156-315.81 Exam Questions

Total 422 Questions

Last Updated Exam : 16-Dec-2024

Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.


A. User data base corruption


B. LDAP conflicts


C. Traffic issues


D. Phase two key negotiations





C.
  Traffic issues

Explanation: Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark.

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?


A. fwd via cpm


B. fwm via fwd


C. cpm via cpd


D. fwd via cpd





A.
  fwd via cpm

Explanation: The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via the cpm process. The cpm process is the main management process that handles database operations, policy installation, and communication with GUI clients via TCP port 190093. The other options are either incorrect or irrelevant to the log flow. References: Certified Security Expert (CCSE) R81.20 Course Overview, Check Point Ports Used for Communication by Various Check Point Modules

Which method below is NOT one of the ways to communicate using the Management API’s?


A. Typing API commands using the “mgmt_cli” command


B. Typing API commands from a dialog box inside the SmartConsole GUI application


C. Typing API commands using Gaia’s secure shell(clish)19+


D. Sending API commands over an http connection using web-services





D.
  Sending API commands over an http connection using web-services

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?


A. /opt/CPshrd-R81/conf/local.arp


B. /var/opt/CPshrd-R81/conf/local.arp


C. $CPDIR/conf/local.arp


D. $FWDIR/conf/local.arp





D.
  $FWDIR/conf/local.arp

Explanation: The file that contains the host address to be published, the MAC address that needs to be associated with the IP address, and the unique IP of the interface that responds to ARP request is $FWDIR/conf/local.arp. Local.arp is a configuration file that defines static ARP entries for hosts behind NAT devices. This file allows the Security Gateway to respond to ARP requests for NATed hosts with the correct MAC address, and to publish the NATed IP address instead of the real IP address. The other files are either not related or not valid.

How many images are included with Check Point TE appliance in Recommended Mode?


A. 2(OS) images


B. images are chosen by administrator during installation


C. as many as licensed for


D. the newest image





A.
  2(OS) images

Explanation: The Check Point TE appliance in Recommended Mode includes 2(OS) images. One image is used for running the appliance, and the other image is used for backup and recovery purposes. The images are not chosen by the administrator during installation, nor based on the license or the latest version.

What are the three components for Check Point Capsule?


A. Capsule Docs, Capsule Cloud, Capsule Connect


B. Capsule Workspace, Capsule Cloud, Capsule Connect


C. Capsule Workspace, Capsule Docs, Capsule Connect


D. Capsule Workspace, Capsule Docs, Capsule Cloud





D.
  Capsule Workspace, Capsule Docs, Capsule Cloud

Explanation: The three components for Check Point Capsule are Capsule Workspace, Capsule Docs, and Capsule Cloud. Capsule Workspace is a secure container app that allows users to access corporate data and applications from their mobile devices. Capsule Docs is a solution that protects documents with encryption and granular access control. Capsule Cloud is a cloud-based security service that enforces security policies on devices that are outside the corporate network. References: Check Point Capsule

To fully enable Dynamic Dispatcher on a Security Gateway:


A. run fw ctl multik set_mode 9 in Expert mode and then Reboot.


B. Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.


C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.


D. run fw multik set_mode 1 in Expert mode and then reboot.





A.
  run fw ctl multik set_mode 9 in Expert mode and then Reboot.

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?


A. 50%


B. 75%


C. 80%


D. 15%





D.
  15%

Explanation: Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to a certain threshold. In this case, the correct threshold is specified as option D: 15%.
So, when the available disk space reaches or falls below 15%, old log entries should be deleted to free up space.
Options A, B, and C do not represent the recommended threshold for deleting old log entries according to Check Point's best practices.

What command verifies that the API server is responding?


A. api stat


B. api status


C. show api_status


D. app_get_status





B.
  api status

Which is NOT an example of a Check Point API?


A. Gateway API


B. Management API


C. OPSC SDK


D. Threat Prevention API





A.
  Gateway API

Explanation: Gateway API is not an example of a Check Point API. Check Point APIs are interfaces that enable interactions with Check Point products using automation scripts or external applications. The examples of Check Point APIs are Management API, OPSEC SDK, Threat Prevention API, Identity Awareness Web Services API, and others4. Gateway API is not a valid Check Point API name. References: Check Point R81 Security Management Administration Guide, Check Point APIs


Page 5 out of 43 Pages
Previous