What is the purpose of the command "ps aux | grep twd"?
A. You can check the Process ID and the processing time of the twd process.
B. You can convert the log file into Post Script format.
C. You can list all Process IDs for all running services.
D. You can check whether the IPS default setting is set to Detect or Prevent mode
Correct Answer: A
The command "ps aux | grep twd" is used to check the process ID and the processing time of the twd process on the Security Gateway. The ps command displays information about the active processes on the system. The aux option shows
all processes for all users, including those without a controlling terminal. The grep command filters the output of the ps command by searching for the pattern "twd", which is the name of the process that handles VPN traffic encryption and
decryption1. The output of the command shows the process ID, CPU usage, memory usage, start time, and other details of the twd process2. Therefore, the correct answer is A.
References: 1: [Check Point Processes and Daemons] 2: [How to troubleshoot VPN issues with cpview utility]
Question 582:
Which process is used mainly for backward compatibility of gateways in R81.X? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.
A. cpm
B. fwd
C. cpd
D. fwm D18912E1457D5D1DDCBD40AB3BF70D5D
Correct Answer: D
The process that is used mainly for backward compatibility of gateways in R81.X is fwm. The fwm daemon handles communication with GUI-client, database manipulation, policy compilation and Management HA synchronization for legacy gateways that do not support the cpm daemon. The cpm daemon is the new Check Point Management Server daemon that handles these tasks for R80 and higher gateways. The cpd daemon is the Check Point Management daemon that handles communication between SmartConsole applications and Security Management Servers. The fwd daemon is the Firewall Daemon that handles communication between Security Gateways and Security Management Servers2. References: 2: Check Point Software, Getting Started, Processes.
Question 583:
Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.
A. Better understand the behavior of the Access Control Policy
B. Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base
C. Automatically rearrange Access Control Policy based on Hit Count Analysis
D. Analyze a Rule Base - You can delete rules that have no matching connections
Correct Answer: C
Hit Count is a feature to track the number of connections that each rule matches, which can help to optimize the Rule Base efficiency and analyze the network traffic behavior. The benefit that is not provided by Hit Count is automatically rearrange Access Control Policy based on Hit Count Analysis. Hit Count does not change the order of the rules automatically, but it allows the administrator to manually move the rules up or down based on the hit count statistics. The administrator can also use the SmartOptimize feature to get suggestions for improving the Rule Base order and performance. References: R81 Security Management Administration Guide, page 97.
Question 584:
Fill in the blank: The IPS policy for pre-R81 gateways is installed during the _______ .
A. Firewall policy install
B. Threat Prevention policy install
C. Anti-bot policy install
D. Access Control policy install
Correct Answer: C
The IPS policy for pre-R81 gateways is installed during the Anti-bot policy install. The Anti- bot policy install includes both Anti-bot and IPS protections for pre-R81 gateways, since they share the same inspection engine. For R81 and above gateways, the IPS policy is installed separately as part of the Threat Prevention policy install, which also includes Anti- virus and Threat Emulation protections. References: R81 Threat Prevention Administration Guide, page 15.
Question 585:
SmartEvent uses it's event policy to identify events. How can this be customized?
A. By modifying the firewall rulebase
B. By creating event candidates
C. By matching logs against exclusions
D. By matching logs against event rules
Correct Answer: D
SmartEvent uses its event policy to identify events. The event policy can be customized by matching logs against event rules. Event rules define the conditions and actions for generating events. You can create, edit, delete, enable, or disable event rules in the SmartEvent Policy tab of the SmartConsole. References: [SmartEvent Administration Guide]
Question 586:
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.
Why does it not allow him to specify the pre-shared secret?
A. IPsec VPN blade should be enabled on both Security Gateway.
B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
D. The Security Gateways are pre-R75.40.
Correct Answer: C
When two Security Gateways are managed by the same Security Management Server, they use certificate based authentication to establish a VPN tunnel. This is because the Security Management Server acts as an internal certificate authority (ICA) that can issue and revoke certificates for the Security Gateways. The Security Management Server also maintains a trust relationship with the Security Gateways, which is based on a one-time password (OTP) that is used to initialize secure internal communication (SIC). Therefore, there is no need to use a pre-shared secret for authentication between two Security Gateways managed by the same SMS.
Question 587:
What is the main objective when using Application Control?
A. To filter out specific content.
B. To assist the firewall blade with handling traffic.
C. To see what users are doing.
D. Ensure security and privacy of information.
Correct Answer: D
The main objective when using Application Control is to ensure security and privacy of information. Application Control is a blade that enables administrators to control access to web applications and web sites based on categories, users, groups, machines, and time. Application Control can also block or limit usage of applications that pose security risks or consume excessive bandwidth2. References: Check Point R81 Application Control Administration Guide
Question 588:
Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?
A. Centos Linux
B. Gaia embedded.
C. Gaia
D. Red Hat Enterprise Linux version 5
Correct Answer: B
Rugged appliances are small appliances with ruggedized hardware that are designed for harsh environments. Like Quantum Spark appliances, they use Gaia embedded as their operating system. Gaia embedded is a lightweight version of Gaia that supports a subset of features and commands. References: [Check Point R81 Gaia Embedded Administration Guide]
Question 589:
How to can you make sure that the old logs will be available after updating the Management to version R81.20 using the Advanced Upgrade Method?
A. Use the WebUI -> Maintenance > System Backup and store the backup on a remote FTP server
B. The logs will be included running SFWDIR/scripts/migrate_server export -v R81.20
C. Use the WebUI to save a snapshot before updating the Management -> Maintenance > Snapshot Management
D. Use the migrate_server tool with the option '-I' for the logs and '-x' for the index
Correct Answer: B
The best way to make sure that the old logs will be available after updating the Management to version R81.20 using the Advanced Upgrade Method is to use the migrate_server tool with the option `-l' for the logs and `-x' for the index. This option will export both logs and index files from an existing Security Management Server or Multi- Domain Server to a specified directory or file. The exported data can then be imported to a new server using a similar command with `-i' option. References: [Check Point R81 Installation and Upgrade Guide]
Question 590:
Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?
A. fwm
B. cpd
C. cpwd
D. cpm
Correct Answer: C
The Check Point WatchDog daemon (cpwd) invokes and monitors critical processes and attempts to restart them if they fail. The cpwd daemon is responsible for starting processes such as cpd, cpm, fwm, fwd, and others. The cpd daemon is the Check Point Management daemon that handles communication between SmartConsole applications and Security Management Servers. The cpm daemon is the Check Point Management Server daemon that handles database operations and policy installation. The fwm daemon is the Firewall Management daemon that handles communication between Security Gateways and Security Management Servers. References: : Check Point Software, Getting Started, WatchDog Daemon; : Check Point Software, Getting Started, Processes.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.