CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 411:

  An administrator wishes to enable Identity Awareness on the Check Point firewalls. However, they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?

  A. AD Query
  B. Terminal Servers Agent
  C. Identity Agents
  D. Browser-Based Authentication
  D. Browser-Based Authentication

  ---

  Explanation/Reference:

  Browser-Based Authentication is an identity awareness method that enables you to identify users who are not authenticated by other methods, such as Active Directory or VPN. Browser-Based Authentication redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity. Browser-Based Authentication is suitable for scenarios where users can use company issued or personal laptops, since it does not require any installation or configuration on the user's device. It also supports various operating systems and browsers, and can be customized to match the company's branding. The references are: Check Point R81 Identity Awareness Administration Guide, page 9 Configuring Browser-Based Authentication in SmartConsole Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 13

• Question 412:

  By default, which port does the WebUI listen on?

  A. 80
  B. 4434
  C. 443
  D. 8080
  C. 443

  ---

  Explanation/Reference:

  The default port for the Gaia WebUI Portal is HTTPS 443. This is the standard port for secure web communication over SSL/TLS. Changing the port may cause inconsistency with the settings on the SmartConsole and is not recommended unless necessary. To change the port, you can use the CLISH command set web ssl-port and save the configuration. References: 13

• Question 413:

  To find records in the logs that shows log records from the Application and URL Filtering Software Blade where traffic was dropped, what would be the query syntax?

  A. blada: application control AND action:drop
  B. blade."application control AND action;drop
  C. (blade: application control AND action;drop)
  D. blade;"application control AND action:drop
  D. blade;"application control AND action:drop

  ---

  Explanation/Reference:

  The correct query syntax to find records in the logs that show log records from the Application and URL Filtering Software Blade where traffic was dropped is blade;"application control AND action:drop". This query uses quotation marks to enclose the values of the blade and action fields, and uses a colon to separate the field name from the value. The query also uses AND to combine two conditions that must be met for a log record to match. References: [Searching Logs]

• Question 414:

  SandBlast agent extends 0-day prevention to what part of the network?

  A. Web Browsers and user devices
  B. DMZ server
  C. Cloud
  D. Email servers
  A. Web Browsers and user devices

  ---

  Explanation/Reference:

  SandBlast Agent is a comprehensive endpoint security solution that extends 0-day prevention to web browsers and user devices. It protects against advanced threats such as ransomware, phishing, and zero-day attacks by using a combination of static, dynamic, and behavioral analysis. References: [SandBlast Agent Datasheet]

• Question 415:

  Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?

  A. Both License (.lic) and Contract (.xml) files
  B. cp.macro
  C. Contract file (.xml)
  D. license File (.lic)
  B. cp.macro

  ---

  Explanation/Reference:

  cp.macro is an electronically signed file used by Check Point to translate the features in the license into a code. It is located in the $FWDIR/conf directory on the Security Management Server. The cp.macro file contains a list of features and their corresponding codes, which are used to generate the license file (.lic) based on the contract file (.xml). The license file (.lic) is then installed on the Security Gateway or Security Management Server to activate the licensed features. References: Check Point R81 Licensing and Contract Administration Guide, page 10

• Question 416:

  What is the responsibility of SOLR process on R81.20 management server?

  A. Validating all data before it's written into the database
  B. It generates indexes of data written to the database
  C. Communication between SmartConsole applications and the Security Management Server
  D. Writing all information into the database
  B. It generates indexes of data written to the database

  ---

  Explanation/Reference:

  The responsibility of SOLR process on R81.20 management server is to generate indexes of data written to the database. SOLR is an open source search platform that provides fast and scalable indexing and querying capabilities. SOLR is used by the R81.20 management server to index data such as logs, objects, policies, tasks, and events, and to enable quick and efficient searches on this data by SmartConsole and SmartView applications.

• Question 417:

  : 156

  VPN Link Selection will perform the following when the primary VPN link goes down?

  A. The Firewall will drop the packets.
  B. The Firewall can update the Link Selection entries to start using a different link for the same tunnel.
  C. The Firewall will send out the packet on all interfaces.
  D. The Firewall will inform the client that the tunnel is down.
  B. The Firewall can update the Link Selection entries to start using a different link for the same tunnel.

