Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
A. Full
B. Custom
C. Light
D. Complete
Correct Answer: A
The type of Endpoint Identity Agent that includes packet tagging and computer authentication is Full. Packet tagging is a feature that allows the Endpoint Identity Agent to add a tag to the packets sent by the user's device, which contains the user's identity information. This way, the Security Gateway can identify the user without requiring additional authentication methods. Computer authentication is a feature that allows the Endpoint Identity Agent to authenticate the user's device using a certificate, which ensures that only authorized devices can access the network resources. The Full Endpoint Identity Agent supports both packet tagging and computer authentication, as well as other features such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and VPN. The references are: Check Point R81 Identity Awareness Administration Guide, page 15 Endpoint Identity Agent - Check Point CheckMates Check Point Identity Agent - All flavors for Windows OS in a single package (Full, Light, v1 and v2 for Terminal Server)
Question 512:
The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used?
A. In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.
B. In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up
C. In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up
D. In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.
Correct Answer: C
The correct way to check if the web service is enabled, running and which port is used is to use option C. In dish, run show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode, run netstat -anp | grep httpd2 to see if the httpd2 is up1. The httpd2 service is responsible for the Gaia Web Management Interface2. If the web daemon is disabled, you can enable it by running set web daemon- enable on in dish3. If the httpd2 service is down, you can start it by running service httpd2 start in expert mode4. References: Gaia WebUI and CLI - Check Point CheckMates, Gaia R81.20 Administration Guide - Check Point Software, Gaia R81 Administration Guide - Check Point Software, How to restart Gaia Portal (WebUI) process - Check Point Software
Question 513:
Which command lists firewall chain?
A. fwctl chain
B. fw list chain
C. fw chain module
D. fw tab -t chainmod
Correct Answer: A
The command that lists firewall chain is fw ctl chain1. This command displays the list of chain modules that are registered on the Security Gateway2. Chain modules are components of the Firewall kernel that inspect and process packets according to the security policy and other features3. The order of the chain modules determines the order of the packet inspection and processing3. The fw ctl chain command can help you troubleshoot connectivity or performance issues, or to verify that a feature is enabled or disabled on the Security Gateway2. To run this command, you need to access the Security Gateway in expert mode and run fw ctl chain1. References: How to use fw ctl chain - Check Point Software, fw ctl chain - Check Point Software, R81.x Security Gateway Architecture (Logical Packet Flow) - Check Point CheckMates
Question 514:
John detected high load on sync interface. Which is most recommended solution?
A. For FTP connections ?do not sync
B. Add a second interface to handle sync traffic
C. For short connections like http service ?do not sync
D. For short connections like icmp service ?delay sync for 2 seconds
Correct Answer: A
The most recommended solution for high load on sync interface is to exclude FTP connections from synchronization. This is because FTP connections are usually long- lived and consume a lot of bandwidth and resources on the sync interface. By excluding FTP connections from synchronization, the load on the sync interface can be reduced and the performance of the cluster can be improved. References: Synchronization Optimization
Question 515:
Packet acceleration (SecureXL) identities connections by several attributes. Which of the attributes is NOT used for identifying connection?
A. Source Port
B. TCP Acknowledgment Number
C. Source Address
D. Destination Address
Correct Answer: B
SecureXL does not use the TCP acknowledgment number as an attribute for identifying connections. SecureXL is a technology that accelerates the performance of the firewall by offloading some of the traffic processing from the firewall kernel to a more efficient path. SecureXL identifies connections by five attributes: source address, destination address, source port, destination port, and protocol1. These attributes are also known as the 5-tuple or the connection key. SecureXL uses these attributes to match packets to existing connections and apply the appropriate security policy and actions. SecureXL does not need to inspect the TCP sequence or acknowledgment numbers, as they are irrelevant for the connection identification and security enforcement2. The TCP sequence and acknowledgment numbers are used by the TCP protocol to ensure reliable and ordered delivery of data between endpoints
Question 516:
What are the correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi- Version Cluster(MVC)Upgrade?
A. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on 2) Upgrade the passive node M2 to R81.20 3) In SmartConsole, change the version of the cluster object 4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism
B. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on 2) Upgrade the passive node M2 to R81.20 3) In SmartConsole, change the version of the cluster object 4) Install the Access Control Policy 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy
C. 1) In SmartConsole, change the version of the cluster object 2) Upgrade the passive node M2 to R81.20 3) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 #cphaconf mvc on 4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole, change the version of the cluster object
D. 1) Upgrade the passive node M2 to R81.20 2) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 #cphaconf mvc on 3) In SmartConsole, change the version of the cluster object 4) Install the Access Control Policy 5) After examine the cluster states upgrade node M1 to R81.20 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.20
Correct Answer: C
The correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster (MVC) Upgrade are: In SmartConsole, change the version of the cluster object to R81.20. Upgrade the passive node M2 to R81.20 using CPUSE or CLI. Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 using the command cphaconf mvc on. Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails by selecting Continue installing on other Gateways in the Policy Installation Settings dialog box. After examining the cluster states using cphaprob stat and verifying that both members are synchronized, upgrade node M1 to R81.20 using CPUSE or CLI. On each Cluster Member, disable the MVC mechanism using the command cphaconf mvc off and Install the Access Control Policy3. References: Check Point R81 Installation and Upgrade Guide
Question 517:
What are types of Check Point APIs available currently as part of R81.20 code?
A. Security Gateway API Management API, Threat Prevention API and Identity Awareness Web Services API
B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
C. OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API
D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
Correct Answer: B
What are types of Check Point APIs available currently as part of R81.20 code?
The types of Check Point APIs available currently as part of R81.20 code are:
Management API: This API allows you to automate and orchestrate various management tasks, such as creating and modifying objects, installing policies, generating reports, etc. The Management API can be accessed via CLI, Web
Services, or GUI clients.
Threat Prevention API: This API allows you to interact with the Threat Prevention software blades, such as Anti-Virus, Anti-Bot, Threat Emulation, etc. The Threat Prevention API can be used to query and update indicators, upload files for
emulation, retrieve verdicts and reports, etc.
Identity Awareness Web Services API: This API allows you to integrate external identity sources with the Identity Awareness software blade, which provides identity-based access control for network traffic. The Identity Awareness Web
Services API can be used to send identity and session information to the Security Gateway, query identity information from the Security Gateway, etc. OPSEC SDK API: This API allows you to develop custom applications that can
communicate with Check Point products using the OPSEC protocol. The OPSEC SDK API supports various OPSEC services, such as LEA, CPMI, SAM, ELA, UFP, etc. References: R81 Management API Reference Guide, page 7; [R81
Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?
A. Yes, but they need to have a mutually trusted certificate authority
B. Yes, but they have to have a pre-shared secret key
C. No, they cannot share certificate authorities
D. No, Certificate based VPNs are only possible between Check Point devices
Correct Answer: A
Check Point and Third-party Gateways can establish a certificate-based Site-to-Site VPN tunnel if they have a mutually trusted certificate authority. This means that both gateways trust the same root CA or intermediate CA that issued their certificates. This way, they can authenticate each other using their certificates and establish a secure VPN tunnel. References: Check Point Resource Library, page 5
Question 519:
In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
A. Basic, Optimized, Strict
B. Basic, Optimized, Severe
C. General, Escalation, Severe
D. General, purposed, Strict
Correct Answer: A
Threat Prevention has three out-of-the-box profiles: Basic, Optimized, and Strict. These profiles define the default actions for different threat prevention blades, such as Anti-Virus, Anti-Bot, IPS, etc. You cannot change the settings of these
profiles, but you can clone them and create new profiles with customized settings. References: Training and Certification | Check Point Software, CCSE section
Question 520:
How can you grant GAiAAPI Permissions for a newly created user?
A. Assign the user a permission profile in SmartConsole
B. Assign the user the admin RBAC role in dish
C. No need to grant access since every user has access by default.
D. In bash, use the following command: "gaia_api access --user Tom -enable true"
Correct Answer: A
To grant GAiAAPI permissions for a newly created user, you need to assign the user a permission profile in SmartConsole. A permission profile defines the access level and scope of actions that a user can perform using the GAiAAPI. You can choose from predefined permission profiles or create your own custom profiles. You cannot grant GAiAAPI permissions using dish or bash commands. References: [Check Point Security Expert R81 API Reference Guide], page 9.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.