By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?
A. Six times per day
B. Seven times per day
C. Every two hours
D. Every three hours
Correct Answer: D
By default, when the CPUSE Software Updates Policy is set to Automatic, updates are checked every three hours3. This means that the CPUSE agent will automatically download and install updates that match the policy settings every three
hours. The other options are not the default values for the CPUSE Software Updates Policy. References: 3:
Check Point Software, Getting Started, CPUSE Software Updates Policy.
Question 482:
What is the minimum number of CPU cores required to enable CoreXL?
A. 1
B. 6
C. 2
D. 4
Correct Answer: C
CoreXL is a technology that improves the performance of the Security Gateway by utilizing multiple CPU cores for processing traffic. CoreXL creates multiple instances of the firewall kernel (fwk) that run in parallel on different CPU cores. The
number of kernel instances can be configured using the cpconfig command on the Security Gateway3. The minimum number of CPU cores required to enable CoreXL is 2, as one core is reserved for SND (Secure Network Distributor) and
one core is used for running a kernel instance4. If the Security Gateway has only one CPU core, CoreXL cannot be enabled. Therefore, the correct answer is C.
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?
A. Ask
B. Drop
C. Inform
D. Reject
Correct Answer: D
The action that is not supported in UserCheck objects is Reject. UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users and display messages or requests on their browsers. The supported actions in UserCheck objects are Ask, Inform, Block, and Continue. The Ask action prompts the user to confirm or cancel an action. The Inform action notifies the user about an event or a policy. The Block action prevents the user from accessing a resource or performing an action. The Continue action allows the user to access a resource or perform an action after displaying a message. References: [UserCheck]
Question 484:
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?
A. No, since `maintain' current active cluster member' option on the cluster object properties is enabled by default.
B. No, since `maintain' current active cluster member' option is enabled by default on the Global Properties.
C. Yes, since `Switch to higher priority cluster member' option on the cluster object properties is enabled by default.
D. Yes, since `Switch to higher priority cluster member' option is enabled by default on the Global Properties.
Correct Answer: A
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational. When it re-joins the cluster, it will not become active automatically, since `maintain current active cluster member' option on the cluster object properties is enabled by default. This option prevents a failback to the original active member after a failover, unless the current active member fails or is manually switched over. This option provides stability and avoids unnecessary failovers. References: R77 ClusterXL Administration Guide, page 23.
Question 485:
Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily (asks the API services from Check Point fof the Management API. Firstly she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:
A. api mgmt status
B. api status
C. status api
D. status mgmt apt
Correct Answer: B
The command `api status' is used to check the status of the Management API server on the Management Server. The command will show if the API server is running, the port number, and the API version. The other commands are not valid or do not check the Management API server status. References: How To's - Interact with Check Point Management API on Gaia R81, section "Check API Status".
Question 486:
Which process handles connection from SmartConsole R81?
A. fwm
B. cpmd
C. cpm
D. cpd
Correct Answer: C
The CPM process handles connection from SmartConsole R81. The CPM process is the main process of the Security Management Server and the Multi-Domain Security Management Server. It is responsible for managing the database,
handling policy installation, communicating with SmartConsole clients, and providing REST API services. The CPM process runs on port 19009 and uses the CPD process as a proxy for communication with other processes.
References:
Check Point Processes and Daemons, section "CPM"
Check Point R81, section "SmartConsole"
Check Point R81.20, section "REST API"
Question 487:
Which Correction mechanisms are available with ClusterXL under R81.20?
A. Correction Mechanisms are only available of Maestro Hyperscale Orchestrators
B. Pre-Correction and SDF (Sticky Decision Function)
C. SDF (Sticky Decision Function) and Flush and ACK
D. Dispatcher (Early Correction) and Firewall (Late Correction)
Correct Answer: C
SDF (Sticky Decision Function) and Flush and ACK are the two correction mechanisms that are available with ClusterXL under R81.20. According to the ClusterXL R81.20 Administration Guide1, correction mechanisms are methods that ClusterXL uses to prevent or recover from out-of-state situations, which occur when different Cluster Members have different information about the connections that they handle1. ClusterXL supports two types of correction mechanisms: SDF and Flush and ACK1. SDF (Sticky Decision Function) is a mechanism that ensures that packets of the same connection are always handled by the same Cluster Member, regardless of the load balancing algorithm. SDF uses a hash table that maps each connection to a specific Cluster Member, based on the 5-tuple of source IP, destination IP, source port, destination port, and protocol. SDF prevents out-of-state situations by avoiding the switch of Cluster Members for existing connections1. Flush and ACK is a mechanism that synchronizes the connection tables of different Cluster Members when an out-of-state situation is detected. Flush and ACK works as follows: When a Cluster Member receives a packet that belongs to an unknown connection, it sends a Flush message to all other Cluster Members, asking them to delete the connection from their tables. When a Cluster Member receives a Flush message, it checks if it has the connection in its table. If it does, it deletes the connection and sends an ACK message to the sender of the Flush message, indicating that it has performed the deletion. When a Cluster Member receives an ACK message, it creates a new connection entry in its table for the packet that triggered the Flush message, and processes the packet normally. If a Cluster Member does not receive any ACK message within a timeout period, it assumes that no other Cluster Member has the connection, and creates a new connection entry in its table for the packet that triggered the Flush message1. References: : ClusterXL R81.20 Administration Guide
Question 488:
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
A. Source address. Destination address. Source Port, Destination port
B. Source address. Destination address. Destination port
C. Source address. Destination address. Destination port. Pro^col
D. Source address. Destination address. Source Port, Destination port. Protocol
Correct Answer: D
SecureXL uses templates to accelerate the connection rate by creating a connection entry in the SecureXL Connections Table without notifying the Firewall kernel for a predefined period of time1. This reduces the load on the Firewall kernel and improves the performance of new connections1. SecureXL uses five attributes to identify a connection and create a template: source address, destination address, source port, destination port, and protocol2. These attributes form a unique 5-tuple that defines a connection2. References: : ATRG: SecureXL for R80.20 and higher : Performance Tuning Administration Guide R80
Question 489:
You plan to automate creating new objects using new R81 Management API. You decide to use GAIA CLI for this task.
What is the first step to run management API commands on GAIA's shell?
A. mgmt_admin@teabag > id.txt
B. mgmt_login
C. login user admin password teabag
D. mgmt_cli login user "admin" password "teabag" > id.txt
Correct Answer: B
You plan to automate creating new objects using new R81 Management API. You decide to use GAIA CLI for this task.
The first step to run management API commands on GAIA's shell is mgmt_login. This command allows you to login to the management server and obtain a session ID, which is required for running other management API commands. You can
also specify the user name and password as parameters, or enter them interactively. The session ID is stored in the file $CPDIR/tmp/.api_session by default, unless you specify a different file name. References: R81 Management API
Reference Guide, page 15.
Question 490:
In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a
response before the peer host is declared `down', you would set the_________?
A. life sign polling interval
B. life sign timeout
C. life_sign_polling_interval
D. life_sign_timeout
Correct Answer: D
In Advanced Permanent Tunnel Configuration, the life_sign_timeout parameter sets the amount of time the tunnel test runs without a response before the peer host is declared `down'. The life_sign_polling_interval parameter sets the interval
between each tunnel test packet sent to the peer host.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.