CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 431:

  What order should be used when upgrading a Management High Availability Cluster?

  A. Secondary Management, then Primary Management
  B. Active Management, then Standby Management
  C. Standby Management, then Active Management
  D. Primary Management, then Secondary Management
  C. Standby Management, then Active Management

  ---

  Explanation/Reference:

  The upgrade process for a Management High Availability Cluster is to first upgrade the Standby Management Server, then perform a failover and upgrade the Active Management Server. This way, the cluster can maintain its functionality and synchronization during the upgrade. The references are: Check Point R81 Upgrade Guide, page 17 Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 10

• Question 432:

  Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:

  A. cpexport
  B. sysinfo
  C. cpsizeme
  D. cpinfo
  D. cpinfo

  ---

  Explanation/Reference:

  Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called cpinfo. Cpinfo is a utility that collects diagnostic data on a Check Point gateway, management server, or log server. It

  generates a file that contains information such as product version, license details, OS details, network configuration, installed hotfixes, status of Check Point processes, firewall tables, etc. This file can be used by Check Point Support to

  troubleshoot issues or analyze performance. References:

  [Cpinfo Utility]

• Question 433:

  You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

  A. edit fwaffinity.conf; reboot required
  B. cpconfig; reboot required
  C. edit fwaffinity.conf; reboot not required
  D. cpconfig; reboot not required
  B. cpconfig; reboot required

  ---

  Explanation/Reference:

  To change the number of firewall instances used by CoreXL, the cpconfig command must be used, followed by a reboot. CoreXL is a technology that improves the performance of the Security Gateway by using multiple cores to handle concurrent connections. The number of firewall instances determines how many cores are dedicated to CoreXL. The cpconfig command allows the administrator to configure various settings on the Security Gateway, including the number of firewall instances. After changing this setting, a reboot is required for the changes to take effect. The other commands are either incorrect or do not require a reboot.

• Question 434:

  Fill in the blank: Authentication rules are defined for ________ .

  A. User groups
  B. Users using UserCheck
  C. Individual users
  D. All users in the database
  A. User groups

  ---

  Explanation/Reference:

  Authentication rules are defined for user groups, not individual users or all users in the database. Authentication rules allow you to control which user groups can access specific resources or services through the Security Gateway. You can define different authentication methods and schemes for different user groups, such as Check Point Password, OS Password, RADIUS, TACACS, SecurID, LDAP, or Certificate. You can also define different session timeouts and source restrictions for different user groups. Authentication rules are processed before the network access rules in the rule base.

• Question 435:

  The log server sends what to the Correlation Unit?

  A. Authentication requests
  B. CPMI dbsync
  C. Logs
  D. Event Policy
  C. Logs

  ---

  Explanation/Reference:

  The log server sends logs to the Correlation Unit. The Correlation Unit analyzes the logs and generates events based on the event policy. The events are then sent to the SmartEvent Server, which displays them in the SmartEvent GUI.

  References:

  [SmartEvent Administration Guide]

• Question 436:

  Gaia has two default user accounts that cannot be deleted. What are those user accounts?

  A. Admin and Default
  B. Expert and Clish
  C. Control and Monitor
  D. Admin and Monitor
  D. Admin and Monitor

  ---

  Explanation/Reference:

  Gaia has two default user accounts that cannot be deleted: Admin and Monitor. Admin is a superuser account that has full access to all Gaia features and commands. Monitor is a read-only account that can view Gaia configuration and status but cannot make any changes. Both accounts have predefined passwords that can be changed by the Admin user. References: [Check Point R81 Gaia Administration Guide], page 29 SRC: GAIA R81.20 Administration Guide User Management -> Users These users are created by default and cannot be deleted: admin and monitor

• Question 437:

  Which command would disable a Cluster Member permanently?

  A. clusterXL_admin down
  B. cphaprob_admin down
  C. clusterXL_admin down-p
  D. set clusterXL down-p
  C. clusterXL_admin down-p

  ---

  Explanation/Reference:

  The clusterXL_admin down -p command disables a Cluster Member permanently, meaning that it will not rejoin the cluster even after a reboot. The other commands either disable a Cluster Member temporarily or are invalid. References: [ClusterXL Administration Guide]

• Question 438:

  Which file gives you a list of all security servers in use, including port number?

  A. $FWDIR/conf/conf.conf
  B. $FWDIR/conf/servers.conf
  C. $FWDIR/conf/fwauthd.conf
  D. $FWDIR/conf/serversd.conf
  C. $FWDIR/conf/fwauthd.conf

  ---

  Explanation/Reference:

  The file that gives you a list of all security servers in use, including port number, is $FWDIR/conf/fwauthd.conf. Security servers are processes that handle application-level protocols such as HTTP, FTP, SMTP, etc., and perform security checks on them. Fwauthd.conf is a configuration file that defines which security servers are enabled, which ports they listen on, and which inspection points they are attached to.

• Question 439:

  In the Firewall chain mode FFF refers to:

  A. Stateful Packets
  B. No Match
  C. All Packets
  D. Stateless Packets
  C. All Packets

  ---

  Explanation/Reference:

  In the Firewall chain mode FFF refers to all packets. Firewall chain mode is a feature that allows administrators to define how packets are processed by different firewall kernel modules in inbound and outbound directions. FFF is one of the predefined chain modes that applies all firewall kernel modules (Firewall, VPN, IPS, etc.) to all packets, regardless of their state or connection. This mode provides maximum security, but also consumes more CPU resources.

• Question 440:

  As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name `cover-company-logo.png' and then copy that image file to which directory on the SmartEvent server?

  A. SFWDIR/smartevent/conf
  B. $RTDIR/smartevent/conf
  C. $RTDIR/smartview/conf
  D. $FWDIR/smartview/conf
  C. $RTDIR/smartview/conf

  ---

  Explanation/Reference:

  To add the company logo to reports, you would save the logo as a PNG file with the name `cover-company-logo.png' and then copy that image file to the $RTDIR/smartview/conf directory on the SmartEvent server. The $RTDIR is an environment variable that points to the runtime directory of the SmartEvent server, which is usually /opt/CPrt-R81. The smartview/conf directory contains the configuration files for SmartView, which is a web-based interface for viewing reports and dashboards generated by SmartEvent. References: SmartEvent Administration Guide, SK120193 - How to add a company logo to SmartView reports