CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 451:

  If a "ping"-packet is dropped by FW1 Policy n how many inspection Points do you see this packet in "fw monitor"?

  A. "i", "l" and "o"

  B. I don't see it in fw monitor

  C. "i" only

  D. "i" and "l"

  Correct Answer: C

  If a "ping"-packet is dropped by FW1 Policy, you will see this packet in "fw monitor" on one inspection point only: "i". The "i" inspection point represents the inbound traffic before any rule processing. Since the packet is dropped by FW1 Policy, it will not pass through any other inspection points, such as "l" (after rule processing), "o" (outbound before rule processing), or "O" (outbound after rule processing). References: : Check Point Software, Getting Started, fw monitor.

• Question 452:

  Which upgrade method you should use upgrading from R80.40 to R81.20 to avoid any downtime?

  A. Zero Downtime Upgrade (ZDU)

  B. Connectivity Upgrade (CU)

  C. Minimal Effort Upgrade (ME)

  D. Multi-Version Cluster Upgrade (MVC)

  Correct Answer: D

  The correct upgrade method for upgrading from R80.40 to R81.20 without any downtime is the Multi-Version Cluster Upgrade (MVC). MVC is a new feature in R80.40 that replaces the deprecated Connectivity Upgrade (CU). MVC allows you to upgrade cluster members to a newer version without losing connectivity and test the new version on some of the cluster members before you decide to upgrade the rest of the cluster members. MVC synchronizes connections between cluster members that run different versions and ensures that the cluster remains operational during the upgrade process. MVC is intended only to test the current configuration in the newer version and not to change the security policy and install it on cluster members with different software versions. MVC is disabled by default and can be enabled on each cluster member individually. MVC has some limitations, such as not supporting VSX clusters, IPS blade, or SecureXL acceleration. References: Multi-Version Cluster (MVC) replaces Connectivity Upgrade (CU) in R80.40 Multi-Version Cluster (MVC) Upgrade Configuring the Multi-Version Cluster Mechanism

• Question 453:

  CoreXL is NOT supported when one of the following features is enabled: (Choose three)

  A. Route-based VPN

  B. IPS

  C. IPv6

  D. Overlapping NAT

  Correct Answer: ACD

  CoreXL is not supported when one of the following features is enabled: Check Point QoS (Quality of Service), Route-based VPN, IPv6 on IPSO, or Overlapping NAT. CoreXL is a performance-enhancing technology that allows multiple CPU cores to concurrently handle network traffic. IPS is supported by CoreXL and can benefit from its acceleration. References: : Check Point Software, Getting Started, CoreXL; : Check Point Software, Getting Started, IPS.

• Question 454:

  What are the services used for Cluster Synchronization?

  A. 256H-CP tor Full Sync and 8116/UDP for Delta Sync

  B. 8116/UDP for Full Sync and Delta Sync

  C. TCP/256 for Full Sync and Delta Sync

  D. No service needed when using Broadcast Mode

  Correct Answer: A

  Cluster Synchronization is a mechanism that allows cluster members to share state information and maintain a consistent security policy. Cluster Synchronization uses two types of synchronization: Full Synchronization and Delta Synchronization. Full Synchronization transfers the entire Security Policy and state tables from one cluster member to another. Delta Synchronization transfers only the changes in the state tables. Cluster Synchronization uses two services for communication: TCP port 256 (CPHA) for Full Synchronization and UDP port 8116 for Delta Synchronization3. Therefore, the correct answer is A. References: 3: Cluster Synchronization

• Question 455:

  What are scenarios supported by the Central Deployment in SmartConsole?

  A. Installation of Jumbo Hotfix on a ClusterXL environment in High Availability Mode

  B. Upgrading a Dedicated SmartEvent Server

  C. Upgrading a Dedicated Log Server to R81

  D. Upgrading a Standalone environment

  Correct Answer: A

• Question 456:

  In which deployment is the security management server and Security Gateway installed on the same appliance?

  A. Standalone

  B. Remote

  C. Distributed

  D. Bridge Mode

  Correct Answer: A

  In a Standalone deployment, a Check Point computer runs both the Security Gateway and Security Management Server products. This means that the same appliance performs both network security functions and security policy management functions. A Standalone deployment is suitable for small or branch offices that do not require a separate management server. References: Check Point R81 Installation and Upgrade Guide, page

• Question 457:

  Where is the license for Check Point Mobile users installed?

