Checkpoint 156-315.81 Practice Test - Questions Answers, Page 38

Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.

The component of SandBlast protection that her company is using on a Gateway isSandBlast Threat Extraction. SandBlast Threat Extraction is a software blade that provides protection against malicious files by removing potentially risky elements, such as macros, embedded objects, scripts, etc. The sanitized files are delivered to the users with a notification about the removed elements. SandBlast Threat Extraction can also reconstruct the original files after they are scanned by SandBlast Threat Emulation, which is another software blade that provides protection against malicious files by emulating them in a virtual sandbox and analyzing their behavior.

Reference:R81 Threat Prevention Administration Guide, page 37.

If an administrator wants to add manual NAT for addresses not owned by the Check Point firewall, they also need to add the proxy ARP configurations in a file called$FWDIR/conf/local.arp. This file contains the mappings between the IP addresses and the MAC addresses of the NATed hosts. The proxy ARP feature allows the firewall to answer ARP requests on behalf of the NATed hosts and forward the traffic to them. The local.arp file needs to be edited manually and reloaded with the commandarp -f $FWDIR/conf/local.arp.

Reference:R81 Security Management Administration Guide, page 1014.

How many interfaces can you configure to use the Multi-Queue feature? You can configure up to5 interfacesto use the Multi-Queue feature. Multi-Queue is a performance enhancement feature that allows distributing the network traffic among multiple CPU cores, instead of using a single core for all traffic. Multi-Queue can be enabled on interfaces that have high traffic load and support multiple receive/transmit queues. Multi-Queue can be configured via SmartConsole or via CLI with the commandsim affinity -m.

Reference:R81 Performance Tuning Administration Guide, page 18.

Which firewall daemon is responsible for the FW CLI commands? The firewall daemon that is responsible for the FW CLI commands isfwd. This daemon handles the communication between the firewall kernel and the user space processes, such as SmartConsole, SmartView Tracker, etc. The FW CLI commands are used to control and monitor various aspects of the firewall, such as connections, policy installation, logs, NAT, etc. The FW CLI commands are executed with the prefixfw, such asfw stat,fw tab,fw monitor, etc.

Reference:R81 Command Line Interface Reference Guide, page 13.

How long may verification of one file take for SandBlast Threat Emulation? Verification of one file may take up to3 minutesfor SandBlast Threat Emulation. SandBlast Threat Emulation is a software blade that provides protection against malicious files by emulating them in a virtual sandbox and analyzing their behavior. The emulation time depends on various factors, such as file size, file type, emulation mode, etc. The default emulation time limit is 180 seconds, but it can be changed in the Threat Prevention policy settings.

Reference: [R81 Threat Prevention Administration Guide], page 39.

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After installation, the administrator needs to perform some additional tasks for it to function properly.

The tasks that the administrator needs to perform are:

Go to Clish-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway

Go to SmartConsole | Install Security Policy

The first task is to enable and configure CoreXL, which is a performance enhancement feature that allows running multiple instances of the firewall kernel on multiple CPU cores. CoreXL can be enabled and configured via cpconfig, which is a utility that provides a menu-based interface for various system settings. After enabling CoreXL, the administrator needs to reboot the Security Gateway for the changes to take effect.

The second task is to install the security policy on the Security Gateway via SmartConsole, which is a unified graphical user interface for managing Check Point products. Installing the security policy will activate the CoreXL instances and distribute the traffic among them.

Reference:R81 Performance Tuning Administration Guide, page 15;R81 Security Management Administration Guide, page 83.

GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as theCheck Point Update Service Engine. This agent allows you to download and install software updates, hotfixes, upgrade packages, etc., from Check Point servers or from a local repository. The Check Point Update Service Engine can be accessed via SmartConsole or via WebUI or CLI on GAIA.

Reference: [Gaia Administration Guide R81], page 77.

Hit Count is a feature to track the number of connections that each rule matches, which can help to optimize the Rule Base efficiency and analyze the network traffic behavior. The benefit that is not provided by Hit Count isautomatically rearrange Access Control Policy based on Hit Count Analysis. Hit Count does not change the order of the rules automatically, but it allows the administrator to manually move the rules up or down based on the hit count statistics. The administrator can also use the SmartOptimize feature to get suggestions for improving the Rule Base order and performance.

Reference:R81 Security Management Administration Guide, page 97.

You need to change the MAC-address on eth2 interface of the gateway. The command and the mode that you will use to achieve this goal areset interface eth2 mac-addr 11:11:11:11:11:11; CLISH. This command allows you to change the MAC address of an interface in GAIA, which can be useful for replacing a faulty network card or cloning another device. The command is executed in CLISH mode, which is a shell that provides a menu-based interface for configuring various system settings. To apply the changes, you need to save the configuration and restart the interface.

Reference:Gaia Administration Guide R81, page 31.