CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 21:

  What is the protocol and port used for Health Check and State Synchronization in ClusterXL?

  A. CCP and 18190

  B. CCP and 257

  C. CCP and 8116

  D. CPC and 8116

  Correct Answer: C

  ClusterXL is a clustering technology that provides high availability and load sharing for Security Gateways. ClusterXL uses a proprietary protocol called Check Point Cluster Protocol (CCP) to communicate between cluster members. CCP has two main functions: Health Check and State Synchronization. Health Check is the mechanism that monitors the status and availability of each cluster member and determines which member is the active one. State Synchronization is the mechanism that synchronizes the connection and NAT tables between cluster members to ensure a smooth failover in case of a member failure. CCP uses UDP port 8116 for both Health Check and State Synchronization messages. The other options are not correct because:

  A. CCP and 18190: This option is incorrect because CCP does not use port 18190. Port 18190 is used by Secure Internal Communication (SIC) between Security Gateways and Management Servers. B. CCP and 257: This option is incorrect

  because CCP does not use port 257. Port 257 is used by Check Point Security Management Protocol (CPM) for communication between SmartConsole and Management Servers. D. CPC and 8116:

  This option is incorrect because there is no such protocol as CPC in ClusterXL.

  References: ClusterXL R81.20 Administration Guide, ClusterXL Administration Guide R80.40, sk25977 - Ports used by Check Point software

• Question 22:

  Which Remote Access Client does not provide an Office-Mode Address?

  A. SecuRemote

  B. Endpoint Security Suite

  C. Endpoint Security VPN

  D. Check Point Mobile

  Correct Answer: A

  In the context of Check Point remote access clients and Office Mode, the correct answer is:

  A. SecuRemote: SecuRemote is a Check Point remote access client that does not provide an Office-Mode Address. Office Mode is a feature that assigns a unique IP address from a designated IP pool to remote users when they connect to

  the corporate network.

  SecuRemote does not support this feature.

  B. Endpoint Security Suite, C. Endpoint Security VPN, and D. Check Point Mobile are remote access clients that support Office Mode and can provide an Office-Mode Address to remote users. Therefore, option A is the correct answer as it

  correctly identifies a remote access client that does not provide an Office-Mode Address.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 23:

  After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

  A. cvpnd_restart

  B. cvpnd_restart

  C. cvpnd restart D. cvpnrestart

  Correct Answer: B

  The cvpnd_restart command is used to restart the daemon after making modifications to the $CVPNDIR/conf/cvpnd.C file. The cvpnd daemon is responsible for managing the communication between the Check Point components and the Content Vectoring Protocol (CVP) server. The CVP server is an external server that provides content inspection and filtering services for Check Point gateways. The $CVPNDIR/conf/cvpnd.C file contains the configuration settings for the cvpnd daemon, such as the CVP server IP address, port number, timeout value, and debug level. References: Check Point Security Expert R81 Course, Content Inspection Using ICAP, cvpnd daemon debug file

• Question 24:

  Which statement is true about ClusterXL?

  A. Supports Dynamic Routing (Unicast and Multicast)

  B. Supports Dynamic Routing (Unicast Only)

  C. Supports Dynamic Routing (Multicast Only)

  D. Does not support Dynamic Routing

  Correct Answer: A

  ClusterXL supports Dynamic Routing for both Unicast and Multicast traffic. Dynamic Routing protocols, such as OSPF, BGP, or PIM, can be configured on cluster members to exchange routing information with other routers. ClusterXL supports two modes of operation for Dynamic Routing: New Mode and Legacy Mode. References: ClusterXL Administration Guide, SK98226 - ClusterXL New Mode Overview

• Question 25:

  Which one of the following is true about Threat Emulation?

  A. Takes less than a second to complete

  B. Works on MS Office and PDF files only

  C. Always delivers a file

  D. Takes minutes to complete (less than 3 minutes)

  Correct Answer: D

  Threat Emulation is a software blade that takes minutes to complete (less than 3 minutes). Threat Emulation analyzes files for malicious behavior by running them in a virtual sandbox. Threat Emulation works on MS Office, PDF, executables, and archive files. Threat Emulation does not always deliver a file, but only if no threats are found or if the user chooses to download the original file after seeing a warning message. References: Check Point Security Expert R81 Course, Threat Emulation Administration Guide

• Question 26:

  Can multiple administrators connect to a Security Management Server at the same time?

