CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 401:

  How can you switch the active log file?

  A. Run fw logswitch on the gateway
  B. Run fwm logswitch on the Management Server
  C. Run fwm logswitch on the gateway
  D. Run fw logswitch on the Management Server
  D. Run fw logswitch on the Management Server

  ---

  Explanation/Reference:

  You can switch the active log file by running fw logswitch on the Management Server1. This command closes the current log file and creates a new one2. It is useful for archiving or backing up log files, or for creating a new log file for a specific time period2. You can also schedule the log switch to occur automatically at a regular interval, such as daily, weekly, or monthly2. To run this command, you need to access the Management Server in expert mode and run fw logswitch1. You can also use the SmartView Tracker to switch the active log file from the GUI. To do this, go to the Network and Endpoint tab, click on the File menu, and select Switch Active File...3. References: How to switch the active log file

  - Check Point Software, fw logswitch - Check Point Software, Troubleshooting Check Point logging issues when Security Management Server / Log Server is not receiving logs from Security Gateway - Check Point Software

• Question 402:

  Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

  A. Detects and blocks malware by correlating multiple detection engines before users are affected.
  B. Configure rules to limit the available network bandwidth for specified users or groups.
  C. Use UserCheck to help users understand that certain websites are against the company's security policy.
  D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
  A. Detects and blocks malware by correlating multiple detection engines before users are affected.

  ---

  Explanation/Reference:

  Detecting and blocking malware by correlating multiple detection engines before users are affected is not a feature associated with the Check Point URL Filtering and Application Control Blade. This feature is part of the Check Point SandBlast Network solution, which uses Threat Emulation and Threat Extraction technologies to prevent zero- day attacks. The other features are part of the URL Filtering and Application Control Blade, which allows you to control access to web applications and sites based on various criteria. References: URL Filtering and Application Control Administration Guide

• Question 403:

  Which is the lowest gateway version supported by R81.20 management server?

  A. R77.30
  B. R80.20
  C. R77
  D. R65
  A. R77.30

  ---

  Explanation/Reference:

  The lowest gateway version supported by R81.20 management server is R77.30. According to the Check Point Release Map1, you can upgrade to R81.20 from R77.30, R80, R80.10, R80.20.M1, R80.20, R80.20SP, R80.20.M2, R80.20 3.10, R80.30, R80.30 3.10, R80.30SP, R80.40, R81 and R81.20. However, to upgrade from R77.30, R80 and R80.10, you first need to upgrade to R80.40. For more information, you can refer to the Check Point R81.20 (Titan) Release Home page2 or the Certified Security Expert (CCSE) R81.20 Course Overview3.

• Question 404:

  When an encrypted packet is decrypted, where does this happen?

  A. Security policy
  B. Inbound chain
  C. Outbound chain
  D. Decryption is not supported
  A. Security policy

  ---

  Explanation/Reference:

  When an encrypted packet is received by a Check Point Security Gateway, it is decrypted according to the security policy. The security policy defines the rules and settings for encryption and decryption of traffic, such as the encryption algorithm, the encryption domain, the pre-shared secret or certificate, etc. The security policy is enforced by the Firewall kernel, which is responsible for decrypting the packets before passing them to the inbound chain for further inspection. The inbound chain consists of various inspection modules that apply security checks and actions on the decrypted packets. The outbound chain is the reverse process, where the packets are inspected and then encrypted according to the security policy before being sent out. References: Check Point Firewall Security Solution, Check Point R81 Cyber Security Platform, Check Point VPN Administration Guide R81

• Question 405:

  What are the three components for Check Point Capsule?

  A. Capsule Docs, Capsule Cloud, Capsule Connect
  B. Capsule Workspace, Capsule Cloud, Capsule Connect
  C. Capsule Workspace, Capsule Docs, Capsule Connect
  D. Capsule Workspace, Capsule Docs, Capsule Cloud
  D. Capsule Workspace, Capsule Docs, Capsule Cloud

  ---

  Explanation/Reference:

  The three components for Check Point Capsule are Capsule Workspace, Capsule Docs, and Capsule Cloud. Capsule Workspace is a secure container app that allows users to access corporate data and applications from their mobile devices. Capsule Docs is a solution that protects documents with encryption and granular access control. Capsule Cloud is a cloud-based security service that enforces security policies on devices that are outside the corporate network. References: Check Point Capsule

• Question 406:

  The WebUI offers several methods for downloading hotfixes via CPUSE except:

  A. Automatic
  B. Force override
  C. Manually
  D. Scheduled
  B. Force override

  ---

  Explanation/Reference:

  The WebUI offers three methods for downloading hotfixes via CPUSE: Automatic, Manually, and Scheduled. Force override is not a valid method for downloading hotfixes. Force override is an option that can be used when installing a hotfix to override the compatibility check and force the installation of the hotfix. References: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent)

• Question 407:

  SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?

  A. Management Dashboard
  B. Gateway
  C. Personal User Storage
  D. Behavior Risk Engine
  C. Personal User Storage

  ---

  Explanation/Reference:

  SandBlast Mobile has four components: Management Dashboard, Gateway, Behavior Risk Engine, and On-Device Network Protection. Personal User Storage is not part of the SandBlast Mobile solution. References: SandBlast Mobile Architecture

• Question 408:

  Which command is used to add users to or from existing roles?

  A. Add rba user roles
  B. Add rba user
  C. Add user roles
  D. Add user
  A. Add rba user roles

  ---

  Explanation/Reference:

  The command to add users to or from existing roles is add rba user roles . This command allows you to assign one or more roles to a user in the Gaia database. Roles are collections of permissions that define what actions a user can perform on the system. You can use predefined roles or create your own custom roles. To remove a role from a user, you can use the command delete rba user roles .

• Question 409:

  Which of the following is NOT an internal/native Check Point command?

  A. fwaccel on
  B. fw ct1 debug
  C. tcpdump
  D. cphaprob
  C. tcpdump

  ---

  Explanation/Reference:

  The command tcpdump is not an internal/native Check Point command. It is a common command-line tool that captures and analyzes network traffic. The other commands are internal/native Check Point commands that perform various functions. For example: fwaccel on enables SecureXL acceleration on the Security Gateway. fw ctl debug sets the debug flags for the Firewall kernel module. cphaprob displays the status and information about ClusterXL or VRRP members. References: Check Point R81 CLI Reference Guide, pages 11, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27; Check Point R81 Gaia Administration Guide, page 9

• Question 410:

  According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side a process receives them and first stores them Into a temporary directory. Which process is true for receiving these Tiles;

  A. FWD
  B. CPD
  C. FWM
  D. RAD
  B. CPD

  ---

  Explanation/Reference: