CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 371:

  Can multiple administrators connect to a Security Management Server at the same time?

  A. No, only one can be connected
  B. Yes, all administrators can modify a network object at the same time
  C. Yes, every administrator has their own username, and works in a session that is independent of other administrators.
  D. Yes, but only one has the right to write.
  C. Yes, every administrator has their own username, and works in a session that is independent of other administrators.

  ---

  Explanation/Reference:

  Multiple administrators can connect to a Security Management Server at the same time. Each administrator has their own username and works in a session that is independent of other administrators. This allows for collaboration and simultaneous management tasks by different administrators.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 372:

  You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application 'File Share' to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the 'Service and Application' column How to fix it?

  A. A Quantum Spark Appliance is selected as Installation Target for the policy packet.
  B. The Mobile Access Blade is not enabled for the Access Control Layer of the policy.
  C. The Mobile Access Policy Source under Gateway properties Is set to Legacy Policy and not to Unified Access Policy.
  D. The Mobile Access Blade is not enabled under Gateway properties.
  B. The Mobile Access Blade is not enabled for the Access Control Layer of the policy.

  ---

  Explanation/Reference:

• Question 373:

  In the R81 SmartConsole, on which tab are Permissions and Administrators defined?

  A. Security Policies
  B. Logs and Monitor
  C. Manage and Settings
  D. Gateways and Servers
  A. Security Policies
  C. Manage and Settings

  ---

  properties, network objects, services, users and user groups, permissions, licenses, certificates, etc. To define Permissions and Administrators, the administrator can go to the Manage and Settings tab and select Permissions and

  Administrators from the left pane. This will open a window where the administrator can create, edit, or delete administrators and roles, assign permissions and access profiles, enable multi-domain support, etc.

  The other options are incorrect because:

  The Security Policies tab allows administrators to create, edit, or delete security policies for different blades, such as Access Control, Threat Prevention, Identity Awareness, Mobile Access, etc. It also allows administrators to install policies on

  selected gateways or servers.

  The Logs and Monitor tab allows administrators to view, filter, analyze, or export logs and reports for different blades, such as Access Control, Threat Prevention, Identity Awareness, Mobile Access, etc. It also allows administrators to monitor

  the status and performance of gateways and servers.

  The Gateways and Servers tab allows administrators to add, edit, or delete gateways and servers that are managed by the Security Management Server or the Multi-Domain Security Management Server. It also allows administrators to view

  the details and configuration of each gateway or server.

• Question 374:

  To add a file to the Threat Prevention Whitelist, what two items are needed?

  A. File name and Gateway
  B. Object Name and MD5 signature
  C. MD5 signature and Gateway
  D. IP address of Management Server and Gateway
  B. Object Name and MD5 signature

  ---

  Explanation/Reference:

  To add a file to the Threat Prevention Whitelist, you need two items:

  B. Object Name and MD5 signature

  You need the Object Name to identify the file or object you want to whitelist, and the MD5 signature to specify the unique hash value of that file. The MD5 signature ensures that the specific file you want to whitelist is identified accurately.

  References: Check Point Certified Security Expert R81 Study Guide, Threat Prevention Administration Guide.

• Question 375:

  What processes does CPM control?

  A. Object-Store, Database changes, CPM Process and web-services
  B. web-services, CPMI process, DLEserver, CPM process
  C. DLEServer, Object-Store, CP Process and database changes
  D. web_services, dle_server and object_Store
  D. web_services, dle_server and object_Store

  ---

  Explanation/Reference:

  CPM stands for Check Point Management, which is a process that runs on the Security Management server and controls the management operations, such as policy installation, object creation, configuration backup, etc. CPM also controls

  other processes that are related to the management functions, such as:

  web_services: This process is responsible for providing web services for the communication between SmartConsole and the Security Management server. It handles requests from SmartConsole clients and forwards them to CPM or other

  processes.

  dle_server: This process is responsible for managing the log files and indexes. It handles queries from SmartLog and SmartEvent and provides log data to CPM or other processes. object_Store: This process is responsible for storing and

  retrieving objects from the database. It handles requests from CPM or other processes and provides object data.

  Therefore, the correct answer is D.

  The other options are incorrect because:

  A. Object-Store, Database changes, CPM Process and web-services: This option includes some processes that are controlled by CPM, such as Object-Store, CPM Process, and web-services, but it also includes Database changes, which is not a process but an action performed by CPM or other processes. B. web-services, CPMI process, DLEserver, CPM process: This option includes some processes that are controlled by CPM, such as web-services, DLEserver, and CPM process, but it also includes CPMI process, which is not a process but a protocol used by CPM or other processes to communicate with each other. C. DLEServer, Object-Store, CP Process and database changes: This option includes some processes that are controlled by CPM, such as DLEServer and Object-Store, but it also includes CP Process and database changes, which are not processes but a generic term for any Check Point process and an action performed by CPM or other processes respectively. References: Check Point Processes and Daemons, Check Point Processes Cheat Sheet, Check Point Firewall Security Solution

• Question 376:

  What is the command to check the status of the SmartEvent Correlation Unit?

