CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 471:

  What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?

  A. Use Multi-Domain Management Server.
  B. Choose different setting for log storage and SmartEvent db
  C. Install Management and SmartEvent on different machines.
  D. it is not possible.
  C. Install Management and SmartEvent on different machines.

  ---

  Explanation/Reference:

  The recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days is to install Management and SmartEvent on different machines. This is because SmartLog and SmartEvent use different databases and storage methods, and having them on separate machines allows for better performance and scalability. References: [SmartLog Administration Guide]

• Question 472:

  The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

  A. fwd via cpm
  B. fwm via fwd
  C. cpm via cpd
  D. fwd via cpd
  A. fwd via cpm

  ---

  Explanation/Reference:

  The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via the cpm process. The cpm process is the main management process that handles database operations, policy installation, and communication with GUI clients via TCP port 190093. The other options are either incorrect or irrelevant to the log flow. References: Certified Security Expert (CCSE) R81.20 Course Overview, Check Point Ports Used for Communication by Various Check Point Modules

• Question 473:

  Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) and Event Logging API (EL-A) services.

  A. DASSERVICE
  B. FWD
  C. CPVIEWD
  D. CPD
  B. FWD

  ---

  Explanation/Reference:

  The FWD process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) and Event Logging API (EL-A) services. The FWD process is responsible for sending logs from the Security

  Gateway to the Security Management Server or Log Server, and for fetching logs from the Security Management Server or Log Server to SmartConsole. The FWD process also handles the communication with external logging applications

  that use the LEA or EL-A protocols.

  References:

  FWD process does not work after reboot - Check Point CheckMates, section "FWD process does not work after reboot"

  Check Point R81, section "Logging and Monitoring"

  CoreXL Dynamic Dispatcher - Check Point Software, section "Example of output"

• Question 474:

  The Event List within the Event tab contains:

  A. a list of options available for running a query.
  B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.
  C. events generated by a query.
  D. the details of a selected event.
  C. events generated by a query.

  ---

  Explanation/Reference:

  The Event List within the Event tab contains events generated by a query. The Event List shows the events that match the query criteria, such as time range, filter, and aggregation. The events can be sorted by different columns, such as severity, time, action, and source3. The other options are either not part of the Event tab or not related to the Event List. References: Check Point R81 Logging and Monitoring Administration Guide

• Question 475:

  Which statement is true regarding redundancy?

  A. System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob if command.
  B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
  C. Machines in a ClusterXL High Availability configuration must be synchronized.
  D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
  D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

  ---

  Explanation/Reference:

  The statement that is true regarding redundancy is Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments. ClusterXL and VRRP are two technologies that provide high availability and load sharing for Security Gateways. They are both supported by Gaia OS and can be deployed on various platforms5. The other statements are either false or incomplete regarding redundancy. References: Check Point R81 ClusterXL Administration Guide, Check Point R81 Gaia Administration Guide

• Question 476:

  When using the Mail Transfer Agent, where are the debug logs stored?

  A. $FWDIR/bin/emaild.mta. elg
  B. $FWDIR/log/mtad elg
  C. /var/log/mail.mta elg
  D. $CPDIR/log/emaild elg
  C. /var/log/mail.mta elg

  ---

  Explanation/Reference:

  When using the Mail Transfer Agent, the debug logs are stored in /var/log/mail.mta.elg. This file contains information about the email messages that are processed by the Mail Transfer Agent, such as sender, recipient, subject, size, action, etc. You can use the command mailq to view the current mail queue and the command maild -d to enable debug mode for the Mail Transfer Agent. References: [Mail Transfer Agent]

• Question 477:

  What is the command to check the status of Check Point processes?

  A. top
  B. cptop
  C. cphaprob list
  D. cpwd_admin list
  D. cpwd_admin list

  ---

  Explanation/Reference:

  The command to check the status of Check Point processes is cpwd_admin list. This command displays the process ID, name, state, start time, and watchdog status of all the processes that are monitored by the Check Point WatchDog

  daemon (CPWD). You can also use this command to start, stop, or restart a specific process. References:

  [cpwd_admin Command]

• Question 478:

  Which of the following is a task of the CPD process?

  A. Invoke and monitor critical processes and attempts to restart them if they fail
  B. Transfers messages between Firewall processes
  C. Log forwarding
  D. Responsible for processing most traffic on a security gateway
  B. Transfers messages between Firewall processes
  C. Log forwarding
  D. Responsible for processing most traffic on a security gateway

  ---

  FWD, CPD, CPM, etc. It also handles licensing and status report requests from other processes. The other tasks are performed by different processes. The task of invoking and monitoring critical processes and attempting to restart them if

  they fail is performed by the WatchDog process. The task of log forwarding is performed by the FWD process. The task of processing most traffic on a security gateway is performed by the Firewall kernel module.

  References: [Check Point Processes and Daemons]

• Question 479:

  When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

  A. SecureID
  B. SecurID
  C. Complexity
  D. TacAcs
  B. SecurID

  ---

  Explanation/Reference:

  When requiring certificates for mobile devices, the authentication method should be set to one of the following:

  Username and Password

  RADIUS

  SecurID (RSA SecurID)

  So, the correct answer is option B, "SecurID."

  Options A, C, and D are not standard authentication methods for mobile devices in this context.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 480:

  What is the order of NAT priorities?

  A. Static NAT, IP pool NAT, hide NAT
  B. IP pool NAT, static NAT, hide NAT
  C. Static NAT, automatic NAT, hide NAT
  D. Static NAT, hide NAT, IP pool NAT
  A. Static NAT, IP pool NAT, hide NAT

  ---

  Explanation/Reference:

  The order of NAT priorities is determined by the type of NAT rule that is applied to the traffic. There are three types of NAT rules in Check Point: static NAT, IP pool NAT, and hide NAT12. Static NAT: This type of NAT rule maps a single IP address to another single IP address. It is usually used to allow external hosts to access internal servers or devices. Static NAT has the highest priority among the NAT rules, and it is applied before the security policy is enforced12. IP pool NAT: This type of NAT rule maps a range of IP addresses to another range of IP addresses. It is usually used to balance the load among multiple servers or devices. IP pool NAT has the second highest priority among the NAT rules, and it is applied after the security policy is enforced12. Hide NAT: This type of NAT rule hides a group of IP addresses behind a single IP address or an interface. It is usually used to allow internal hosts to access external resources. Hide NAT has the lowest priority among the NAT rules, and it is applied after the security policy is enforced12. Therefore, the order of NAT priorities is: static NAT, IP pool NAT, hide NAT. References: 1: Check Point R81 Security Administration Guide - Check Point Software, page 209 2: Check Point R81 Security Engineering Guide - Check Point Software, page