CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 441:

  Which encryption algorithm is the least secured?

  A. AES-128
  B. AES-256
  C. DES
  D. 3DES
  C. DES

  ---

  Explanation/Reference:

  DES (Data Encryption Standard) is a symmetric block cipher that uses a 56-bit key to encrypt and decrypt 64-bit blocks of data. It was developed by IBM in 1975 and adopted by the US government as a standard for encryption. However, DES has been proven to be insecure and vulnerable to various attacks, such as brute force, differential cryptanalysis, and linear cryptanalysis. A brute force attack can break DES in a matter of hours using modern hardware. Differential cryptanalysis can reduce the number of keys to be searched by a factor of four, and linear cryptanalysis can reduce it by a factor of two. Therefore, DES is the least secure encryption algorithm among the options given. References: Types of Encryption, Secure Organization's Data With These Encryption Algorithms, Comparative study of symmetric cryptographic algorithms

• Question 442:

  Which Correction mechanisms are available with ClusterXL under R81.20?

  A. Correction Mechanisms are only available of Maestro Hyperscale Orchestrators
  B. Pre-Correction and SDF (Sticky Decision Function)
  C. SDF (Sticky Decision Function) and Flush and ACK
  D. Dispatcher (Early Correction) and Firewall (Late Correction)
  C. SDF (Sticky Decision Function) and Flush and ACK

  ---

  Explanation/Reference:

  SDF (Sticky Decision Function) and Flush and ACK are the two correction mechanisms that are available with ClusterXL under R81.20. According to the ClusterXL R81.20 Administration Guide1, correction mechanisms are methods that ClusterXL uses to prevent or recover from out-of-state situations, which occur when different Cluster Members have different information about the connections that they handle1. ClusterXL supports two types of correction mechanisms: SDF and Flush and ACK1. SDF (Sticky Decision Function) is a mechanism that ensures that packets of the same connection are always handled by the same Cluster Member, regardless of the load balancing algorithm. SDF uses a hash table that maps each connection to a specific Cluster Member, based on the 5-tuple of source IP, destination IP, source port, destination port, and protocol. SDF prevents out-of-state situations by avoiding the switch of Cluster Members for existing connections1. Flush and ACK is a mechanism that synchronizes the connection tables of different Cluster Members when an out-of-state situation is detected. Flush and ACK works as follows: When a Cluster Member receives a packet that belongs to an unknown connection, it sends a Flush message to all other Cluster Members, asking them to delete the connection from their tables. When a Cluster Member receives a Flush message, it checks if it has the connection in its table. If it does, it deletes the connection and sends an ACK message to the sender of the Flush message, indicating that it has performed the deletion. When a Cluster Member receives an ACK message, it creates a new connection entry in its table for the packet that triggered the Flush message, and processes the packet normally. If a Cluster Member does not receive any ACK message within a timeout period, it assumes that no other Cluster Member has the connection, and creates a new connection entry in its table for the packet that triggered the Flush message1. References: : ClusterXL R81.20 Administration Guide

• Question 443:

  NAT rules are prioritized in which order?

  1.

  Automatic Static NAT

  2.

  Automatic Hide NAT

  3.

  Manual/Pre-Automatic NAT

  4.

  Post-Automatic/Manual NAT rules

  A. 1, 2, 3, 4
  B. 1, 4, 2, 3
  C. 3, 1, 2, 4
  D. 4, 3, 1, 2
  A. 1, 2, 3, 4

  ---

  Explanation/Reference:

  NAT rules are prioritized in the following order:

  Automatic Static NAT: This is the highest priority NAT rule and it translates the source or destination IP address to a different IP address without changing the port number. It is configured in the network object properties. Automatic Hide NAT:

  This is the second highest priority NAT rule and it translates the source IP address and port number to a different IP address and port number. It is configured in the network object properties. Manual/Pre-Automatic NAT: This is the third

  highest priority NAT rule and it allows you to create custom NAT rules that are not possible with automatic NAT. It is configured in the NAT policy rulebase before the automatic NAT rules. Post-Automatic/Manual NAT rules: This is the lowest

  priority NAT rule and it allows you to create custom NAT rules that are not possible with automatic NAT. It is configured in the NAT policy rulebase after the automatic NAT rules.

• Question 444:

  After having saved the Cllsh Configuration with the "save configuration config.txt* command, where can you find the config.txt file?

  A. You will find it in the home directory of your usef account (e.g. /home/admirV)
  B. You can locate the file via SmartConsole > Command Line.
  C. You have to launch the WebUl and go to "Config" -> "Export Conflg File" and specifly the destination directory of your local tile system
  D. You cannot locate the file in the file system sine?Clish does not have any access to the bash fie system
  B. You can locate the file via SmartConsole > Command Line.

  ---

  Explanation/Reference:

  You can locate the file via SmartConsole > Command Line. According to the CLISH documentation1, when you save the configuration with the "save configuration config.txt" command, the file is stored in a temporary location on the management server. To access the file, you need to use SmartConsole and go to Command Line > View File > config.txt2. Alternatively, you can also use the "show configuration" command in CLISH to view the current configuration2. References: : CLISH - SourceForge : Summary of Gaia Clish Commands - Check Point Software

• Question 445:

  SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

  A. Threat Emulation
  B. Mobile Access
  C. Mail Transfer Agent
  D. Threat Cloud
  B. Mobile Access

  ---

  Explanation/Reference:

  Mobile Access is not part of the SandBlast component. Mobile Access is a software blade that provides secure remote access to corporate resources from various devices, such as smartphones, tablets, and laptops. Mobile Access supports different connectivity methods, such as SSL VPN, IPsec VPN, and Mobile Enterprise Application Store (MEAS). Mobile Access also integrates with Mobile Threat Prevention (MTP) to protect mobile devices from malware and network attacks. References: Check Point Security Expert R81 Course, Mobile Access Administration Guide, SandBlast Mobile Datasheet

• Question 446:

  Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?

  A. https://
  B. http://:443
  C. https://:10000
  D. https://:4434
  A. https://

  ---

  Explanation/Reference:

  The correct address to access the Web UI for Gaia platform via browser is https://. This will open the Gaia Portal login page, where you can enter your username and password to access the Gaia configuration options. By default, the Web UI listens on port 443 for HTTPS connections, but you can change it using the CLISH command set web ssl-port .

• Question 447:

  Using fw monitor you see the following inspection point notion E and i what does that mean?

  A. E shows the packet before the VPN encryption, i after the inbound firewall VM
  B. E shows the packet reaching the external interface, i leaving the internal interface
  C. E shows the packet after the VPN encryption, i before the inbound firewall VM
  D. E shows the packet leaving the external interface, i reaching the internal interface
  C. E shows the packet after the VPN encryption, i before the inbound firewall VM

  ---

  Explanation/Reference:

  Using fw monitor, the inspection point notation E and i means that E shows the packet after the VPN encryption, and i shows the packet before the inbound firewall VM. E (for example, eth4:E) is the Post-Outbound inspection point, which captures packets after they are encrypted by VPN Outbound. i (for example, eth4:i) is the Pre-Inbound inspection point, which captures packets before they are inspected by the in-bound FireWall VM2. References: Check Point R81 CLI Reference Guide

• Question 448:

  Choose the correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAiA Management CLI?

  A. mgmt_cli add host name "myHost12 ip" address 10.50.23.90
  B. mgmt_cli add host name ip-address 10.50.23.90
  C. mgmt_cli add host "emailserver1" address 10.50.23.90
  D. mgmt_cli add host name "emailserver1" ip-address 10.50.23.90
  D. mgmt_cli add host name "emailserver1" ip-address 10.50.23.90

  ---

  Explanation/Reference:

  The correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAiA Management CLI is mgmt_cli add host name "emailserver1" ip- address 10.50.23.90. The name and ip-address parameters are required and must be enclosed in double quotes. The other options are missing the double quotes or have incorrect parameter names1. References: 1: Check Point Software, Getting Started, Adding a Host.

• Question 449:

  Which command gives us a perspective of the number of kernel tables?

  A. fw tab -t
  B. fw tab -s
  C. fw tab -n
  D. fw tab -k
  B. fw tab -s

  ---

  Explanation/Reference:

  The command "fw tab -s" is used to display information about the state of various kernel tables in a Check Point firewall. It provides a perspective on the number and status of these tables, which can be helpful for troubleshooting and monitoring firewall performance.

  Option B correctly identifies the command that gives a perspective of the number of kernel tables, making it the verified answer.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 450:

  Which directory below contains log files?

  A. /opt/CPSmartlog-R81/log
  B. /opt/CPshrd-R81/log
  C. /opt/CPsuite-R81/fw1/log
  D. /opt/CPsuite-R81/log
  C. /opt/CPsuite-R81/fw1/log

  ---

  Explanation/Reference:

  The directory /opt/CPsuite-R81/fw1/log contains the log files for the Security Gateway, such as firewall, VPN, IPS, and anti-virus logs1. These log files can be viewed and analyzed using SmartConsole or SmartView2. The other directories are not correct because:

  A. The directory /opt/CPSmartlog-R81/log contains the log files for the SmartLog server, which is a separate component that indexes and searches the logs from multiple Security Gateways3. B. The directory /opt/CPshrd-R81/log contains the log files for the shared components of the Check Point suite, such as cpwd, cpca, cpd, and cpwatchdog4. D. The directory /opt/CPsuite-R81/log does not exist by default and is not used for logging purposes. References: Logging and Monitoring R81 Administration Guide, SmartConsole R81 Help, SmartLog R81 Help, Check Point Processes and Daemons