
Instant Download CheckPoint: 156-315.81 Free Updated Test Dumps
Valid 156-315.81 FREE EXAM DUMPS QUESTIONS & ANSWERS
NEW QUESTION # 125
What is the most recommended way to install patches and hotfixes?
- A. UnixinstallScript
- B. CPUSE Check Point Update Service Engine
- C. rpm -Uv
- D. Software Update Service
Answer: B
Explanation:
Explanation
The most recommended way to install patches and hotfixes is CPUSE (Check Point Update Service Engine).
CPUSE is a tool that automates the process of upgrading and installing software packages on Check Point devices. CPUSE can work in online mode or offline mode. Online mode requires an Internet connection to download the packages from Check Point servers. Offline mode allows you to download the packages manually from another device and transfer them to the target device using a USB drive or SCP.
References: Check Point Security Expert R81 Course, CPUSE Administration Guide
NEW QUESTION # 126
Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig'' to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary & Secondary" Which configuration option does she need to look for:
- A. CA Authority
- B. Certificate Authority
- C. Certificate's Fingerprint
- D. Random Pool
Answer: B
NEW QUESTION # 127
According to out of the box SmartEvent policy, which blade will automatically be correlated into events?
- A. IPS
- B. VPN
- C. HTTPS
- D. Firewall
Answer: A
Explanation:
According to out of the box SmartEvent policy, the blade that will automatically be correlated into events is IPS. IPS (Intrusion Prevention System) is a blade that detects and prevents network attacks by inspecting traffic and applying signatures and protections. SmartEvent correlates IPS logs into events based on predefined event definitions, such as IPS Attack, IPS Attack High Confidence, IPS Attack Critical Confidence, etc. The other blades are not automatically correlated into events by default, but they can be added to the SmartEvent policy manually. Reference: [SmartEvent Policy]
NEW QUESTION # 128
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
- A. Drop Template
- B. Deny Template
- C. Accept Template
- D. NAT Template
Answer: B
NEW QUESTION # 129
Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?
- A. X-chkp-sid Session Unique Identifier
- B. uuid Universally Unique Identifier
- C. user-uid
- D. API-Key
Answer: A
Explanation:
Explanation
https://sc1.checkpoint.com/documents/latest/APIs/?#web/introduction~v1.9%20 HTTP Headers content-Type:
application/json x-chkp-sid: <session ID token as returned by the login command> The x-chkp-sid header is mandatory in all API calls except the login API.
NEW QUESTION # 130
What is the default size of NAT table fwx_alloc?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
Explanation:
What is the default size of NAT table fwx_alloc? The default size of NAT table fwx_alloc is 25000. This table stores the connections that require NAT translation by the Security Gateway. The size of this table can be changed by using the command fw ctl set int fwx_alloc <value>, where <value> is the desired number of connections. The maximum value is 65535. To make this change permanent, you need to add this command to the file $FWDIR/conf/fwaffinity.conf on the Security Gateway. Reference: [R81 Performance Tuning Administration Guide], page 126.
NEW QUESTION # 131
True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
- A. True, every administrator works on a different database that is independent of the other administrators.
- B. True, every administrator works in a session that is independent of the other administrators.
- C. False, only one administrator can login with write permission.
- D. False, this feature has to be enabled in the Global Properties.
Answer: B
Explanation:
In R81, more than one administrator can login to the Security Management Server with write permission at the same time. This feature is enabled by default and allows concurrent administration of the security policy. Every administrator works in a session that is independent of the other administrators. Changes made by one administrator are not visible to others until they are published. Administrators can also lock objects to prevent others from editing them until they are unlocked. Reference: R81 Security Management Administration Guide, page 43.
NEW QUESTION # 132
What is not a component of Check Point SandBlast?
- A. Threat Simulator
- B. Threat Emulation
- C. Threat Cloud
- D. Threat Extraction
Answer: A
NEW QUESTION # 133
Session unique identifiers are passed to the web api using which http header option?