  ---

  Explanation/Reference:

  VPN Link Selection is a feature that allows the Security Gateway to select the best link for each VPN tunnel based on the network topology and the Link Selection configuration1. When the primary VPN link goes down, the Firewall can update the Link Selection entries to start using a different link for the same tunnel, as long as the remote peer supports this feature and has multiple IP addresses configured2. This way, the VPN tunnel can be maintained without interruption or renegotiation. The other options are not correct because:

  

  Firewall

  A. The Firewall will not drop the packets, but will try to send them over another link if possible.

  

  Firewall

  C. The Firewall will not send out the packet on all interfaces, but will use the routing table to determine the best interface for each destination.

  

  Firewall

  D. The Firewall will not inform the client that the tunnel is down, but will try to keep the tunnel up by switching to another link. References: IPSec VPN - Link Selection, Outgoing VPN Link Selection on a gateway with multiple external interfaces

• Question 418:

  While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?

  A. Security Gateway is not part of the Domain
  B. SmartConsole machine is not part of the domain
  C. Identity Awareness is not enabled on Global properties
  D. Security Management Server is not part of the domain
  B. SmartConsole machine is not part of the domain

  ---

  Explanation/Reference:

  The verified answer is B. SmartConsole machine is not part of the domain. The Identity Awareness wizard uses the SmartConsole machine to detect the windows domain by querying the Active Directory server using DCOM protocol1. If the

  SmartConsole machine is not part of the domain, the query will fail and the wizard will not automatically detect the domain. The user will have to manually enter the domain name and credentials to proceed with the configuration. The Security

  Gateway, the Security Management Server, and the Identity Awareness global properties do not affect the domain detection by the wizard. However, they are required for other aspects of the Identity Awareness blade, such as AD Query,

  Identity Collector, and Browser-Based Authentication2.

  References:

  Identity Awareness Configuration wizard authentication fails3 Identity Awareness - Check Point Software4

• Question 419:

  Which of the following Central Deployment is NOT a limitation in R81.20 SmartConsole?

  A. Security Gateway Clusters in Load Sharing mode
  B. Dedicated Log Server
  C. Dedicated SmartEvent Server
  D. Security Gateways/Clusters in ClusterXL HA new mode
  A. Security Gateway Clusters in Load Sharing mode

  ---

  Explanation/Reference:

  Security Gateway Clusters in Load Sharing mode are not supported by the Central Deployment feature in R81.20 SmartConsole. According to the Check Point R81.20 Known Limitations article1, Central Deployment in SmartConsole does not support: Connection from SmartConsole Client to the Management Server through a proxy server. In this case, use the applicable API command ClusterXL in Load Sharing mode VRRP Cluster Installation of a package on a VSX VSLS Cluster that contains more than 3 members. On Multi-Domain Servers: Global Domain, or the MDS context Standalone server Standby Security Management Server or Multi-Domain Security Management Scalable Platforms 40000 / 60000 SMB Appliances The other options are supported by the Central Deployment feature in R81.20 SmartConsole. Dedicated Log Server, Dedicated SmartEvent Server, and Security Gateways/Clusters in ClusterXL HA new mode can be selected as targets for installing packages using the Central Deployment wizard.

• Question 420:

  What is the best method to upgrade a Security Management Server to R81.x when it is not connected to the Internet?

  A. CPUSE offline upgrade only
  B. Advanced upgrade or CPUSE offline upgrade
  C. Advanced Upgrade only
  D. SmartUpdate offline upgrade
  B. Advanced upgrade or CPUSE offline upgrade

  ---

  Explanation/Reference:

  The best method to upgrade a Security Management Server to R81.x when it is not connected to the Internet is either Advanced upgrade or CPUSE offline upgrade. Advanced upgrade is a manual procedure that involves backing up the current configuration, installing the new version from an ISO image, and restoring the configuration. CPUSE offline upgrade is an automated procedure that involves downloading the upgrade package from the Check Point User Center, transferring it to the Security Management Server, and installing it using CPUSE. SmartUpdate offline upgrade is not a valid option, as SmartUpdate is a tool for managing licenses and software packages on multiple gateways and servers1. References: 1: Check Point Software, Getting Started, Upgrading Security Management Servers.