ExamGecko
Home Home / Checkpoint / 156-315.81

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 9

Question list
Search
Search

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

A.
fwd via cpm
A.
fwd via cpm
Answers
B.
fwm via fwd
B.
fwm via fwd
Answers
C.
cpm via cpd
C.
cpm via cpd
Answers
D.
fwd via cpd
D.
fwd via cpd
Answers
Suggested answer: A

Explanation:

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via the cpm process.The cpm process is the main management process that handles database operations, policy installation, and communication with GUI clients via TCP port 190093. The other options are either incorrect or irrelevant to the log flow.

Reference:Certified Security Expert (CCSE) R81.20 Course Overview,Check Point Ports Used for Communication by Various Check Point Modules

You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

A.
restore_backup
A.
restore_backup
Answers
B.
import backup
B.
import backup
Answers
C.
cp_merge
C.
cp_merge
Answers
D.
migrate import
D.
migrate import
Answers
Suggested answer: D

Explanation:

The commandmigrate importcan be used to restore a backup of Check Point configurations without the OS information. This command imports the configuration from a file that was created using themigrate exportcommand, which backs up only the Check Point configuration and not the OS settings. The other commands are either not valid or not suitable for restoring a backup without the OS information.

Reference: Check Point R81 Installation and Upgrade Guide

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

A.
add host name <New HostName> ip-address <ip address>
A.
add host name <New HostName> ip-address <ip address>
Answers
B.
add hostname <New HostName> ip-address <ip address>
B.
add hostname <New HostName> ip-address <ip address>
Answers
C.
set host name <New HostName> ip-address <ip address>
C.
set host name <New HostName> ip-address <ip address>
Answers
D.
set hostname <New HostName> ip-address <ip address>
D.
set hostname <New HostName> ip-address <ip address>
Answers
Suggested answer: A

Explanation:

The API commandadd host name <New HostName> ip-address <ip address>can be used in a script to create 100 new host objects with different IP addresses. This command adds a new host object with the specified name and IP address to the database. The other commands are either not valid or not suitable for creating new host objects.

Reference: Check Point - Management API reference

Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

A.
One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
A.
One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
Answers
B.
One machine
B.
One machine
Answers
C.
Two machines
C.
Two machines
Answers
D.
Three machines
D.
Three machines
Answers
Suggested answer: C

Explanation:

Tom will need two machines to install Check Point R81 in a distributed deployment, if he does not include a SmartConsole machine in his calculations. A distributed deployment consists of a Security Management Server that manages one or more Security Gateways. Therefore, Tom will need one machine for the Security Management Server and another machine for the Security Gateway. The other options are either too few or too many machines for a distributed deployment.

Reference: Check Point R81 Installation and Upgrade Guide

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

A.
Inspect/Bypass
A.
Inspect/Bypass
Answers
B.
Inspect/Prevent
B.
Inspect/Prevent
Answers
C.
Prevent/Bypass
C.
Prevent/Bypass
Answers
D.
Detect/Bypass
D.
Detect/Bypass
Answers
Suggested answer: A

Explanation:

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines anInspectorBypassaction for the file types.The Inspect action means that the file will be sent to the Threat Emulation engine for analysis, and the Bypass action means that the file will not be sent and will be allowed or blocked based on other Threat Prevention blades1. The other options are not valid actions for file types in Threat Prevention profiles.

Reference:Check Point R81 Threat Prevention Administration Guide

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

A.
None, Security Management Server would be installed by itself.
A.
None, Security Management Server would be installed by itself.
Answers
B.
SmartConsole
B.
SmartConsole
Answers
C.
SecureClient
C.
SecureClient
Answers
D.
Security Gateway
D.
Security Gateway
Answers
E.
SmartEvent
E.
SmartEvent
Answers
Suggested answer: D

Explanation:

When doing a Stand-Alone Installation, you would install the Security Management Server with the Security Gateway as the other Check Point architecture component.A Stand-Alone Installation is where the Security Management Server and the Security Gateway are installed on the same machine2. The other options are either not Check Point architecture components, or not suitable for a Stand-Alone Installation.

Reference:Check Point R81 Installation and Upgrade Guide

On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

A.
18210
A.
18210
Answers
B.
18184
B.
18184
Answers
C.
257
C.
257
Answers
D.
18191
D.
18191
Answers
Suggested answer: B

Explanation:

On R81.20, when configuring Third-Party devices to read the logs using the LEA (Log Export API), the default Log Server uses port18184. This port can be changed using thelea_servercommand in expert mode. The other ports are either not related to LEA, or used for different purposes, such as 18210 for CPMI, 257 for FW1_log, and 18191 for SIC.

Reference: [Check Point R81 Logging and Monitoring Administration Guide], [Check Point Ports Used for Communication by Various Check Point Modules]

The Correlation Unit performs all but the following actions:

A.
Marks logs that individually are not events, but may be part of a larger pattern to be identified later.
A.
Marks logs that individually are not events, but may be part of a larger pattern to be identified later.
Answers
B.
Generates an event based on the Event policy.
B.
Generates an event based on the Event policy.
Answers
C.
Assigns a severity level to the event.
C.
Assigns a severity level to the event.
Answers
D.
Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.
D.
Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.
Answers
Suggested answer: C

Explanation:

The Correlation Unit in Check Point Security Management performs several actions, but it does not assign a severity level to the event. The Correlation Unit is responsible for identifying patterns in logs, marking logs that are part of larger patterns, generating events based on the Event policy, and adding new log entries to ongoing events. However, assigning a severity level to an event is typically done through the Event policy configuration, not by the Correlation Unit.

What is the difference between SSL VPN and IPSec VPN?

A.
IPSec VPN does not require installation of a resilient VPN client.
A.
IPSec VPN does not require installation of a resilient VPN client.
Answers
B.
SSL VPN requires installation of a resident VPN client.
B.
SSL VPN requires installation of a resident VPN client.
Answers
C.
SSL VPN and IPSec VPN are the same.
C.
SSL VPN and IPSec VPN are the same.
Answers
D.
IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.
D.
IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.
Answers
Suggested answer: D

Explanation:

The main difference between SSL VPN (Secure Sockets Layer Virtual Private Network) and IPSec VPN (Internet Protocol Security Virtual Private Network) is in the way they operate:

SSL VPN typically does not require the installation of a resident VPN client. It often relies on a web browser to establish the VPN connection, making it more convenient for remote users who may not want to install dedicated VPN software.

IPSec VPN, on the other hand, often requires the installation of a resident VPN client on the user's device to establish the VPN connection. This client software is necessary for configuring and managing the VPN connection.

Option C, stating that SSL VPN and IPSec VPN are the same, is incorrect because they have distinct characteristics as described above.

Option A is incorrect because it inaccurately suggests that IPSec VPN does not require a resident VPN client, which is not true in most cases.

Option B is incorrect because it wrongly claims that SSL VPN requires the installation of a resident VPN client.

Which of the following will NOT affect acceleration?

A.
Connections destined to or originated from the Security gateway
A.
Connections destined to or originated from the Security gateway
Answers
B.
A 5-tuple match
B.
A 5-tuple match
Answers
C.
Multicast packets
C.
Multicast packets
Answers
D.
Connections that have a Handler (ICMP, FTP, H.323, etc.)
D.
Connections that have a Handler (ICMP, FTP, H.323, etc.)
Answers
Suggested answer: B

Explanation:

Check Point's SecureXL technology, which is responsible for acceleration, has certain limitations and conditions under which acceleration may not occur. In this context, the question is asking about factors that will NOT affect acceleration.

Option B, 'A 5-tuple match,' will not affect acceleration. A 5-tuple match refers to the matching of source IP, source port, destination IP, destination port, and protocol. SecureXL can accelerate traffic that matches these criteria, but it's not a factor that hinders acceleration.

Options A, C, and D can all affect acceleration:

Option A mentions 'Connections destined to or originated from the Security gateway,' which implies that SecureXL acceleration can apply to these connections.

Option C mentions 'Multicast packets,' and SecureXL may have limitations in handling multicast traffic efficiently.

Option D mentions 'Connections that have a Handler (ICMP, FTP, H.323, etc.),' and certain protocols (such as FTP) may require special handling and might not be fully accelerated by SecureXL.

Total 626 questions
Go to page: of 63