- A. Accept-Charset
- B. X-chkp-sid
- C. Proxy-Authorization
- D. Application
Answer: B
Explanation:
Session unique identifiers are passed to the web API using the X-chkp-sid HTTP header option. The web API is a service that runs on the Security Management Server and enables external applications to communicate with the Check Point management database using REST APIs. To use the web API, you need to create a session with the management server by sending a login request with your credentials. The management server will respond with a session unique identifier (SID) that represents your session. You need to pass this SID in every subsequent request to the web API using the X-chkp-sid HTTP header option. This way, the management server can identify and authenticate your session and perform the requested operations. Reference: Check Point R81 REST API Reference Guide
NEW QUESTION # 134
Which of the following statements is TRUE about R81 management plug-ins?
- A. A management plug-in interacts with a Security Management Server to provide new features and support for new products.
- B. The plug-in is a package installed on the Security Gateway.
- C. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
- D. Installing a management plug-in requires a Snapshot, just like any upgrade process.
Answer: A
NEW QUESTION # 135
Which one of the following is true about Capsule Connect?
- A. It is a full layer 3 VPN client
- B. It does not support all VPN authentication methods
- C. It offers full enterprise mobility management
- D. It is supported only on iOS phones and Windows PCs
Answer: A
Explanation:
Capsule Connect is a full layer 3 VPN client that provides secure and seamless remote access to corporate networks from iOS and Android devices. It supports all VPN authentication methods, such as certificates, passwords, tokens, and challenge-response. It also supports split tunneling and seamless roaming.
References: Capsule Connect Datasheet, Capsule Connect Administration Guide
NEW QUESTION # 136
Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection?
- A. TCP Acknowledgment Number
- B. Source Address
- C. Destination Address
- D. Source Port
Answer: A
Explanation:
The attribute that is not used for identifying a connection by packet acceleration (SecureXL) is TCP Acknowledgment Number. SecureXL identifies connections by using a hash function that takes into account the following attributes: source address, destination address, source port, destination port, protocol, and VPN ID. The TCP Acknowledgment Number is not part of the hash function and does not affect the connection identification. Reference: [SecureXL Mechanism]
https //sc1.checkpoint.com/documents/R77/CP R77_Firewall_WebAdmm/92711.htm
NEW QUESTION # 137
Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory is true?
- A. $CPDIR/conf/client.svc
- B. $FWDIR/conf/client.scv
- C. $CPDIR/conf/local.scv
- D. $FWDIR/conf/local.scv
Answer: D
Explanation:
Secure Configuration Verification (SCV) is a feature that allows the Mobile Access Gateway to check the compliance of remote access clients with the enterprise security policy before granting them access to internal resources. SCV checks can be defined in a file named local.scv, which is located in the $FWDIR/conf directory on the Mobile Access Gateway1. The file can be edited manually or using the SCV Editor tool2. Therefore, the correct answer is D)
NEW QUESTION # 138
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
- A. IP
- B. FQDN
- C. NAT
- D. SIC
Answer: C
Explanation:
NAT (Network Address Translation) is one item that will not be configured on the R81 Security Management Server when setting up an externally managed log server. NAT is a technique that allows devices with private IP addresses to communicate with devices with public IP addresses by translating the private addresses to public ones. NAT is not relevant for configuring an externally managed log server, which requires only the IP address, SIC (Secure Internal Communication), and FQDN (Fully Qualified Domain Name) of the log server. Reference: Check Point Security Expert R81 Course, Logging and Monitoring Administration Guide
NEW QUESTION # 139
In which scenario will an administrator need to manually define Proxy ARP?
- A. When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
- B. When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
- C. When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
- D. When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall's interfaces.
Answer: C
Explanation:
Explanation
Proxy ARP is a technique that allows a device to respond to ARP requests on behalf of another IP address.
Proxy ARP is required for Manual Static NAT when the translated IP address does not belong to one of the firewall's interfaces. This is because the firewall needs to intercept the packets destined to the translated IP address and forward them to the original IP address after applying the NAT rule. Without Proxy ARP, the packets would not reach the firewall and the NAT would not work. Proxy ARP is not required for Automatic Static NAT or Automatic Hide NAT, because these types of NAT use IP addresses that belong to the firewall's interfaces. Proxy ARP is also not required for Manual Hide NAT, because this type of NAT does not change the destination IP address of the packets, only the source IP address. References: Check Point R81 Security Management Administration Guide, page 115
NEW QUESTION # 140
Which of the following describes how Threat Extraction functions?
