Checkpoint 156-315.81 Practice Test - Questions Answers, Page 41

The command to check the status of Check Point processes is cpwd_admin list. This command displays the process ID, name, state, start time, and watchdog status of all the processes that are monitored by the Check Point WatchDog daemon (CPWD). You can also use this command to start, stop, or restart a specific process.

Reference: [cpwd_admin Command]

The valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration is 1-255. The VRID is a unique number that identifies a virtual router in a VRRP group. It is used to associate routers and their virtual IP addresses. The VRID must be the same for all routers in the same VRRP group.

Reference: [Configuring VRRP on Gaia]

The attribute that is not used for identifying a connection by packet acceleration (SecureXL) is TCP Acknowledgment Number. SecureXL identifies connections by using a hash function that takes into account the following attributes: source address, destination address, source port, destination port, protocol, and VPN ID. The TCP Acknowledgment Number is not part of the hash function and does not affect the connection identification.

Reference: [SecureXL Mechanism]

https //sc1.checkpoint.com/documents/R77/CP R77_Firewall_WebAdmm/92711.htm

The approach that will allow you to configure individual policies for each application when configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access is Very Advanced Approach. This approach lets you define compliance rules for each application separately and assign different actions for each rule. You can also create custom messages and notifications for each application. The other approaches are either less granular or not applicable in this scenario. The Basic Approach lets you define compliance rules for all applications globally and assign a single action for all rules. The Medium Approach lets you define compliance rules for all applications globally and assign different actions for each rule. The Strong Approach is not a valid option for Endpoint Compliance Settings.

Reference: [Endpoint Compliance Settings]

The option that is not supported by CPUSE is offline installations. CPUSE (Check Point Update Service Engine) is a Gaia software update agent that manages software updates on Gaia OS and Check Point products. It requires an internet connection to download and install updates from the Check Point Cloud or a local Deployment Agent. The other options are supported by CPUSE. It can automatically download full installation and upgrade packages, hotfixes, and private hotfixes. It can also install them manually or automatically according to a schedule.

Reference: [CPUSE Overview]

https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/

html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/112109

The correct way to change MAC-address in Check Point Gaia is to run the command set interface eth2 mac-addr 11:11:11:11:11:11 in CLISH mode. This command will change the MAC address of the eth2 interface to 11:11:11:11:11:11 and save the configuration. The other commands are either incorrect or not supported in Gaia. The ifconfig command is used in Expert mode to configure network interfaces, but it does not support changing MAC addresses. The ethtool command is used in Expert mode to query and control network device driver and hardware settings, but it does not support changing MAC addresses. The set interface eth2 hw-addr command is not a valid command in CLISH mode.

Reference: [Changing MAC Address]

The TCP port that the CPM process listens on is 19009. The CPM process is the Check Point Management process that handles all management operations on the Security Management Server, such as policy installation, database synchronization, logging, etc. It communicates with other processes and clients using TCP port 19009. The other ports are used by different processes or services. TCP port 18191 is used by the FWM process for management communication. TCP port 18190 is used by the CPD process for inter-process communication. TCP port 8983 is used by the Solr process for SmartLog indexing.

Reference: [Check Point Ports]

According to out of the box SmartEvent policy, the blade that will automatically be correlated into events is IPS. IPS (Intrusion Prevention System) is a blade that detects and prevents network attacks by inspecting traffic and applying signatures and protections. SmartEvent correlates IPS logs into events based on predefined event definitions, such as IPS Attack, IPS Attack High Confidence, IPS Attack Critical Confidence, etc. The other blades are not automatically correlated into events by default, but they can be added to the SmartEvent policy manually.

Reference: [SmartEvent Policy]

The ports that are required to be open for SmartEvent are 19009, 18190, and 443. TCP port 19009 is used by the CPM process for management communication. TCP port 18190 is used by the CPD process for inter-process communication. TCP port 443 is used by the HTTPS protocol for secure web access. SmartEvent uses these ports to communicate with other components, such as SmartConsole, Security Management Server, Log Server, Correlation Unit, etc.

Reference: [SmartEvent Ports]