Checkpoint 156-315.81 Practice Test - Questions Answers, Page 54

The correct upgrade method for upgrading from R80.40 to R81.20 without any downtime is the Multi-Version Cluster Upgrade (MVC). MVC is a new feature in R80.40 that replaces the deprecated Connectivity Upgrade (CU). MVC allows you to upgrade cluster members to a newer version without losing connectivity and test the new version on some of the cluster members before you decide to upgrade the rest of the cluster members. MVC synchronizes connections between cluster members that run different versions and ensures that the cluster remains operational during the upgrade process. MVC is intended only to test the current configuration in the newer version and not to change the security policy and install it on cluster members with different software versions. MVC is disabled by default and can be enabled on each cluster member individually. MVC has some limitations, such as not supporting VSX clusters, IPS blade, or SecureXL acceleration.

Multi-Version Cluster (MVC) replaces Connectivity Upgrade (CU) in R80.40

Multi-Version Cluster (MVC) Upgrade

Configuring the Multi-Version Cluster Mechanism

To see historical data with cpview, you can use the cpview -t <timestamp> command, where <timestamp> is the date and time you want to view. For example, cpview -t Jan 01 2023 12:00:00 will show you the cpview data for January 1st, 2023 at noon. You can also enter a partial date, such as Jan 02, to see the data for the whole day.This feature is available in R77.10 and higher versions of Check Point software1.You can also access the historical data by pressing the ''t'' key while running cpview in live mode and entering the desired date and time1.The historical data is stored in the CPViewDB.dat file in the /var/log/CPView_history directory on your gateway2.You can export this file and import it into other tools for visualization, such as Grafana3.

To override Bob's configuration database lock, Alice can use the commandlock database overridein the clish shell. This command will transfer the lock from Bob to Alice and allow her to make the urgent configuration changes. However, this command should be used with caution, as it may cause conflicts or inconsistencies if Bob and Alice are working on the same objects or policies.It is recommended to communicate with other administrators before using this command and to release the lock as soon as possible after finishing the changes1. The other commands are not valid in clish and will result in an error message.

To manually failover a cluster during a zero-downtime upgrade, you can use the commandclusterXL_admin downon the active cluster member. This command will gracefully change the state of the cluster member to down and trigger a failover to the standby cluster member. This way, you can upgrade the cluster member that is now down without affecting the traffic processed by the other cluster member. You can then use the commandclusterXL_admin upto bring the upgraded cluster member back online and repeat the process for the other cluster member.This command is useful for testing and debugging purposes and does not survive reboot unless you add the-poption or use theset cluster member admin down/up permanentcommand in clish1. The other commands are not valid for initiating a manual failover. Theset cluster member downcommand is used to remove a cluster member from a cluster. Thecpstopcommand is used to stop all Check Point services on a gateway. Theset clusterXL downcommand does not exist.

SecureXL does not use the TCP acknowledgment number as an attribute for identifying connections. SecureXL is a technology that accelerates the performance of the firewall by offloading some of the traffic processing from the firewall kernel to a more efficient path.SecureXL identifies connections by five attributes: source address, destination address, source port, destination port, and protocol1. These attributes are also known as the 5-tuple or the connection key. SecureXL uses these attributes to match packets to existing connections and apply the appropriate security policy and actions.SecureXL does not need to inspect the TCP sequence or acknowledgment numbers, as they are irrelevant for the connection identification and security enforcement2.The TCP sequence and acknowledgment numbers are used by the TCP protocol to ensure reliable and ordered delivery of data between endpoints

A pre-shared secret is a secret key that is shared between the two VPN peers before establishing a secure connection. It is used to authenticate the VPN peers and encrypt the VPN traffic. A pre-shared secret is required for a site-to-site VPN tunnel that does not use certificates, because certificates are another way of authenticating the VPN peers using public key cryptography. Without certificates, the VPN peers need to have a common secret key that only they know.

Reference:Check Point R81 VPN Administration Guide, page 13

Windows Management Instrumentation (WMI) is a protocol that allows remote management and monitoring of Windows systems. It is used by AD Query to connect to the Active Directory Domain Controllers and query them for user and computer information. AD Query uses WMI to get real-time updates on user logon events, group membership changes, and computer status changes. WMI is not the same as LDAP, which is a protocol for accessing and modifying directory services. HTTPS and RDP are also different protocols that are not used by AD Query.

Reference:Check Point R81 Identity Awareness Administration Guide, page 17

cp.macro is an electronically signed file used by Check Point to translate the features in the license into a code. It is located in the $FWDIR/conf directory on the Security Management Server. The cp.macro file contains a list of features and their corresponding codes, which are used to generate the license file (.lic) based on the contract file (.xml). The license file (.lic) is then installed on the Security Gateway or Security Management Server to activate the licensed features.

Reference:Check Point R81 Licensing and Contract Administration Guide, page 10

Packet filtering, stateful inspection, and application layer firewall are technologies used to deny or permit network traffic based on different criteria. Packet filtering is a basic firewall technology that examines the header of each packet and compares it to a set of rules to decide whether to allow or drop it. Stateful inspection is an advanced firewall technology that tracks the state and context of each connection and applies security rules based on the connection information. Application layer firewall is a firewall technology that inspects the content and behavior of applications and protocols at the application layer of the OSI model and enforces granular policies based on the application identity, user identity, and content type.

Reference:Check Point R81 Firewall Administration Guide, page 9-10