CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 521:

  Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?

  A. Slow Path
  B. Medium Path
  C. Fast Path
  D. Accelerated Path
  A. Slow Path

  ---

  Explanation/Reference:

  When traffic from source 192.168.1.1 is going to www.google.com, and the Application Control Blade on the gateway is inspecting the traffic with acceleration enabled, it is handled by the Slow Path.

  A. Slow Path

  The Slow Path is responsible for handling traffic that requires full inspection by various security blades, including the Application Control Blade. Acceleration may offload some processing to the Medium Path or Fast Path, but the Slow Path is still involved in deeper inspection.

  References: Check Point Certified Security Expert R81 Study Guide, Check Point documentation on traffic acceleration and processing paths.

• Question 522:

  Kurt is planning to upgrade his Security Management Server to R81.X. What is the lowest supported version of the Security Management he can upgrade from?

  A. R76 Splat
  B. R77.X Gaia
  C. R75 Splat
  D. R75 Gaia
  D. R75 Gaia

  ---

  Explanation/Reference:

  The lowest supported version of the Security Management that can be upgraded to R81.X is R75 Gaia. This means that the Security Management Server must be running on the Gaia Operating System and have a version of R75 or higher.

  R76 Splat, R77.X Gaia, and R75 Splat are not supported for upgrading to R81.X1. References: 1:

  Check Point Software, Getting Started, Supported Upgrade Paths.

• Question 523:

  What is the protocol and port used for Health Check and State Synchronization in ClusterXL?

  A. CCP and 18190
  B. CCP and 257
  C. CCP and 8116
  D. CPC and 8116
  C. CCP and 8116

  ---

  Explanation/Reference:

  ClusterXL is a clustering technology that provides high availability and load sharing for Security Gateways. ClusterXL uses a proprietary protocol called Check Point Cluster Protocol (CCP) to communicate between cluster members. CCP has two main functions: Health Check and State Synchronization. Health Check is the mechanism that monitors the status and availability of each cluster member and determines which member is the active one. State Synchronization is the mechanism that synchronizes the connection and NAT tables between cluster members to ensure a smooth failover in case of a member failure. CCP uses UDP port 8116 for both Health Check and State Synchronization messages. The other options are not correct because:

  A. CCP and 18190: This option is incorrect because CCP does not use port 18190. Port 18190 is used by Secure Internal Communication (SIC) between Security Gateways and Management Servers. B. CCP and 257: This option is incorrect

  because CCP does not use port 257. Port 257 is used by Check Point Security Management Protocol (CPM) for communication between SmartConsole and Management Servers. D. CPC and 8116:

  This option is incorrect because there is no such protocol as CPC in ClusterXL.

  References: ClusterXL R81.20 Administration Guide, ClusterXL Administration Guide R80.40, sk25977 - Ports used by Check Point software

• Question 524:

  If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:

  A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.
  B. Change the Standby Security Management Server to Active.
  C. Change the Active Security Management Server to Standby.
  D. Manually synchronize the Active and Standby Security Management Servers.
  A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.

  ---

  Explanation/Reference:

  The hostname of the Standby member should not be changed to match the hostname of the Active member, as this would cause a conflict in the network. The correct procedure is to change the hostname of the Active member to a different name, and then change the Standby member to the original hostname of the Active member1. References: 1: Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 9.

• Question 525:

  Which of the following links will take you to the SmartView web application?

  A. https:///smartviewweb/
  B. https:///smartview/
  C. https://smartviewweb
  D. https:///smartview
  B. https:///smartview/

  ---

  Explanation/Reference:

  The SmartView web application is a web-based interface that allows you to view and analyze logs and events from your Security Gateways and Management Servers1. To access the SmartView web application, you need to use the following

  link:

  https:///smartview/. This link will prompt you to enter your credentials and then take you to the SmartView dashboard. The other options are not correct because:

  A. The link https:///smartviewweb/ is missing a slash (/) between the host name and smartviewweb. C. The link https://smartviewweb is missing a slash (/)

  after the host name and before smartviewweb. D. The link https:///smartview is missing a slash (/) at the end.

