CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 601:

  Native Applications require a thin client under which circumstances?

  A. If you want to use a legacy 32-Bit Windows OS

  B. If you want to use a VPN Client that is not officially supported by the underlying operating system

  C. If you want to have assigned a particular Office Mode IP address.

  D. If you are about to use a client (FTP. RDP, ...) that is installed on the endpoint.

  Correct Answer: D

  Native Applications require a thin client under the circumstance that you are about to use a client (FTP, RDP, etc.) that is installed on the endpoint. A thin client is a lightweight software component that enables secure connectivity for native applications without requiring additional configuration or user intervention. A thin client is automatically downloaded and installed on the endpoint when a user initiates a native application session through Mobile Access Portal or SNX Portal. References: [Check Point Security Expert R81 Mobile Access Administration Guide], page 16.

• Question 602:

  What is the default shell for the command line interface?

  A. Expert

  B. Clish

  C. Admin

  D. Normal

  Correct Answer: B

  What is the default shell for the command line interface? The default shell for the command line interface is Clish. Clish is a shell that provides a menu-based interface for configuring various system settings, such as network interfaces, routing, DNS, NTP, SNMP, SSH, etc. Clish also provides help and completion features for easier navigation. To switch from Clish to Expert mode, which allows running Linux commands, use the command expert. References: Gaia Administration Guide R81, page 29.

• Question 603:

  Which SmartEvent component is responsible to collect the logs from different Log Servers?

  A. SmartEvent Server

  B. SmartEvent Database

  C. SmartEvent Collector

  D. SmartEvent Correlation Unit

  Correct Answer: D

  The SmartEvent component that is responsible to collect the logs from different Log Servers is the SmartEvent Correlation Unit. The SmartEvent Correlation Unit is a daemon that runs on the SmartEvent Server and receives logs from one or more Log Servers. The SmartEvent Correlation Unit analyzes the logs and generates correlated events according to the SmartEvent policy2. References: Check Point R81 SmartEvent Administration Guide

• Question 604:

  Which one is not a valid Package Option In the Web GUI for CPUSE?

  A. Clean Install

  B. Export Package

  C. Upgrade

  D. Database Conversion to R81.20 only

  Correct Answer: B

  CPUSE (Check Point Upgrade Service Engine) is a tool that allows users to download, import, install, and uninstall software packages on Gaia OS. CPUSE has a web- based user interface that can be accessed through Gaia Portal. CPUSE

  offers four package options in the web GUI for different purposes4:

  Clean Install - This option performs a clean installation of a Major Version package, which erases all existing configuration and data on the system. Export Package - This option exports a package from CPUSE repository to an external

  location for backup or transfer purposes. Upgrade - This option performs an upgrade of a Major Version package or a Minor Version package, which preserves the existing configuration and data on the system.

  Database Conversion - This option converts the database schema of a Major Version package to match the current version.

  Therefore, the correct answer is B.

  References: 4: CPUSE - Gaia Deployment Agent

• Question 605:

  You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

  

  A. Right click Accept in the rule, select "More", and then check `Enable Identity Captive Portal'.

  B. On the firewall object, Legacy Authentication screen, check `Enable Identity Captive Portal'.

  C. In the Captive Portal screen of Global Properties, check `Enable Identity Captive Portal'.

  D. On the Security Management Server object, check the box `Identity Logging'.

  Correct Answer: A

  The correct way to enable Identity Captive Portal for a specific rule is to right click Accept in the rule, select "More", and then check `Enable Identity Captive Portal'. This will allow guest users to see the splash page and accept the Terms of Service before accessing the Internet. Identity Captive Portal is a feature that enables identity awareness for guest users who are not authenticated by other methods, such as Active Directory or Identity Agent. Identity Captive Portal can be enabled globally or per rule, depending on the security policy requirements.

• Question 606:

  After some changes in the firewall policy you run into some issues. You want to test if the policy from two weeks ago have the same issue. You don't want to lose the changes from the last weeks. What is the best way to do it?

  A. Use the Gaia WebUI to take a backup of the Gateway. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific version' button

  B. Use the Gaia WebUI to take a snapshot of management. In the In SmartConsole under Manage and Settlings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...' Restore the management snapshot.

  C. In SmartConsole under Manage and Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...'.

  D. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific version' button

  Correct Answer: D

  The best way to test if the policy from two weeks ago have the same issue is to install the specific version of the policy from the installation history view of the gateway. This way, you can keep the changes from the last weeks in the management server and revert back to them later if needed. You do not need to take a backup or a snapshot of the gateway or the management server for this purpose. References: [Check Point Security Expert R81 Administration Guide], page 34.

• Question 607:

  How can you see historical data with cpview?

  A. cpview -f

  B. cpview -e

  C. cpview -t

  D. cpview -d

  Correct Answer: C

  To see historical data with cpview, you can use the cpview -t command, where is the date and time you want to view. For example, cpview -t Jan 01 2023 12:00:00 will show you the cpview data for January 1st, 2023 at noon. You can also enter a partial date, such as Jan 02, to see the data for the whole day. This feature is available in R77.10 and higher versions of Check Point software1. You can also access the historical data by pressing the "t" key while running cpview in live mode and entering the desired date and time1. The historical data is stored in the CPViewDB.dat file in the /var/log/CPView_history directory on your gateway2. You can export this file and import it into other tools for visualization, such as Grafana3.

• Question 608:

  Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:

  A. 224.0.0.18

  B. 224 00 5

  C. 224.0.0.102

  D. 224.0.0.22

  Correct Answer: A

  The multicast destination assigned by the Internet Assigned Numbers Authority (IANA) for VRRP is 224.0.0.18. This is a reserved multicast address that is used by VRRP routers to communicate with each other and announce their priority

  and state. Firewall policies must be configured to accept VRRP packets on the Gaia platform if it runs Firewall software. Otherwise, VRRP packets will be dropped by default. References:

  [Configuring VRRP on Gaia]

• Question 609:

  What is the amount of Priority Queues by default?

  A. There are 8 priority queues and this number cannot be changed.

  B. There is no distinct number of queues since it will be changed in a regular basis based on its system requirements.

  C. There are 7 priority queues by default and this number cannot be changed.

  D. There are 8 priority queues by default, and up to 8 additional queues can be manually configured

  Correct Answer: D

  There are 8 priority queues by default, and up to 8 additional queues can be manually configured1. Priority Queues are a feature of SecureXL that accelerates the performance of the Security Gateway by offloading CPU-intensive operations to the SecureXL device2. Priority Queues are used to prioritize traffic when the Security Gateway is stressed and needs to drop packets2. By default, there are 8 priority queues, each with a different priority level and type of connections2. You can manually configure up to 8 additional queues by setting the relevant kernel parameters in $FWDIR/boot/modules/fwkern.conf file1. You can also customize the queue length, the load balancing method, and the services that are considered as control connections1. References: Firewall Priority Queues in R80.x / R81.x - Check Point Software, SecureXL - Check Point Software

• Question 610:

  In R81.20 a new feature dynamic log distribution was added. What is this for?

  A. Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy

  B. In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log

  C. Synchronize the log between the primary and secondary management server in case of a Management High Availability

  D. To save disk space in case of a firewall cluster local logs are distributed between the cluster members.

  Correct Answer: A

  Dynamic log distribution is a feature that allows you to configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy. This means that each log is sent to only one Log Server and the load is balanced between the primary Log Servers. If all the primary Log Servers are disconnected, the logs are distributed between the backup Log Servers. If no Log Servers are connected, the gateway writes the logs locally. This feature improves the performance and reliability of logging and reduces the network traffic and disk space consumption. You can enable this feature on the SmartConsole -> Gateways and Servers -> Logs -> Dynamic Log Distribution. The other options are incorrect because they do not describe the dynamic log distribution feature. Option B is wrong because the Management High Availability does not store the logs dynamically on the member with the most available disk space, but rather synchronizes the logs between the members using the cpd process. Option C is wrong because the dynamic log distribution feature does not synchronize the logs between the primary and secondary management server, but rather distributes the logs between the Log Servers. Option D is wrong because the dynamic log distribution feature does not save disk space in case of a firewall cluster, but rather distributes the logs between the Log Servers. The firewall cluster members do not store local logs, but rather send them to the Log Servers.