ExamGecko
Search Search Login
Home Home / Checkpoint / 156-315.81

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 43

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
By default, the R81 web API uses which content-type in its response?
By default, which port does the WebUI listen on?
What are the steps to configure the HTTPS Inspection Policy?
You find one of your cluster gateways showing ''Down'' when you run the ''cphaprob stat'' command. You then run the ''clusterXL_admin up'' on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
What is the limitation of employing Sticky Decision Function?
Which TCP port does the CPM process listen on?

Question 421

Report
Export
Collapse

To find records in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was dropped, what would be the query syntax?

A.
blada: application control AND action:drop
A.
blada: application control AND action:drop
Answers
B.
blade.'application control AND action;drop
B.
blade.'application control AND action;drop
Answers
C.
(blade: application control AND action;drop)
C.
(blade: application control AND action;drop)
Answers
D.
blade;'application control AND action:drop
D.
blade;'application control AND action:drop
Answers
Suggested answer: D

Explanation:

The correct query syntax to find records in the logs that show log records from the Application & URL Filtering Software Blade where traffic was dropped is blade;''application control AND action:drop''. This query uses quotation marks to enclose the values of the blade and action fields, and uses a colon to separate the field name from the value. The query also uses AND to combine two conditions that must be met for a log record to match.

Reference: [Searching Logs]

Question 422

Report
Export
Collapse

What is the SOLR database for?

A.
Used for full text search and enables powerful matching capabilities
A.
Used for full text search and enables powerful matching capabilities
Answers
B.
Writes data to the database and full text search
B.
Writes data to the database and full text search
Answers
C.
Serves GUI responsible to transfer request to the DLE server
C.
Serves GUI responsible to transfer request to the DLE server
Answers
D.
Enables powerful matching capabilities and writes data to the database
D.
Enables powerful matching capabilities and writes data to the database
Answers
Suggested answer: A

Explanation:

The SOLR database is used for full text search and enables powerful matching capabilities. The SOLR database is part of the Log Server component, which is responsible for indexing and storing logs received from Security Gateways and other sources. The SOLR database allows users to perform complex queries on the logs using keywords, filters, operators, and expressions.

Reference:Log Server

Question 423

Report
Export
Collapse

IF the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is sent back through the kernel?

A.
Nothing
A.
Nothing
Answers
B.
TCP FIN
B.
TCP FIN
Answers
C.
TCP RST
C.
TCP RST
Answers
D.
ICMP unreachable
D.
ICMP unreachable
Answers
Suggested answer: A

Explanation:

If the first packet of a UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), nothing is sent back through the kernel. This is because UDP is a connectionless protocol that does not require an acknowledgement from the receiver. Therefore, if a UDP packet is dropped by the Firewall, the sender will not receive any feedback or notification.

Reference:UDP Protocol

Question 424

Report
Export
Collapse

John detected high load on sync interface. Which is most recommended solution?

A.
For FTP connections -- do not sync
A.
For FTP connections -- do not sync
Answers
B.
Add a second interface to handle sync traffic
B.
Add a second interface to handle sync traffic
Answers
C.
For short connections like http service -- do not sync
C.
For short connections like http service -- do not sync
Answers
D.
For short connections like icmp service -- delay sync for 2 seconds
D.
For short connections like icmp service -- delay sync for 2 seconds
Answers
Suggested answer: A

Explanation:

The most recommended solution for high load on sync interface is to exclude FTP connections from synchronization. This is because FTP connections are usually long-lived and consume a lot of bandwidth and resources on the sync interface. By excluding FTP connections from synchronization, the load on the sync interface can be reduced and the performance of the cluster can be improved.

Reference:Synchronization Optimization

Question 425

Report
Export
Collapse

In R81, where do you manage your Mobile Access Policy?

A.
Access Control Policy
A.
Access Control Policy
Answers
B.
Through the Mobile Console
B.
Through the Mobile Console
Answers
C.
Shared Gateways Policy
C.
Shared Gateways Policy
Answers
D.
From the Dedicated Mobility Tab
D.
From the Dedicated Mobility Tab
Answers
Suggested answer: B

Explanation:

In R81, you manage your Mobile Access Policy from the Mobile Console. The Mobile Console is a separate web-based interface that allows you to configure and monitor Mobile Access features, such as VPN, portal, applications, users, devices, and certificates. The Mobile Console can be accessed from any browser by entering https://<Management_Server_IP>/mobileconsole.

