The default shell of Gaia CLI is clish. Clish stands for Command Line Interface Shell and it is a restrictive shell that controls the number of commands available in the CLI. Clish provides a user-friendly interface that supports command completion, history, and help functions. Clish also supports role-based administration, which means that different users can have different levels of access to Gaia features and commands based on their roles.
Question 382:
An established connection is going to www.google.com. The Application Control Blade Is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?
A. Slow Path
B. Fast Path
C. Medium Path
D. Accelerated Path
Correct Answer: D
The traffic is handled by the Accelerated Path. According to the R81.x Security Gateway Architecture (Logical Packet Flow)1, the Accelerated Path is the fastest path for processing packets, as it bypasses most of the inspection and uses SecureXL to accelerate the traffic. The Accelerated Path is used for connections that are established, compliant with the security policy, and do not require any content inspection or NAT1. The Application Control blade inspects the traffic based on the application identity, which is determined by the Application Control Software Blade in the Medium Path1. However, once the application identity is established, the connection can be offloaded to SecureXL and handled by the Accelerated Path2. This way, the Application Control blade can improve performance and reduce CPU consumption2. The other paths are not used for this traffic because: The Slow Path is used for packets that are not compliant with the security policy, require stateful inspection or NAT, or are not supported by SecureXL1. This path involves the most inspection and processing, and is therefore the slowest3. The Fast Path is used for packets that are trusted and do not require any inspection or NAT. This path bypasses both SecureXL and the Firewall kernel, and uses a kernel module called simfast to forward the packets directly to the network interface driver4. This path is not enabled by default, and requires manual configuration of rules to define which traffic can use it4. The Medium Path is used for packets that require content inspection, such as IPS, Anti-Virus, Anti-Bot, URL Filtering, or Application Control1. This path uses SecureXL to accelerate some parts of the inspection, but still involves some processing by the Firewall kernel3. This path is only used for the first few packets of a connection until the application identity is established, and then the connection can be offloaded to the Accelerated Path2. References: : Control SecureXL / CoreXL Paths - Check Point CheckMates : What is CoreXL and SecureXL ?jermsmit.com : R81.x Security Gateway Architecture (Logical Packet Flow) : SecureXL and Application Control Layer - Check Point CheckMates
Question 383:
What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI?
A. set config-lock on override
B. Click the Lock icon in the WebUI
C. "set rbac rw = 1''
D. lock database override
Correct Answer: C
Question 384:
When defining QoS global properties, which option below is not valid?
A. Weight
B. Authenticated timeout
C. Schedule
D. Rate
Correct Answer: D
QoS global properties are the settings that apply to all QoS rules and QoS interfaces on the Security Gateway. They include the following options12: Weight: This is the relative importance of a QoS rule compared to other QoS rules. A higher weight means a higher priority. The default weight is 1, and the maximum weight is 1000. Authenticated timeout: This is the time period in seconds that a connection remains in the QoS rule after the last packet is sent or received. The default timeout is 600 seconds, and the minimum timeout is 60 seconds. Schedule: This is the time period in which a QoS rule is active. You can define a schedule for each day of the week, or use the default schedule of always active. Rate: This is not a valid option for QoS global properties. Rate is an option for QoS rule action, which defines the maximum bandwidth allocated for a QoS rule. The rate can be specified in Kbps, Mbps, or percentage of interface speed. References: 1: QoS R81.20 Administration Guide - Check Point Software 2: QoS R81 Administration Guide
-Check Point Software
Question 385:
Which two Cluster Solutions are available under R81.20?
