Checkpoint 156-315.81 Practice Test - Questions Answers, Page 44

The correct order of a log flow processed by SmartEvent components is: Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client. The Firewall generates logs for traffic and security events. The Log Server receives and stores the logs from the Firewall. The Correlation Unit analyzes the logs and generates SmartEvent events based on predefined or custom rules. The SmartEvent Server Database stores the events generated by the Correlation Unit. The SmartEvent Client displays the events and reports from the SmartEvent Server Database.

Reference: : Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 12; : Check Point Software, Training & Certification, SmartEvent Introduction.

The correct syntax to add a new host named ''emailserver1'' with IP address 10.50.23.90 using GAiA Management CLI ismgmt_cli add host name 'emailserver1' ip-address 10.50.23.90. The name and ip-address parameters are required and must be enclosed in double quotes.The other options are missing the double quotes or have incorrect parameter names1.

Reference:1: Check Point Software, Getting Started, Adding a Host.

The back end database for Check Point R81 Management uses PostgreSQL, which is an open source relational database management system2.MongoDB, MySQL, and DBMS are not used by Check Point R81 Management.

Reference:2: Check Point Software, Getting Started, Database.

By default, when the CPUSE Software Updates Policy is set to Automatic, updates are checked every three hours3. This means that the CPUSE agent will automatically download and install updates that match the policy settings every three hours.The other options are not the default values for the CPUSE Software Updates Policy.

Reference:3: Check Point Software, Getting Started, CPUSE Software Updates Policy.

By default, the R81 web API uses JSON as the content-type in its response. JSON stands for JavaScript Object Notation and is a lightweight data-interchange format that is easy to read and write. XML, Java Script, and Text are not the default content-types for the R81 web API.

Reference: : Check Point Software, Getting Started, Web API; : JSON.org, Introducing JSON.

The best sync method in the ClusterXL deployment is to use one dedicated sync interface. This means that one interface on each cluster member is used exclusively for synchronization traffic, which improves performance and security. Using multiple clusters or sync interfaces is not recommended, as it can cause network congestion or synchronization issues.

Reference: : Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 8.

The lowest supported version of the Security Management that can be upgraded to R81.X is R75 Gaia. This means that the Security Management Server must be running on the Gaia Operating System and have a version of R75 or higher.R76 Splat, R77.X Gaia, and R75 Splat are not supported for upgrading to R81.X1.

Reference:1: Check Point Software, Getting Started, Supported Upgrade Paths.

The process that is used mainly for backward compatibility of gateways in R81.X is fwm. The fwm daemon handles communication with GUI-client, database manipulation, policy compilation and Management HA synchronization for legacy gateways that do not support the cpm daemon. The cpm daemon is the new Check Point Management Server daemon that handles these tasks for R80 and higher gateways. The cpd daemon is the Check Point Management daemon that handles communication between SmartConsole applications and Security Management Servers.The fwd daemon is the Firewall Daemon that handles communication between Security Gateways and Security Management Servers2.

Reference:2: Check Point Software, Getting Started, Processes.

The CLI utility that runs connectivity tests from a Security Gateway to an AD domain controller istest_ad_connectivity -d <domain>. This command tests the connectivity between the gateway and the domain controller using LDAP, Kerberos, and WMI protocols.It also verifies the identity awareness configuration and shows the relevant logs3.The other options are not valid commands for testing AD connectivity.

Reference:3: Check Point Software, Getting Started, Testing Active Directory Connectivity.