Reference: [Mobile Console]

Question 426

Report
Export
Collapse

Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?

A.
In WebUI Status and Actions page or by running the following command in CLISH: show installer status build
A.
In WebUI Status and Actions page or by running the following command in CLISH: show installer status build
Answers
B.
In WebUI Status and Actions page or by running the following command in CLISH: show installer status version
B.
In WebUI Status and Actions page or by running the following command in CLISH: show installer status version
Answers
C.
In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build
C.
In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build
Answers
D.
In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent
D.
In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent
Answers
Suggested answer: A

Explanation:

To verify the CPUSE agent build, you can use either of these methods:

In WebUI Status and Actions page

By running the following command in CLISH: show installer status build The CPUSE agent build indicates the version of the CPUSE agent that is installed on the machine. The CPUSE agent is responsible for downloading, verifying, installing, and removing packages on Gaia OS. It is recommended to keep the CPUSE agent up-to-date to ensure a smooth installation and upgrade process.

Reference: [CPUSE Agent]

Question 427

Report
Export
Collapse

How would you enable VMAC Mode in ClusterXL?

A.
Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC
A.
Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC
Answers
B.
fw ctl set int vmac_mode 1
B.
fw ctl set int vmac_mode 1
Answers
C.
cphaconf vmac_mode set 1
C.
cphaconf vmac_mode set 1
Answers
D.
Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC
D.
Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC
Answers
Suggested answer: A

Explanation:

To enable VMAC Mode in ClusterXL, you need to go to Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC. VMAC Mode is a feature that allows ClusterXL to use a virtual MAC address for cluster interfaces instead of physical MAC addresses. This simplifies the cluster configuration and avoids issues with MAC address flapping or spoofing on switches.

Reference: [VMAC Mode]

Question 428

Report
Export
Collapse

If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:

A.
Rename the hostname of the Standby member to match exactly the hostname of the Active member.
A.
Rename the hostname of the Standby member to match exactly the hostname of the Active member.
Answers
B.
Change the Standby Security Management Server to Active.
B.
Change the Standby Security Management Server to Active.
Answers
C.
Change the Active Security Management Server to Standby.
C.
Change the Active Security Management Server to Standby.
Answers
D.
Manually synchronize the Active and Standby Security Management Servers.
D.
Manually synchronize the Active and Standby Security Management Servers.
Answers
Suggested answer: A

Explanation:

The hostname of the Standby member should not be changed to match the hostname of the Active member, as this would cause a conflict in the network.The correct procedure is to change the hostname of the Active member to a different name, and then change the Standby member to the original hostname of the Active member1.

Reference:1: Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 9.

Question 429

Report
Export
Collapse

You have pushed policy to GW-3 and now cannot pass traffic through the gateway. As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3?

A.
fw unloadlocal
A.
fw unloadlocal
Answers
B.
fw unloadpolicy
B.
fw unloadpolicy
Answers
C.
fwm unload local
C.
fwm unload local
Answers
D.
fwm unload policy
D.
fwm unload policy
Answers
Suggested answer: A

Explanation:

The commandfw unloadlocalremoves the current security policy from the local gateway and returns it to its initial state2. This command can be used as a last resort to restore traffic flow through the gateway if the policy is causing problems.The commandfw unloadpolicyis not valid, and the commandsfwm unload localandfwm unload policyare used to remove policies from remote gateways3.

Reference:2: Check Point Software, Getting Started, Unloading Security Policies;3: Check Point Software, Getting Started, Unloading Security Policies from Remote Gateways.

Question 430

Report
Export
Collapse

Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?

A.
fwm
A.
fwm
Answers
B.
cpd
B.
cpd
Answers
C.
cpwd
C.
cpwd
Answers
D.
cpm
D.
cpm
Answers
Suggested answer: C

Explanation:

The Check Point WatchDog daemon (cpwd) invokes and monitors critical processes and attempts to restart them if they fail. The cpwd daemon is responsible for starting processes such as cpd, cpm, fwm, fwd, and others. The cpd daemon is the Check Point Management daemon that handles communication between SmartConsole applications and Security Management Servers. The cpm daemon is the Check Point Management Server daemon that handles database operations and policy installation. The fwm daemon is the Firewall Management daemon that handles communication between Security Gateways and Security Management Servers.

Reference: : Check Point Software, Getting Started, WatchDog Daemon; : Check Point Software, Getting Started, Processes.

Total 626 questions
Go to page: of 63
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms