Fill in the blank: An Endpoint identity agent uses a________ for user authentication.
A. Shared secret
B. Username/password or Kerberos Ticket
C. Token
D. Certificate
Correct Answer: B
An Endpoint Identity Agent is a software component that runs on the user's device and communicates with the Check Point gateway to provide user identity information. An Endpoint Identity Agent can use different methods for user authentication, such as username/password, Kerberos ticket, or certificate. However, the most common and recommended method is username/password or Kerberos ticket, which allows the user to log in to the device with their domain credentials and automatically authenticate with the gateway without entering additional credentials. This method also supports Single Sign-On (SSO) and Multi-Factor Authentication (MFA) features. The references are: Check Point R81 Identity Awareness Administration Guide, page 15 Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 14 Endpoint Identity Agent - Check Point CheckMates
Question 402:
What are the three SecureXL Templates available in R81.20?
A. PEP Templates. QoS Templates. VPN Templates
B. Accept Templates. Drop Templates. NAT Templates
C. Accept Templates. Drop Templates. Reject Templates
D. Accept Templates. PDP Templates. PEP Templates
Correct Answer: B
SecureXL is a technology that improves the performance of the Security Gateway by offloading CPU-intensive operations to a dedicated hardware or software module. SecureXL uses templates to accelerate traffic processing based on
predefined patterns and conditions. SecureXL supports three types of templates: Accept Templates, Drop Templates, and NAT Templates3. Accept Templates are used to accelerate traffic that matches an Accept rule in the Security Policy.
Accept Templates bypass most of the inspection stages and send packets directly to the network interface. Drop Templates are used to accelerate traffic that matches a Drop rule in the Security Policy. Drop Templates drop packets without
sending them to the firewall kernel for inspection. NAT Templates are used to accelerate traffic that requires Network Address Translation (NAT). NAT Templates perform NAT operations without sending packets to the firewall kernel.
Therefore, the correct answer is B.
References: 3: SecureXL for R80.20 and higher
Question 403:
You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it. What does this mean?
A. This rule No. 6 has been marked for deletion in your Management session.
B. This rule No. 6 has been marked for deletion in another Management session.
C. This rule No. 6 has been marked for editing in your Management session.
D. This rule No. 6 has been marked for editing in another Management session.
Correct Answer: C
You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it. This means that rule No.6 has been marked
for editing in your Management session. In R81, every administrator works in a session that is independent of other administrators. Changes made by one administrator are not visible to others until they are published. When you edit a rule, it
is marked with a pencil icon to indicate that it has been modified in your session. You can also lock a rule to prevent other administrators from editing it until you unlock it or publish your session.
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule based and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?
A. The connection is destined for a server within the network
B. The connection required a Security server
C. The packet is the second in an established TCP connection
D. The packets are not multicast
Correct Answer: B
The most likely reason that the traffic is not accelerated is that the connection required a Security server. A Security server is a Check Point mechanism that inspects traffic that cannot be directly handled by the kernel. For example, traffic that requires content inspection, such as HTTP, FTP, SMTP, or VPN-1 SecuRemote/SecureClient. When a connection requires a Security server, it cannot be accelerated by SecureXL, which is a technology that offloads the processing of security operations from the CPU to improve performance. The other options are not relevant for acceleration. References: : Check Point Software, Getting Started, SecureXL; : Check Point Software, Getting Started, Security Servers.
Question 405:
Bob needs to know if Alice was configuring the new virtual cluster interface correctly. Which of the following Check Point commands is true?
A. cphaprob-aif
B. cp hap rob state
C. cphaprob list
D. probcpha -a if
Correct Answer: A
You can use the cphaprob -a if command to check the status of the virtual cluster interface1. This command displays the state, virtual IP address, and physical IP address of each cluster interface2. It also shows the load balancing method,
the load on each interface, and the active member for each interface2. This command can help you verify that Alice configured the virtual cluster interface correctly and that it is working properly. To run this command, you need to access the
cluster member in Clish and run cphaprob -a if1.
References: How to configure ClusterXL in Load Sharing Unicast mode - Check Point Software, cphaprob -a if - Check Point Software
Question 406:
Fill in the blank: An identity server uses a __________ for user authentication.
A. Shared secret
B. Certificate
C. One-time password
D. Token
Correct Answer: D
An identity server uses a token for user authentication. A token is a piece of data that contains information about the user's identity, such as their username, email, roles, and claims. A token is digitally signed by the identity server and can be verified by the relying party (the application or service that needs to authenticate the user). A token can be issued in different formats, such as JSON Web Token (JWT) or Security Assertion Markup Language (SAML). A token can also have different lifetimes, such as short-lived access tokens or long-lived refresh tokens.
Question 407:
What command is used to manually failover a cluster during a zero-downtime upgrade?
A. set cluster member down
B. cpstop
C. clusterXL_admin down
D. set clusterXL down
Correct Answer: C
To manually failover a cluster during a zero-downtime upgrade, you can use the command clusterXL_admin down on the active cluster member. This command will gracefully change the state of the cluster member to down and trigger a failover to the standby cluster member. This way, you can upgrade the cluster member that is now down without affecting the traffic processed by the other cluster member. You can then use the command clusterXL_admin up to bring the upgraded cluster member back online and repeat the process for the other cluster member. This command is useful for testing and debugging purposes and does not survive reboot unless you add the -p option or use the set cluster member admin down/up permanent command in clish1. The other commands are not valid for initiating a manual failover. The set cluster member down command is used to remove a cluster member from a cluster. The cpstop command is used to stop all Check Point services on a gateway. The set clusterXL down command does not exist.
Question 408:
To find records in the logs that shows log records from the Application and URL Filtering Software Blade where traffic was dropped, what would be the query syntax?
A. blada: application control AND action:drop
B. blade."application control AND action;drop
C. (blade: application control AND action;drop)
D. blade;"application control AND action:drop
Correct Answer: D
The correct query syntax to find records in the logs that show log records from the Application and URL Filtering Software Blade where traffic was dropped is blade;"application control AND action:drop". This query uses quotation marks to enclose the values of the blade and action fields, and uses a colon to separate the field name from the value. The query also uses AND to combine two conditions that must be met for a log record to match. References: [Searching Logs]
Question 409:
According to out of the box SmartEvent policy, which blade will automatically be correlated into events?
A. Firewall
B. VPN
C. IPS
D. HTTPS
Correct Answer: C
According to out of the box SmartEvent policy, the blade that will automatically be correlated into events is IPS. IPS (Intrusion Prevention System) is a blade that detects and prevents network attacks by inspecting traffic and applying signatures and protections. SmartEvent correlates IPS logs into events based on predefined event definitions, such as IPS Attack, IPS Attack High Confidence, IPS Attack Critical Confidence, etc. The other blades are not automatically correlated into events by default, but they can be added to the SmartEvent policy manually. References: [SmartEvent Policy]
Question 410:
SmartConsole R81 x requires the following ports to be open for SmartEvent.
A. 19009, 19090 and 443
B. 19009, 19004 and 18190
C. 18190 and 443
D. 19009, 18190 and 443
Correct Answer: D
The ports that are required to be open for SmartEvent are 19009, 18190, and 443. TCP port 19009 is used by the CPM process for management communication. TCP port 18190 is used by the CPD process for inter-process communication. TCP port 443 is used by the HTTPS protocol for secure web access. SmartEvent uses these ports to communicate with other components, such as SmartConsole, Security Management Server, Log Server, Correlation Unit, etc. References: [SmartEvent Ports]
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
