Check Point Certified Security Expert R81
Last Update Apr 25, 2024
Total Questions : 617
We are offering FREE 156-315.81 Checkpoint exam questions. All you do is to just go and sign up. Give your details, prepare 156-315.81 free exam questions and then go for complete pool of Check Point Certified Security Expert R81 test questions that will help you more.
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
Which file gives you a list of all security servers in use, including port number?
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
What kind of information would you expect to see using the sim affinity command?
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
You want to store the GAIA configuration in a file for later reference. What command should you use?
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
What is the port used for SmartConsole to connect to the Security Management Server?
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
Which SmartConsole tab is used to monitor network and security performance?
: 131
Which command is used to display status information for various components?
What is a best practice before starting to troubleshoot using the “fw monitor” tool?
Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.10. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
NO: 180
What command can you use to have cpinfo display all installed hotfixes?
GAiA Software update packages can be imported and installed offline in situation where:
You want to verify if your management server is ready to upgrade to R81.10. What tool could you use in this process?
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
Customer’s R81 management server needs to be upgraded to R81.10. What is the best upgrade method when the management server is not connected to the Internet?
What is the main difference between Threat Extraction and Threat Emulation?
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?
Session unique identifiers are passed to the web api using which http header option?
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
The SmartEvent R81 Web application for real-time event monitoring is called:
Where you can see and search records of action done by R81 SmartConsole administrators?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
Which two of these Check Point Protocols are used by SmartEvent Processes?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
What statement best describes the Proxy ARP feature for Manual NAT in R81.10?
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available or other administrators? (Choose the BEST answer.)
In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
SmartEvent uses it's event policy to identify events. How can this be customized?
By default, how often does Threat Emulation update the engine on the Security Gateway?
What level of CPU load on a Secure Network Distributor would indicate that another may be necessary?
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:
Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily (asks the API services from Check Point fof the Management API. Firstly she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:
Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?
What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?
Alice & Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true?
Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
Which command collects diagnostic data for analyzing customer setup remotely?
What is the correct command to observe the Sync traffic in a VRRP environment?
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
If you needed the Multicast MAC address of a cluster, what command would you run?
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
What will be the effect of running the following command on the Security Management Server?
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?
After having saved the Cllsh Configuration with the "save configuration config.txt* command, where can you find the config.txt file?
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?
In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a
response before the peer host is declared ‘down’, you would set the_________?
Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)?
What command is used to manually failover a Multi-Version Cluster during the upgrade?
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .
IF the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is sent back through the kernel?
What destination versions are supported for a Multi-Version Cluster Upgrade?
After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again, He detected that the expert password is no longer valid. What is the most probable reason for this behavior?
What command is used to manually failover a cluster during a zero-downtime upgrade?
In which scenario will an administrator need to manually define Proxy ARP?
Alice & Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS):
You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?
Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?
What is the best method to upgrade a Security Management Server to R81.x when it is not connected to the Internet?
What state is the Management HA in when both members have different policies/databases?
Which of the following statements about Site-to-Site VPN Domain-based is NOT true?
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
John is using Management HA. Which Smartcenter should be connected to for making changes?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
Which of the following links will take you to the SmartView web application?
Using ClusterXL, what statement is true about the Sticky Decision Function?
What is the name of the secure application for Mail/Calendar for mobile devices?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
SmartEvent does NOT use which of the following procedures to identify events: