Checkpoint 156-315.81 Practice Test - Questions Answers, Page 50

The possible Automatic Reactions in SmartEvent areMail, SNMP Trap, Block Source, Block Event Activity, and External Script1.Automatic Reactions are actions that SmartEvent can perform automatically when a specific event occurs2.They can help you respond quickly and efficiently to security incidents and threats2.The Automatic Reactions are1:

Mail: This reaction sends an email notification to a specified recipient with the details of the event. You can customize the subject and the body of the email, and use variables to include relevant information.

SNMP Trap: This reaction sends an SNMP trap to a specified SNMP server with the details of the event. You can customize the OID and the community string of the trap, and use variables to include relevant information.

Block Source: This reaction blocks the source IP address of the event from accessing your network for a specified duration. You can choose to block the source on all gateways or on specific gateways. You can also choose to block the source on a specific port or service.

Block Event Activity: This reaction blocks the specific activity that triggered the event from occurring again for a specified duration. You can choose to block the activity on all gateways or on specific gateways. You can also choose to block the activity on a specific port or service.

External Script: This reaction runs an external script on a specified server with the details of the event as arguments. You can use any script that can be executed by the operating system of the server, such as bash, perl, python, etc. You can use variables to include relevant information in the script arguments.

The process that pulls the application monitoring status from gateways iscpd1.The cpd process is responsible for the communication between the Security Management Server and the Security Gateway2.It handles tasks such as policy installation, status reporting, logging, and synchronization2.The cpd process also monitors the application status of the Security Gateway, such as CPU, memory, disk space, and processes3.The cpd process sends this information to the Security Management Server, which displays it in SmartConsole and SmartView Monitor3.

NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup.These are enabled by default and work only if Accept Templates are enabled1.According to the web search results, NAT Templates are a feature of SecureXL that accelerates the performance of the Security Gateway by offloading CPU-intensive operations to the SecureXL device2.NAT Templates are supported for Static NAT and Hide NAT using the existing SecureXL Templates mechanism1.NAT Templates are disabled by default on Check Point Security Gateway R80.10 and below, but they are not relevant to SecureXL in versions R80.20 and above, as all template handling has moved to the Firewall1.NAT Templates can be enabled or disabled by setting the relevant kernel parameters in $FWDIR/boot/modules/fwkern.conf file1.

You can establish a VPN before the user login to the Endpoint Client by enabling Machine Authentication in the Gateway object of the Smart Console1.Machine Authentication is a feature that allows you to authenticate with a machine certificate and establish a VPN tunnel before the Windows Logon2.This feature provides the following benefits2:

It enhances the security of the VPN connection by verifying the identity of the machine before allowing access to the network.

It simplifies the user experience by eliminating the need to enter credentials twice (once for the VPN and once for the Windows Logon).

It enables seamless connectivity to the network resources and domain services, such as Group Policy, login scripts, and mapped drives. Machine Authentication is supported on Check Point Endpoint Security Client for Windows with E80.71 and higher versions2.It requires a hotfix on top of R77.30 jumbo 286 on the Security Gateway2.To configure Machine Authentication, you need to do the following steps2:

Generate and distribute machine certificates to the Endpoint machines using a trusted Certificate Authority (CA).

Enable Machine Authentication in the Gateway object of the Smart Console and select the CA that issued the machine certificates.

Install policy on the Security Gateway and reboot it.

Enable Machine Authentication in the Endpoint Security Client and select the machine certificate to use.

You will find the config.txt file in the home directory of your user account (e.g./home/admin/)1.Thesave configuration config.txtcommand is a Clish command that saves the current Gaia configuration to a text file2.The file is stored in the home directory of the user who executed the command, and it can be accessed by using thecatorlesscommands in expert mode1.The file can also be transferred to another machine by using thescporsftpcommands1.The config.txt file contains the Clish commands that are needed to restore the Gaia configuration to the same state as when the file was saved2.The file can be used for backup, migration, or troubleshooting purposes2.

You can switch the active log file by runningfw logswitchon the Management Server1.This command closes the current log file and creates a new one2.It is useful for archiving or backing up log files, or for creating a new log file for a specific time period2.You can also schedule the log switch to occur automatically at a regular interval, such as daily, weekly, or monthly2.To run this command, you need to access the Management Server in expert mode and runfw logswitch1. You can also use the SmartView Tracker to switch the active log file from the GUI.To do this, go to the Network & Endpoint tab, click on the File menu, and select Switch Active File...3.

You can enable Multi-Version Cluster (MVC) by runningset cluster member mvc onon the Check Point Security Gateway Cluster Member1.MVC is a feature that allows you to upgrade a Security Gateway Cluster to a higher version without downtime2.It works by upgrading one cluster member at a time, while the other cluster members continue to operate with the lower version2.MVC supports upgrading from R80.40 and above to R81 and above2.To use MVC, you need to do the following steps2:

Enable MVC on each cluster member by runningset cluster member mvc onin Clish and rebooting the gateway.

Install the higher version on one cluster member using CPUSE or ISO image.

Install policy on the upgraded cluster member and verify that it works properly.

Repeat the previous steps for the remaining cluster members until all of them are upgraded.

Disable MVC on each cluster member by runningset cluster member mvc offin Clish and rebooting the gateway.

You can use thecphaprob -a ifcommand to check the status of the virtual cluster interface1.This command displays the state, virtual IP address, and physical IP address of each cluster interface2.It also shows the load balancing method, the load on each interface, and the active member for each interface2. This command can help you verify that Alice configured the virtual cluster interface correctly and that it is working properly.To run this command, you need to access the cluster member in Clish and runcphaprob -a if1.

There are 8 priority queues by default, and up to 8 additional queues can be manually configured1.Priority Queues are a feature of SecureXL that accelerates the performance of the Security Gateway by offloading CPU-intensive operations to the SecureXL device2.Priority Queues are used to prioritize traffic when the Security Gateway is stressed and needs to drop packets2.By default, there are 8 priority queues, each with a different priority level and type of connections2.You can manually configure up to 8 additional queues by setting the relevant kernel parameters in $FWDIR/boot/modules/fwkern.conf file1.You can also customize the queue length, the load balancing method, and the services that are considered as control connections1.