CheckPoint 156-315.81 Online Practice Questions and Exam Preparation

CheckPoint 156-315.81 Online Questions & Answers

• Question 531:

  Which statement is false in respect of the SmartConsole after upgrading the management server to R81.20?

  A. Yes. You can download the SmartConsole directly from the Download Center
  B. As far as you use version R80.40, no upgrade is needed due to compatibility mode
  C. Yes, using CPUSE you can make the installer available in the Web Portal of the Management Server
  D. Yes, the SmartConsole Upgrade package can be installed using CPUSE
  B. As far as you use version R80.40, no upgrade is needed due to compatibility mode

  ---

  Explanation/Reference:

  The statement that is false in respect of the SmartConsole after upgrading the management server to R81.20 is that as far as you use version R80.40, no upgrade is needed due to compatibility mode. This is false because SmartConsole R80.40 is not compatible with R81.20 management server and you need to upgrade your SmartConsole to R81.20 as well. The other statements are true and valid ways to obtain the SmartConsole upgrade package. References: [Check Point Security Expert R81 Installation and Upgrade Guide], page 18.

• Question 532:

  Which SmartEvent component is responsible to collect the logs from different Log Servers?

  A. SmartEvent Server
  B. SmartEvent Database
  C. SmartEvent Collector
  D. SmartEvent Correlation Unit
  D. SmartEvent Correlation Unit

  ---

  Explanation/Reference:

  The SmartEvent component that is responsible to collect the logs from different Log Servers is the SmartEvent Correlation Unit. The SmartEvent Correlation Unit is a daemon that runs on the SmartEvent Server and receives logs from one or more Log Servers. The SmartEvent Correlation Unit analyzes the logs and generates correlated events according to the SmartEvent policy2. References: Check Point R81 SmartEvent Administration Guide

• Question 533:

  Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection?

  A. Source Address
  B. Destination Address
  C. TCP Acknowledgment Number
  D. Source Port
  C. TCP Acknowledgment Number

  ---

  Explanation/Reference:

  The attribute that is not used for identifying a connection by packet acceleration (SecureXL) is TCP Acknowledgment Number. SecureXL identifies connections by using a hash function that takes into account the following attributes: source address, destination address, source port, destination port, protocol, and VPN ID. The TCP Acknowledgment Number is not part of the hash function and does not affect the connection identification. References: [SecureXL Mechanism] https //sc1.checkpoint.com/documents/R77/CP R77_Firewall_WebAdmm/92711.htm

• Question 534:

  What a valid SecureXL paths in R81.20?

  A. F2F (Slow path). Templated Path. PQX and F2V
  B. F2F (Slow path). PXL, QXL and F2V
  C. F2F (Slow path), Accelerated Path, PQX and F2V
  D. F2F (Slow path), Accelerated Path, Medium Path and F2V
  D. F2F (Slow path), Accelerated Path, Medium Path and F2V

  ---

  Explanation/Reference:

  The valid SecureXL paths in R81.20 are F2F (Slow path), Accelerated Path, Medium Path and F2V1. SecureXL is a technology that accelerates the performance of the Security Gateway by offloading CPU-intensive operations to the SecureXL device2. SecureXL uses different paths to process packets, depending on the type and state of the connection3. The SecureXL paths are3: F2F (Slow path): This path handles packets that require a full inspection by the Firewall kernel. It is the slowest path, but it supports all features and blades. Examples of packets that use this path are packets that belong to a new connection, packets that match a rule with UTM blades, or packets that require address translation. Accelerated Path: This path handles packets that belong to an established connection that does not require any further inspection by the Firewall kernel. It is the fastest path, but it supports only a limited set of features and blades. Examples of packets that use this path are packets that match an accept rule with no UTM blades, or packets that match a rule with SecureXL acceleration enabled. Medium Path: This path handles packets that belong to an established connection that requires some inspection by the Firewall kernel, but not a full inspection. It is faster than the F2F path, but slower than the Accelerated path. It supports more features and blades than the Accelerated path, but less than the F2F path. Examples of packets that use this path are packets that match a rule with IPS or Anti-Bot blades, or packets that require NAT templates. F2V: This path handles packets that are encapsulated or decapsulated by the VPN kernel. It is faster than the F2F path, but slower than the Accelerated path. It supports VPN features such as encryption, decryption, encapsulation, and decapsulation. References: R81.x Security Gateway Architecture (Logical Packet Flow) - Check Point CheckMates, SecureXL Mechanism in R80.10 and above - Check Point Software, SecureXL - Check Point Software

