Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?
A. Both License (.lic) and Contract (.xml) files
B. cp.macro
C. Contract file (.xml)
D. license File (.lic)
Correct Answer: B
cp.macro is an electronically signed file used by Check Point to translate the features in the license into a code. It is located in the $FWDIR/conf directory on the Security Management Server. The cp.macro file contains a list of features and their corresponding codes, which are used to generate the license file (.lic) based on the contract file (.xml). The license file (.lic) is then installed on the Security Gateway or Security Management Server to activate the licensed features. References: Check Point R81 Licensing and Contract Administration Guide, page 10
Question 562:
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
A. Reports
B. Advanced
C. Checkups
D. Views
Correct Answer: A
SmartEvent Security Checkups can be run from the Reports activity in Logs and Monitor. A Security Checkup is a report that analyzes network traffic and security events and provides recommendations for improving security posture. To run a Security Checkup, go to Logs and Monitor > Reports > New Report > Security Checkup. The other activities in Logs and Monitor do not have the option to run a Security Checkup. References: : Check Point Software, Getting Started, Running a Security Checkup Report.
Question 563:
A user complains that some Internet resources are not available. The Administrator is having issues seeing it packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue?
A. run fw unloadlocal" on the relevant gateway and check the ping again
B. run "cpstop" on the relevant gateway and check the ping again
C. run `'fw log" on the relevant gateway
D. run `'fw ctl zdebug drop" on the relevant gateway
Correct Answer: D
The solution to troubleshoot the issue of some Internet resources being unavailable is to run fw ctl zdebug drop on the relevant gateway1. This command lists all dropped packets in real time and explains the reasons for the drop2. It is a powerful tool that can help diagnose connectivity problems and firewall policy issues3. To use this command, you need to access the gateway in expert mode and run fw ctl zdebug + drop2. You can also filter the output by using grep with an IP address or a keyword, for example: fw ctl zdebug + drop | grep 10.10.10.10 or fw ctl zdebug + drop | grep SYN3. This command is a wrapper for the full debugs, and it will run the debug commands for you and will allow you to run debug from one debug module only4. By default, it will use a small debug buffer but if you wish, you can provide the -buf option to use your own size4. To stop the command, press Ctrl+C and then run fw ctl debug 0 to reset the debug state3. Note: Running this command may affect the performance of the firewall, so use it with caution and only when necessary3. References: Solved: is it possible /supported to run fw ctl zdebug on ... - Check ..., How to use the fw ctl zdebug command to view drops on the Security Gateway, Troubleshooting dropped packets in Checkpoint using zdebug, "fw ctl zdebug" - Helpful Command Combinations - Check Point CheckMates
Question 564:
John is using Management HA. Which Security Management Server should he use for making changes?
A. secondary Smartcenter
B. active SmartConsole
C. connect virtual IP of Smartcenter HA
D. primary Log Server
Correct Answer: B
In Management HA, you should use the active SmartConsole for making changes. The active SmartConsole is connected to the Primary Security Management Server, which is responsible for synchronizing the configuration with the Secondary Security Management Server. If you use the secondary SmartCenter, your changes will not be replicated to the primary SmartCenter and will be lost in case of a failover. References: Check Point Resource Library, page 9
Question 565:
When using the Mail Transfer Agent, where are the debug logs stored?
A. $FWDIR/bin/emaild.mta. elg
B. $FWDIR/log/mtad elg
C. /var/log/mail.mta elg
D. $CPDIR/log/emaild elg
Correct Answer: C
When using the Mail Transfer Agent, the debug logs are stored in /var/log/mail.mta.elg. This file contains information about the email messages that are processed by the Mail Transfer Agent, such as sender, recipient, subject, size, action, etc. You can use the command mailq to view the current mail queue and the command maild -d to enable debug mode for the Mail Transfer Agent. References: [Mail Transfer Agent]
Question 566:
What can we infer about the recent changes made to the Rule Base?
