CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 511:

  Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade?

  A. The Standby Member
  B. The Active Member
  C. The Primary Member
  D. The Secondary Member
  A. The Standby Member

  ---

  Explanation/Reference:

  In a Zero downtime upgrade, you should upgrade the Standby Member first. This is because the Standby Member does not process traffic and can be upgraded without affecting the cluster availability. After upgrading the Standby Member, you can perform a failover and make it the Active Member. Then you can upgrade the original Active Member, which becomes the Standby Member after the failover. References: Getting Started - Check Point Software, section "Upgrading Cluster Members with Zero Downtime"

• Question 512:

  What is a possible command to delete all of the SSH connections of a gateway?

  A. fw sam -I dport 22
  B. fw ctl conntab -x -dpott=22
  C. fw tab -t connections -x -e 00000016
  D. fwaccel dos config set dport ssh
  A. fw sam -I dport 22

  ---

  Explanation/Reference:

  The command `fw sam -I dport 22' will delete all of the SSH connections of a gateway by adding a temporary rule to the Security Policy that blocks traffic with destination port 22. The other commands are not valid or do not have the same effect. References: Check Point R81 Command Line Interface Reference Guide, page 101.

• Question 513:

  What is "Accelerated Policy Installation"?

  A. Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly
  B. Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly
  C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly
  D. Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly
  C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly

  ---

  Explanation/Reference:

  Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly. According to the Check Point R81 Security Management Administration Guide1, Accelerated Install Policy is

  a new feature in R81 that optimizes common use-cases and drastically speeds up the installation with up to 90% improvement. Policy installation is accelerated depending on the changes that were made to the Access Control policy since the

  last installation. When the policy installation is accelerated, the icon will appear under the "Install Policy Acceleration" column in the Install Policy window.

  References:

  Accelerated Install Policy - Check Point Software, section "Accelerated Install Policy"

• Question 514:

  When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions:

  A. Syslog
  B. SNMPTrap
  C. Block Source
  D. Mail
  A. Syslog

  ---

  Explanation/Reference:

  Mail - Tell an administrator by email that the event occurred. See Creating a Mail Reaction.

  Block Source - Instruct the Security GatewayClosed to block the source IP address from which this event was detected for a configurable timeframe . Select a timeframe from one minute to more than three weeks. See Creating a Block

  Source Reaction.

  Block Event activity - Instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable timeframe. Select a timeframe from one minute to more than three

  weeks). See Creating a Block Event Activity Reaction.

  External Script - Run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data.

  SNMP Trap - Generate an SNMP Trap. See Creating an SNMP Trap Reaction.

  https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Automatic-Reactions.htm

• Question 515:

  SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?

  A. Source address. Destination address. Source Port, Destination port
  B. Source address. Destination address. Destination port
  C. Source address. Destination address. Destination port. Pro^col
  D. Source address. Destination address. Source Port, Destination port. Protocol
  D. Source address. Destination address. Source Port, Destination port. Protocol

  ---

  Explanation/Reference:

  SecureXL uses templates to accelerate the connection rate by creating a connection entry in the SecureXL Connections Table without notifying the Firewall kernel for a predefined period of time1. This reduces the load on the Firewall kernel and improves the performance of new connections1. SecureXL uses five attributes to identify a connection and create a template: source address, destination address, source port, destination port, and protocol2. These attributes form a unique 5-tuple that defines a connection2. References: : ATRG: SecureXL for R80.20 and higher : Performance Tuning Administration Guide R80

• Question 516:

  After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again, He detected that the expert password is no longer valid. What is the most probable reason for this behavior?

  A. "write memory" was not issued on clish
  B. changes are only possible via SmartConsole
  C. "save config" was not issued in expert mode
  D. "save config" was not issued on clish
  D. "save config" was not issued on clish

  ---

  Explanation/Reference:

  The most probable reason for the expert password to be no longer valid after a week is that save config was not issued on clish. The clish command set expert- password sets the expert password for the current session only. To make the password persistent, the clish command save config must be issued after setting the expert password2. The other options are not relevant for setting the expert password. References: 2: Check Point Software, Getting Started, Setting Expert Password.

• Question 517:

  In R81 spoofing is defined as a method of:

  A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
  B. Hiding your firewall from unauthorized users.
  C. Detecting people using false or wrong authentication logins
  D. Making packets appear as if they come from an authorized IP address.
  D. Making packets appear as if they come from an authorized IP address.

  ---

  Explanation/Reference:

  In R81, spoofing is defined as a method of making packets appear as if they come from an authorized IP address. Spoofing can be used by attackers to bypass security policies or hide their identity. Check Point firewalls use anti-spoofing mechanisms to prevent spoofed packets from entering or leaving the network. References: Security Gateway R81 Administration Guide:

• Question 518:

  Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly

  deployed R81.X Security Management Server Aaron wants to confirm API services are working properly.

  What should he do first?

  A. Aaron should check API Server status with "fwm api status" from Expert mode If services are stopped, he should start them with "fwm api start".
  B. Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start"
  C. Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start"
  D. Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start".
  C. Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start"

  ---

  Explanation/Reference:

  Aaron should check API Server status with "api status" from Expert mode. If services are stopped, he should start them with "api start". This is the correct way to verify and start the API Server on a Security Management Server running Gaia R81.X. The other commands are either invalid or not related to the API Server. The api command is a wrapper script that simplifies the management of the API Server. It can be used to start, stop, restart, status, enable, or disable the API Server. References: [API Server]

• Question 519:

  How many interfaces can you configure to use the Multi-Queue feature?

  A. 10 interfaces
  B. 3 interfaces
  C. 4 interfaces
  D. 5 interfaces
  D. 5 interfaces

  ---

  Explanation/Reference:

  How many interfaces can you configure to use the Multi-Queue feature? You can configure up to 5 interfaces to use the Multi-Queue feature. Multi-Queue is a performance enhancement feature that allows distributing the network traffic among multiple CPU cores, instead of using a single core for all traffic. Multi-Queue can be enabled on interfaces that have high traffic load and support multiple receive/transmit queues. Multi-Queue can be configured via SmartConsole or via CLI with the command sim affinity -m. References: R81 Performance Tuning Administration Guide, page 18.

• Question 520:

  Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?

  A. Centos Linux
  B. Gaia embedded.
  C. Gaia
  D. Red Hat Enterprise Linux version 5
  A. Centos Linux
  B. Gaia embedded.
  C. Gaia