ExamGecko
Login
Home / Checkpoint / 156-315.81 / List of questions
Ask Question

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 15

Add to Whishlist

List of questions

Question 141

Report Export Collapse

Fill in the blank: The ''fw monitor'' tool can be best used to troubleshoot ____________________.

AV issues
AV issues
VPN errors
VPN errors
Network traffic issues
Network traffic issues
Authentication issues
Authentication issues
Suggested answer: C
Explanation:

The ''fw monitor'' tool can be best used to troubleshootnetwork traffic issues. Fw monitor is a tool that allows administrators to capture packets at different inspection points in the Firewall kernel, and apply filters and flags to analyze the traffic. Fw monitor can help troubleshoot network connectivity problems, packet drops, NAT issues, VPN issues, and more. The other options are either not related or less suitable for fw monitor.

asked 16/09/2024
CHING SHENG WU
40 questions

Question 142

Report Export Collapse

For Management High Availability, which of the following is NOT a valid synchronization status?

Collision
Collision
Down
Down
Lagging
Lagging
Never been synchronized
Never been synchronized
Suggested answer: B
Explanation:

For Management High Availability, the valid synchronization status options are:

A) Collision

B) Down

C) Lagging

D) Never been synchronized

In this context, 'Down' indicates that the synchronization is not functioning correctly or that the standby management server is not reachable. This is a valid synchronization status, so the answer is not B.

asked 16/09/2024
Madhankumar Rathinakumar
42 questions

Question 143

Report Export Collapse

Can multiple administrators connect to a Security Management Server at the same time?

No, only one can be connected
No, only one can be connected
Yes, all administrators can modify a network object at the same time
Yes, all administrators can modify a network object at the same time
Yes, every administrator has their own username, and works in a session that is independent of other administrators.
Yes, every administrator has their own username, and works in a session that is independent of other administrators.
Yes, but only one has the right to write.
Yes, but only one has the right to write.
Suggested answer: C
Explanation:

Multiple administrators can connect to a Security Management Server at the same time. Each administrator has their own username and works in a session that is independent of other administrators. This allows for collaboration and simultaneous management tasks by different administrators.

asked 16/09/2024
Bill Skadden
36 questions

Question 144

Report Export Collapse

Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?

cpwd
cpwd
fwd
fwd
cpd
cpd
fwm
fwm
Suggested answer: D
Explanation:

Firewall Management (fwm) is available on any management product, including Multi-Domain and on products that requite direct GUI access, such as SmartEvent, It provides the following:

-- GUI Client communication

-- Database manipulation

-- Policy Compilation

-- Management HA sync

asked 16/09/2024
Jesserey Joseph
49 questions

Question 145

Report Export Collapse

To add a file to the Threat Prevention Whitelist, what two items are needed?

File name and Gateway
File name and Gateway
Object Name and MD5 signature
Object Name and MD5 signature
MD5 signature and Gateway
MD5 signature and Gateway
IP address of Management Server and Gateway
IP address of Management Server and Gateway
Suggested answer: B
Explanation:

To add a file to the Threat Prevention Whitelist, you need two items:

B) Object Name and MD5 signature

You need the Object Name to identify the file or object you want to whitelist, and the MD5 signature to specify the unique hash value of that file. The MD5 signature ensures that the specific file you want to whitelist is identified accurately.

asked 16/09/2024
Himal Rai
47 questions

Question 146

Report Export Collapse

Under which file is the proxy arp configuration stored?

$FWDIR/state/proxy_arp.conf on the management server
$FWDIR/state/proxy_arp.conf on the management server
$FWDIR/conf/local.arp on the management server
$FWDIR/conf/local.arp on the management server
$FWDIR/state/_tmp/proxy.arp on the security gateway
$FWDIR/state/_tmp/proxy.arp on the security gateway
$FWDIR/conf/local.arp on the gateway
$FWDIR/conf/local.arp on the gateway
Suggested answer: D
Explanation:

The proxy ARP configuration is stored under the following file: $FWDIR/conf/local.arp on the gateway This file, local.arp, contains the proxy ARP configuration for the Security Gateway. It is used to configure ARP (Address Resolution Protocol) settings for network communication.

asked 16/09/2024
Vasco Ricardo Ribeiro
32 questions

Question 147

Report Export Collapse

What information is NOT collected from a Security Gateway in a Cpinfo?

