  In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

  A. Big l
  B. Little o
  C. Little i
  D. Big O
  A. Big l

  ---

  Explanation/Reference:

  The inspection point Big l is the first point immediately following the tables and rule base check of a packet coming from outside of the network. It is also the last point before the packet leaves the Security Gateway to the internal network1. The other inspection points are either before or after the rule base check, or in a different direction of traffic flow2. References: Check Point R81 Security Gateway Architecture and Packet Flow, 156-315.81 Checkpoint Exam Info and Free Practice Test - ExamTopics

• Question 366:

  What ports are used for SmartConsole to connect to the Security Management Server?

  A. CPMI (18190)
  B. ICA_Pull (18210), CPMI (18190) https (443)
  C. CPM (19009), CPMI (18190) https (443)
  D. CPM (19009), CPMI (18190) CPD (18191)
  C. CPM (19009), CPMI (18190) https (443)

  ---

  Explanation/Reference:

  The correct answer is C. CPM (19009), CPMI (18190) https (443). SmartConsole is a client application that connects to the Security Management Server to manage and configure the security policy and objects. SmartConsole uses three

  ports to communicate with the Security Management Server1:

  CPM (19009): This port is used for the communication between the SmartConsole client and the Check Point Management (CPM) process on the Security Management Server. The CPM process handles the database operations and the

  policy installation.

  CPMI (18190): This port is used for the communication between the SmartConsole client and the Check Point Management Interface (CPMI) process on the Security Management Server. The CPMI process handles the authentication and

  encryption of the SmartConsole sessions.

  https (443): This port is used for the communication between the SmartConsole client and the web server on the Security Management Server. The web server provides the SmartConsole GUI and the SmartConsole extensions. The other

  options are incorrect because they either include ports that are not used by SmartConsole or omit ports that are used by SmartConsole.

  References:

  SmartConsole R81.20 - Check Point Software1

• Question 367:

  Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.

  A. Accept; redirect
  B. Accept; drop
  C. Redirect; drop
  D. Drop; accept
  D. Drop; accept

  ---

  Explanation/Reference:

  In the Network policy layer, the default action for the Implied last rule is drop all traffic. However, in the Application Control policy layer, the default action is accept all traffic. The Implied last rule is a rule that is automatically added at the end of each policy layer and defines what to do with traffic that does not match any of the user-defined rules. The default actions for each policy layer can be changed in the Global Properties or in the layer properties. References: R81 Security Management Administration Guide, page 30.

• Question 368:

  Which application should you use to install a contract file?

  A. SmartView Monitor
  B. WebUI
  C. SmartUpdate
  D. SmartProvisioning
  C. SmartUpdate

  ---

  Explanation/Reference:

  According to the Check Point website, SmartUpdate is the application that should be used to install a contract file. A contract file contains information about the licenses and services that are purchased from Check Point. SmartUpdate can also be used to install software packages and patches on Security Gateways and Management Servers. The other applications are either not relevant or not capable of installing a contract file. References: SmartUpdate

• Question 369:

  What are the blades of Threat Prevention?

  A. IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
  B. DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction
  C. IPS, AntiVirus, AntiBot
  D. IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
  D. IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

  ---

  Explanation/Reference:

  The blades of Threat Prevention in Check Point include:

  Intrusion Prevention System (IPS) AntiVirus AntiBot SandBlast Threat Emulation/Extraction So, the correct answer is D, which includes all the mentioned blades.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 370:

  What is the command to see cluster status in cli expert mode?

  A. fw ctl stat
  B. clusterXL stat
  C. clusterXL status
  D. cphaprob stat
  D. cphaprob stat

  ---

  Explanation/Reference:

  To see the cluster status in CLI expert mode, you can use the command cphaprob stat. This command displays the status of the Check Point High Availability cluster. It provides information about the state of the cluster members, such as "Active," "Standby," or "Collision."

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.