CheckPoint Checkpoint Certifications 156-215.81 Questions & Answers

• Question 11:

  Consider the Global Properties following settings:

  

  The selected option "Accept Domain Name over UDP (Queries)" means:

  A. UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule written by Administrator in a Security Policy.

  B. All UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy.

  C. No UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy.

  D. All UDP Queries will be accepted by the traffic allowed by first explicit rule written by Administrator in a Security Policy.

  Correct Answer: A

  The selected option "Accept Domain Name over UDP (Queries)" means that UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule written by Administrator in a Security Policy. This option enables the Security Gateway to accept DNS queries from external hosts and forward them to internal DNS servers. The queries are accepted by an implied rule that is applied before the explicit rules in the Security Policy. The implied rule only allows queries from interfaces that have external anti-spoofing groups defined . References: Check Point R81 Quantum Security Gateway Guide, Implied Rules

• Question 12:

  Choose what BEST describes the reason why querying logs now is very fast.

  A. New Smart-1 appliances double the physical memory install

  B. Indexing Engine indexes logs for faster search results

  C. SmartConsole now queries results directly from the Security Gateway

  D. The amount of logs been store is less than the usual in older versions

  Correct Answer: B

  The answer is B because querying logs now is very fast because the Indexing Engine indexes logs for faster search results. The Indexing Engine is a component of the Smart-1 appliance that creates indexes for log fields and values, such as source, destination, action, and time. The indexes enable quick and efficient searches of large amounts of log data.References: [Check Point R81 Logging and Monitoring Administration Guide], [Check Point R81 Indexing Engine]

• Question 13:

  What does it mean if Deyra sees the gateway status:

  

  Choose the BEST answer.

  A. SmartCenter Server cannot reach this Security Gateway

  B. There is a blade reporting a problem

  C. VPN software blade is reporting a malfunction

  D. Security Gateway's MGNT NIC card is disconnected.

  Correct Answer: B

  If Deyra sees the gateway status as shown in the image, it means that there is a blade reporting a problem. The red "X" in the status column indicates that one or more blades on the Security Gateway have a problem that requires attention. The other options are not correct, as they do not match the status shown in the image. If the SmartCenter Server cannot reach this Security Gateway, the status column would show a yellow triangle with an exclamation mark. If the VPN software blade is reporting a malfunction, the blades column would show a red "X" on the VPN icon. If the Security Gateway's MGNT NIC card is disconnected, the IP column would show "N/A" instead of the IP address. References: Remote Access VPN R81 Administration Guide, Check Point R81.10

  

• Question 14:

  You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

  A. fw ctl multik dynamic_dispatching on

  B. fw ctl multik dynamic_dispatching set_mode 9

  C. fw ctl multik set_mode 9

  D. fw ctl miltik pq enable

  Correct Answer: C

  To optimize drops, you can use Priority Queues and fully enable Dynamic Dispatcher on the Security Gateway. Priority Queues are a mechanism that prioritizes part of the traffic when the Security Gateway is stressed and needs to drop packets. Dynamic Dispatcher is a feature that dynamically assigns new connections to a CoreXL FW instance based on the utilization of CPU cores. To enable both features, you need to run the command fw ctl multik set_mode 9 on the Security Gateway. Therefore, the correct answer is C. fw ctl multik set_mode 9. References: CoreXL Dynamic Dispatcher - Check Point Software, Firewall Priority Queues in R80.x / R81.x - Check Point Software, Separate Config for Dynamic Dispatcher and Priority Queues

• Question 15:

  Identity Awareness lets an administrator easily configure network access and auditing based on three items Choose the correct statement.

