If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:
A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.
B. Change the Standby Security Management Server to Active.
C. Change the Active Security Management Server to Standby.
D. Manually synchronize the Active and Standby Security Management Servers.
Correct Answer: A
The hostname of the Standby member should not be changed to match the hostname of the Active member, as this would cause a conflict in the network. The correct procedure is to change the hostname of the Active member to a different name, and then change the Standby member to the original hostname of the Active member1. References: 1: Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 9.
Question 522:
How would you enable VMAC Mode in ClusterXL?
A. Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC
B. fw ctl set int vmac_mode 1
C. cphaconf vmac_mode set 1
D. Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC
Correct Answer: A
To enable VMAC Mode in ClusterXL, you need to go to Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC. VMAC Mode is a feature that allows ClusterXL to use a virtual MAC address for cluster interfaces instead of physical MAC addresses. This simplifies the cluster configuration and avoids issues with MAC address flapping or spoofing on switches. References: [VMAC Mode]
Question 523:
What level of CPU load on a Secure Network Distributor would indicate that another may be necessary?
A. Idle <20%
B. USR <20%
C. SYS <20%
D. Wait <20%
Correct Answer: A
The CPU load on a Secure Network Distributor (SND) indicates how much processing power is available for distributing traffic among cluster members. If the CPU load is high, it means that the SND is overloaded and cannot handle more traffic efficiently. A good indicator of SND overload is when the Idle CPU percentage is less than 20%. In this case, you may need to add another SND to balance the load or optimize your cluster configuration. References: Getting Started Check Point Software, section "Monitoring ClusterXL Status"
Question 524:
What are valid Policy Types in R81.X?
A. Access Control, Threat Prevention, QoS, Desktop Security
B. Access Control, IPS, Threat Emulation, NAT
C. Access Control, IPS, QoS, DLP
D. Access Control, RemoteAccess VPN, NAT, IPS
Correct Answer: C
Policy Types are the different types of security policies that can be configured and enforced on a Check Point gateway. The valid Policy Types in R81.X are:
Access Control: Defines the rules for allowing or blocking traffic based on source, destination, service, user, and other criteria. IPS: Protects the network from known and unknown attacks by inspecting the traffic and applying signatures,
protections, and actions. QoS: Controls the bandwidth allocation and prioritization for different types of traffic and applications. DLP: Prevents the leakage of sensitive data from the network by detecting and blocking data transfers that violate
A. It is a ClusterXL feature that switches an HA cluster into an LS cluster if required to maximize throughput
B. It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load
C. It is a new feature that is capable of dynamically reserve the amount of Hash kernel memory to reflect the resource usage necessary for maximizing the session rate.
D. It is a CoreXL feature that assigns the SND to network interfaces to balance the RX Cache of the interfaces
Correct Answer: B
Dynamic Balancing is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load. It dynamically changes the split between CoreXL SNDs and CoreXL Firewalls and does not require a reboot or cause an outage. It monitors the system and makes changes as needed to optimize the performance of the Security Gateway. It is supported on Check Point Appliances with R80.40 and higher versions. References: Dynamic Balancing for CoreXL - Check Point Software, Dynamic Balancing available on R80.40 - Check Point CheckMates, CLI R81.20 Reference Guide - Check Point Software, Performance Tuning R81.20 Administration Guide - Check Point Software
Question 526:
GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
A. Check Point Update Service Engine
B. Check Point Software Update Agent
C. Check Point Remote Installation Daemon (CPRID)
D. Check Point Software Update Daemon
Correct Answer: A
GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the Check Point Update Service Engine. This agent allows you to download and install software updates, hotfixes, upgrade packages, etc., from Check Point servers or from a local repository. The Check Point Update Service Engine can be accessed via SmartConsole or via WebUI or CLI on GAIA. References: [Gaia Administration Guide R81], page 77.
Question 527:
When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?
A. If the Action is Accept, the gateway allows the packet to pass through the gateway.
B. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
C. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
D. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.
Correct Answer: C
When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches the packet. The order of rule enforcement depends on the action of the matching rule. If the action is Accept, the gateway allows the packet to pass through the gateway, but also continues to check rules in the next Policy Layer down. If the action is Drop, Reject, or Encrypt, the gateway applies that action to the packet and stops checking rules in that Policy Layer and any subsequent Policy Layers. If there is no matching rule in a Policy Layer, the gateway applies the Implicit Clean-up Rule for that Policy Layer, which is usually Drop.
Question 528:
What is the SOLR database for?
A. Used for full text search and enables powerful matching capabilities
B. Writes data to the database and full text search
C. Serves GUI responsible to transfer request to the DLE server
D. Enables powerful matching capabilities and writes data to the database
Correct Answer: A
The SOLR database is used for full text search and enables powerful matching capabilities. The SOLR database is part of the Log Server component, which is responsible for indexing and storing logs received from Security Gateways and other sources. The SOLR database allows users to perform complex queries on the logs using keywords, filters, operators, and expressions. References: Log Server
Question 529:
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
A. To satellites through center only
B. To center only
C. To center and to other satellites through center
D. To center, or through the center to other satellites, to Internet and other VPN targets
Correct Answer: D
This VPN routing option uses VPN routing for every connection a satellite gateway handles, regardless of the destination. This means that all traffic from the satellite gateway will go through the VPN tunnel to the center gateway, and then be routed to the appropriate destination, whether it is another satellite, the Internet, or another VPN target. This option provides the highest level of security and control, but also consumes more bandwidth and processing power.
Question 530:
The log server sends what to the Correlation Unit?
A. Authentication requests
B. CPMI dbsync
C. Logs
D. Event Policy
Correct Answer: C
The log server sends logs to the Correlation Unit. The Correlation Unit analyzes the logs and generates events based on the event policy. The events are then sent to the SmartEvent Server, which displays them in the SmartEvent GUI.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.