  A. fw ctl get int cpsead_stat
  B. cpstat cpsead
  C. fw ctl stat cpsemd
  D. cp_conf get_stat cpsemd
  B. cpstat cpsead

  ---

  Explanation/Reference:

  The SmartEvent Correlation Unit is responsible for analyzing the log entries and identifying events from them. It runs on the Log Server machine or on a dedicated machine1. To check the status of the SmartEvent Correlation Unit, you can use the command cpstat cpsead on the machine where it is installed. This command will show you information such as the number of logs processed, the number of events generated, the CPU and memory usage, and the status of the connection to the SmartEvent Server23. References: SmartEvent Administration Guide R76, SmartEvent Administration Guide R75, SmartEvent Performance Tuning Guide

• Question 377:

  You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

  A. fwd
  B. fwm
  C. cpd
  D. cpwd
  B. fwm

  ---

  Explanation/Reference:

  User-mode processes are processes that run in the user space of the operating system, as opposed to kernel-mode processes that run in the kernel space. User-mode processes are usually less privileged and have less access to system

  resources than kernel-mode processes. Check Point products use both user-mode and kernel-mode processes to provide various functionalities and services.

  The following are some of the user-mode processes that can be seen on the management server and gateway:

  fwd: This process is responsible for policy installation, logging, and communication with other Check Point components. It runs on both the management server and gateway. cpd: This process is responsible for licensing, certificate

  management, and communication with SmartConsole. It runs on both the management server and gateway. cpwd: This process is responsible for monitoring and restarting other processes. It runs on both the management server and

  gateway.

  The following is a user-mode process that can only be seen on the management server:

  fwm: This process is responsible for managing the security policy database, compiling the security policy, and generating reports. It runs only on the management server.

  Therefore, the correct answer is B.

  References: Check Point Processes and Daemons, Check Point Processes Cheat Sheet, Check Point Firewall Security Solution

• Question 378:

  What is the default size of NAT table fwx_alloc?

  A. 20000
  B. 35000
  C. 25000
  D. 10000
  C. 25000

  ---

  Explanation/Reference:

  What is the default size of NAT table fwx_alloc? The default size of NAT table fwx_alloc is 25000. This table stores the connections that require NAT translation by the Security Gateway. The size of this table can be changed by using the command fw ctl set int fwx_alloc , where is the desired number of connections. The maximum value is 65535. To make this change permanent, you need to add this command to the file $FWDIR/conf/fwaffinity.conf on the Security Gateway. References: [R81 Performance Tuning Administration Guide], page 126.

• Question 379:

  UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?

  A. Ask
  B. Drop
  C. Inform
  D. Reject
  D. Reject

  ---

  Explanation/Reference:

  The action that is not supported in UserCheck objects is Reject. UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users and display messages or requests on their browsers. The supported actions in UserCheck objects are Ask, Inform, Block, and Continue. The Ask action prompts the user to confirm or cancel an action. The Inform action notifies the user about an event or a policy. The Block action prevents the user from accessing a resource or performing an action. The Continue action allows the user to access a resource or perform an action after displaying a message. References: [UserCheck]

• Question 380:

  What are valid Policy Types in R81.X?

  A. Access Control, Threat Prevention, QoS, Desktop Security
  B. Access Control, IPS, Threat Emulation, NAT
  C. Access Control, IPS, QoS, DLP
  D. Access Control, RemoteAccess VPN, NAT, IPS
  C. Access Control, IPS, QoS, DLP

  ---

  Explanation/Reference:

  Policy Types are the different types of security policies that can be configured and enforced on a Check Point gateway. The valid Policy Types in R81.X are:

  Access Control: Defines the rules for allowing or blocking traffic based on source, destination, service, user, and other criteria. IPS: Protects the network from known and unknown attacks by inspecting the traffic and applying signatures,

  protections, and actions. QoS: Controls the bandwidth allocation and prioritization for different types of traffic and applications. DLP: Prevents the leakage of sensitive data from the network by detecting and blocking data transfers that violate

  predefined rules.

  The references are:

  Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 11 Check Point Certified Security Administrator R81 - ExperTeach, page 5 Check Point Cybersecurity BootCamp R81.20 ?CCSAand; CCSE Training, page 2