156-315.81 Exam Questions

Total 422 Questions

Last Updated Exam : 16-Dec-2024

Which CLI command will reset the IPS pattern matcher statistics?


A. ips reset pmstat


B. ips pstats reset


C. ips pmstats refresh


D. ips pmstats reset





D.
  ips pmstats reset

Explanation: The CLI command to reset the IPS (Intrusion Prevention System) pattern matcher statistics is option D: ips pmstats reset. This command will reset the statistics related to the IPS pattern matcher.
Options A, B, and C are not the correct syntax for resetting the IPS pattern matcher statistics.
References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:


A. 18210


B. 18184


C. 257


D. 18191





B.
  18184

If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:


A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.


B. Change the Standby Security Management Server to Active.


C. Change the Active Security Management Server to Standby.


D. Manually synchronize the Active and Standby Security Management Servers.





A.
  Rename the hostname of the Standby member to match exactly the hostname of the Active member.

Explanation: The hostname of the Standby member should not be changed to match the hostname of the Active member, as this would cause a conflict in the network. The correct procedure is to change the hostname of the Active member to a different name, and then change the Standby member to the original hostname of the Active member1. References: 1: Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 9.

Which command will allow you to see the interface status?


A. cphaprob interface


B. cphaprob –I interface


C. cphaprob –a if


D. cphaprob stat





C.
  cphaprob –a if

What is true about VRRP implementations?


A. VRRP membership is enabled in cpconfig


B. VRRP can be used together with ClusterXL, but with degraded performance


C. You cannot have a standalone deployment


D. You cannot have different VRIDs in the same physical network





C.
  You cannot have a standalone deployment

Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.


A. infoCP


B. infoview


C. cpinfo


D. fw cpinfo





C.
  cpinfo

Explanation: The cpinfo tool generates a R81 Security Gateway configuration report that includes information about the hardware, operating system, product version, patches, and configuration settings.

In which deployment is the security management server and Security Gateway installed on the same appliance?


A. Standalone


B. Remote


C. Distributed


D. Bridge Mode





A.
  Standalone

Explanation: In a Standalone deployment, a Check Point computer runs both the Security Gateway and Security Management Server products. This means that the same appliance performs both network security functions and security policy management functions. A Standalone deployment is suitable for small or branch offices that do not require a separate management server. References: Check Point R81 Installation and Upgrade Guide, page 10

Which packet info is ignored with Session Rate Acceleration?


A. source port ranges


B. source ip


C. source port


D. same info from Packet Acceleration is used





C.
  source port

Explanation: Session Rate Acceleration is a SecureXL feature that accelerates the establishment of new connections by bypassing the inspection of the first packet of each session. Session Rate Acceleration ignores the source port information of the packet, as well as the destination port ranges, protocol type, and VPN information. The other packet info is used by Packet Acceleration, which is another SecureXL feature that accelerates the forwarding of subsequent packets of an established connection.
References: SecureXL Mechanism

Which statement is correct about the Sticky Decision Function?


A. It is not supported with either the Performance pack of a hardware based accelerator card


B. Does not support SPI’s when configured for Load Sharing


C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster


D. It is not required L2TP traffic





A.
  It is not supported with either the Performance pack of a hardware based accelerator card

Explanation: The statement that is correct about the Sticky Decision Function is It is not supported with either the Performance pack of a hardware based accelerator card. The Sticky Decision Function (SDF) is a feature that ensures that packets from the same connection are handled by the same cluster member in a Load Sharing configuration. However, SDF is not compatible with SecureXL acceleration, which is enabled by default or by using a Performance pack or a hardware based accelerator card4. The other statements are either incorrect or outdated about SDF.
References: Check Point R81 ClusterXL Administration Guide, Sticky Decision Function - Check Point CheckMates

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .


A. TCP Port 18190


B. TCP Port 18209


C. TCP Port 19009


D. TCP Port 18191





B.
  TCP Port 18209

Explanation: Check Point Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC using TCP port 18191 by default. CDT is a tool that allows you to perform simultaneous configuration changes on multiple gateways or clusters using predefined commands or scripts.
References: Check Point Central Deployment Tool (CDT)


Page 6 out of 43 Pages
Previous