- A. Delivers file with original content.
- B. Detect threats and provides a detailed report of discovered threats.
- C. Proactively detects threats.
- D. Delivers PDF versions of original files with active content removed.
Answer: D
Explanation:
Threat Extraction is a software blade that delivers PDF versions of original files with active content removed.
Active content, such as macros, scripts, or embedded objects, can be used by attackers to deliver malware or exploit vulnerabilities. Threat Extraction removes or sanitizes the active content from the files and converts them to PDF format, which is safer and more compatible. Threat Extraction can also work together with Threat Emulation to provide both clean and original files to the users. References: Check Point Security Expert R81 Course, Threat Extraction Administration Guide
NEW QUESTION # 141
What is the minimum number of CPU cores required to enable CoreXL?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
Explanation:
Explanation
CoreXL is a technology that improves the performance of the Security Gateway by utilizing multiple CPU cores for processing traffic. CoreXL creates multiple instances of the firewall kernel (fwk) that run in parallel on different CPU cores. The number of kernel instances can be configured using the cpconfig command on the Security Gateway3. The minimum number of CPU cores required to enable CoreXL is 2, as one core is reserved for SND (Secure Network Distributor) and one core is used for running a kernel instance4. If the Security Gateway has only one CPU core, CoreXL cannot be enabled. Therefore, the correct answer is C.
References: 3: CoreXL Administration Guide 4: [CoreXL Frequently Asked Questions (FAQ)]
NEW QUESTION # 142
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
- A. edit the home directory of the user.
- B. assign user rights to their home directory in the Security Management Server.
- C. assign privileges to users.
- D. add users to your Gaia system.
Answer: B
Explanation:
The WebUI can be used to manage user accounts and assign privileges to users. It can also add users to your Gaia system and edit the home directory of the user. However, it cannot assign user rights to their home directory in the Security Management Server1. References: Check Point Resource Library, page 3.
NEW QUESTION # 143
One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
- A. AdminA, AdminB and AdminC are editing three different rules at the same time.
- B. AdminA and AdminB are editing the same rule at the same time.
- C. A lock icon next to a rule informs that any Administrator is working on this particular rule.
- D. A lock icon shows that a rule or an object is locked and will be available.
Answer: B
Explanation:
Explanation
One of the major features in R81 SmartConsole is concurrent administration. This feature allows multiple administrators to work on the same Security Policy simultaneously, without blocking each other or creating conflicts. Concurrent administration improves the efficiency and productivity of security management operations1.
However, not all of the options given are possible considering that AdminA, AdminB and AdminC are editing the same Security Policy. The correct answer is B. AdminA and AdminB are editing the same rule at the same time. This is not possible because concurrent administration uses a locking mechanism to prevent multiple administrators from modifying the same rule or object at the same time. When an administrator clicks on a rule or an object, it becomes locked and a lock icon appears next to it. The lock icon shows the name of the administrator who is working on that rule or object, and prevents other administrators from editing it until it is unlocked12.
Therefore, the other options are possible considering that AdminA, AdminB and AdminC are editing the same Security Policy. Option A is possible because a lock icon shows that a rule or an object is locked and will be available when the administrator who locked it finishes working on it or logs out of SmartConsole12. Option C is possible because a lock icon next to a rule informs that any administrator is working on this particular rule, and hovering over the lock icon will show the name of that administrator12. Option D is possible because AdminA, AdminB and AdminC are editing three different rules at the same time, which does not create any conflicts or blockages12.
NEW QUESTION # 144
In R81, where do you manage your Mobile Access Policy?
