CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 421:

  What is the correct description for the Dynamic Balancing / Split feature?

  A. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)

  B. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)

  C. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

  D. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

  Correct Answer: D

  The correct description for the Dynamic Balancing / Split feature is:

  Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load.

  It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

  The Dynamic Balancing / Split feature is a performance-enhancing daemon that balances the load between CoreXL SNDs and CoreXL Firewalls. It monitors the average CPU utilization of CoreXL Firewall and SND instances and

  automatically increases or decreases the number of CoreXL Firewall instances. The Dynamic Balancing Daemon (dsd) has three stages in each iteration: Examine the current CPU utilization, Calculate the optimal split, and Apply the new

  split1.

  The Dynamic Balancing / Split feature is supported on Check Point Appliances, such as Quantum Appliances, Quantum Maestro, Quantum Security Gateways, and Quantum LightSpeed Appliances in KPPAK mode2. It is not supported on

  Quantum Spark appliances, which are designed for small and medium businesses. It is also not supported on Open Server platforms, which are general-purpose servers that run Check Point software on top of third-party operating systems.

  References: Dynamic Balancing for CoreXL; Maestro and Dynamic Balancing (Dynamic Split); Dynamic Balancing available on R80.40; [Quantum Spark Appliances]; [Open Server]

• Question 422:

  SandBlast agent extends 0-day prevention to what part of the network?

  A. Web Browsers and user devices

  B. DMZ server

  C. Cloud

  D. Email servers

  Correct Answer: A

  SandBlast Agent is a comprehensive endpoint security solution that extends 0-day prevention to web browsers and user devices. It protects against advanced threats such as ransomware, phishing, and zero-day attacks by using a combination of static, dynamic, and behavioral analysis. References: [SandBlast Agent Datasheet]

• Question 423:

  Choose the correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAiA Management CLI?

  A. mgmt_cli add host name "myHost12 ip" address 10.50.23.90

  B. mgmt_cli add host name ip-address 10.50.23.90

  C. mgmt_cli add host "emailserver1" address 10.50.23.90

  D. mgmt_cli add host name "emailserver1" ip-address 10.50.23.90

  Correct Answer: D

  The correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAiA Management CLI is mgmt_cli add host name "emailserver1" ip- address 10.50.23.90. The name and ip-address parameters are required and must be enclosed in double quotes. The other options are missing the double quotes or have incorrect parameter names1. References: 1: Check Point Software, Getting Started, Adding a Host.

• Question 424:

  How can you switch the active log file?

  A. Run fw logswitch on the gateway

  B. Run fwm logswitch on the Management Server

  C. Run fwm logswitch on the gateway

  D. Run fw logswitch on the Management Server

  Correct Answer: D

  You can switch the active log file by running fw logswitch on the Management Server1. This command closes the current log file and creates a new one2. It is useful for archiving or backing up log files, or for creating a new log file for a specific time period2. You can also schedule the log switch to occur automatically at a regular interval, such as daily, weekly, or monthly2. To run this command, you need to access the Management Server in expert mode and run fw logswitch1. You can also use the SmartView Tracker to switch the active log file from the GUI. To do this, go to the Network and Endpoint tab, click on the File menu, and select Switch Active File...3. References: How to switch the active log file

  - Check Point Software, fw logswitch - Check Point Software, Troubleshooting Check Point logging issues when Security Management Server / Log Server is not receiving logs from Security Gateway - Check Point Software

• Question 425:

  Identity Awareness allows the Security Administrator to configure network access based on which of the following?

  A. Name of the application, identity of the user, and identity of the machine

  B. Identity of the machine, username, and certificate

  C. Browser-Based Authentication, identity of a user, and network location

  D. Network location, identity of a user, and identity of a machine

  Correct Answer: D

  Implied rules are predefined rules that are automatically added to the Access Control rulebase by the Security Management Server. Implied rules allow the control connections that are essential for the functionality and security of the Check Point products, such as communication between the Security Gateway and the Security Management Server, synchronization between cluster members, logging, VPN, and ICMP. Implied rules are not visible in the SmartConsole, but they can be viewed and modified using the Global Properties window. The references are: Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 12 Check Point R81 Quantum Security Gateway Guide, page 141 Check Point R81 Firewall Administration Guide, page 21

• Question 426:

  Alice was asked by Bob to implement the Check Point Mobile Access VPN blade - therefore are some basic configuration steps required - which statement about the configuration steps is true?

  A. 1. Add a rule in the Access Control Policy and install policy

  2.

  Configure Mobile Access parameters in Security Gateway object

  3.

  Enable Mobile Access blade on the Security Gateway object and complete the wizard

  4.

