What component of Management is used tor indexing?
A. DBSync
B. API Server
C. fwm
D. SOLR
Correct Answer: D
The component of Management that is used for indexing is SOLR1. SOLR is an open source enterprise search platform that provides indexing and searching capabilities for various types of data2. Check Point uses SOLR to index logs, objects, policies, and other data that are stored in the Security Management Server or the Multi- Domain Security Management Server3. SOLR enables fast and efficient searches in SmartConsole, SmartLog, SmartView, and other applications3. SOLR also supports advanced features such as full-text search, faceted search, highlighting, spell checking, and geospatial search2. References: Check Point R81.20 Known Limitations - Check Point Software, SOLR - The Enterprise Search Platform, Check Point R81.20 Logging and Monitoring Administration Guide - Check Point Software
Question 592:
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?
A. Run cprestart from clish
B. After upgrading the hardware, increase the number of kernel instances using cpconfig
C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
D. Hyperthreading must be enabled in the bios to use CoreXL
Correct Answer: B
After installing a new multicore CPU to replace the existing single core CPU, the administrator is required to perform one additional task, which is to increase the number of kernel instances using cpconfig. This is because by default, only one kernel instance is enabled on a Security Gateway. To take advantage of multiple cores, the administrator needs to configure more kernel instances according to the number of cores available on the CPU. References: Configuring CoreXL
Question 593:
Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?
A. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build
B. In WebUI Status and Actions page or by running the following command in CLISH: show installer status version
C. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build
D. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent
Correct Answer: A
To verify the CPUSE agent build, you can use either of these methods:
In WebUI Status and Actions page
By running the following command in CLISH: show installer status build The CPUSE agent build indicates the version of the CPUSE agent that is installed on the machine. The CPUSE agent is responsible for downloading, verifying, installing,
and removing packages on Gaia OS. It is recommended to keep the CPUSE agent up-to-date to ensure a smooth installation and upgrade process.
References: [CPUSE Agent]
Question 594:
Identity Awareness lets an administrator easily configure network access and auditing based on three items. Choose the correct statement.
A. Network location, the identity of a user and the identity of a machine.
B. Geographical location, the identity of a user and the identity of a machine.
C. Network location, the identity of a user and the active directory membership.
D. Network location, the telephone number of a user and the UID of a machine.
Correct Answer: A
The correct answer is A. Network location, the identity of a user and the identity of a machine.
Identity Awareness allows you to easily configure network access and auditing based on three items: network location, the identity of a user and the identity of a machine1. This enables you to create granular and accurate identity-based
policies that control who can access what, when and how. You can also monitor and log user and machine activities for compliance and auditing purposes. Geographical location, the telephone number of a user and the UID of a machine are
not the items that Identity Awareness uses to identify and authorize users and machines.
References:
Identity Awareness - Check Point Software1
Question 595:
Which feature is NOT provided by all Check Point Mobile Access solutions?
A. Support for IPv6
B. Granular access control
C. Strong user authentication
D. Secure connectivity
Correct Answer: A
The feature that is not provided by all Check Point Mobile Access solutions is support for IPv6. Check Point Mobile Access is a comprehensive solution that provides secure remote access to corporate applications and resources using various methods, such as SSL VPN, IPsec VPN, clientless VPN, and mobile VPN. However, not all of these methods support IPv6, which is the latest version of the Internet Protocol that uses 128-bit addresses. According to the Check Point Mobile Access R81 Administration Guide1, only the following Mobile Access methods support IPv6: SSL Network Extender (SNX) - a thin client that enables remote users to connect securely to the corporate network using SSL/TLS VPN. Mobile VPN - a full VPN client that enables remote users to connect securely to the corporate network using IPsec VPN. Capsule Connect - a mobile VPN app for iOS and Android devices that enables remote users to connect securely to the corporate network using IPsec VPN. The following Mobile Access methods do not support IPv6: Clientless VPN - a web-based method that enables remote users to access web applications and services using a web browser without installing any software on their devices. Endpoint Security VPN - a full VPN client that enables remote users to connect securely to the corporate network using IPsec VPN and also provides endpoint security features such as firewall, anti-virus, anti-malware, etc. Capsule Workspace - a mobile app for iOS and Android devices that enables remote users to access email, calendar, contacts, and corporate applications securely without requiring a VPN connection.
