Checkpoint 156-315.81 Practice Test - Questions Answers, Page 15

For Management High Availability, the valid synchronization status options are:

A) Collision

B) Down

C) Lagging

D) Never been synchronized

In this context, 'Down' indicates that the synchronization is not functioning correctly or that the standby management server is not reachable. This is a valid synchronization status, so the answer is not B.

Multiple administrators can connect to a Security Management Server at the same time. Each administrator has their own username and works in a session that is independent of other administrators. This allows for collaboration and simultaneous management tasks by different administrators.

Firewall Management (fwm) is available on any management product, including Multi-Domain and on products that requite direct GUI access, such as SmartEvent, It provides the following:

-- GUI Client communication

-- Database manipulation

-- Policy Compilation

-- Management HA sync

To add a file to the Threat Prevention Whitelist, you need two items:

B) Object Name and MD5 signature

You need the Object Name to identify the file or object you want to whitelist, and the MD5 signature to specify the unique hash value of that file. The MD5 signature ensures that the specific file you want to whitelist is identified accurately.

The proxy ARP configuration is stored under the following file: $FWDIR/conf/local.arp on the gateway This file, local.arp, contains the proxy ARP configuration for the Security Gateway. It is used to configure ARP (Address Resolution Protocol) settings for network communication.

In a Cpinfo (Checkpoint information) command, various information is collected from a Security Gateway. However, firewall logs are NOT collected from a Security Gateway in a Cpinfo.

A) Firewall logs

The Cpinfo command typically collects information such as configuration and database files, system message logs, OS and network statistics, but it does not include firewall logs. Firewall logs are usually obtained separately using other methods or tools.

SandBlast appliances can be deployed in the following modes:

C) Inline/prevent or detect

SandBlast appliances can be deployed in an inline mode where they actively inspect and prevent or detect malicious traffic. In this mode, the appliance sits in the network traffic path and can take actions to block or detect threats in real-time.

When traffic from source 192.168.1.1 is going to www.google.com, and the Application Control Blade on the gateway is inspecting the traffic with acceleration enabled, it is handled by the Slow Path.

A) Slow Path

The Slow Path is responsible for handling traffic that requires full inspection by various security blades, including the Application Control Blade. Acceleration may offload some processing to the Medium Path or Fast Path, but the Slow Path is still involved in deeper inspection.

To enable VMAC mode on a cluster member, you need to set the value of the global kernel parameterfwha_vmac_global_param_enabledto 1. This can be done on-the-fly using the commandfw ctl set int fwha_vmac_global_param_enabled 1on all cluster members. This command does not require a reboot or a policy installation. VMAC mode allows the cluster to use a virtual MAC address for its virtual IP addresses, which reduces the number of gratuitous ARP packets sent upon failover and avoids ARP cache issues on some routers and switches.

Reference:How to enable ClusterXL Virtual MAC (VMAC) mode