Checkpoint 156-315.81 Practice Test - Questions Answers, Page 10

The difference between an event and a log is that a log entry becomes an event when it matches any rule defined in Event Policy. A log entry is a record of a network activity that is generated by a Security Gateway or a Management Server. An event is a log entry that meets certain criteria and triggers an action or a notification. The other options are either not true or not accurate definitions of events and logs.

Reference: Check Point R81 Logging and Monitoring Administration Guide

The attributes that SecureXL will check after the connection is allowed by Security Policy areSource address, Destination address, Source port, Destination port, Protocol. These are the five tuple parameters that define a connection and are used by SecureXL to accelerate the traffic.The other options are either missing some of the parameters or include irrelevant ones, such as MAC addresses1.

Reference:Check Point R81 SecureXL Administration Guide

The statement that is not true about Delta synchronization isUsing UDP Multicast or Broadcast on port 8161. Delta synchronization is a mechanism that transfers only the changes in the kernel tables between cluster members, instead of sending the entire tables.It uses UDP Multicast or Broadcast on port8116, not 81612. The other statements are true about Delta synchronization.

Reference:Check Point R81 ClusterXL Administration Guide

The Event List within the Event tab containsevents generated by a query. The Event List shows the events that match the query criteria, such as time range, filter, and aggregation.The events can be sorted by different columns, such as severity, time, action, and source3. The other options are either not part of the Event tab or not related to the Event List.

Reference:Check Point R81 Logging and Monitoring Administration Guide

The statement that is correct about the Sticky Decision Function isIt is not supported with either the Performance pack of a hardware based accelerator card. The Sticky Decision Function (SDF) is a feature that ensures that packets from the same connection are handled by the same cluster member in a Load Sharing configuration.However, SDF is not compatible with SecureXL acceleration, which is enabled by default or by using a Performance pack or a hardware based accelerator card4. The other statements are either incorrect or outdated about SDF.

Reference:Check Point R81 ClusterXL Administration Guide,Sticky Decision Function - Check Point CheckMates

The statement that is true regarding redundancy isBoth ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments. ClusterXL and VRRP are two technologies that provide high availability and load sharing for Security Gateways.They are both supported by Gaia OS and can be deployed on various platforms5. The other statements are either false or incomplete regarding redundancy.

Reference:Check Point R81 ClusterXL Administration Guide, Check Point R81 Gaia Administration Guide

NAT rules are prioritized in the following order:

Automatic Static NAT: This is the highest priority NAT rule and it translates the source or destination IP address to a different IP address without changing the port number. It is configured in the network object properties.

Automatic Hide NAT: This is the second highest priority NAT rule and it translates the source IP address and port number to a different IP address and port number. It is configured in the network object properties.

Manual/Pre-Automatic NAT: This is the third highest priority NAT rule and it allows you to create custom NAT rules that are not possible with automatic NAT. It is configured in the NAT policy rulebase before the automatic NAT rules.

Post-Automatic/Manual NAT rules: This is the lowest priority NAT rule and it allows you to create custom NAT rules that are not possible with automatic NAT. It is configured in the NAT policy rulebase after the automatic NAT rules.

In R81, you can manage your Mobile Access Policy through the Unified Policy. The Unified Policy is a single policy that combines access control, threat prevention, data protection, and identity awareness. You can create rules for mobile access in the Unified Policy rulebase and apply them to mobile devices, users, and applications. You can also use the Mobile Access blade to configure additional settings for mobile access, such as authentication methods, VPN settings, and application portal.

R81.20 management server can manage gateways with versions R75.20 and higher. However, some features may not be supported on older gateway versions. For example, R81 introduces a new feature called Infinity Threat Prevention, which requires R81 gateways to work properly. Therefore, it is recommended to upgrade your gateways to the latest version to take advantage of all the new features and enhancements in R81.