CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-315.81

Free 156-315.81 Exam Braindumps (page: 8)

Page 8 of 158
PDF with 628 Questions

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

  1. Detects and blocks malware by correlating multiple detection engines before users are affected.
  2. Configure rules to limit the available network bandwidth for specified users or groups.
  3. Use UserCheck to help users understand that certain websites are against the company's security policy.
  4. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Answer(s): A

Explanation:

Detecting and blocking malware by correlating multiple detection engines before users are affected is not a feature associated with the Check Point URL Filtering and Application Control Blade. This feature is part of the Check Point SandBlast Network solution, which uses Threat Emulation and Threat Extraction technologies to prevent zero-day attacks. The other features are part of the URL

Filtering and Application Control Blade, which allows you to control access to web applications and sites based on various criteria.


Reference:

URL Filtering and Application Control Administration Guide



What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

  1. Stateful Mode
  2. VPN Routing Mode
  3. Wire Mode
  4. Stateless Mode

Answer(s): C

Explanation:

Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".


Reference:

VPN Administration Guide



What Factor preclude Secure XL Templating?

  1. Source Port Ranges/Encrypted Connections
  2. IPS
  3. ClusterXL in load sharing Mode
  4. CoreXL

Answer(s): A

Explanation:

SecureXL Templating is a feature that accelerates the processing of packets that belong to the same connection or session by creating a template for the first packet and applying it to the subsequent packets. SecureXL Templating is precluded by factors that prevent the creation of a template, such as source port ranges, encrypted connections, NAT, QoS, etc.


Reference:

SecureXL Mechanism



In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

  1. fw ctl sdstat
  2. fw ctl affinity ­l ­a ­r ­v
  3. fw ctl multik stat
  4. cpinfo

Answer(s): B

Explanation:

The fw ctl affinity -l -a -r -v command is the most accurate CLI command to get info about assignment (FW, SND) of all CPUs in your SGW. This command displays the affinity settings of all interfaces and processes in a verbose mode, including the Firewall (FW) and Secure Network Distributor (SND) instances.


Reference:

CoreXL Administration Guide



Page 8 of 158



Post your Comments and Discuss Checkpoint 156-315.81 exam with other Community members:

Fon commented on January 05, 2024
Q40 is wrong, correct reponse is 'Accept' template is enabled by default in R81.20
AUSTRALIA
upvote

Gavin commented on August 24, 2023
Question76 is wrong, Manual NAT ALWAYS comes first
Anonymous
upvote

stephane T commented on July 29, 2023
very usefull
CAMEROON
upvote