CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 491:

  Which components allow you to reset a VPN tunnel?

  A. vpn tu command or SmartView monitor

  B. delete vpn ike sa or vpn she11 command

  C. vpn tunnelutil or delete vpn ike sa command

  D. SmartView monitor only

  Correct Answer: A

  The vpn tu command and the SmartView Monitor are two components that allow you to reset a VPN tunnel. The vpn tu command is a command-line tool that lets you view and manage the status of VPN tunnels on a Security Gateway or cluster member. The SmartView Monitor is a graphical tool that lets you monitor the network and security performance, view VPN tunnel status, and reset VPN tunnels. Both components can be used to reset a VPN tunnel by selecting the option to delete IKE SA or IPsec SA for a specific peer or all peers. References: R81 VPN Administration Guide, page 29-30; R81 SmartConsole R81 Resolved Issues, sk170114

• Question 492:

  What is a possible command to delete all of the SSH connections of a gateway?

  A. fw sam -I dport 22

  B. fw ctl conntab -x -dpott=22

  C. fw tab -t connections -x -e 00000016

  D. fwaccel dos config set dport ssh

  Correct Answer: A

  The command `fw sam -I dport 22' will delete all of the SSH connections of a gateway by adding a temporary rule to the Security Policy that blocks traffic with destination port 22. The other commands are not valid or do not have the same effect. References: Check Point R81 Command Line Interface Reference Guide, page 101.

• Question 493:

  When performing a minimal effort upgrade, what will happen to the network traffic?

  A. All connections that were initiated before the upgrade will be dropped, causing network downtime

  B. All connections that were initiated before the upgrade will be handled normally

  C. All connections that were initiated before the upgrade will be handled by the standby gateway

  D. All connections that were initiated before the upgrade will be handled by the active gateway

  Correct Answer: B

  A minimal effort upgrade is a process of upgrading the Security Gateway software without changing the configuration or policy. It is done by using the CPUSE (Check Point Update Service Engine) tool, which is available in the Gaia Portal or

  CLI. The CPUSE tool performs a pre-upgrade verification to check the compatibility and readiness of the system for the upgrade. If the verification passes, the CPUSE tool installs the new software package and reboots the system. During the reboot, there is a short network downtime, but it does not affect the existing connections. All connections that were initiated before the upgrade will be handled normally by the upgraded gateway. The minimal effort upgrade preserves the existing configuration and policy, so there is no need to reinstall the policy or reconfigure the gateway after the upgrade. References: Check Point Upgrade Path and Management Servers and Security Gateways Compatibility Maps, section "Minimal Effort Upgrade" INSTALLATION AND UPGRADE GUIDE R81, page 21-22

• Question 494:

  Which of the following is NOT a component of a Distinguished Name?

  A. Common Name

  B. Country

  C. User container

  D. Organizational Unit

  Correct Answer: D

  A Distinguished Name (DN) is a unique identifier for an object in an LDAP directory, such as a user, a group, or an organization. A DN consists of a sequence of relative distinguished names (RDNs), which are attributes that describe the object. The most common RDNs are: Common Name (CN): The name of the object, such as a user's full name or a group's name Country ? The two-letter ISO code of the country where the object is located, such as US or PK User container (UC): The name of the container that holds the user objects, such as Users or People Domain Component (DC): The name of the domain that the object belongs to, such as checkpoint.com or example.org An Organizational Unit (OU) is not a component of a DN, but a type of object that can be used to organize other objects in a hierarchical structure. An OU can have its own DN, which includes the OU attribute as an RDN, such as OU=Sales,DC=checkpoint,DC=com. The references are: Check Point R81 Identity Awareness Administration Guide, page 14 LDAP Distinguished Names What is a Distinguished Name?

• Question 495:

  Fill in the blanks: Gaia can be configured using the ______ or _____ .

  A. GaiaUI; command line interface

  B. WebUI; Gaia Interface

  C. Command line interface; WebUI

  D. Gaia Interface; GaiaUI

  Correct Answer: C

  Gaia can be configured using the command line interface (CLI) or the WebUI. The CLI is a text-based interface that allows users to enter commands and view responses in a terminal window. The CLI can be accessed through a console connection, an SSH connection, or a Telnet connection. The WebUI is a graphical interface that allows users to configure Gaia settings through a web browser. The WebUI can be accessed by entering the IP address of the Gaia device in the browser's address bar.

• Question 496:

  What is false regarding prerequisites for the Central Deployment usage?