  Connect to the Mobile Access Portal

  B. 1. Connect to the Mobile Access Portal

  2.

  Enable Mobile Access blade on the Security Gateway object and complete the wizard

  3.

  Configure Mobile Access parameters in Security Gateway object

  4.

  Add a rule in the Access Control Policy and install policy

  C. 1. Configure Mobile Access parameters in Security Gateway object

  2.

  Enable Mobile Access blade on the Security Gateway object and complete the wizard

  3.

  Add a rule in the Access Control Policy and install policy

  4.

  Connect to the Mobile Access Portal

  D. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard

  2.

  Configure Mobile Access parameters in Security Gateway object

  3.

  Add a rule in the Access Control Policy and install policy

  4.

  Connect to the Mobile Access Portal

  Correct Answer: D

  The verified answer is D. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy

  4. Connect to the Mobile Access Portal

  The basic configuration steps for the Check Point Mobile Access VPN blade are as follows1:

  Enable Mobile Access blade on the Security Gateway object and complete the wizard: This step activates the Mobile Access blade on the selected gateway and guides you through the initial configuration, such as defining the portal name,

  the certificate, and the authentication methods.

  Configure Mobile Access parameters in Security Gateway object: This step allows you to customize the Mobile Access settings, such as defining the supported applications, the access roles, the client settings, and the advanced options. Add

  a rule in the Access Control Policy and install policy: This step creates a rule that allows the traffic from the Mobile Access portal to the protected resources and installs the policy on the gateway. Connect to the Mobile Access Portal: This step

  verifies that the Mobile Access portal is accessible and functional from a web browser or a mobile device. The other options are incorrect because they do not follow the correct order or include the necessary steps.

  References:

  Mobile Access Administration Guide R81 - Check Point Software1

• Question 427:

  The Check Point history feature in R81 provides the following:

  A. View install changes and install specific version

  B. View install changes

  C. Policy Installation Date, view install changes and install specific version

  D. Policy Installation Date only

  Correct Answer: A

  The Check Point history feature in R81 provides the following functions:

  View install changes: This function allows you to view the changes that were made in each policy installation, such as added, modified, or deleted rules, objects, settings, etc. You can also compare the changes between different policy

  installations and filter them by various criteria. Install specific version: This function allows you to install a specific version of the policy from the history, which can be useful for reverting to a previous policy or testing different policies. You can

  also view the changes that will be applied by installing a specific version before installing it. References: R81 Security Management Administration Guide, page 85.

• Question 428:

  Which of the following is NOT an internal/native Check Point command?

  A. fwaccel on

  B. fw ct1 debug

  C. tcpdump

  D. cphaprob

  Correct Answer: C

  The command tcpdump is not an internal/native Check Point command. It is a common command-line tool that captures and analyzes network traffic. The other commands are internal/native Check Point commands that perform various functions. For example: fwaccel on enables SecureXL acceleration on the Security Gateway. fw ctl debug sets the debug flags for the Firewall kernel module. cphaprob displays the status and information about ClusterXL or VRRP members. References: Check Point R81 CLI Reference Guide, pages 11, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27; Check Point R81 Gaia Administration Guide, page 9

• Question 429:

  Which is the lowest gateway version supported by R81.20 management server?

  A. R77.30

  B. R80.20

  C. R77

  D. R65

  Correct Answer: A

  The lowest gateway version supported by R81.20 management server is R77.30. According to the Check Point Release Map1, you can upgrade to R81.20 from R77.30, R80, R80.10, R80.20.M1, R80.20, R80.20SP, R80.20.M2, R80.20 3.10, R80.30, R80.30 3.10, R80.30SP, R80.40, R81 and R81.20. However, to upgrade from R77.30, R80 and R80.10, you first need to upgrade to R80.40. For more information, you can refer to the Check Point R81.20 (Titan) Release Home page2 or the Certified Security Expert (CCSE) R81.20 Course Overview3.

• Question 430:

  When users connect to the Mobile Access portal they are unable to open File Shares.

  Which log file would you want to examine?

  A. cvpnd.elg

  B. httpd.elg

  C. vpnd.elg

  D. fw.elg

  Correct Answer: A

  When users connect to the Mobile Access portal they are unable to open File Shares. The log file that you would want to examine is cvpnd.elg. This log file contains information about the Mobile Access VPN daemon, which handles the connections from the Mobile Access portal to the internal resources, such as File Shares, Web Applications, etc. The log file is located in the directory $FWDIR/log/ on the Security Gateway. You can use the command fw log -f cvpnd.elg to view the log file in real time. References: R81 Mobile Access Administration Guide, page 255.