Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-315.81

Checkpoint 156-315.81 Exam Questions
Check Point Certified Security Expert R81 (Page 20 )

Updated On: 17-Feb-2026
Page 20 of 127
PDF with 628 Questions

Which of the following process pulls application monitoring status?

  1. fwd
  2. fwm
  3. cpwd
  4. cpd

Answer(s): D

Explanation:

The process that pulls application monitoring status is cpd. cpd is a daemon that runs on Check Point products and performs various tasks related to management communication, policy installation, license verification, logging, etc. cpd also monitors the status of other processes and applications on the system and reports it to the management server. cpd uses SNMP to collect information from various sources, such as blades, gateways, servers, etc. You can view the application monitoring status in SmartConsole by using the Gateways & Servers tab in the Logs & Monitor view.


Reference:

Check Point Processes and Daemons



To fully enable Dynamic Dispatcher on a Security Gateway:

  1. run fw ctl multik set_mode 9 in Expert mode and then Reboot.
  2. Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu.
  3. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
  4. run fw multik set_mode 1 in Expert mode and then reboot.

Answer(s): A

Explanation:

To fully enable Dynamic Dispatcher on a Security Gateway, you need to run the following command in Expert mode then reboot:



This command sets the multi-core mode to 9, which means that Dynamic Dispatcher is enabled without Firewall Priority Queues. Dynamic Dispatcher is a feature that optimizes the performance of Security Gateways with multiple CPU cores by dynamically allocating traffic to different cores based on their load and priority. Dynamic Dispatcher can improve the throughput and scalability of the Security Gateway, especially for traffic that is not accelerated by SecureXL. The other commands are not valid or do not enable Dynamic Dispatcher.


Reference:

R81 Performance Tuning Administration Guide



Session unique identifiers are passed to the web api using which http header option?

  1. X-chkp-sid
  2. Accept-Charset
  3. Proxy-Authorization
  4. Application

Answer(s): A

Explanation:

Session unique identifiers are passed to the web API using the X-chkp-sid HTTP header option. The web API is a service that runs on the Security Management Server and enables external applications to communicate with the Check Point management database using REST APIs. To use the web API, you need to create a session with the management server by sending a login request with your credentials. The management server will respond with a session unique identifier (SID) that represents your session. You need to pass this SID in every subsequent request to the web API using the X-chkp-sid HTTP header option. This way, the management server can identify and authenticate your session and perform the requested operations.


Reference:

Check Point R81 REST API Reference Guide



Which command shows actual allowed connections in state table?

  1. fw tab ­t StateTable
  2. fw tab ­t connections
  3. fw tab ­t connection
  4. fw tab connections

Answer(s): B

Explanation:

The correct command to show actual allowed connections in the state table is option B: fw tab ­t connections. This command displays the contents of the "connections" table, which contains information about the active connections being tracked by the firewall.

Option A (fw tab ­t StateTable) is incorrect as there is no "StateTable" table; it should be "connections."
Option C (fw tab ­t connection) is also incorrect, as it should be "connections." Option D (fw tab connections) is not the correct syntax for the command.


Reference:

Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.



What SmartEvent component creates events?

  1. Consolidation Policy
  2. Correlation Unit
  3. SmartEvent Policy
  4. SmartEvent GUI

Answer(s): B

Explanation:

The SmartEvent component that creates events is the Correlation Unit, which is responsible for correlating and analyzing security events to identify patterns and potential threats.

Option A, "Consolidation Policy," does not create events but is used to configure policies for event consolidation.
Option C, "SmartEvent Policy," is not responsible for creating events but is used to configure policies related to SmartEvent.
Option D, "SmartEvent GUI," is the graphical user interface for managing SmartEvent but does not create events itself.


Reference:

Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.






Post your Comments and Discuss Checkpoint 156-315.81 exam dumps with other Community members:

Join the 156-315.81 Discussion