A. ClusterXL and NSRP
B. VRRPandHSRP
C. VRRP and IP Clustering
D. ClusterXL and VRitP
Correct Answer: D
ClusterXL and VRRP are the two cluster solutions that are available under R81.20. According to the ClusterXL R81.20 Administration Guide1, ClusterXL is a Check Point software-based clustering solution that provides high availability and load sharing for Check Point Security Gateways and Cluster Members. ClusterXL supports two modes: High Availability and Load Sharing. In High Availability mode, all Cluster Members are connected to the same network segment and share a virtual IP address. One member is active and handles all traffic, while the others are in standby mode and ready to take over in case of a failure. In Load Sharing mode, all Cluster Members are active and share the traffic load according to a predefined algorithm. ClusterXL supports both unicast and multicast modes for Load Sharing1. VRRP (Virtual Router Redundancy Protocol) is an industry standard protocol that provides high availability for routers or firewalls by creating a virtual router with a virtual IP address that is shared by a group of routers or firewalls. One router or firewall is elected as the master and handles all traffic directed to the virtual IP address, while the others are backups that monitor the master and take over if it fails. VRRP can be used with Check Point Security Gateways to provide redundancy and failover for external interfaces1. NSRP (NetScreen Redundancy Protocol) is a proprietary protocol developed by Juniper Networks that provides high availability and load balancing for NetScreen firewalls. NSRP is not supported by Check Point products2. HSRP (Hot Standby Router Protocol) is a Cisco proprietary protocol that provides high availability for routers by creating a virtual router with a virtual IP address that is shared by a group of routers. One router is elected as the active router and handles all traffic directed to the virtual IP address, while another router is elected as the standby router and monitors the active router and takes over if it fails. HSRP is not supported by Check Point products. IP Clustering is a feature of Linux Virtual Server (LVS) that provides high availability and load balancing for IP-based services by creating a cluster of real servers that are accessed through a virtual IP address. The cluster is managed by a director that routes requests to the real servers according to a scheduling algorithm. IP Clustering is not supported by Check Point products. References: : ClusterXL R81.20 Administration Guide : Check Point R81.20 : Solved: R81.20 - Check Point CheckMates : [Hot Standby Router Protocol - Wikipedia] : [Linux Virtual Server - Wikipedia]
Question 386:
You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?
A. The idle timeout for the web session is specified with the "set web session-timeout" command.
B. The number specified is the amount of the idle timeout in seconds rather than in minutes. So you have to use the command "set inactivity-timeout 600" instead.
C. Probably, you have forgotten to make sure that nobody is accessing the management server via the SmartConsole which locks the management database.
D. The number of minutes is correct. Probably, you have forgotten to save this setting with the "save config" command.
Correct Answer: A
The reason why the web session is being disconnected after 10 minutes is that the idle timeout for the web session is specified with the "set web session-timeout" command, not the "set inactivity-timeout" command. The "set inactivity-
timeout" command only affects the CLI session, not the web session. To prevent the web session from being disconnected after 10 minutes of inactivity, you need to use the "set web session-timeout" command with a higher value than 10
minutes.
References: [Check Point Security Expert R81 Administration Guide], page 77.
Question 387:
Fill in the blank: Authentication rules are defined for ________ .
A. User groups
B. Users using UserCheck
C. Individual users
D. All users in the database
Correct Answer: A
Authentication rules are defined for user groups, not individual users or all users in the database. Authentication rules allow you to control which user groups can access specific resources or services through the Security Gateway. You can define different authentication methods and schemes for different user groups, such as Check Point Password, OS Password, RADIUS, TACACS, SecurID, LDAP, or Certificate. You can also define different session timeouts and source restrictions for different user groups. Authentication rules are processed before the network access rules in the rule base.
Question 388:
What does Backward Compatibility mean upgrading the Management Server and how can you check it?
A. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Installation and Upgrade Guide
B. The Management Server is able to manage older Gateways The lowest supported version is documented in the Release Notes
C. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Installation and Upgrade Guide
D. You will be able to connect to older Management Server with the SmartConsole The lowest supported version is documented in the Release Notes
Correct Answer: B
Backward Compatibility means that the Management Server is able to manage older Gateways. The lowest supported version is documented in the Release Notes of each version. The Installation and Upgrade Guide only provides information about how to install or upgrade the Management Server and the Gateways, not about the compatibility between them. References: Check Point R81 Release Notes, page 6.
Question 389:
By default, the R81 web API uses which content-type in its response?
A. Java Script
B. XML
C. Text
D. JSON
Correct Answer: D
By default, the R81 web API uses JSON as the content-type in its response. JSON stands for JavaScript Object Notation and is a lightweight data-interchange format that is easy to read and write. XML, Java Script, and Text are not the
default content-types for the R81 web API. References: : Check Point Software, Getting Started, Web API; :
JSON.org, Introducing JSON.
Question 390:
Which command is used to obtain the configuration lock in Gaia?
A. Lock database override
B. Unlock database override
C. Unlock database lock
D. Lock database user
Correct Answer: A
Which command is used to obtain the configuration lock in Gaia? The command that is used to obtain the configuration lock in Gaia is lock database override. This command allows a user to take over the configuration lock from another user who is currently logged in with read/write access. The other user will be forced to logout and will lose any unsaved changes. This command should be used with caution and only when necessary. References: Gaia Administration Guide R81, page 15.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.