- A. Shared Gateways Policy
- B. From the Dedicated Mobility Tab
- C. Access Control Policy
- D. Through the Mobile Console
Answer: D
Explanation:
In R81, you manage your Mobile Access Policy from the Mobile Console. The Mobile Console is a separate web-based interface that allows you to configure and monitor Mobile Access features, such as VPN, portal, applications, users, devices, and certificates. The Mobile Console can be accessed from any browser by entering https://<Management_Server_IP>/mobileconsole. Reference: [Mobile Console]
NEW QUESTION # 145
What is the base level encryption key used by Capsule Docs?
- A. AES
- B. RSA 2048
- C. RSA 1024
- D. SHA-256
Answer: B
Explanation:
The base level encryption key used by Capsule Docs is RSA 2048. This means that Capsule Docs uses a 2048-bit RSA public key encryption algorithm to encrypt and decrypt documents. RSA is an asymmetric encryption algorithm that uses two keys: a public key that can be shared with anyone, and a private key that must be kept secret. AES, SHA-256, and RSA 1024 are not the base level encryption keys used by Capsule Docs. Reference: : Check Point Software, Getting Started, Capsule Docs Encryption.
NEW QUESTION # 146
What is the default shell for the command line interface?
- A. Expert
- B. Normal
- C. Admin
- D. Clish
Answer: D
Explanation:
What is the default shell for the command line interface? The default shell for the command line interface is Clish. Clish is a shell that provides a menu-based interface for configuring various system settings, such as network interfaces, routing, DNS, NTP, SNMP, SSH, etc. Clish also provides help and completion features for easier navigation. To switch from Clish to Expert mode, which allows running Linux commands, use the command expert. References: Gaia Administration Guide R81, page 29.
NEW QUESTION # 147
What scenario indicates that SecureXL is enabled?
- A. SecureXL can be disabled in cpconfig
- B. Dynamic objects are available in the Object Explorer
- C. Only one packet in a stream is seen in a fw monitor packet capture
- D. fwaccel commands can be used in clish
Answer: D
Explanation:
SecureXL is a technology that accelerates the performance of the Check Point Security Gateway by offloading CPU-intensive operations from the Firewall kernel to the SecureXL device. SecureXL can handle various types of traffic, such as TCP, UDP, ICMP, non-IP, VPN, NAT, etc. SecureXL can also work with various features, such as CoreXL, ClusterXL, QoS, etc.
One way to indicate that SecureXL is enabled is to use the fwaccel commands in clish. Clish is a command-line shell that provides a user-friendly interface for configuring and managing Check Point products. The fwaccel commands are used to control and monitor SecureXL operations, such as enabling or disabling SecureXL, viewing SecureXL statistics, managing SecureXL templates, etc. For example, the command fwaccel stat shows the status of SecureXL, such as whether it is on or off, how many packets are accelerated or not accelerated, etc.
The other options are not valid indicators of SecureXL being enabled:
A) Dynamic objects are available in the Object Explorer: Dynamic objects are objects that represent IP addresses that change over time, such as VPN clients, DHCP clients, etc. Dynamic objects are available in the Object Explorer regardless of whether SecureXL is enabled or not.
B) SecureXL can be disabled in cpconfig: Cpconfig is a command-line tool that allows you to configure various settings of Check Point products, such as administrator password, GUI clients, SNMP extension, etc. SecureXL can be disabled in cpconfig only if it was enabled before. Therefore, this option does not indicate that SecureXL is enabled.
D) Only one packet in a stream is seen in a fw monitor packet capture: Fw monitor is a command-line tool that allows you to capture and analyze network traffic passing through the Security Gateway. Fw monitor shows the traffic at different inspection points in the Firewall kernel. If SecureXL is enabled, some packets may be accelerated by SecureXL and bypass the Firewall kernel inspection. Therefore, fw monitor may not see all packets in a stream. However, this does not mean that only one packet in a stream will be seen by fw monitor. Some packets may still go through the Firewall kernel inspection and be seen by fw monitor. Therefore, this option does not indicate that SecureXL is enabled.
Therefore, the correct answer is C.
Topic 2, Exam Pool C
NEW QUESTION # 148
......
Free 156-315.81 Exam Braindumps CheckPoint Pratice Exam: https://pass4sure.dumps4pdf.com/156-315.81-valid-braindumps.html