Checkpoint 156-315.81 Practice Test - Questions Answers

Advanced Security Checkups can be easily conducted within theReportstab in theLogs & Monitorview in SmartConsole. The Reports tab allows you to generate and view various reports that provide insights into the security status and performance of your network. You can use predefined reports or create custom reports based on your needs. You can also schedule reports to run automatically and send them by email. Some of the predefined reports that can help you conduct advanced security checkups are:

Security Overview: This report provides a summary of the security posture of your network, including the number and severity of incidents, the top attacked hosts and services, the top attackers and attack methods, the top detected threats and vulnerabilities, etc.

Security Best Practices: This report evaluates your security configuration and policy against the Check Point best practices and provides recommendations for improvement. It covers areas such as firewall policy, NAT policy, VPN policy, identity awareness, threat prevention, etc.

Compliance Status: This report assesses your compliance level with various regulations and standards, such as PCI DSS, ISO 27001, NIST 800-53, etc. It shows the compliance score, the compliance status of each requirement, the compliance status of each gateway and blade, etc.

Network Activity: This report shows the network activity and traffic patterns on your network, including the top sources and destinations of traffic, the top protocols and applications used, the top bandwidth consumers, etc.

System Health: This report monitors the health and performance of your management server and gateways, including the CPU utilization, memory usage, disk space, network interfaces, etc.

Reference:R81 Logging and Monitoring Administration Guide

Sticky Decision Function (SDF) is a feature that ensures that VPN traffic is handled by the same core on a Security Gateway with multiple CPU cores. This improves the performance and stability of VPN tunnels by avoiding out-of-order packets and reducing encryption overhead. However, the limitation of employing SDF is that acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF. This means that SDF may reduce the overall throughput and scalability of the Security Gateway. Therefore, SDF should be used only when necessary and only on gateways that are dedicated to VPN traffic.

Reference:R81 Performance Tuning Administration Guide

The Check Point TE appliance in Recommended Mode includes2(OS) images. One image is used for running the appliance, and the other image is used for backup and recovery purposes. The images are not chosen by the administrator during installation, nor based on the license or the latest version.

Reference: [Check Point R81 Threat Emulation Administration Guide]

In R81.20, dbedit scripts are being replaced by the mgmt_cli utility for managing and configuring security policies and objects. Here's an explanation of each option:

A) dbedit is not supported in R81.20: This is not entirely accurate. While dbedit is still available and functional in R81.20, it is being phased out in favor of mgmt_cli for policy and object management.

B) dbedit is fully supported in R81.20: This statement is not accurate because although dbedit can still be used, it is not the primary recommended tool for policy management in R81.20.

C) You can use dbedit to modify threat prevention or access policies, but not create or modify layers: This statement is partially true, but it does not provide the complete picture. You can use dbedit for some policy-related tasks, but it's not the primary tool for policy management in R81.20.

D) dbedit scripts are being replaced by mgmt_cli in R81.20: This is the correct and recommended approach. mgmt_cli is the primary tool for managing security policies and objects in R81.20, and it is gradually replacing dbedit for these tasks.

Therefore, option D is the most accurate and recommended answer.

In the context of Check Point remote access clients and Office Mode, the correct answer is:

A) SecuRemote: SecuRemote is a Check Point remote access client that does not provide an Office-Mode Address. Office Mode is a feature that assigns a unique IP address from a designated IP pool to remote users when they connect to the corporate network. SecuRemote does not support this feature.

B) Endpoint Security Suite, C. Endpoint Security VPN, and D. Check Point Mobile are remote access clients that support Office Mode and can provide an Office-Mode Address to remote users.

Therefore, option A is the correct answer as it correctly identifies a remote access client that does not provide an Office-Mode Address.

To see the cluster status in CLI expert mode, you can use the command cphaprob stat. This command displays the status of the Check Point High Availability cluster. It provides information about the state of the cluster members, such as 'Active,' 'Standby,' or 'Collision.'

The feature that provides Full Layer3 VPN --IPSec VPN, giving users network access to all mobile applications, is the correct answer.

Capsule Connect/VPN is used to establish secure VPN connections for mobile devices, and the Full Layer3 VPN (IPSec VPN) option provides comprehensive network access.

To determine the cause of a cluster gateway showing 'Down' despite running 'clusterXL_admin up' on the down member, you can run the following command:

This command will provide a list of cluster members along with their statuses and can help diagnose the issue with the down member.

In SmartEvent, the administrator can configure different types of automatic reactions, which include:

Mail notifications

Blocking the source of the event

Blocking the event activity

Running an external script

Sending an SNMP trap

So, the correct answer is 'Mail, Block Source, Block Event Activity, External Script, SNMP Trap.'