CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 361:

  When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called and what are you defining?

  A. Network, and defining your Class A space

  B. Topology, and you are defining the Internal network

  C. Internal addresses you are defining the gateways

  D. Internal network(s) you are defining your networks

  Correct Answer: D

  When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. This setting is called Internal network(s) and you are defining your networks. You can specify one or more networks or IP addresses that are considered internal for SmartEvent. This helps SmartEvent to determine the direction of the traffic (inbound, outbound, or internal) and generate events accordingly. References: [SmartEvent Administration Guide]

• Question 362:

  What is the purpose of the CPCA process?

  A. Monitoring the status of processes.

  B. Sending and receiving logs.

  C. Communication between GUI clients and the SmartCenter server.

  D. Generating and modifying certificates.

  Correct Answer: D

  The purpose of the CPCA process is to generate and modify certificates for Check Point products and features. CPCA stands for Check Point Certificate Authority and it is responsible for creating and managing certificates for internal communication between Check Point components, such as Security Gateways, Security Management Servers, SmartConsole clients, and OPSEC applications. CPCA also supports external certificate authorities and can import and export certificates from other sources.

• Question 363:

  What Is the difference between Updatable Objects and Dynamic Objects

  A. Dynamic Objects ate maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.

  B. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally For Dynamic Objects there is no need to install policy for the changes to take effect.

  C. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally In both cases there is no need to install policy for the changes to take effect.

  D. Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there rs no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.

  Correct Answer: B

  Updatable Objects are a Threat Cloud Service that provides network objects that represent external services, such as Office 365, AWS, GEO locations, and more. These objects are updated automatically by Check Point and do not require policy installation for the changes to take effect. Dynamic Objects are created and maintained locally by the administrator and can be used to define temporary or changing network objects, such as IP addresses, ports, or ranges. Dynamic Objects also do not require policy installation for the changes to take effect. References: Updatable Objects, Updateable Objects and NAT, R80.20 Updatable Domain Objects and CLI Commands.

• Question 364:

  Which command shows the current Security Gateway Firewall chain?

  A. show current chain

  B. show firewall chain

  C. fw ctl chain

  D. fw ctl firewall-chain

  Correct Answer: C

• Question 365:

  What order should be used when upgrading a Management High Availability Cluster?

  A. Secondary Management, then Primary Management

  B. Active Management, then Standby Management

  C. Standby Management, then Active Management

  D. Primary Management, then Secondary Management

  Correct Answer: C

  The upgrade process for a Management High Availability Cluster is to first upgrade the Standby Management Server, then perform a failover and upgrade the Active Management Server. This way, the cluster can maintain its functionality and synchronization during the upgrade. The references are: Check Point R81 Upgrade Guide, page 17 Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 10

• Question 366:

  What is NOT a Cluster Mode?

  A. Load Sharing Unicast

  B. Load Sharing Multicast

  C. Active-Active

  D. High Availability Multicast

  Correct Answer: C

  Active-Active is not a cluster mode. Active-Active is a cluster configuration where both members are active and handle traffic simultaneously. However, this configuration is only supported for VSX clusters, not for regular clusters. The cluster modes for regular clusters are High Availability (HA), Load Sharing Unicast, and Load Sharing Multicast. References: [Check Point Security Expert R81 ClusterXL Administration Guide], page 7.

• Question 367:

  What is required for a certificate-based VPN tunnel between two gateways with separate management systems?

  A. Mutually Trusted Certificate Authorities

  B. Shared User Certificates

  C. Shared Secret Passwords

  D. Unique Passwords

  Correct Answer: A

  A certificate-based VPN tunnel between two gateways with separate management systems requires mutually trusted certificate authorities. This means that each gateway must have a certificate issued by a certificate authority (CA) that the

  other gateway trusts. The CA can be either an internal CA or an external CA. The CA issues certificates that contain the public key and identity information of the gateway. The gateway uses its private key to sign and encrypt the VPN traffic.

  The other gateway can verify the signature and decrypt the traffic using the public key in the certificate. This ensures the authenticity, integrity, and confidentiality of the VPN tunnel.

  References:

  Remote Access VPN R81.20 Administration Guide, page 12 DeepDive Webinar - R81.20 Seamless VPN Connection to Public Cloud, slide 9

• Question 368:

  You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

  A. Check Point Capsule Cloud

  B. Sandblast Mobile Protect

  C. SecuRemote

  D. SmartEvent Client Info

  Correct Answer: B

  SandBlast Mobile Protect is an application that provides comprehensive protection for mobile devices against cyber threats. SandBlast Mobile Protect is a lightweight app that does not affect the device performance or battery life. It monitors network traffic, device behavior, and installed apps to detect and prevent attacks such as phishing, malware, ransomware, botnets, and man-in-the-middle5. SandBlast Mobile Protect also integrates with Check Point's ThreatCloud intelligence network to provide real- time threat information and updates6. Therefore, the correct answer is B. References: 5: [SandBlast Mobile Protect] 6: [SandBlast Mobile Administration Guide]

• Question 369:

  In the Check Point Security Management Architecture, which component(s) can store logs?

  A. SmartConsole

  B. Security Management Server and Security Gateway

  C. Security Management Server

  D. SmartConsole and Security Management Server

  Correct Answer: B

  In the Check Point Security Management Architecture, both the Security Management Server and Security Gateway can store logs. The Security Management Server stores logs related to management activities, while the Security Gateway stores logs related to network traffic1. References: Check Point Resource Library, page 3.

• Question 370:

  Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

  A. All Connections (Clear or Encrypted)

  B. Accept all encrypted traffic

  C. Specific VPN Communities

  D. All Site-to-Site VPN Communities

  Correct Answer: C

  The option that allows traffic to VPN gateways in specific VPN communities is Specific VPN Communities. This option lets you specify which VPN communities are allowed or denied by the rule. A VPN community is a group of VPN gateways or hosts that share the same VPN policy and keys. You can create different types of VPN communities, such as star, meshed, or remote access, depending on your network topology and security requirements. You can also use tags to group VPN gateways or hosts into logical categories.