Checkpoint 156-315.81 Practice Test - Questions Answers, Page 47

Threat Prevention has three out-of-the-box profiles: Basic, Optimized, and Strict. These profiles define the default actions for different threat prevention blades, such as Anti-Virus, Anti-Bot, IPS, etc. You cannot change the settings of these profiles, but you can clone them and create new profiles with customized settings.

Reference:Training & Certification | Check Point Software, CCSE section

In a Zero downtime upgrade, you should upgrade the Standby Member first. This is because the Standby Member does not process traffic and can be upgraded without affecting the cluster availability. After upgrading the Standby Member, you can perform a failover and make it the Active Member. Then you can upgrade the original Active Member, which becomes the Standby Member after the failover.

Reference:Getting Started - Check Point Software, section ''Upgrading Cluster Members with Zero Downtime''

In Management HA, you should use the active SmartConsole for making changes. The active SmartConsole is connected to the Primary Security Management Server, which is responsible for synchronizing the configuration with the Secondary Security Management Server. If you use the secondary SmartCenter, your changes will not be replicated to the primary SmartCenter and will be lost in case of a failover.

Reference:Check Point Resource Library, page 9

Multi-Version Cluster Upgrade (MVCLU) is a feature that allows you to upgrade a cluster of Security Gateways from one major version to another, without downtime1.MVCLU supports upgrading a cluster that runs on different versions, as long as the versions are compatible with the destination version1. The number of versions, besides the destination version, that are supported in a MVCLU depends on the destination version.For example, if the destination version is R81, then MVCLU supports up to three versions besides R81, which are R80.40, R80.30, and R80.202. Therefore, the correct answer is B, as three versions are supported in a MVCLU besides the destination version.

The Check Point Compliance Blade is a security management tool that monitors the compliance status of the Security Gateways and Security Management Servers with various regulatory standards1.The Compliance Blade supports the following regulatory standards2:

GLBA: The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, is a US federal law that requires financial institutions to protect the privacy and security of their customers' personal information.

CJIS: The Criminal Justice Information Services Division, also known as CJIS, is a division of the US Federal Bureau of Investigation that provides criminal justice information services to law enforcement, national security, and intelligence agencies. CJIS has a set of security policies and requirements that govern the access, use, and protection of the CJIS data.

NCIPA: The National Counterintelligence and Security Center Insider Threat Program Maturity Framework, also known as NCIPA, is a US government framework that provides guidance and best practices for establishing and enhancing insider threat programs within federal agencies. NCIPA defines five levels of maturity for insider threat programs, from initial to optimized.

SOCI: This is not a valid option for a configurable Compliance Regulation. There is no such regulatory standard with this acronym.However, there is a similar acronym,SOC 2, which stands for Service Organization Control 2, which is a set of standards and criteria for auditing the security, availability, processing integrity, confidentiality, and privacy of service providers that store, process, or transmit customer data3.

Therefore, the correct answer is C, as SOCI is not a configurable Compliance Regulation.

The vpn tu command and the SmartView Monitor are two components that allow you to reset a VPN tunnel. The vpn tu command is a command-line tool that lets you view and manage the status of VPN tunnels on a Security Gateway or cluster member. The SmartView Monitor is a graphical tool that lets you monitor the network and security performance, view VPN tunnel status, and reset VPN tunnels. Both components can be used to reset a VPN tunnel by selecting the option to delete IKE SA or IPsec SA for a specific peer or all peers.

Reference:R81 VPN Administration Guide, page 29-30;R81 SmartConsole R81 Resolved Issues, sk170114

The statement that only cluster members running on the same OS platform can be synchronized is false. Cluster members can be synchronized even if they run on different OS platforms, as long as they have the same Check Point version and hotfixes installed. The other statements are true. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

Reference:R81 ClusterXL Administration Guide, page 9-10; [R81 Security Gateway Architecture], page 23

The commandtcpdumpis not an internal/native Check Point command. It is a common command-line tool that captures and analyzes network traffic. The other commands are internal/native Check Point commands that perform various functions. For example:

fwaccel onenables SecureXL acceleration on the Security Gateway.

fw ctl debugsets the debug flags for the Firewall kernel module.

cphaprobdisplays the status and information about ClusterXL or VRRP members.

The minimum open server hardware requirements for a Security Management Server/Standalone in R81 are:

CPU: Intel Core i5-4590 or equivalent (4 cores)

Memory: 8 GB RAM

Disk space: 500 GB

The other options do not match the minimum requirements. Option A has insufficient CPU cores, memory and disk space. Option B has excessive CPU cores and disk space. Option D has excessive CPU cores, memory and disk space.