CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 391:

  You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.

  What must you do to get SIC to work?

  A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
  B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
  C. Nothing - Check Point control connections function regardless of Geo-Protection policy
  D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection
  C. Nothing - Check Point control connections function regardless of Geo-Protection policy

  ---

  Explanation/Reference:

  Nothing needs to be done to get SIC to work if there is a Geo-Protection policy blocking Australia and a network requires a Check Point Firewall to be installed in Sydney, Australia. SIC stands for Secure Internal Communication, and it is a mechanism that ensures secure and authenticated communication between Check Point components by using certificates issued by an internal Certificate Authority (ICA). SIC is not affected by Geo-Protection policy, which is a feature that allows administrators to block or allow traffic based on the geographic location of the source or destination IP address. Geo-Protection policy only applies to data traffic, not control traffic, and SIC uses control traffic to establish trust between Check Point components.

• Question 392:

  Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?

  A. fw accel stat
  B. fwaccel stat
  C. fw acces stats
  D. fwaccel stats
  B. fwaccel stat

  ---

  Explanation/Reference:

  The fwaccel stat command displays the status of SecureXL, and its enabled templates and features. The other commands are either incorrect or incomplete. References: [SecureXL Commands]

• Question 393:

  Which is NOT an example of a Check Point API?

  A. Gateway API
  B. Management API
  C. OPSEC SDK
  D. Threat Prevention API
  A. Gateway API
  C. OPSEC SDK
  D. Threat Prevention API

• Question 394:

  Which packet info is ignored with Session Rate Acceleration?

  A. source port ranges
  B. source ip
  C. source port
  D. same info from Packet Acceleration is used
  C. source port

  ---

  Explanation/Reference:

  Session Rate Acceleration is a SecureXL feature that accelerates the establishment of new connections by bypassing the inspection of the first packet of each session. Session Rate Acceleration ignores the source port information of the packet, as well as the destination port ranges, protocol type, and VPN information. The other packet info is used by Packet Acceleration, which is another SecureXL feature that accelerates the forwarding of subsequent packets of an established connection. References: SecureXL Mechanism

• Question 395:

  What are the Threat Prevention software components available on the Check Point Security Gateway?

  A. IPS, Threat Emulation and Threat Extraction
  B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
  C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
  D. IDS, Forensics, Anti-Virus, Sandboxing
  C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction

  ---

  Explanation/Reference:

  The Threat Prevention software components available on the Check Point Security Gateway are IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction. These components provide comprehensive protection against various types of cyber threats, such as network attacks, malware, ransomware, phishing, zero-day exploits, data leakage, and more. IPS is a network security component that detects and prevents malicious traffic based on signatures, behavioral patterns, and anomaly detection. Anti-Bot is a network security component that detects and blocks botnet communications and command-and- control servers. Anti-Virus is a network security component that scans files for known viruses, worms, and trojans. Threat Emulation is a network security component that emulates files in a sandbox environment to detect unknown malware and prevent zero-day attacks. Threat Extraction is a network security component that removes malicious content from files and delivers clean files to users. References: [Check Point R81 Threat Prevention Administration Guide], page 9-10

• Question 396:

  Besides fw monitor, what is another command that can be used to capture packets?

  A. arp
  B. traceroute
  C. tcpdump
  D. ping
  C. tcpdump

  ---

  Explanation/Reference:

  Tcpdump is a tool that captures and analyzes network traffic on a given interface2. It can be used to troubleshoot connectivity or performance issues, or to inspect the content of the packets2. To use tcpdump, you need to access the Security Gateway in expert mode and run tcpdump -i [options] [filter]2. You can specify various options and filters to customize the output, such as source or destination IP address, port number, protocol, packet size, etc2. You can also save the captured packets to a file for later analysis by using the -w option2. For more information about tcpdump, you can run man tcpdump or visit the official website3.

• Question 397:

  Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

  A. infoCP
  B. infoview
  C. cpinfo
  D. fw cpinfo
  C. cpinfo

  ---

  Explanation/Reference:

  The cpinfo tool generates a R81 Security Gateway configuration report that includes information about the hardware, operating system, product version, patches, and configuration settings. References: cpinfo - Check Point Support Center

• Question 398:

  Which Operating Systems are supported for the Endpoint Security VPN?

  A. Windows and x86 Solaris
  B. Windows and macOS computers
  C. Windows and SPARC Solaris
  D. Windows and Red Hat Linux
  B. Windows and macOS computers

  ---

  Explanation/Reference:

  Endpoint Security VPN is a lightweight remote access client that supports Windows and macOS computers. It provides secure connectivity to corporate resources using L2TP/IPSec, SSL, or Check Point's proprietary VPN protocol. Endpoint Security VPN also integrates with other Endpoint Security products such as SandBlast Agent, Full Disk Encryption, Media Encryption, and Firewall. References: Check Point R81 Endpoint Security VPN Administration Guide, page 5

• Question 399:

  By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?

  A. Six times per day
  B. Seven times per day
  C. Every two hours
  D. Every three hours
  D. Every three hours

  ---

  Explanation/Reference:

  By default, when the CPUSE Software Updates Policy is set to Automatic, updates are checked every three hours3. This means that the CPUSE agent will automatically download and install updates that match the policy settings every three

  hours. The other options are not the default values for the CPUSE Software Updates Policy. References: 3:

  Check Point Software, Getting Started, CPUSE Software Updates Policy.

• Question 400:

  What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81?

  A. 2 CPU cores, 4GB of RAM and 15GB of disk space
  B. 8 CPU cores, 16GB of RAM and 500 GB of disk space
  C. 4 CPU cores, 8GB of RAM and 500GB of disk space
  D. 8 CPU cores, 32GB of RAM and 1 TB of disk space
  C. 4 CPU cores, 8GB of RAM and 500GB of disk space

  ---

  Explanation/Reference:

  The minimum open server hardware requirements for a Security Management Server/Standalone in R81 are:

  CPU: Intel Core i5-4590 or equivalent (4 cores)

  Memory: 8 GB RAM

  Disk space: 500 GB

  The other options do not match the minimum requirements. Option A has insufficient CPU cores, memory and disk space. Option B has excessive CPU cores and disk space. Option D has excessive CPU cores, memory and disk space.

  References: Check Point R81 Release Notes, page 6