  References: Views and Reports Tutorial R80

• Question 526:

  When simulating a problem on ClusterXL cluster with cphaprob STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

  A. cphaprob STOP unregister
  B. cphaprob STOP unregister
  C. cphaprob unregister STOP
  D. cphaprob unregister STOP
  A. cphaprob STOP unregister

  ---

  Explanation/Reference:

  When simulating a problem on a ClusterXL cluster with the command "cphaprob STOP -s problem -t 0 register" to initiate a failover on an active cluster member, you can use the command "cphaprob STOP unregister" to remove the

  problematic state and return the cluster to normal operation.

  Option A correctly identifies the command that allows you to remove the problematic state, making it the verified answer.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 527:

  Which statement is most correct regarding about "CoreXL Dynamic Dispatcher"?

  A. The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses
  B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
  C. The CoreXL FW instances assignment mechanism is based on IP Protocol type
  D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP `Protocol' type
  B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

  ---

  Explanation/Reference:

  The statement that is most correct regarding about "CoreXL Dynamic Dispatcher" is: The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores. CoreXL Dynamic Dispatcher is a feature that allows the Security Gateway to dynamically assign connections to the most available CoreXL FW instance, based on the CPU core utilization. This improves the performance and load balancing of the Security Gateway, especially when handling connections with different processing requirements. The other statements are either incorrect or describe the CoreXL Static Dispatcher mechanism, which assigns connections based on a hash function of the Source IP, Destination IP, and IP Protocol type.

• Question 528:

  In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a

  response before the peer host is declared `down', you would set the_________?

  A. life sign polling interval
  B. life sign timeout
  C. life_sign_polling_interval
  D. life_sign_timeout
  D. life_sign_timeout

  ---

  Explanation/Reference:

  In Advanced Permanent Tunnel Configuration, the life_sign_timeout parameter sets the amount of time the tunnel test runs without a response before the peer host is declared `down'. The life_sign_polling_interval parameter sets the interval

  between each tunnel test packet sent to the peer host.

  Reference:

  https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm ?

  topic=documents/R77/CP_R77_VPN_AdminGuide/14018

  : Advanced Permanent Tunnel Configuration

• Question 529:

  What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?

  A. The corresponding feature is new to R81.20 and is called "Management Data Plane Separation"
  B. The corresponding feature is called "Dynamic Dispatching"
  C. There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing.
  D. The corresponding feature is called "Dynamic Split"
  A. The corresponding feature is new to R81.20 and is called "Management Data Plane Separation"

  ---

  Explanation/Reference:

  The mechanism that can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources is called Management Data Plane Separation (MDPS)1. MDPS is a

  feature that allows a Security Gateway to have isolated Management and Data networks. The network system of each domain (plane) is independent and includes interfaces, routes, sockets, and processes. The Management Plane is a

  domain that accesses, provisions, and monitors the Security Gateway. The Data Plane is a domain that handles all other traffic1. MDPS has the following benefits2:

  It improves the performance and stability of the Security Gateway by separating the management traffic from the data traffic.

  It enhances the security of the Security Gateway by preventing any packet from crossing between the planes.

  It simplifies the network configuration and troubleshooting by having separate routing tables for each plane. MDPS is supported on Check Point Appliances with R80.40 and higher versions1. It is also supported on Quantum Maestro and

  Quantum Scalable Chassis with R81.20 and higher versions3. MDPS can be configured using Gaia Clish commands or Gaia Portal1. References: Management Data Plane Separation (MDPS) - Check Point Software, Tip of the Week:

  Management Data Plane Separation - Check Point CheckMates, Management Data Plane Separation (MDPS) on Maestro R81.20 - Check Point Software

• Question 530:

  John is using Management HA. Which Smartcenter should be connected to for making changes?

  A. secondary Smartcenter
  B. active Smartenter
  C. connect virtual IP of Smartcenter HA
  D. primary Smartcenter
  A. secondary Smartcenter
  B. active Smartenter
  C. connect virtual IP of Smartcenter HA
  D. primary Smartcenter

  ---

  A. secondary Smartcenter: This is a synonym for a Standby Security Management server, which cannot be used to make changes to the system. C. connect virtual IP of Smartcenter HA: This is not a valid option because there is no virtual IP for Smartcenter HA. Each Security Management server has its own IP address and hostname.

  D. primary Smartcenter: This is a synonym for the Active Security Management server, but it is not the correct term to use. The term primary implies that there is only one Active Security Management server, which is not true. The administrator can put the Active Security Management server on standby and promote a Standby Security Management server to active at any time1. References: How to Configure Management HA