CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 451:

  What is not a component of Check Point SandBlast?

  A. Threat Emulation
  B. Threat Simulator
  C. Threat Extraction
  D. Threat Cloud
  B. Threat Simulator

  ---

  Explanation/Reference:

  Threat Simulator is not a component of Check Point SandBlast. Check Point SandBlast is a solution that provides advanced protection against zero-day threats using four components: Threat Emulation, Threat Extraction, Threat Cloud, and Threat Prevention. References: Check Point SandBlast Network

• Question 452:

  What is the default shell for the command line interface?

  A. Expert
  B. Clish
  C. Admin
  D. Normal
  B. Clish

  ---

  Explanation/Reference:

  What is the default shell for the command line interface? The default shell for the command line interface is Clish. Clish is a shell that provides a menu-based interface for configuring various system settings, such as network interfaces, routing, DNS, NTP, SNMP, SSH, etc. Clish also provides help and completion features for easier navigation. To switch from Clish to Expert mode, which allows running Linux commands, use the command expert. References: Gaia Administration Guide R81, page 29.

• Question 453:

  In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

  A. fw ctl sdstat
  B. fw ctl affinity
  C. fw ctl multik stat
  D. cpinfo
  B. fw ctl affinity

  ---

  Explanation/Reference:

  The fw ctl affinity -l -a -r -v command is the most accurate CLI command to get info about assignment (FW, SND) of all CPUs in your SGW. This command displays the affinity settings of all interfaces and processes in a verbose mode, including the Firewall (FW) and Secure Network Distributor (SND) instances. References: CoreXL Administration Guide

• Question 454:

  If an administrator wants to add manual NAT for addresses now owned by the Check Point firewall, what else is necessary to be completed for it to function properly?

  A. Nothing - the proxy ARP is automatically handled in the R81 version
  B. Add the proxy ARP configurations in a file called /etc/conf/local.arp
  C. Add the proxy ARP configurations in a file called $FWDIR/conf/local.arp
  D. Add the proxy ARP configurations in a file called $CPDIR/conf/local.arp
  C. Add the proxy ARP configurations in a file called $FWDIR/conf/local.arp

  ---

  Explanation/Reference:

  If an administrator wants to add manual NAT for addresses not owned by the Check Point firewall, they also need to add the proxy ARP configurations in a file called $FWDIR/conf/local.arp. This file contains the mappings between the IP addresses and the MAC addresses of the NATed hosts. The proxy ARP feature allows the firewall to answer ARP requests on behalf of the NATed hosts and forward the traffic to them. The local.arp file needs to be edited manually and reloaded with the command arp -f $FWDIR/conf/local.arp. References: R81 Security Management Administration Guide, page 1014.

• Question 455:

  What statement best describes the Proxy ARP feature for Manual NAT in R81.20?

  A. Automatic proxy ARP configuration can be enabled
  B. Translate Destination on Client Side should be configured
  C. fw ctl proxy should be configured
  D. local.arp file must always be configured
  D. local.arp file must always be configured

  ---

  Explanation/Reference:

  According to the Check Point R81 training course, the Proxy ARP feature for Manual NAT in R81.20 requires the configuration of the local.arp file on the Security Gateway. This file contains the mapping of IP addresses to MAC addresses for NATed hosts. The other options are either incorrect or irrelevant. References: Certified Security Expert (CCSE) R81.20 Course Overview

• Question 456:

  Which of the following is NOT supported by CPUSE?

  A. Automatic download of full installation and upgrade packages
  B. Automatic download of hotfixes
  C. Installation of private hotfixes
  D. Offline installations
  D. Offline installations

  ---

  Explanation/Reference:

  The option that is not supported by CPUSE is offline installations. CPUSE (Check Point Update Service Engine) is a Gaia software update agent that manages software updates on Gaia OS and Check Point products. It requires an internet connection to download and install updates from the Check Point Cloud or a local Deployment Agent. The other options are supported by CPUSE. It can automatically download full installation and upgrade packages, hotfixes, and private hotfixes. It can also install them manually or automatically according to a schedule. References: [CPUSE Overview]

  https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/ html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/112109

• Question 457:

  What is the purpose of the CPCA process?

  A. Monitoring the status of processes.
  B. Sending and receiving logs.
  C. Communication between GUI clients and the SmartCenter server.
  D. Generating and modifying certificates.
  D. Generating and modifying certificates.

  ---

  Explanation/Reference:

  The purpose of the CPCA process is to generate and modify certificates for Check Point products and features. CPCA stands for Check Point Certificate Authority and it is responsible for creating and managing certificates for internal communication between Check Point components, such as Security Gateways, Security Management Servers, SmartConsole clients, and OPSEC applications. CPCA also supports external certificate authorities and can import and export certificates from other sources.

• Question 458:

  What is the purpose of Priority Delta in VRRP?

  A. When a box up, Effective Priority = Priority + Priority Delta
  B. When an Interface is up, Effective Priority = Priority + Priority Delta
  C. When an Interface fail, Effective Priority = Priority ?Priority Delta
  D. When a box fail, Effective Priority = Priority ?Priority Delta
  C. When an Interface fail, Effective Priority = Priority ?Priority Delta

  ---

  Explanation/Reference:

  Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP. If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will begin to send out its own HELLO packet. Once the master sees this packet with a priority greater than its own, then it releases the VIP.

  References:

• Question 459:

  What is the amount of Priority Queues by default?

  A. There are 8 priority queues and this number cannot be changed.
  B. There is no distinct number of queues since it will be changed in a regular basis based on its system requirements.
  C. There are 7 priority queues by default and this number cannot be changed.
  D. There are 8 priority queues by default, and up to 8 additional queues can be manually configured
  D. There are 8 priority queues by default, and up to 8 additional queues can be manually configured

  ---

  Explanation/Reference:

  There are 8 priority queues by default, and up to 8 additional queues can be manually configured1. Priority Queues are a feature of SecureXL that accelerates the performance of the Security Gateway by offloading CPU-intensive operations to the SecureXL device2. Priority Queues are used to prioritize traffic when the Security Gateway is stressed and needs to drop packets2. By default, there are 8 priority queues, each with a different priority level and type of connections2. You can manually configure up to 8 additional queues by setting the relevant kernel parameters in $FWDIR/boot/modules/fwkern.conf file1. You can also customize the queue length, the load balancing method, and the services that are considered as control connections1. References: Firewall Priority Queues in R80.x / R81.x - Check Point Software, SecureXL - Check Point Software

• Question 460:

  Which features are only supported with R81.20 Gateways but not R77.x?

  A. Access Control policy unifies the Firewall, Application Control and URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
  B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
  C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
  D. Time object to a rule to make the rule active only during specified times.
  C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

  ---

  Explanation/Reference:

  The features that are only supported with R81.20 Gateways and not with R77.x are described in option C:

  "C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence."

  This feature, known as Rule Base Layers, allows for greater flexibility and control in organizing and prioritizing security rules within the rule base.

  Options A, B, and D do not specifically pertain to features introduced in R81.20 and are available in earlier versions as well.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.