CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 461:

  Which one of the following is true about Threat Emulation?

  A. Takes less than a second to complete
  B. Works on MS Office and PDF files only
  C. Always delivers a file
  D. Takes minutes to complete (less than 3 minutes)
  D. Takes minutes to complete (less than 3 minutes)

  ---

  Explanation/Reference:

  Threat Emulation is a software blade that takes minutes to complete (less than 3 minutes). Threat Emulation analyzes files for malicious behavior by running them in a virtual sandbox. Threat Emulation works on MS Office, PDF, executables, and archive files. Threat Emulation does not always deliver a file, but only if no threats are found or if the user chooses to download the original file after seeing a warning message. References: Check Point Security Expert R81 Course, Threat Emulation Administration Guide

• Question 462:

  What are types of Check Point APIs available currently as part of R81.20 code?

  A. Security Gateway API Management API, Threat Prevention API and Identity Awareness Web Services API
  B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
  C. OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API
  D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
  B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API

  ---

  Explanation/Reference:

  What are types of Check Point APIs available currently as part of R81.20 code?

  The types of Check Point APIs available currently as part of R81.20 code are:

  Management API: This API allows you to automate and orchestrate various management tasks, such as creating and modifying objects, installing policies, generating reports, etc. The Management API can be accessed via CLI, Web

  Services, or GUI clients.

  Threat Prevention API: This API allows you to interact with the Threat Prevention software blades, such as Anti-Virus, Anti-Bot, Threat Emulation, etc. The Threat Prevention API can be used to query and update indicators, upload files for

  emulation, retrieve verdicts and reports, etc.

  Identity Awareness Web Services API: This API allows you to integrate external identity sources with the Identity Awareness software blade, which provides identity-based access control for network traffic. The Identity Awareness Web

  Services API can be used to send identity and session information to the Security Gateway, query identity information from the Security Gateway, etc. OPSEC SDK API: This API allows you to develop custom applications that can

  communicate with Check Point products using the OPSEC protocol. The OPSEC SDK API supports various OPSEC services, such as LEA, CPMI, SAM, ELA, UFP, etc. References: R81 Management API Reference Guide, page 7; [R81

  Threat Prevention API Reference Guide], page 7; [R81 Identity Awareness Administration Guide], page 105; [OPSEC SDK R81 Documentation Package].

• Question 463:

  When gathering information about a gateway using CPINFO, what information is included or excluded when using the "-x" parameter?

  A. Includes the registry
  B. Gets information about the specified Virtual System
  C. Does not resolve network addresses
  D. Output excludes connection table
  B. Gets information about the specified Virtual System

  ---

  Explanation/Reference:

  The cpinfo command is a tool that collects diagnostic data from a Check Point gateway or management server. The data includes configuration files, logs, status reports, and more. The cpinfo output can be used for troubleshooting or sent to Check Point support for analysis. The -x parameter is used to get information about the specified Virtual System on a VSX gateway. A Virtual System is a virtualized firewall instance that runs on a VSX gateway and has its own security policy and objects. References: Check Point Security Expert R81 Course, cpinfo Utility, VSX Administration Guide

• Question 464:

  SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

  A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
  B. Correlates all the identified threats with the consolidation policy.
  C. Collects syslog data from third party devices and saves them to the database.
  D. Connects with the SmartEvent Client when generating threat reports.
  A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
  C. Collects syslog data from third party devices and saves them to the database.

  ---

  an essential function in threat detection and analysis, as it helps in identifying and alerting about security threats based on the configured policies.

  Option A correctly describes the function of the Correlation Unit, making it the verified answer.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 465:

  What is the main difference between Threat Extraction and Threat Emulation?

  A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
  B. Threat Extraction always delivers a file and takes less than a second to complete.
  C. Threat Emulation never delivers a file that takes less than a second to complete.
  D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
  B. Threat Extraction always delivers a file and takes less than a second to complete.

  ---

  Explanation/Reference:

  Threat Extraction (Answer B): Threat Extraction always delivers a file, but it removes potentially malicious content from the file before delivering it to the user. It is designed to provide a safe version of the file quickly, taking less than a second to complete.

  Threat Emulation (Option A): Threat Emulation does not deliver the original file to the user until it has been thoroughly analyzed for threats. It may take more than 3 minutes to complete the analysis. The emphasis here is on safety and thorough inspection, which may result in a longer processing time.

  Therefore, Option B correctly describes the main difference between Threat Extraction and Threat Emulation. References: Check Point Certified Security Expert (CCSE) R81 training materials and documentation.