Question 596:
What is the biggest benefit of policy layers?
A. To break one policy into several virtual policies
B. Policy Layers and Sub-Policies enable flexible control over the security policy
C. They improve the performance on OS kernel version 3.0
D. To include Threat Prevention as a sub policy for the firewall policy
Correct Answer: B
The biggest benefit of policy layers is that they enable flexible control over the security policy. Policy layers and sub-policies allow administrators to break one policy into several virtual policies, each with its own set of rules and actions. Policy layers can be ordered, shared, and reused across different policies. Policy layers can also include Threat Prevention as a sub-policy for the firewall policy. References: [Check Point R81 Security Management Guide]
Question 597:
Access roles allow the firewall administrator to configure network access according to:
A. a combination of computer or computer groups and networks.
B. All of the above.
C. remote access clients.
D. users and user groups.
Correct Answer: B
Access roles are objects that define a set of users, machines, or networks that can access a specific network resource. You can create access roles based on any combination of the following criteria:
Users and user groups: You can use users and user groups from various sources, such as LDAP, RADIUS, local database, etc.
Computers or computer groups: You can use computers or computer groups that are identified by their IP address, MAC address, or hostname. Networks: You can use networks that are defined by their IP address range, subnet mask, or
gateway.
You can use access roles in the Source or Destination column of an Access Control rule to allow or deny network access based on the identity of the users, machines, or networks.
The references are:
Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 11 Check Point R81 Quantum Security Gateway Guide, page 139 Check Point R81 Identity Awareness Administration Guide, page 9
Question 598:
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
A. SandBlast Threat Emulation
B. SandBlast Agent
C. Check Point Protect
D. SandBlast Threat Extraction
Correct Answer: D
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the
file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
The component of SandBlast protection that her company is using on a Gateway is SandBlast Threat Extraction. SandBlast Threat Extraction is a software blade that provides protection against malicious files by removing potentially risky
elements, such as macros, embedded objects, scripts, etc. The sanitized files are delivered to the users with a notification about the removed elements. SandBlast Threat Extraction can also reconstruct the original files after they are scanned
by SandBlast Threat Emulation, which is another software blade that provides protection against malicious files by emulating them in a virtual sandbox and analyzing their behavior. References: R81 Threat Prevention Administration Guide,
page 37.
Question 599:
Which of the following is NOT a valid type of SecureXL template?
A. Accept Template
B. Deny template
C. Drop Template
D. NAT Template
Correct Answer: B
The type of SecureXL template that is not valid among the options is Deny template. SecureXL templates are pre-allocated data structures that store information about connections that match certain criteria. They are used to accelerate the processing of packets that belong to those connections. The valid types of SecureXL templates are Accept, Drop, NAT, and Crypt. The Accept template is used for connections that are allowed by the Firewall policy. The Drop template is used for connections that are blocked by the Firewall policy. The NAT template is used for connections that require Network Address Translation. The Crypt template is used for connections that require encryption or decryption. References: [SecureXL Templates]
Question 600:
Which utility allows you to configure the DHCP service on Gaia from the command line?
A. ifconfig
B. dhcp_ofg
C. sysconfig
D. cpconfig
Correct Answer: C
The utility that allows you to configure the DHCP service on Gaia from the command line is sysconfig. This utility provides a menu-based interface for configuring various system settings, including network interfaces, routing, DNS, NTP, SNMP, SSH, etc. One of the options in sysconfig is DHCP Server Configuration, which allows you to enable or disable the DHCP service, define DHCP scopes, set lease time, etc. References: Gaia Administration Guide R81, page 29.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.