A. Rule 7 was created by the `admin' administrator in the current session
B. 8 changes have been made by administrators since the last policy installation
C. The rules 1, 5 and 6 cannot be edited by the `admin' administrator
D. Rule 1 and object webserver are locked by another administrator
Correct Answer: D
Based on the image provided by the user, we can infer that rule 1 and object webserver are locked by another administrator. This is because they have red lock icons next to them, which indicate that they are being edited by another administrator in another session. The lock icons prevent other administrators from modifying these objects until the changes are published or discarded by the original administrator. The lock icons also show the name of the administrator who locked the objects when hovered over with the mouse cursor. The other options are incorrect because: Rule 7 was not created by the `admin' administrator in the current session, but by another administrator in another session. This is because it has a blue lock icon next to it, which indicates that it was added by another administrator in another session. The blue lock icon prevents other administrators from deleting this rule until the changes are published or discarded by the original administrator. 8 changes have not been made by administrators since the last policy installation, but in the current session by the `admin' administrator. This is because there is a yellow number 8 next to the Install Policy button, which indicates that there are 8 unpublished changes in the current session by the `admin' administrator. These changes will be published or discarded when the `admin' administrator clicks on Publish or Discard buttons. The rules 1, 5 and 6 can be edited by the `admin' administrator, but only after unlocking them from another administrator who locked them in another session. This is because they have red lock icons next to them, which indicate that they are being edited by another administrator in another session. The `admin' administrator can unlock these rules by right-clicking on them and selecting Unlock from the menu. However, this will discard the changes made by the original administrator who locked them.
Question 567:
How is communication between different Check Point components secured in R81? As with all questions, select the BEST answer.
A. By using IPSEC
B. By using SIC
C. By using ICA
D. By using 3DES
Correct Answer: B
Communication between different Check Point components is secured by using SIC, which stands for secure internal communication. SIC is a certificate-based channel that uses standards-based TLS 1.2 for creating secure connections and AES128 for encryption. SIC ensures that only authorized components can communicate with each other and that the communication is protected from eavesdropping and tampering. SIC is established by using a one-time password (OTP) that is generated when a Check Point component is created or installed. The OTP is used to initialize the trust relationship between the component and the Security Management Server, which acts as an internal certificate authority (ICA) that issues and revokes certificates for the components.
Question 568:
In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
C. The Firewall can run the same policy on all cores
D. The Firewall can run different policies per core
Correct Answer: C
CoreXL is a performance-enhancing technology that enables the Security Gateway to utilize multiple CPU cores for processing traffic. CoreXL creates multiple instances of the Firewall kernel, each running on a separate CPU core. Each Firewall instance can handle traffic concurrently and independently, applying the same security policy to the packets that are assigned to it. CoreXL does not allow different policies per core, as this would create inconsistency and complexity in the security enforcement. The references are: Best Practices - Security Gateway Performance Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 16 Check Point R81 Quantum Security Gateway Guide, page 42
Question 569:
The back-end database for Check Point R81 Management uses:
A. DBMS
B. MongoDB
C. PostgreSQL
D. MySQL
Correct Answer: C
The back end database for Check Point R81 Management uses PostgreSQL, which is an open source relational database management system2. MongoDB, MySQL, and DBMS are not used by Check Point R81 Management. References: 2: Check Point Software, Getting Started, Database.
Question 570:
What state is the Management HA in when both members have different policies/databases?
A. Synchronized
B. Never been synchronized
C. Lagging
D. Collision
Correct Answer: D
The state of the Management HA when both members have different policies/databases is Collision. This state indicates that there is a conflict between the members and they need to be synchronized manually. The other states are not applicable in this scenario. The Synchronized state indicates that both members have identical policies/databases and are ready for failover. The Never been synchronized state indicates that the members have never been synchronized since they were configured as HA pair. The Lagging state indicates that one member has a newer policy/database than the other member and needs to be synchronized automatically. References: [Management High Availability]
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
