Checkpoint 156-315.81 Practice Test - Questions Answers, Page 37

What two ordered layers make up the Access Control Policy Layer? Network and Application Control are the two ordered layers that make up the Access Control Policy Layer. The Network layer controls network access based on source, destination, service, time, etc. The Application Control layer controls application access based on users, groups, applications, content categories, etc. The Network layer is always processed before the Application Control layer.

Reference:R81 Security Management Administration Guide, page 29.

In the Network policy layer, the default action for the Implied last rule isdropall traffic. However, in the Application Control policy layer, the default action isacceptall traffic. The Implied last rule is a rule that is automatically added at the end of each policy layer and defines what to do with traffic that does not match any of the user-defined rules. The default actions for each policy layer can be changed in the Global Properties or in the layer properties.

Reference:R81 Security Management Administration Guide, page 30.

Which command is used to obtain the configuration lock in Gaia? The command that is used to obtain the configuration lock in Gaia islock database override. This command allows a user to take over the configuration lock from another user who is currently logged in with read/write access. The other user will be forced to logout and will lose any unsaved changes. This command should be used with caution and only when necessary.

Reference:Gaia Administration Guide R81, page 15.

What is the default shell for the command line interface? The default shell for the command line interface isClish. Clish is a shell that provides a menu-based interface for configuring various system settings, such as network interfaces, routing, DNS, NTP, SNMP, SSH, etc. Clish also provides help and completion features for easier navigation. To switch from Clish to Expert mode, which allows running Linux commands, use the commandexpert.

Reference:Gaia Administration Guide R81, page 29.

You plan to automate creating new objects using new R81 Management API. You decide to use GAIA CLI for this task.

The first step to run management API commands on GAIA's shell ismgmt_login. This command allows you to login to the management server and obtain a session ID, which is required for running other management API commands. You can also specify the user name and password as parameters, or enter them interactively. The session ID is stored in the file$CPDIR/tmp/.api_sessionby default, unless you specify a different file name.

Reference:R81 Management API Reference Guide, page 15.

On R81.20 the IPS Blade is managed by theThreat Prevention policy. The Threat Prevention policy is a unified policy that includes Anti-virus, IPS, Anti-bot, and Threat Emulation software blades. The IPS blade provides protection against network attacks and exploits by inspecting the traffic and blocking malicious packets. The IPS blade can be configured with different profiles and exceptions to suit different security needs.

Reference:R81 Threat Prevention Administration Guide, page 15.

When users connect to the Mobile Access portal they are unable to open File Shares.

The log file that you would want to examine iscvpnd.elg. This log file contains information about the Mobile Access VPN daemon, which handles the connections from the Mobile Access portal to the internal resources, such as File Shares, Web Applications, etc. The log file is located in the directory$FWDIR/log/on the Security Gateway. You can use the commandfw log -f cvpnd.elgto view the log file in real time.

Reference:R81 Mobile Access Administration Guide, page 255.

https://community.checkpoint.com/t5/General-Topics/Check-Point-Inspection-points-iIoO/td-p/34938

The default order of the 'fw monitor' inspection points is:

i (input): this is the first inspection point, where packets enter the firewall.

l (local): this is the second inspection point, where packets are processed locally by the firewall, before being forwarded to the next hop.

o (output): this is the third inspection point, where packets are sent out to their final destination.

O (offload): this is the fourth inspection point, where packets are offloaded to hardware acceleration for faster processing.

What is the default size of NAT table fwx_alloc? The default size of NAT table fwx_alloc is25000. This table stores the connections that require NAT translation by the Security Gateway. The size of this table can be changed by using the commandfw ctl set int fwx_alloc <value>, where <value> is the desired number of connections. The maximum value is 65535. To make this change permanent, you need to add this command to the file$FWDIR/conf/fwaffinity.confon the Security Gateway.

Reference: [R81 Performance Tuning Administration Guide], page 126.