  A. No, only one can be connected

  B. Yes, all administrators can modify a network object at the same time

  C. Yes, every administrator has their own username, and works in a session that is independent of other administrators.

  D. Yes, but only one has the right to write.

  Correct Answer: C

  Multiple administrators can connect to a Security Management Server at the same time. Each administrator has their own username and works in a session that is independent of other administrators. This allows for collaboration and simultaneous management tasks by different administrators.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 27:

  Which GUI client is supported in R81?

  A. SmartProvisioning

  B. SmartView Tracker

  C. SmartView Monitor

  D. SmartLog

  Correct Answer: C

  SmartView Monitor is a GUI client that is supported in R81. It allows you to monitor the network and security performance of your Security Gateways and devices5. You can use it to view real-time statistics, alerts, logs, reports, and graphs6. The other GUI clients are not supported in R81 because:

  A. SmartProvisioning was replaced by SmartLSM in R80.20 and later versions7. SmartLSM is a unified solution for managing large-scale deployments of Security Gateways8. B. SmartView Tracker was replaced by SmartLog in R80 and later versions9. SmartLog is a powerful log analysis tool that enables fast and easy access to log data from multiple Security Gateways10. D. SmartLog is not a GUI client, but a web-based application that runs on the Security Management Server or Log Server10. You can access it from any web browser or from SmartConsole. References: SmartView Monitor R81 Help, SmartView Monitor R81 Administration Guide, What's New in Check Point R80.20, SmartLSM R81 Help, What's New in Check Point R80, SmartLog R81 Help

• Question 28:

  As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name `cover-company-logo.png' and then copy that image file to which directory on the SmartEvent server?

  A. SFWDIR/smartevent/conf

  B. $RTDIR/smartevent/conf

  C. $RTDIR/smartview/conf

  D. $FWDIR/smartview/conf

  Correct Answer: C

  To add the company logo to reports, you would save the logo as a PNG file with the name `cover-company-logo.png' and then copy that image file to the $RTDIR/smartview/conf directory on the SmartEvent server. The $RTDIR is an environment variable that points to the runtime directory of the SmartEvent server, which is usually /opt/CPrt-R81. The smartview/conf directory contains the configuration files for SmartView, which is a web-based interface for viewing reports and dashboards generated by SmartEvent. References: SmartEvent Administration Guide, SK120193 - How to add a company logo to SmartView reports

• Question 29:

  What are the steps to configure the HTTPS Inspection Policy?

  A. Go to ManageandSettings > Blades > HTTPS Inspection > Configure in SmartDashboard

  B. Go to Applicationandurl filtering blade > Advanced > Https Inspection > Policy

  C. Go to ManageandSettings > Blades > HTTPS Inspection > Policy

  D. Go to Applicationandurl filtering blade > Https Inspection > Policy

  Correct Answer: A

  The correct steps to configure the HTTPS Inspection Policy in Check Point R81 are as follows1:

  Go to ManageandSettings > Blades > HTTPS Inspection > Configure in SmartDashboard.

  Enable HTTPS Inspection and select the Policy tab. Create a new HTTPS Inspection Layer or edit an existing one. Define the rules for inspecting HTTPS traffic based on the source, destination, service, and action.

  Install the policy on the relevant gateways.

  The other options are incorrect because they either use wrong blade names, wrong menu options, or wrong configuration steps. References: 1: LAB:25 How to Configure HTTPS Inspection in Check Point Firewall R81(https://

  www.youtube.com/watch?v=NCvV7-R9ZgU)

• Question 30:

  What are the main stages of a policy installations?

  A. Verification and Compilation, Transfer and Commit

  B. Verification and Compilation, Transfer and Installation

  C. Verification, Commit, Installation

  D. Verification, Compilation and Transfer, Installation

  Correct Answer: A

  The main stages of a policy installation are Verification and Compilation, Transfer and Commit. Verification and Compilation is the stage where the Security Management Server checks the validity and consistency of the policy and compiles it into a binary format. Transfer is the stage where the compiled policy is sent to the Security Gateways over a secure channel. Commit is the stage where the Security Gateways activate the new policy and update their connections table accordingly. References: Check Point Security Expert R81 Course, Policy Installation Process