ExamGecko
Search Search Login
Home Home / Checkpoint / 156-315.81
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
By default, the R81 web API uses which content-type in its response?
What are the steps to configure the HTTPS Inspection Policy?
By default, which port does the WebUI listen on?
When simulating a problem on ClusterXL cluster with cphaprob --d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
Which command would disable a Cluster Member permanently?
You find one of your cluster gateways showing ''Down'' when you run the ''cphaprob stat'' command. You then run the ''clusterXL_admin up'' on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

Question 140 - 156-315.81 discussion

Report
Export

Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company's Developer Team is having random access issue to newly deployed Application Server in DMZ's Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela's desk for an investigation. Pamela decides to use Check Point's Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.

What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

A.
Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.
Answers
A.
Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.
B.
Pamela should check SecureXL status on DMZ Security Gateway and if it's turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.
Answers
B.
Pamela should check SecureXL status on DMZ Security Gateway and if it's turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.
C.
Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.
Answers
C.
Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.
D.
Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.
Answers
D.
Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.
Suggested answer: A

Explanation:

The best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic is: Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures. SecureXL is a technology that accelerates network traffic processing by offloading intensive operations from the Firewall kernel to a dedicated SecureXL device. However, this also means that some traffic might not be seen by fw monitor, which is a tool that captures packets at different inspection points in the Firewall kernel. Therefore, to ensure that fw monitor captures all traffic, SecureXL should be turned OFF before using fw monitor. The other suggestions are either incorrect or less effective in capturing traffic.

Show Answer
asked 16/09/2024
Matt Harrold
44 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms