CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 41:

  What is the name of the secure application for Mail/Calendar for mobile devices?

  A. Capsule Workspace

  B. Capsule Mail

  C. Capsule VPN

  D. Secure Workspace

  Correct Answer: A

  The secure application for Mail/Calendar for mobile devices in Check Point is called "Capsule Workspace." Capsule Workspace provides secure access to email and calendar data on mobile devices while maintaining security policies and controls.

  References: Check Point Certified Security Expert R81 documentation and learning resources.

• Question 42:

  Which command gives us a perspective of the number of kernel tables?

  A. fw tab -t

  B. fw tab -s

  C. fw tab -n

  D. fw tab -k

  Correct Answer: B

  The command "fw tab -s" is used to display information about the state of various kernel tables in a Check Point firewall. It provides a perspective on the number and status of these tables, which can be helpful for troubleshooting and monitoring firewall performance.

  Option B correctly identifies the command that gives a perspective of the number of kernel tables, making it the verified answer.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 43:

  Under which file is the proxy arp configuration stored?

  A. $FWDIR/state/proxy_arp.conf on the management server

  B. $FWDIR/conf/local.arp on the management server

  C. $FWDIR/state/_tmp/proxy.arp on the security gateway

  D. $FWDIR/conf/local.arp on the gateway

  Correct Answer: D

  The proxy ARP configuration is stored under the following file:

  D. $FWDIR/conf/local.arp on the gateway

  This file, local.arp, contains the proxy ARP configuration for the Security Gateway. It is used to configure ARP (Address Resolution Protocol) settings for network communication.

  References: Check Point Certified Security Expert R81 Study Guide, Check Point documentation on proxy ARP.

• Question 44:

  SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

  A. This statement is true because SecureXL does improve all traffic.

  B. This statement is false because SecureXL does not improve this traffic but CoreXL does.

  C. This statement is true because SecureXL does improve this traffic.

  D. This statement is false because encrypted traffic cannot be inspected.

  Correct Answer: C

  SecureXL is a performance-enhancing technology used in Check Point firewalls. It improves the throughput of both non-encrypted firewall traffic and encrypted VPN traffic. The statement in option C is true because SecureXL does improve

  both types of traffic by offloading processing to dedicated hardware acceleration, optimizing firewall and VPN operations.

  Option C correctly states that SecureXL improves this traffic, making it the verified answer.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 45:

  To add a file to the Threat Prevention Whitelist, what two items are needed?

  A. File name and Gateway

  B. Object Name and MD5 signature

  C. MD5 signature and Gateway

  D. IP address of Management Server and Gateway

  Correct Answer: B

  To add a file to the Threat Prevention Whitelist, you need two items:

  B. Object Name and MD5 signature

  You need the Object Name to identify the file or object you want to whitelist, and the MD5 signature to specify the unique hash value of that file. The MD5 signature ensures that the specific file you want to whitelist is identified accurately.

  References: Check Point Certified Security Expert R81 Study Guide, Threat Prevention Administration Guide.

• Question 46:

  When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?

  A. IP

  B. SIC

  C. NAT

  D. FQDN

  Correct Answer: C

  NAT (Network Address Translation) is one item that will not be configured on the R81 Security Management Server when setting up an externally managed log server. NAT is a technique that allows devices with private IP addresses to communicate with devices with public IP addresses by translating the private addresses to public ones. NAT is not relevant for configuring an externally managed log server, which requires only the IP address, SIC (Secure Internal Communication), and FQDN (Fully Qualified Domain Name) of the log server. References: Check Point Security Expert R81 Course, Logging and Monitoring Administration Guide

• Question 47:

  An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?

  A. He can use the fw accel stat command on the gateway.

  B. He can use the fw accel statistics command on the gateway.

  C. He can use the fwaccel stat command on the Security Management Server.

  D. He can use the fwaccel stat command on the gateway

  Correct Answer: D

  The fwaccel stat command on the gateway shows the status of SecureXL acceleration, including the number of accelerated and non-accelerated connections, and the reason for non-acceleration. The reason for non-acceleration can be either a rule that disables templating, or a feature that is not supported by SecureXL. To determine which rule disables templating, the administrator can use the -s option to show the rule numbers and names. For example:

  

• Question 48:

  You have existing dbedit scripts from R77. Can you use them with R81.20?

  A. dbedit is not supported in R81.20

  B. dbedit is fully supported in R81.20

  C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers

  D. dbedit scripts are being replaced by mgmt_cli in R81.20

  Correct Answer: D

  In R81.20, dbedit scripts are being replaced by the mgmt_cli utility for managing and configuring security policies and objects. Here's an explanation of each option:

  A. dbedit is not supported in R81.20: This is not entirely accurate. While dbedit is still available and functional in R81.20, it is being phased out in favor of mgmt_cli for policy and object management.

  B. dbedit is fully supported in R81.20: This statement is not accurate because although dbedit can still be used, it is not the primary recommended tool for policy management in R81.20.

  C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers: This statement is partially true, but it does not provide the complete picture. You can use dbedit for some policy-related tasks, but it's not the primary tool for policy management in R81.20.

  D. dbedit scripts are being replaced by mgmt_cli in R81.20: This is the correct and recommended approach. mgmt_cli is the primary tool for managing security policies and objects in R81.20, and it is gradually replacing dbedit for these tasks.

  Therefore, option D is the most accurate and recommended answer.

  References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 49:

  What is the benefit of "tw monitor" over "tcpdump"?

  A. "fw monitor" reveals Layer 2 information, while "tcpdump" acts at Layer 3.

  B. "fw monitor" is also available for 64-Bit operating systems.

  C. With "fw monitor", you can see the inspection points, which cannot be seen in "tcpdump"

  D. "fw monitor" can be used from the CLI of the Management Server to collect information from multiple gateways.

  Correct Answer: C

  The benefit of fw monitor over tcpdump is that with fw monitor, you can see the inspection points, which cannot be seen in tcpdump. Inspection points are the locations in the firewall kernel where packets are inspected by the security policy and other software blades. Fw monitor allows you to capture packets at different inspection points and see how they are processed by the firewall. Tcpdump, on the other hand, is a generic packet capture tool that only shows the packets as they enter or leave the network interface. References: Check Point Security Expert R81 Course, fw monitor, tcpdump

• Question 50:

  What is the purpose of a SmartEvent Correlation Unit?

  A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.

  B. The SmartEvent Correlation Unit's task it to assign severity levels to the identified events.

  C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.

  D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

  Correct Answer: C

  The purpose of a SmartEvent Correlation Unit is to evaluate logs from the log server component to identify patterns/threats and convert them to events. The SmartEvent Correlation Unit is a software module that runs on the SmartEvent server or on a dedicated server. It applies correlation rules and logic to the logs received from various sources, such as security gateways, endpoints, or third-party devices. It then generates events that represent security incidents or trends that require attention or action. References: Check Point Security Expert R81 Course, SmartEvent Administration Guide