CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 501:

  Which software blade does NOT accompany the Threat Prevention policy?

  A. Anti-virus
  B. IPS
  C. Threat Emulation
  D. Application Control and URL Filtering
  D. Application Control and URL Filtering

  ---

  Explanation/Reference:

  Which software blade does NOT accompany the Threat Prevention policy? Application Control and URL Filtering software blade does not accompany the Threat Prevention policy. The Threat Prevention policy is a unified policy that includes Anti-virus, IPS, Anti- bot, and Threat Emulation software blades. Application Control and URL Filtering software blade is part of the Access Control policy, which is a separate policy that controls network access based on users, applications, content, and other criteria. References: R81 Security Management Administration Guide, page 29.

• Question 502:

  What are the correct sleps upgrading a HA cluster (Ml is active. M2 is passive) using Multi- Version Cluster(MVC) Upgrade?

  A. 1) Enable the MVC mechanism on both cluster members phaprob mvc on 2) Upgrade the passive node M2 to R81.20 3) In SmartConsole. change the version of the cluster object 4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism
  B. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on 2) Upgrade the passive node M2 to R81.20 3) In SmartConsole. change the version of the cluster object 4) Install the Access Control Policy 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy
  C. 1) In SmartConsole. change the version of the cluster object 2) Upgrade the passive node M2 to R81.20 3) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 Wcphaconf mvc on 4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole. change the version of the cluster object
  D. 1) Upgrade the passive node M2 to R81.20 2) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 ttcphaconf mvc on 3) In SmartConsole, change the version of the cluster object 4} Install the Access Control Policy 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.20
  D. 1) Upgrade the passive node M2 to R81.20 2) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 ttcphaconf mvc on 3) In SmartConsole, change the version of the cluster object 4} Install the Access Control Policy 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.20

  ---

  Explanation/Reference:

  The correct steps for upgrading a HA cluster using MVC are as follows:

  Upgrade the passive node M2 to R81.20 using CPUSE or CLI. Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 using the command cphaconf mvc on. In SmartConsole, change the version of the cluster object to

  R81.20. Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails.

  After examining the cluster states, upgrade node M1 to R81.20 using CPUSE or CLI.

  On each Cluster Member, disable the MVC mechanism using the command cphaconf mvc off and install the Access Control Policy.

  References: : Multi-Version Cluster (MVC) Upgrade

• Question 503:

  Which of the SecureXL templates are enabled by default on Security Gateway?

  A. Accept
  B. Drop
  C. NAT
  D. None
  D. None

• Question 504:

  View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)

  

  A. The current administrator has read-only permissions to Threat Prevention Policy.
  B. Another user has locked the rule for editing.
  C. Configuration lock is present. Click the lock symbol to gain read-write access.
  D. The current administrator is logged in as read-only because someone else is editing the policy.
  B. Another user has locked the rule for editing.

  ---

  Explanation/Reference:

  The lock symbol in the left column of the rule means that another user has locked the rule for editing. This is to prevent multiple users from editing the same rule at the same time and causing conflicts. References: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPreventi on_AdminGuide/Topics-TP-Policy/TP-Policy-Edit-Rules.htm

• Question 505:

  John is using Management HA. Which Security Management Server should he use for making changes?

  A. secondary Smartcenter
  B. active SmartConsole
  C. connect virtual IP of Smartcenter HA
  D. primary Log Server
  B. active SmartConsole

  ---

  Explanation/Reference:

  In Management HA, you should use the active SmartConsole for making changes. The active SmartConsole is connected to the Primary Security Management Server, which is responsible for synchronizing the configuration with the Secondary Security Management Server. If you use the secondary SmartCenter, your changes will not be replicated to the primary SmartCenter and will be lost in case of a failover. References: Check Point Resource Library, page 9

• Question 506:

  What are the main stages of a policy installations?

  A. Verification and Compilation, Transfer and Commit
  B. Verification and Compilation, Transfer and Installation
  C. Verification, Commit, Installation
  D. Verification, Compilation and Transfer, Installation
  A. Verification and Compilation, Transfer and Commit

  ---

  Explanation/Reference:

  The main stages of a policy installation are Verification and Compilation, Transfer and Commit. Verification and Compilation is the stage where the Security Management Server checks the validity and consistency of the policy and compiles it into a binary format. Transfer is the stage where the compiled policy is sent to the Security Gateways over a secure channel. Commit is the stage where the Security Gateways activate the new policy and update their connections table accordingly. References: Check Point Security Expert R81 Course, Policy Installation Process

• Question 507:

  The installation of a package via SmartConsole CANNOT be applied on

  A. A single Security Gateway
  B. A full Security Cluster (All Cluster Members included)
  C. Multiple Security Gateways and/or Clusters
  D. R81.20 Security Management Server
  A. A single Security Gateway

• Question 508:

  Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?

  A. Application Control
  B. Firewall
  C. Identity Awareness
  D. URL Filtering
  C. Identity Awareness

  ---

  Explanation/Reference:

  The verified answer is C. Identity Awareness. Identity Awareness is the Check Point software blade that provides detailed visibility of users, groups, and machines, while also providing application and access control through the creation of accurate, identity-based policies1. Identity Awareness allows you to easily configure network access and auditing based on three items: network location, the identity of a user and the identity of a machine1. Identity Awareness integrates with multiple identity sources, such as Microsoft Active Directory, Cisco Identity Services Engine, and RADIUS Accounting23. Application Control is the Check Point software blade that enables network administrators to identify and control thousands of applications and widgets, and millions of websites, based on categories, risk, and characteristics. Firewall is the Check Point software blade that provides stateful inspection and enforcement of network traffic, and protects against network and application-level attacks. URL Filtering is the Check Point software blade that enables secure web access by blocking access to malicious and inappropriate websites, and enforcing compliance with corporate policies. References: Identity Awareness - Check Point Software1 Check Point Integrated Security Architecture - Check Point Software2 Cisco Identity Services Engine and Check Point Integration3 Application Control - Check Point Software Firewall - Check Point Software URL Filtering - Check Point Software

• Question 509:

  How is communication between different Check Point components secured in R81? As with all questions, select the BEST answer.

  A. By using IPSEC
  B. By using SIC
  C. By using ICA
  D. By using 3DES
  B. By using SIC

  ---

  Explanation/Reference:

  Communication between different Check Point components is secured by using SIC, which stands for secure internal communication. SIC is a certificate-based channel that uses standards-based TLS 1.2 for creating secure connections and AES128 for encryption. SIC ensures that only authorized components can communicate with each other and that the communication is protected from eavesdropping and tampering. SIC is established by using a one-time password (OTP) that is generated when a Check Point component is created or installed. The OTP is used to initialize the trust relationship between the component and the Security Management Server, which acts as an internal certificate authority (ICA) that issues and revokes certificates for the components.

• Question 510:

  What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

  A. Anti-Bot is the only countermeasure against unknown malware
  B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command and Control Centers
  C. Anti-Bot is the only signature-based method of malware protection.
  D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command and Control Center.
  D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command and Control Center.

  ---

  Explanation/Reference:

  Anti-Bot is a post-infection malware protection that detects and blocks botnet communications from infected hosts to Command and Control servers. It is different from other Threat Prevention mechanisms that prevent malware from entering the network or executing on the hosts. References: Anti-Bot Software Blade