• Question 466:

  You need to change the MAC-address on eth2 interface of the gateway. What command and what mode will you use to achieve this goal?

  A. set interface eth2 mac-addr 11:11:11:11:11:11; CLISH
  B. ifconfig eth1 hw 11:11:11:11:11:11; expert
  C. set interface eth2 hw-addr 11:11:11:11:11:11; CLISH
  D. ethtool -i eth2 mac 11:11:11:11:11:11; expert
  A. set interface eth2 mac-addr 11:11:11:11:11:11; CLISH

  ---

  Explanation/Reference:

  You need to change the MAC-address on eth2 interface of the gateway. The command and the mode that you will use to achieve this goal are set interface eth2 mac- addr 11:11:11:11:11:11; CLISH. This command allows you to change the MAC address of an interface in GAIA, which can be useful for replacing a faulty network card or cloning another device. The command is executed in CLISH mode, which is a shell that provides a menu-based interface for configuring various system settings. To apply the changes, you need to save the configuration and restart the interface. References: Gaia Administration Guide R81, page 31.

• Question 467:

  How to can you make sure that the old logs will be available after updating the Management to version R81.20 using the Advanced Upgrade Method?

  A. Use the WebUI -> Maintenance > System Backup and store the backup on a remote FTP server
  B. The logs will be included running SFWDIR/scripts/migrate_server export -v R81.20
  C. Use the WebUI to save a snapshot before updating the Management -> Maintenance > Snapshot Management
  D. Use the migrate_server tool with the option '-I' for the logs and '-x' for the index
  D. Use the migrate_server tool with the option '-I' for the logs and '-x' for the index

  ---

  Explanation/Reference:

• Question 468:

  What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)?

  A. Manually, Scheduled, Automatic
  B. Manually, Automatic, Disabled
  C. Manually, Scheduled, Disabled
  D. Manually, Scheduled, Enabled
  A. Manually, Scheduled, Automatic

  ---

  Explanation/Reference:

  The available options for downloading Check Point hotfixes in Gaia WebUI (CPUSE) are Manually, Scheduled, and Automatic. These options can be configured in the CPUSE Settings tab of the Gaia Portal. The Manual option lets you

  download hotfixes manually from the Check Point Cloud or a local Deployment Agent when you need them. The Scheduled option lets you download hotfixes automatically at a specified time interval (daily, weekly, or monthly). The Automatic

  option lets you download hotfixes automatically as soon as they are available.

  Reference:

  https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/

  html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/112109

• Question 469:

  GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:

  A. Check Point Update Service Engine
  B. Check Point Software Update Agent
  C. Check Point Remote Installation Daemon (CPRID)
  D. Check Point Software Update Daemon
  A. Check Point Update Service Engine

  ---

  Explanation/Reference:

  GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the Check Point Update Service Engine. This agent allows you to download and install software updates, hotfixes, upgrade packages, etc., from Check Point servers or from a local repository. The Check Point Update Service Engine can be accessed via SmartConsole or via WebUI or CLI on GAIA. References: [Gaia Administration Guide R81], page 77.

• Question 470:

  The "MAC magic" value must be modified under the following condition:

  A. There is more than one cluster connected to the same VLAN
  B. A firewall cluster is configured to use Multicast for CCP traffic
  C. There are more than two members in a firewall cluster
  D. A firewall cluster is configured to use Broadcast for CCP traffic
  A. There is more than one cluster connected to the same VLAN

  ---

  Explanation/Reference:

  Comprehensive and Detailed The "MAC magic" value, also known as the "Cluster Global ID", is a mechanism that identifies different clusters on the same network segment. It is used to prevent MAC address conflicts and ensure proper load balancing among cluster members. The "MAC magic" value is a hexadecimal number that is appended to the virtual MAC address of the cluster interface. By default, the "MAC magic" value is set to 1 for all clusters, but it must be changed manually if there is more than one cluster connected to the same VLAN. Otherwise, the clusters will not be able to communicate with each other or with external hosts. The "MAC magic" value does not need to be modified under the other conditions listed in the question. The firewall cluster can use either Broadcast or Multicast for CCP traffic without affecting the "MAC magic" value. The number of members in a firewall cluster also does not affect the "MAC magic" value, as long as they belong to the same cluster and have the same Cluster Global ID. References: Verifying Magic Mac - R81.20 - Check Point CheckMates; What is Magic MAC? - Check Point CheckMates; Check Point R81 CLI Reference Guide, page 17; R81 ClusterXL Administration Guide, page 9-10