  A. Network location, the identity of a user and the active directory membership.

  B. Network location, the identity of a user and the identity of a machine.

  C. Network location, the telephone number of a user and the UID of a machine D. Geographical location, the identity of a user and the identity of a machine

  Correct Answer: B

  Identity Awareness is a software blade that lets an administrator easily configure network access and auditing based on three items: network location, the identity of a user, and the identity of a machine. These items are used to identify and authenticate users and machines, and to enforce identity-based policies. Network location refers to the IP address or subnet of the source or destination of the traffic. The identity of a user can be obtained from various sources, such as Active Directory, LDAP, or Captive Portal. The identity of a machine can be verified by using Secure Domain Logon or Identity Agent.

• Question 16:

  When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security Policy?

  A. Access Role

  B. User Group

  C. SmartDirectory Group

  D. Group Template

  Correct Answer: A

  The BEST object type to represent an LDAP group in a Security Policy is an Access Role. An Access Role object defines a set of users, machines, or networks that can access a resource or service p. 27. An Access Role object can include LDAP groups as one of its components, p. 10. , Check Point Identity Awareness Administration Guide R81

• Question 17:

  Which message indicates IKE Phase 2 has completed successfully?

  A. Quick Mode Complete

  B. Aggressive Mode Complete

  C. Main Mode Complete

  D. IKE Mode Complete

  Correct Answer: A

  Quick Mode Complete is the message that indicates IKE Phase 2 has completed successfully2. IKE Phase 2 is also known as Quick Mode or Child SA in IKEv1 and IKEv2 respectively. Aggressive Mode and Main Mode are part of IKE Phase 1, which establishes the IKE SA. IKE Mode is not a valid term for IKE negotiation. References: How to Analyze IKE Phase 2 VPN Status Messages, IKEv2 Phase 1 (IKE SA) and Phase 2 (Child SA) Message Exchanges, Understand IPsec IKEv1 Protocol

• Question 18:

  Which statement is TRUE of anti-spoofing?

  A. Anti-spoofing is not needed when IPS software blade is enabled

  B. It is more secure to create anti-spoofing groups manually

  C. It is BEST Practice to have anti-spoofing groups in sync with the routing table

  D. With dynamic routing enabled, anti-spoofing groups are updated automatically whenever there is a routing change

  Correct Answer: C

  The statement that is TRUE of anti-spoofing is that it is BEST Practice to have anti- spoofing groups in sync with the routing table. Anti-spoofing prevents attackers from sending packets with a false source IP address. Anti-spoofing groups define which IP addresses are expected on each interface of the Security Gateway. If the routing table changes, the anti-spoofing groups should be updated accordingly. References: Check Point R81 ClusterXL Administration Guide, Network Defined by Routes: Anti-Spoofing

• Question 19:

  What licensing feature is used to verify licenses and activate new licenses added to the License and Contracts repository?

  A. Verification tool

  B. Verification licensing

  C. Automatic licensing

  D. Automatic licensing and Verification tool

  Correct Answer: D

  The licensing feature that is used to verify licenses and activate new licenses added to the License and Contracts repository is Automatic licensing and Verification tool, p. 8. Automatic licensing is a feature that allows the Security Management Server to automatically attach licenses to Security Gateways. Verification tool is a feature that allows the Security Management Server to verify the validity of licenses and contracts , Check Point Licensing and Contract Administration Guide R81

• Question 20:

  Identity Awareness allows easy configuration for network access and auditing based on what three items?

  A. Client machine IP address.

  B. Network location, the identity of a user and the identity of a machine.

  C. Log server IP address.

  D. Gateway proxy IP address.

  Correct Answer: B

  Identity Awareness is a blade that enables administrators to define access rules based on the identity of users and machines, rather than just IP addresses. Identity Awareness allows easy configuration for network access and auditing based on three items: network location, the identity of a user, and the identity of a machine. Network location refers to the source or destination network segment of the traffic. The identity of a user refers to the username or group membership of the user who initiates or receives the traffic. The identity of a machine refers to the hostname or certificate of the machine that initiates or receives the traffic. References: [Check Point R81 Identity Awareness Administration Guide]