Home

Home / Checkpoint / 156-315.81

Question list

List of questions

Question 1

(0)

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

Question 2

(0)

Advanced Security Checkups can be easily conducted within:

Question 3

(0)

What is the limitation of employing Sticky Decision Function?

Question 4

(0)

How many images are included with Check Point TE appliance in Recommended Mode?

Question 5

(0)

You have existing dbedit scripts from R77. Can you use them with R81.20?

Question 6

(0)

Which Remote Access Client does not provide an Office-Mode Address?

Question 7

(0)

What is the command to see cluster status in cli expert mode?

Question 8

(0)

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

Question 9

(0)

You find one of your cluster gateways showing ''Down'' when you run the ''cphaprob stat'' command. You then run the ''clusterXL_admin up'' on the down member but unfortunately the member continues t

Question 10

(0)

In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

Open VPLUS File

Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?

SmartEvent Security Checkups can be run from the following Logs and Monitor activity:

By default, the R81 web API uses which content-type in its response?

What are the steps to configure the HTTPS Inspection Policy?

By default, which port does the WebUI listen on?

When simulating a problem on ClusterXL cluster with cphaprob --d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

Which command would disable a Cluster Member permanently?

You find one of your cluster gateways showing ''Down'' when you run the ''cphaprob stat'' command. You then run the ''clusterXL_admin up'' on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

Question 156 - 156-315.81 discussion

Report

What scenario indicates that SecureXL is enabled?

A.

Dynamic objects are available in the Object Explorer

B.

SecureXL can be disabled in cpconfig

C.

fwaccel commands can be used in clish

D.

Only one packet in a stream is seen in a fw monitor packet capture

Suggested answer: C

Explanation:

SecureXL is a technology that accelerates the performance of the Check Point Security Gateway by offloading CPU-intensive operations from the Firewall kernel to the SecureXL device. SecureXL can handle various types of traffic, such as TCP, UDP, ICMP, non-IP, VPN, NAT, etc. SecureXL can also work with various features, such as CoreXL, ClusterXL, QoS, etc.

One way to indicate that SecureXL is enabled is to use thefwaccelcommands in clish. Clish is a command-line shell that provides a user-friendly interface for configuring and managing Check Point products. Thefwaccelcommands are used to control and monitor SecureXL operations, such as enabling or disabling SecureXL, viewing SecureXL statistics, managing SecureXL templates, etc. For example, the commandfwaccel statshows the status of SecureXL, such as whether it is on or off, how many packets are accelerated or not accelerated, etc.

The other options are not valid indicators of SecureXL being enabled:

A) Dynamic objects are available in the Object Explorer: Dynamic objects are objects that represent IP addresses that change over time, such as VPN clients, DHCP clients, etc. Dynamic objects are available in the Object Explorer regardless of whether SecureXL is enabled or not.

B) SecureXL can be disabled in cpconfig: Cpconfig is a command-line tool that allows you to configure various settings of Check Point products, such as administrator password, GUI clients, SNMP extension, etc. SecureXL can be disabled in cpconfig only if it was enabled before. Therefore, this option does not indicate that SecureXL is enabled.

D) Only one packet in a stream is seen in a fw monitor packet capture: Fw monitor is a command-line tool that allows you to capture and analyze network traffic passing through the Security Gateway. Fw monitor shows the traffic at different inspection points in the Firewall kernel. If SecureXL is enabled, some packets may be accelerated by SecureXL and bypass the Firewall kernel inspection. Therefore, fw monitor may not see all packets in a stream. However, this does not mean that only one packet in a stream will be seen by fw monitor. Some packets may still go through the Firewall kernel inspection and be seen by fw monitor. Therefore, this option does not indicate that SecureXL is enabled.

Therefore, the correct answer is C.

Show Answer

asked 16/09/2024

Katlego Nkwane

45 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first