CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 491:

  When defining QoS global properties, which option below is not valid?

  A. Weight
  B. Authenticated timeout
  C. Schedule
  D. Rate
  D. Rate

  ---

  Explanation/Reference:

  QoS global properties are the settings that apply to all QoS rules and QoS interfaces on the Security Gateway. They include the following options12: Weight: This is the relative importance of a QoS rule compared to other QoS rules. A higher weight means a higher priority. The default weight is 1, and the maximum weight is 1000. Authenticated timeout: This is the time period in seconds that a connection remains in the QoS rule after the last packet is sent or received. The default timeout is 600 seconds, and the minimum timeout is 60 seconds. Schedule: This is the time period in which a QoS rule is active. You can define a schedule for each day of the week, or use the default schedule of always active. Rate: This is not a valid option for QoS global properties. Rate is an option for QoS rule action, which defines the maximum bandwidth allocated for a QoS rule. The rate can be specified in Kbps, Mbps, or percentage of interface speed. References: 1: QoS R81.20 Administration Guide - Check Point Software 2: QoS R81 Administration Guide

  -Check Point Software

• Question 492:

  How many images are included with Check Point TE appliance in Recommended Mode?

  A. 2(OS) images
  B. images are chosen by administrator during installation
  C. as many as licensed for
  D. the newest image
  A. 2(OS) images

  ---

  Explanation/Reference:

  The Check Point TE appliance in Recommended Mode includes 2(OS) images. One image is used for running the appliance, and the other image is used for backup and recovery purposes. The images are not chosen by the administrator during installation, nor based on the license or the latest version. References: [Check Point R81 Threat Emulation Administration Guide]

• Question 493:

  You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

  A. sim erdos 1
  B. sim erdos ?m 1
  C. sim erdos 1
  D. sim erdos 1
  A. sim erdos 1

  ---

  Explanation/Reference:

  The command that would be used to enable the Penalty Box feature is sim erdos -e 1. Penalty Box is a feature that protects the Security Gateway from DDoS attacks by dropping packets from sources that send excessive traffic. Sim erdos is a command that allows administrators to configure and manage the Penalty Box feature. Sim erdos -e 1 enables the Penalty Box feature on the Security Gateway. The other options are either invalid or perform different functions.

• Question 494:

  What does the Log "Views" tab show when SmartEvent is Correlating events?

  A. A list of common reports
  B. Reports for customization
  C. Top events with charts and graphs
  D. Details of a selected logs
  D. Details of a selected logs

  ---

  Explanation/Reference:

  The Log "Views" tab shows the details of a selected log when SmartEvent is correlating events. You can select a log from the Logs tab and click on the Views tab to see more information about the log, such as source, destination, service, action, blade, rule number, etc. You can also customize the columns and filters in the Views tab to display only the relevant fields for your analysis. References: [SmartEvent User Guide]

• Question 495:

  Which of the following is NOT an option to calculate the traffic direction?

  A. Incoming
  B. Internal
  C. External
  D. Outgoing
  D. Outgoing

  ---

  Explanation/Reference:

  The option that is NOT an option to calculate the traffic direction is Outgoing. Traffic direction is a parameter that determines how traffic is classified as internal or external based on its source and destination. Traffic direction can be calculated using three options: Incoming, Internal, or External. Incoming means that traffic is classified as internal if its destination is one of the Security Gateway's interfaces, and external otherwise. Internal means that traffic is classified as internal if its source or destination belongs to one of the internal networks defined in the topology, and external otherwise. External means that traffic is classified as internal if both its source and destination belong to one of the internal networks defined in the topology, and external otherwise. Outgoing is not a valid option to calculate traffic direction.

• Question 496:

  DLP and Geo Policy are examples of what type of Policy?

  A. Standard Policies
  B. Shared Policies
  C. Inspection Policies
  D. Unified Policies
  B. Shared Policies

  ---

  Explanation/Reference:

  DLP and Geo Policy are examples of Shared Policies. Shared Policies are policies that can be applied to multiple gateways or clusters, regardless of their Access Control policy. Shared Policies allow administrators to manage common security settings across different gateways or clusters, such as Data Loss Prevention, Geo Protection, Threat Prevention, HTTPS Inspection, etc. References: R81 Security Management Administration Guide, page 31.

• Question 497:

  Alice wants to upgrade the current security management machine from R80.40 to R81.20 and she wants to check the Deployment Agent status over the GAIA CLISH. Which of the following GAIACLISH command is true?

  A. show agent status
  B. show uninstaller status
  C. show installer packages
  D. show installer status
  D. show installer status

  ---

  Explanation/Reference:

  The correct command for checking the Deployment Agent status over the GAIA CLISH is "show installer status". This command displays information about the Deployment Agent such as its version, status, last update time, and last operation result. The other commands are either invalid or irrelevant for this purpose. References: [Check Point Security Expert R81 Installation and Upgrade Guide], page 23.

• Question 498:

  Which of the following is NOT a type of Check Point API available in R81.x?

  A. Identity Awareness Web Services
  B. OPSEC SDK
  C. Mobile Access
  D. Management
  C. Mobile Access

  ---

  Explanation/Reference:

  Check Point API is a set of web services that enable the usage of functions and commands in a dynamic and automated fashion. Check Point API is available in different types, each serving a different purpose and functionality. According to the Check Point Resource Library1, the following are the types of Check Point API available in R81.x: Identity Awareness Web Services: This type of API allows external applications to send identity and location information to the Security Gateway, which can then use this information for policy enforcement. Identity Awareness Web Services can be used for scenarios such as guest registration, captive portal, identity agents, etc. OPSEC SDK: This type of API provides a framework for developing applications that interact with Check Point products using the OPSEC (Open Platform for Security) protocol. OPSEC SDK can be used for scenarios such as log export, event management, anti-virus integration, etc. Management: This type of API allows external applications to perform management operations on the Check Point Management server using RESTful web services. Management API can be used for scenarios such as policy installation, object creation, configuration backup, etc. Mobile Access is not a type of Check Point API, but rather a feature that provides secure remote access to corporate resources from various devices. Mobile Access uses SSL VPN technology and supports different authentication methods and access scenarios. References: What is an API Gateway?, How to use Check Point API with Postman quick guide, Home - Check Point Developers, Introduction to RESTful APIs and JSON format, Checkpoint API tutorial, part 1 - getting started

• Question 499:

  Which statement is correct about the Sticky Decision Function?

  A. It is not supported with either the Performance pack of a hardware based accelerator card
  B. Does not support SPI's when configured for Load Sharing
  C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
  D. It is not required L2TP traffic
  A. It is not supported with either the Performance pack of a hardware based accelerator card

  ---

  Explanation/Reference:

  The statement that is correct about the Sticky Decision Function is It is not supported with either the Performance pack of a hardware based accelerator card. The Sticky Decision Function (SDF) is a feature that ensures that packets from the same connection are handled by the same cluster member in a Load Sharing configuration. However, SDF is not compatible with SecureXL acceleration, which is enabled by default or by using a Performance pack or a hardware based accelerator card4. The other statements are either incorrect or outdated about SDF. References: Check Point R81 ClusterXL Administration Guide, Sticky Decision Function - Check Point CheckMates

• Question 500:

  Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

  A. User data base corruption
  B. LDAP conflicts
  C. Traffic issues
  D. Phase two key negotiations
  C. Traffic issues

  ---

  Explanation/Reference:

  Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark.