ExamGecko
Home / Checkpoint / 156-315.81 / List of questions
Ask Question

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 16

Add to Whishlist

List of questions

Question 151

Report Export Collapse

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

Accept Template
Accept Template
Deny Template
Deny Template
Drop Template
Drop Template
NAT Template
NAT Template
Suggested answer: B
Explanation:

SecureXL templates are a mechanism to accelerate the rate of connection establishment by grouping connections that match a particular service and whose sole differentiating element is the source port. SecureXL templates enable even the very first packets of a TCP handshake to be accelerated, without waiting for the Firewall kernel to create a connection entry. The first packets of the first connection on the same service will be forwarded to the Firewall kernel, which will then create a template of the connection. The template will contain all the relevant information for the connection, such as source and destination IP addresses, destination port, NAT information, policy decision, etc. The template will be used by SecureXL to handle subsequent connections on the same service, without involving the Firewall kernel. This reduces the CPU load and increases the throughput.

There are three types of SecureXL templates: Accept, Drop, and NAT. Accept templates are used for connections that are allowed by the Firewall policy. Drop templates are used for connections that are blocked by the Firewall policy. NAT templates are used for connections that require NAT translation. Deny templates are not a valid type of SecureXL template.

asked 16/09/2024
Paulo Cury
40 questions

Question 152

Report Export Collapse

Which of the following is NOT a type of Check Point API available in R81.x?

Identity Awareness Web Services
Identity Awareness Web Services
OPSEC SDK
OPSEC SDK
Mobile Access
Mobile Access
Management
Management
Suggested answer: C
Explanation:

Check Point API is a set of web services that enable the usage of functions and commands in a dynamic and automated fashion. Check Point API is available in different types, each serving a different purpose and functionality.According to the Check Point Resource Library1, the following are the types of Check Point API available in R81.x:

Identity Awareness Web Services: This type of API allows external applications to send identity and location information to the Security Gateway, which can then use this information for policy enforcement. Identity Awareness Web Services can be used for scenarios such as guest registration, captive portal, identity agents, etc.

OPSEC SDK: This type of API provides a framework for developing applications that interact with Check Point products using the OPSEC (Open Platform for Security) protocol. OPSEC SDK can be used for scenarios such as log export, event management, anti-virus integration, etc.

Management: This type of API allows external applications to perform management operations on the Check Point Management server using RESTful web services. Management API can be used for scenarios such as policy installation, object creation, configuration backup, etc.

Mobile Access is not a type of Check Point API, but rather a feature that provides secure remote access to corporate resources from various devices. Mobile Access uses SSL VPN technology and supports different authentication methods and access scenarios.

asked 16/09/2024
Sebastian Romero
49 questions

Question 153

Report Export Collapse

When an encrypted packet is decrypted, where does this happen?

Security policy
Security policy
Inbound chain
Inbound chain
Outbound chain
Outbound chain
Decryption is not supported
Decryption is not supported
Suggested answer: A
Explanation:

When an encrypted packet is received by a Check Point Security Gateway, it is decrypted according to the security policy. The security policy defines the rules and settings for encryption and decryption of traffic, such as the encryption algorithm, the encryption domain, the pre-shared secret or certificate, etc. The security policy is enforced by the Firewall kernel, which is responsible for decrypting the packets before passing them to the inbound chain for further inspection. The inbound chain consists of various inspection modules that apply security checks and actions on the decrypted packets. The outbound chain is the reverse process, where the packets are inspected and then encrypted according to the security policy before being sent out.

asked 16/09/2024
Tresor Garcia
45 questions

Question 154

Report Export Collapse

John is using Management H

Which Smartcenter should be connected to for making changes?
Which Smartcenter should be connected to for making changes?
secondary Smartcenter
secondary Smartcenter
active Smartenter
active Smartenter
connect virtual IP of Smartcenter HA
connect virtual IP of Smartcenter HA
primary Smartcenter
primary Smartcenter
Suggested answer: B
Explanation:

Management HA is a feature that allows the Security Management server to have one or more backup Standby Security Management servers that are ready to take over in case of failure1. The Active Security Management server is the one that handles all the management operations, such as policy installation, object creation, configuration backup, etc. The Standby Security Management servers are synchronized with the Active Security Management server and store the same data, such as databases, certificates, CRLs, etc.The Standby Security Management servers can also perform some operations, such as fetching a Security Policy or retrieving a CRL1.

To make changes to the system, such as editing objects or policies, the administrator needs to connect to the Active Security Management server. This is because the Active Security Management server is the only one that can modify the data and synchronize it with the Standby Security Management servers.The administrator can use SmartConsole to connect to the Active Security Management server by entering its IP address or hostname1. The administrator can also use SmartDashboard to connect to the Active Security Management server by selecting Policy > Management High Availability.This shows information about the Security Management server that includes its peers - displayed with the name, status and type of Security Management server1.

The other options are incorrect because:

A) secondary Smartcenter: This is a synonym for a Standby Security Management server, which cannot be used to make changes to the system.

C) connect virtual IP of Smartcenter HA: This is not a valid option because there is no virtual IP for Smartcenter HA. Each Security Management server has its own IP address and hostname.

D) primary Smartcenter: This is a synonym for the Active Security Management server, but it is not the correct term to use. The term primary implies that there is only one Active Security Management server, which is not true.The administrator can put the Active Security Management server on standby and promote a Standby Security Management server to active at any time1.

asked 16/09/2024
Stefan Hupfloher
55 questions

Question 155

Report Export Collapse

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

fwd
fwd
fwm
fwm
cpd
cpd
cpwd
cpwd
Suggested answer: B
Explanation:

User-mode processes are processes that run in the user space of the operating system, as opposed to kernel-mode processes that run in the kernel space. User-mode processes are usually less privileged and have less access to system resources than kernel-mode processes. Check Point products use both user-mode and kernel-mode processes to provide various functionalities and services.

The following are some of the user-mode processes that can be seen on the management server and gateway:

fwd: This process is responsible for policy installation, logging, and communication with other Check Point components. It runs on both the management server and gateway.

cpd: This process is responsible for licensing, certificate management, and communication with SmartConsole. It runs on both the management server and gateway.

cpwd: This process is responsible for monitoring and restarting other processes. It runs on both the management server and gateway.

The following is a user-mode process that can only be seen on the management server:

fwm: This process is responsible for managing the security policy database, compiling the security policy, and generating reports. It runs only on the management server.

Therefore, the correct answer is B)

asked 16/09/2024
Francisli Lilles
48 questions

Question 156

Report Export Collapse

What scenario indicates that SecureXL is enabled?

Dynamic objects are available in the Object Explorer
Dynamic objects are available in the Object Explorer
SecureXL can be disabled in cpconfig
SecureXL can be disabled in cpconfig
fwaccel commands can be used in clish
fwaccel commands can be used in clish
Only one packet in a stream is seen in a fw monitor packet capture
Only one packet in a stream is seen in a fw monitor packet capture
Suggested answer: C
Explanation:

SecureXL is a technology that accelerates the performance of the Check Point Security Gateway by offloading CPU-intensive operations from the Firewall kernel to the SecureXL device. SecureXL can handle various types of traffic, such as TCP, UDP, ICMP, non-IP, VPN, NAT, etc. SecureXL can also work with various features, such as CoreXL, ClusterXL, QoS, etc.

One way to indicate that SecureXL is enabled is to use thefwaccelcommands in clish. Clish is a command-line shell that provides a user-friendly interface for configuring and managing Check Point products. Thefwaccelcommands are used to control and monitor SecureXL operations, such as enabling or disabling SecureXL, viewing SecureXL statistics, managing SecureXL templates, etc. For example, the commandfwaccel statshows the status of SecureXL, such as whether it is on or off, how many packets are accelerated or not accelerated, etc.

The other options are not valid indicators of SecureXL being enabled:

A) Dynamic objects are available in the Object Explorer: Dynamic objects are objects that represent IP addresses that change over time, such as VPN clients, DHCP clients, etc. Dynamic objects are available in the Object Explorer regardless of whether SecureXL is enabled or not.

B) SecureXL can be disabled in cpconfig: Cpconfig is a command-line tool that allows you to configure various settings of Check Point products, such as administrator password, GUI clients, SNMP extension, etc. SecureXL can be disabled in cpconfig only if it was enabled before. Therefore, this option does not indicate that SecureXL is enabled.

D) Only one packet in a stream is seen in a fw monitor packet capture: Fw monitor is a command-line tool that allows you to capture and analyze network traffic passing through the Security Gateway. Fw monitor shows the traffic at different inspection points in the Firewall kernel. If SecureXL is enabled, some packets may be accelerated by SecureXL and bypass the Firewall kernel inspection. Therefore, fw monitor may not see all packets in a stream. However, this does not mean that only one packet in a stream will be seen by fw monitor. Some packets may still go through the Firewall kernel inspection and be seen by fw monitor. Therefore, this option does not indicate that SecureXL is enabled.