Firewall logs
Firewall logs
Configuration and database files
Configuration and database files
System message logs
System message logs
OS and network statistics
OS and network statistics
Suggested answer: A
Explanation:

In a Cpinfo (Checkpoint information) command, various information is collected from a Security Gateway. However, firewall logs are NOT collected from a Security Gateway in a Cpinfo.

A) Firewall logs

The Cpinfo command typically collects information such as configuration and database files, system message logs, OS and network statistics, but it does not include firewall logs. Firewall logs are usually obtained separately using other methods or tools.

asked 16/09/2024
Chris Carter
39 questions

Question 148

Report Export Collapse

SandBlast appliances can be deployed in the following modes:

using a SPAN port to receive a copy of the traffic only
using a SPAN port to receive a copy of the traffic only
detect only
detect only
inline/prevent or detect
inline/prevent or detect
as a Mail Transfer Agent and as part of the traffic flow only
as a Mail Transfer Agent and as part of the traffic flow only
Suggested answer: C
Explanation:

SandBlast appliances can be deployed in the following modes:

C) Inline/prevent or detect

SandBlast appliances can be deployed in an inline mode where they actively inspect and prevent or detect malicious traffic. In this mode, the appliance sits in the network traffic path and can take actions to block or detect threats in real-time.

asked 16/09/2024
Alexander Ang
47 questions

Question 149

Report Export Collapse

Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?

Slow Path
Slow Path
Medium Path
Medium Path
Fast Path
Fast Path
Accelerated Path
Accelerated Path
Suggested answer: A
Explanation:

When traffic from source 192.168.1.1 is going to www.google.com, and the Application Control Blade on the gateway is inspecting the traffic with acceleration enabled, it is handled by the Slow Path.

A) Slow Path

The Slow Path is responsible for handling traffic that requires full inspection by various security blades, including the Application Control Blade. Acceleration may offload some processing to the Medium Path or Fast Path, but the Slow Path is still involved in deeper inspection.

asked 16/09/2024
Mohammad Musa
46 questions

Question 150

Report Export Collapse

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

cphaprob set int fwha_vmac_global_param_enabled 1
cphaprob set int fwha_vmac_global_param_enabled 1
clusterXL set int fwha_vmac_global_param_enabled 1
clusterXL set int fwha_vmac_global_param_enabled 1
fw ctl set int fwha_vmac_global_param_enabled 1
fw ctl set int fwha_vmac_global_param_enabled 1
cphaconf set int fwha_vmac_global_param_enabled 1
cphaconf set int fwha_vmac_global_param_enabled 1
Suggested answer: C
Explanation:

To enable VMAC mode on a cluster member, you need to set the value of the global kernel parameterfwha_vmac_global_param_enabledto 1. This can be done on-the-fly using the commandfw ctl set int fwha_vmac_global_param_enabled 1on all cluster members. This command does not require a reboot or a policy installation. VMAC mode allows the cluster to use a virtual MAC address for its virtual IP addresses, which reduces the number of gratuitous ARP packets sent upon failover and avoids ARP cache issues on some routers and switches.

Reference:How to enable ClusterXL Virtual MAC (VMAC) mode

asked 16/09/2024
Vinnie Meuldijk
38 questions
Total 626 questions
Go to page: of 63
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory is true?
When simulating a problem on ClusterXL cluster with cphaprob --d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
What is the command used to activated Multi-Version Cluster mode?
Which TCP port does the CPM process listen on?
By default, the R81 web API uses which content-type in its response?
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
You have existing dbedit scripts from R77. Can you use them with R81.20?