Checkpoint 156-315.81 Practice Test - Questions Answers, Page 52

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_PerformanceTuning_AdminGuide/Content/Topics-PTG/CoreXL-Configuring-IPv4-and-IPv6-CoreXL-FW-instances.htm?Highlight=Configuring%20the%20Number%20of%20IPv4%20CoreXL%20Firewall%20Instances R81 https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_PerformanceTuning_AdminGuide/Topics-PTG/CoreXL-Configuring-IPv4-and-IPv6-CoreXL-FW-instances.htm cpconfig -> Enter the number of the Check Point CoreXL option. ( Enter 1 to select Change the number of firewall instances. OR Enter 2 for the option Change the number of IPv6 firewall instances.) -> Enter the total number of IPv4 (IPv6) CoreXL Firewall instances you wish the Security Gateway to run. Follow the instructions on the screen. -> Exit from the cpconfig menu. - Reboot the Security Gateway.

Mobile Access Gateway can be configured as a reverse proxy for internal web applications. Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. The Security Gateway then forwards the requests to the internal web servers and returns the responses to the users.To enable reverse proxy mode on the Mobile Access Gateway, the administrator needs to run the ReverseProxy command on the command line interface of the Security Gateway5. Therefore, the correct answer is C.

High Availability (HA) is a deployment scenario where two or more Security Management Servers are configured to work together as a cluster. One server acts as the Primary server and handles all management operations, while another server acts as the Secondary server and serves as a backup. If the Primary server fails, the Secondary server takes over and becomes active. The cluster members communicate using a Virtual IP (VIP) address, which is used by SmartConsole to connect to the active server. If the Primary server is temporarily down, the administrator does not need to do anything, as SmartConsole will automatically connect to the VIP address and reach the Secondary server that has become active. Therefore, the correct answer is A.

FWD is a process that runs on both Security Management Server and Security Gateway. On Security Management Server, FWD handles logging and communication with SmartConsole.On Security Gateway, FWD receives policy files from FWM (the policy compiler process on Security Management Server) and stores them in a temporary directory before installing them on the firewall kernel7. Therefore, FWD is responsible for receiving policy files from FWM on Security Gateway side. The correct answer is A.

Harmony Endpoint is a solution that provides comprehensive protection for endpoint devices against cyber threats. Harmony Endpoint includes a personal firewall that controls the network traffic to and from the endpoint device, based on predefined rules and policies.Harmony Endpoint also integrates with Check Point's VPN solutions to provide secure remote access to corporate resources1. Therefore, the customer will need Harmony Endpoint because of the personal firewall requirement.

The cpprod_util command is a utility that provides information about the installed Check Point products and their versions.The cpprod_util MgmtIsPrimary option checks if the Security Management Server is installed as a primary or a secondary server in a High Availability cluster2. If the server is primary, the command returns ''yes''. If the server is secondary, the command returns ''no''. Therefore, Bob can use this command to verify the provisioning of the secondary Security Management Server.

SecureXL is a technology that improves the performance of the Security Gateway by offloading CPU-intensive operations to a dedicated hardware or software module. SecureXL uses templates to accelerate traffic processing based on predefined patterns and conditions.SecureXL supports three types of templates: Accept Templates, Drop Templates, and NAT Templates3.

Accept Templates are used to accelerate traffic that matches an Accept rule in the Security Policy. Accept Templates bypass most of the inspection stages and send packets directly to the network interface.

Drop Templates are used to accelerate traffic that matches a Drop rule in the Security Policy. Drop Templates drop packets without sending them to the firewall kernel for inspection.

NAT Templates are used to accelerate traffic that requires Network Address Translation (NAT). NAT Templates perform NAT operations without sending packets to the firewall kernel.

Therefore, the correct answer is B)

CPUSE (Check Point Upgrade Service Engine) is a tool that allows users to download, import, install, and uninstall software packages on Gaia OS. CPUSE has a web-based user interface that can be accessed through Gaia Portal.CPUSE offers four package options in the web GUI for different purposes4:

Clean Install - This option performs a clean installation of a Major Version package, which erases all existing configuration and data on the system.

Export Package - This option exports a package from CPUSE repository to an external location for backup or transfer purposes.

Upgrade - This option performs an upgrade of a Major Version package or a Minor Version package, which preserves the existing configuration and data on the system.

Database Conversion - This option converts the database schema of a Major Version package to match the current version.

Therefore, the correct answer is B)

Certificate Authority (CA) is a service that issues and manages digital certificates for secure communication between Check Point components. CA can be installed on a Security Management Server or on a dedicated server. CA can be configured as primary or secondary in a High Availability cluster. The cpconfig command is used to run the Check Point Configuration Tool on Gaia OS, which allows users to configure various settings for Check Point products.One of the configuration options is Certificate Authority, which shows if CA is installed on the server and if it is primary or secondary5. Therefore, Alice needs to look for this option to check the CA status.