Checkpoint 156-215.81 Practice Test - Questions Answers, Page 8

The components of Check Point Capsule are Capsule Docs, Capsule Cloud, and Capsule Workspace123. There is no Capsule Enterprise component. Capsule Docs protects business documents everywhere they go. Capsule Cloud protects mobile users outside the enterprise security perimeter. Capsule Workspace creates a secure business environment on mobile devices.

Reference:Check Point Capsule Datasheet,Check Point Capsule Workspace Datasheet,Mobile Secure Workspace with Capsule

The command to restore a backup of Check Point configurations without the OS information isrestore_backup4. This command restores the Gaia OS configuration and the firewall database from a compressed file. The other commands are not valid for this purpose.import backupis not a valid command.cp_mergeis a command to merge policies or objects from different databases.migrate importis a command to import a previously exported database usingmigrate export.

Reference:System Backup and Restore feature in Gaia, [cp_merge], [migrate import]

The best sync method in the ClusterXL deployment is to use one dedicated sync interface56. This method provides optimal performance and reliability for synchronization traffic.Using multiple sync interfaces is not recommended as it increases CPU load and does not provide 100% sync redundancy5. Using multiple clusters is not a sync method, but a cluster topology.

Reference:Sync Redundancy in ClusterXL,Best Practice for HA sync interface

Multiple administrators can connect to a Security Management Server at the same time, and each administrator has their own username and works in a session that is independent of other administrators1. This allows concurrent administration and prevents conflicts between different administrators. The other options are incorrect. Only one administrator can be connected is false. All administrators can modify a network object at the same time is false, as only one administrator can lock and edit an object at a time. Only one has the right to write is false, as all administrators have write permissions unless they are restricted by roles or permissions.

Reference:Security Management Server - Check Point Software

The Full Identity Agent allows packet tagging and computer authentication2. Packet tagging is a feature that enables the Security Gateway to identify the source user and machine of each packet, regardless of NAT or routing. Computer authentication is a feature that enables the Security Gateway to authenticate machines that are not associated with any user, such as servers or unattended workstations. The other options are incorrect. Endpoint Security Client is not an Identity Agent, but a software that provides endpoint security features such as firewall, antivirus, VPN, etc. Light Agent is an Identity Agent that does not require installation and runs on a web browser, but it does not support packet tagging or computer authentication. System Agent is not an Identity Agent, but a software that provides system information and health monitoring for endpoints.

Reference:Check Point Identity Agent for Microsoft Windows 10

In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log.You can add Accounting and/or Suppression to each of these options1. Accounting enables you to track the amount of data that is sent or received by a specific rule. Suppression enables you to reduce the number of logs that are generated by a specific rule. Therefore, the correct answer is C. Accounting/Suppression.

Reference:Logging and Monitoring Administration Guide R80 - Check Point Software

To optimize drops, you can use Priority Queues and fully enable Dynamic Dispatcher on the Security Gateway23. Priority Queues are a mechanism that prioritizes part of the traffic when the Security Gateway is stressed and needs to drop packets. Dynamic Dispatcher is a feature that dynamically assigns new connections to a CoreXL FW instance based on the utilization of CPU cores.To enable both features, you need to run the commandfw ctl multik set_mode 9on the Security Gateway4. Therefore, the correct answer is C.fw ctl multik set_mode 9.

Reference:CoreXL Dynamic Dispatcher - Check Point Software,Firewall Priority Queues in R80.x / R81.x - Check Point Software,Separate Config for Dynamic Dispatcher and Priority Queues

The two Check Point Protocols that are used by are FWD and LEA567. FWD is the Firewall Daemon that handles communication between different Check Point components, such as Security Management Server, Security Gateway, SmartConsole, etc. LEA is the Log Export API that allows external applications to retrieve logs from the Security Gateway or Security Management Server. Therefore, the correct answer is B. FWD and LEA.

Reference:Border Gateway Protocol - Check Point Software,Check Point IPS Datasheet,List of valid protocols for services? - Check Point CheckMates

To ensure that VMAC mode is enabled, you should run the commandfw ctl get int fwha_vmac_global_param_enabledon all cluster members and check that the result of the command returns the value 11. This command shows the current value of the global kernel parameterfwha_vmac_global_param_enabled, which controls whether VMAC mode is enabled or disabled.VMAC mode is a feature that associates a Virtual MAC address with each Virtual IP address of the cluster, which reduces the need for Gratuitous ARP packets and improves failover performance1. The other options are incorrect. Option A is not a valid command.Option C is a command to show the status of cluster interfaces, not VMAC mode2.Option D is a command to show the value of a different global kernel parameter,fwha_vmac_global_param_enabled, which controls whether VMAC mode is enabled for all interfaces or only for non-VLAN interfaces1.

Reference:How to enable ClusterXL Virtual MAC (VMAC) mode,cphaprob