  A. The Primary Gateway

  B. The Standby Gateway

  C. The Endpoint Server

  D. The Security Management Server

  Correct Answer: D

  The license for Check Point Mobile users is installed on the Security Management Server. Check Point Mobile is a client application that allows remote users to securely access corporate resources from their mobile devices. To use Check Point Mobile, you need to have a valid license for the Mobile Access Software Blade on the Security Management Server. The license determines the number of concurrent users that can connect to the Security Gateway using Check Point Mobile. You can view and manage the license from the SmartConsole or the CPUSE WebUI. For more information, you can refer to the Check Point R81 Mobile Access Blade Administration Guide1 or the Check Point Cybersecurity BootCamp R81.20 ?CCSAand; CCSE Training2.

• Question 458:

  Which one of the following is NOT a configurable Compliance Regulation?

  A. GLBA

  B. CJIS

  C. SOCI

  D. NCIPA

  Correct Answer: C

  The Check Point Compliance Blade is a security management tool that monitors the compliance status of the Security Gateways and Security Management Servers with various regulatory standards1. The Compliance Blade supports the following regulatory standards2: GLBA: The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, is a US federal law that requires financial institutions to protect the privacy and security of their customers' personal information. CJIS: The Criminal Justice Information Services Division, also known as CJIS, is a division of the US Federal Bureau of Investigation that provides criminal justice information services to law enforcement, national security, and intelligence agencies. CJIS has a set of security policies and requirements that govern the access, use, and protection of the CJIS data. NCIPA: The National Counterintelligence and Security Center Insider Threat Program Maturity Framework, also known as NCIPA, is a US government framework that provides guidance and best practices for establishing and enhancing insider threat programs within federal agencies. NCIPA defines five levels of maturity for insider threat programs, from initial to optimized. SOCI: This is not a valid option for a configurable Compliance Regulation. There is no such regulatory standard with this acronym. However, there is a similar acronym, SOC 2, which stands for Service Organization Control 2, which is a set of standards and criteria for auditing the security, availability, processing integrity, confidentiality, and privacy of service providers that store, process, or transmit customer data3. Therefore, the correct answer is C, as SOCI is not a configurable Compliance Regulation. References: 1: ATRG: Compliance Blade (R80.10 and higher) - Check Point Software 3 2: Check Point R81 - Check Point Software 1 3: SOC 2 Compliance Checklist: What You Need to Know - Varonis

• Question 459:

  Alice and Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true?

  A. Each network environment is dependent and includes interfaces, routes, sockets, and processes

  B. Management Plane ?To access, provision and monitor the Security Gateway

  C. Data Plane ?To access, provision and monitor the Security Gateway

  D. Management Plane ?for all other network traffic and processing

  Correct Answer: B

  Management Data Plane Separation (MDPS) is a feature that allows the separation of the management plane and the data plane on a Security Gateway or a cluster. The management plane is responsible for accessing, provisioning and monitoring the Security Gateway, while the data plane is responsible for all other network traffic and processing. Each network environment is independent and includes interfaces, routes, sockets, and processes1. References: Check Point R81 Administration Guide

• Question 460:

  Alice and Bob are concurrently logged In via SSH on the same Check Point Security Gateway as user "admin* however Bob was first logged in and acquired the lock Alice Is not aware that Bob is also togged in to the same Security Management Server as she is but she needs to perform very urgent configuration changes - which of the following GAlAclish command is true for overriding Bobs configuration database lock:

  A. lock database override

  B. unlock override database

  C. unlock database override

  D. database unlock override

  Correct Answer: A

  To override Bob's configuration database lock, Alice can use the command lock database override in the clish shell. This command will transfer the lock from Bob to Alice and allow her to make the urgent configuration changes. However, this command should be used with caution, as it may cause conflicts or inconsistencies if Bob and Alice are working on the same objects or policies. It is recommended to communicate with other administrators before using this command and to release the lock as soon as possible after finishing the changes1. The other commands are not valid in clish and will result in an error message.