• Question 535:

  After some changes in the firewall policy you run into some issues. You want to test if the policy from two weeks ago have the same issue. You don't want to lose the changes from the last weeks. What is the best way to do it?

  A. Use the Gaia WebUI to take a backup of the Gateway. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific version' button
  B. Use the Gaia WebUI to take a snapshot of management. In the In SmartConsole under Manage and Settlings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...' Restore the management snapshot.
  C. In SmartConsole under Manage and Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...'.
  D. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific version' button
  D. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific version' button

  ---

  Explanation/Reference:

  The best way to test if the policy from two weeks ago have the same issue is to install the specific version of the policy from the installation history view of the gateway. This way, you can keep the changes from the last weeks in the management server and revert back to them later if needed. You do not need to take a backup or a snapshot of the gateway or the management server for this purpose. References: [Check Point Security Expert R81 Administration Guide], page 34.

• Question 536:

  Which of the following technologies extracts detailed information from packets and stores that information in state tables?

  A. INSPECT Engine
  B. Stateful Inspection
  C. Packet Filtering
  D. Application Layer Firewall
  A. INSPECT Engine

  ---

  Explanation/Reference:

  According to the Check Point website, INSPECT Engine is the technology that extracts detailed information from packets and stores that information in state tables. INSPECT Engine is the core of Check Point's Stateful Inspection technology, which enables Security Gateways to inspect traffic at multiple layers and enforce security policies. The other technologies are either not related or not specific enough. References: INSPECT Engine

• Question 537:

  What is not a purpose of the deployment of Check Point API?

  A. Execute an automated script to perform common tasks
  B. Create a customized GUI Client for manipulating the objects database
  C. Create products that use and enhance the Check Point solution
  D. Integrate Check Point products with 3rd party solution
  B. Create a customized GUI Client for manipulating the objects database

  ---

  Explanation/Reference:

  The deployment of Check Point API does not have the purpose of creating a customized GUI Client for manipulating the objects database. The Check Point API is a web service that allows external applications to interact with the Check Point management server using standard methods such as HTTP(S) requests and JSON objects. The Check Point API can be used to execute an automated script to perform common tasks, create products that use and enhance the Check Point solution, and integrate Check Point products with 3rd party solutions. However, creating a customized GUI Client for manipulating the objects database is not a supported or intended use case of the Check Point API.

• Question 538:

  Where is the license for Check Point Module users installed?

  A. The Primary Gateway
  B. The Standby Gateway
  C. The Endpoint Server
  D. The Security Management Server
  D. The Security Management Server

  ---

  Explanation/Reference:

• Question 539:

  Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

  A. ThreatWiki
  B. Whitelist Files
  C. AppWiki
  D. IPS Protections
  B. Whitelist Files

  ---

  Explanation/Reference:

  According to the Check Point website, Whitelist Files is the tool that provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed. Whitelist Files can be configured in SmartConsole under Threat Prevention > Policy > Whitelist Files. The other tools are either not related or not valid tools. References: Whitelist Files

• Question 540:

  You want to verify if your management server is ready to upgrade to R81.20. What tool could you use in this process?

  A. migrate export
  B. upgrade_tools verify
  C. pre_upgrade_verifier
  D. migrate import
  C. pre_upgrade_verifier

  ---

  Explanation/Reference:

  According to the Check Point website, you can use the pre_upgrade_verifier tool to verify if your management server is ready to upgrade to R81.20. This tool checks the compatibility of your current configuration and database with the target version, and provides a detailed report of any issues or warnings. The other tools are either used for exporting or importing databases, or not valid tools. References: Upgrade Verification Service