Therefore, the correct answer is C.

asked 16/09/2024
Katlego Nkwane
52 questions

Question 157

Report Export Collapse

What processes does CPM control?

Object-Store, Database changes, CPM Process and web-services
Object-Store, Database changes, CPM Process and web-services
web-services, CPMI process, DLEserver, CPM process
web-services, CPMI process, DLEserver, CPM process
DLEServer, Object-Store, CP Process and database changes
DLEServer, Object-Store, CP Process and database changes
web_services, dle_server and object_Store
web_services, dle_server and object_Store
Suggested answer: D
Explanation:

CPM stands for Check Point Management, which is a process that runs on the Security Management server and controls the management operations, such as policy installation, object creation, configuration backup, etc. CPM also controls other processes that are related to the management functions, such as:

web_services: This process is responsible for providing web services for the communication between SmartConsole and the Security Management server. It handles requests from SmartConsole clients and forwards them to CPM or other processes.

dle_server: This process is responsible for managing the log files and indexes. It handles queries from SmartLog and SmartEvent and provides log data to CPM or other processes.

object_Store: This process is responsible for storing and retrieving objects from the database. It handles requests from CPM or other processes and provides object data.

Therefore, the correct answer is D)

The other options are incorrect because:

A) Object-Store, Database changes, CPM Process and web-services: This option includes some processes that are controlled by CPM, such as Object-Store, CPM Process, and web-services, but it also includes Database changes, which is not a process but an action performed by CPM or other processes.

B) web-services, CPMI process, DLEserver, CPM process: This option includes some processes that are controlled by CPM, such as web-services, DLEserver, and CPM process, but it also includes CPMI process, which is not a process but a protocol used by CPM or other processes to communicate with each other.

C) DLEServer, Object-Store, CP Process and database changes: This option includes some processes that are controlled by CPM, such as DLEServer and Object-Store, but it also includes CP Process and database changes, which are not processes but a generic term for any Check Point process and an action performed by CPM or other processes respectively.

asked 16/09/2024
helal altarsha
39 questions

Question 158

Report Export Collapse

Which encryption algorithm is the least secured?

AES-128
AES-128
AES-256
AES-256
DES
DES
3DES
3DES
Suggested answer: C
Explanation:

DES (Data Encryption Standard) is a symmetric block cipher that uses a 56-bit key to encrypt and decrypt 64-bit blocks of data. It was developed by IBM in 1975 and adopted by the US government as a standard for encryption. However, DES has been proven to be insecure and vulnerable to various attacks, such as brute force, differential cryptanalysis, and linear cryptanalysis. A brute force attack can break DES in a matter of hours using modern hardware. Differential cryptanalysis can reduce the number of keys to be searched by a factor of four, and linear cryptanalysis can reduce it by a factor of two. Therefore, DES is the least secure encryption algorithm among the options given.

asked 16/09/2024
Andrea DG
41 questions

Question 159

Report Export Collapse

What is the command to check the status of the SmartEvent Correlation Unit?

fw ctl get int cpsead_stat
fw ctl get int cpsead_stat
cpstat cpsead
cpstat cpsead
fw ctl stat cpsemd
fw ctl stat cpsemd
cp_conf get_stat cpsemd
cp_conf get_stat cpsemd
Suggested answer: B
Explanation:

The SmartEvent Correlation Unit is responsible for analyzing the log entries and identifying events from them.It runs on the Log Server machine or on a dedicated machine1. To check the status of the SmartEvent Correlation Unit, you can use the commandcpstat cpseadon the machine where it is installed.This command will show you information such as the number of logs processed, the number of events generated, the CPU and memory usage, and the status of the connection to the SmartEvent Server23.

asked 16/09/2024
Jim Swift
39 questions

Question 160

Report Export Collapse

You need to see which hotfixes are installed on your gateway, which command would you use?

cpinfo --h all
cpinfo --h all
cpinfo --o hotfix
cpinfo --o hotfix
cpinfo --l hotfix
cpinfo --l hotfix
cpinfo --y all
cpinfo --y all
Suggested answer: D
Explanation:

The commandcpinfo --y alldisplays information about all the hotfixes that are installed on the gateway1.This command also shows the hotfix ID, description, installation date, and status for each hotfix2. The other commands are not valid options for this task.The commandcpinfo --h allshows the hardware information of the gateway3. The commandscpinfo --o hotfixandcpinfo --l hotfixdo not exist and will return an error message.

asked 16/09/2024
Siegfried Paul
38 questions
Total 626 questions
Go to page: of 63