  A. The administrator must have write permission on SmartUpdate

  B. Security Gateway must have the latest CPUSE Deployment Agent

  C. No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.

  D. The Security Gateway must have a policy installed

  Correct Answer: C

  Establishing SIC between gateways and the management server is a prerequisite for Central Deployment usage, as the CDT tool will not take care of this automatically1. The administrator must have write permission on SmartUpdate, the Security Gateway must have the latest CPUSE Deployment Agent, and the Security Gateway must have a policy installed2. These are the basic requirements for using the Central Deployment Tool (CDT), which is a utility that lets you manage a deployment of software packages from your Management Server to the multiple managed Security gateways and cluster members at the same time2. The CDT can perform various actions, such as installation of software packages, taking snapshots, running shell scripts, pushing/pulling files, and automating the RMA backup and restore process2. The CDT is supported on Check Point Appliances with R80.40 and higher versions2. References: How to keep your Security Gateways up to date - Check Point Software, Central Deployment Tool (CDT) - Check Point CheckMates.

• Question 497:

  What are the correct sleps upgrading a HA cluster (Ml is active. M2 is passive) using Multi- Version Cluster(MVC) Upgrade?

  A. 1) Enable the MVC mechanism on both cluster members phaprob mvc on 2) Upgrade the passive node M2 to R81.20 3) In SmartConsole. change the version of the cluster object 4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism

  B. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on 2) Upgrade the passive node M2 to R81.20 3) In SmartConsole. change the version of the cluster object

  4) Install the Access Control Policy

  5) After examine the cluster states upgrade node M1 to R81.20

  6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy

  C. 1) In SmartConsole. change the version of the cluster object 2) Upgrade the passive node M2 to R81.20 3) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 Wcphaconf mvc on 4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole. change the version of the cluster object

  D. 1) Upgrade the passive node M2 to R81.20 2) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 ttcphaconf mvc on 3) In SmartConsole, change the version of the cluster object 4} Install the Access Control Policy 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.20

  Correct Answer: D

  The correct steps for upgrading a HA cluster using MVC are as follows:

  Upgrade the passive node M2 to R81.20 using CPUSE or CLI. Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 using the command cphaconf mvc on. In SmartConsole, change the version of the cluster object to

  R81.20. Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails.

  After examining the cluster states, upgrade node M1 to R81.20 using CPUSE or CLI.

  On each Cluster Member, disable the MVC mechanism using the command cphaconf mvc off and install the Access Control Policy.

  References: : Multi-Version Cluster (MVC) Upgrade

• Question 498:

  In the R81 SmartConsole, on which tab are Permissions and Administrators defined?

  A. Security Policies

  B. Logs and Monitor

  C. Manage and Settings

  D. Gateways and Servers

  Correct Answer: C

  In the R81 SmartConsole, Permissions and Administrators are defined on the Manage and Settings tab. The Manage and Settings tab allows administrators to configure various settings and options for the SmartConsole, such as global

  properties, network objects, services, users and user groups, permissions, licenses, certificates, etc. To define Permissions and Administrators, the administrator can go to the Manage and Settings tab and select Permissions and

  Administrators from the left pane. This will open a window where the administrator can create, edit, or delete administrators and roles, assign permissions and access profiles, enable multi-domain support, etc.

  The other options are incorrect because:

  The Security Policies tab allows administrators to create, edit, or delete security policies for different blades, such as Access Control, Threat Prevention, Identity Awareness, Mobile Access, etc. It also allows administrators to install policies on

  selected gateways or servers.

  The Logs and Monitor tab allows administrators to view, filter, analyze, or export logs and reports for different blades, such as Access Control, Threat Prevention, Identity Awareness, Mobile Access, etc. It also allows administrators to monitor

  the status and performance of gateways and servers.

  The Gateways and Servers tab allows administrators to add, edit, or delete gateways and servers that are managed by the Security Management Server or the Multi-Domain Security Management Server. It also allows administrators to view

  the details and configuration of each gateway or server.

• Question 499:

  On the following picture an administrator configures Identity Awareness:

  

  After clicking "Next" the above configuration is supported by:

  A. Kerberos SSO which will be working for Active Directory integration

  B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user.

  C. Obligatory usage of Captive Portal.

  D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication.

  Correct Answer: B

  After clicking "Next", the above configuration is supported by Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user. This is a feature of Identity Awareness that allows the Security Gateway to identify users and machines on the network and enforce security policies based on their identity. The administrator can configure Identity Awareness to use various methods for acquiring identity, including Active Directory integration, browser-based authentication, terminal servers, and transparent authentication1. References: Check Point Resource Library, page 3.

• Question 500:

  Return oriented programming (ROP) exploits are detected by which security blade?

  A. Data Loss Prevention

  B. Check Point Anti-Virus / Threat Emulation

  C. Application control

  D. Intrusion Prevention Software

  Correct Answer: B

  Return-oriented programming (ROP) exploits are detected by Check Point Anti-Virus / Threat Emulation blade. ROP exploits are a type of code reuse attack that bypasses common exploit mitigation techniques such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). Check Point Anti-Virus / Threat Emulation blade can detect and prevent ROP exploits using its behavioral analysis engine that monitors the execution flow of processes and identifies malicious patterns. References: [Check Point Security Expert R81 Threat Prevention Administration Guide], page 17.