156-315.81 Online Practice Questions and Answers

Correct Answer: C

It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic. During this time you can analyze

the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

References:

Correct Answer: C

Check Point API is a set of web services that enable the usage of functions and commands in a dynamic and automated fashion. Check Point API is available in different types, each serving a different purpose and functionality. According to the Check Point Resource Library1, the following are the types of Check Point API available in R81.x: Identity Awareness Web Services: This type of API allows external applications to send identity and location information to the Security Gateway, which can then use this information for policy enforcement. Identity Awareness Web Services can be used for scenarios such as guest registration, captive portal, identity agents, etc. OPSEC SDK: This type of API provides a framework for developing applications that interact with Check Point products using the OPSEC (Open Platform for Security) protocol. OPSEC SDK can be used for scenarios such as log export, event management, anti-virus integration, etc. Management: This type of API allows external applications to perform management operations on the Check Point Management server using RESTful web services. Management API can be used for scenarios such as policy installation, object creation, configuration backup, etc. Mobile Access is not a type of Check Point API, but rather a feature that provides secure remote access to corporate resources from various devices. Mobile Access uses SSL VPN technology and supports different authentication methods and access scenarios. References: What is an API Gateway?, How to use Check Point API with Postman quick guide, Home - Check Point Developers, Introduction to RESTful APIs and JSON format, Checkpoint API tutorial, part 1 - getting started

Correct Answer: C

The file that gives you a list of all security servers in use, including port number, is $FWDIR/conf/fwauthd.conf. Security servers are processes that handle application-level protocols such as HTTP, FTP, SMTP, etc., and perform security checks on them. Fwauthd.conf is a configuration file that defines which security servers are enabled, which ports they listen on, and which inspection points they are attached to.

Correct Answer: D

The command that would be used to set the network interfaces' affinity in Manual mode is sim affinity -s. Sim affinity is a command that allows administrators to view and modify the CPU core affinity of network interfaces and SecureXL instances. Core affinity is a feature that binds network interfaces and SecureXL instances to specific CPU cores, which improves the performance and load balancing of the Security Gateway. Sim affinity -s sets the network interfaces' affinity in Manual mode, which means that administrators can manually assign network interfaces to CPU cores. The other options are either invalid or perform different functions.

Correct Answer: B

Multi-Version Cluster Upgrade (MVCLU) is a feature that allows you to upgrade a cluster of Security Gateways from one major version to another, without downtime1. MVCLU supports upgrading a cluster that runs on different versions, as long as the versions are compatible with the destination version1. The number of versions, besides the destination version, that are supported in a MVCLU depends on the destination version. For example, if the destination version is R81, then MVCLU supports up to three versions besides R81, which are R80.40, R80.30, and R80.202. Therefore, the correct answer is B, as three versions are supported in a MVCLU besides the destination version. References: 1: ClusterXL upgrade methods and paths - Check Point Software 2: Check Point R81 - Check Point Software

Correct Answer: C

If a "ping"-packet is dropped by FW1 Policy, you will see this packet in "fw monitor" on one inspection point only: "i". The "i" inspection point represents the inbound traffic before any rule processing. Since the packet is dropped by FW1 Policy, it will not pass through any other inspection points, such as "l" (after rule processing), "o" (outbound before rule processing), or "O" (outbound after rule processing). References: : Check Point Software, Getting Started, fw monitor.

Correct Answer: C

When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches the packet. The order of rule enforcement depends on the action of the matching rule. If the action is Accept, the gateway allows the packet to pass through the gateway, but also continues to check rules in the next Policy Layer down. If the action is Drop, Reject, or Encrypt, the gateway applies that action to the packet and stops checking rules in that Policy Layer and any subsequent Policy Layers. If there is no matching rule in a Policy Layer, the gateway applies the Implicit Clean-up Rule for that Policy Layer, which is usually Drop.

Correct Answer: C

The statement that is wrong regarding the usage of the Central Deployment in SmartConsole is that only be installed Hotfixes can with the Central Deployment in SmartConsole. This is wrong because Central Deployment can also be used to install Jumbo Hotfix accumulators, upgrade clusters, and perform other operations on multiple gateways simultaneously. Central Deployment simplifies and automates the deployment process and reduces human errors and downtime. References: [Check Point Security Expert R81 Administration Guide], page 23.

Correct Answer: A

You will find the config.txt file in the home directory of your user account (e.g. /home/admin/)1. The save configuration config.txt command is a Clish command that saves the current Gaia configuration to a text file2. The file is stored in the home directory of the user who executed the command, and it can be accessed by using the cat or less commands in expert mode1. The file can also be transferred to another machine by using the scp or sftp commands1. The config.txt file contains the Clish commands that are needed to restore the Gaia configuration to the same state as when the file was saved2. The file can be used for backup, migration, or troubleshooting purposes2. References: How to backup and restore Gaia configuration - Check Point Software, Gaia R81.20 Administration Guide - Check Point Software

Correct Answer: B

Active Directory Query is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers by querying domain controllers for security event logs. The Security Gateway sends a WMI query to each domain controller and receives a WMI event when a user logs in, logs out, or unlocks their computer. The Security Gateway then maps IP addresses to user names based on these events. Active Directory Query does not require any software installation on domain controllers or clients, but it requires certain permissions and configurations on the domain controllers Reference : https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htm