CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-315.81

Free 156-315.81 Exam Braindumps (page: 38)

Page 37 of 158
PDF with 628 Questions

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

  1. cphaprob set int fwha_vmac_global_param_enabled 1
  2. clusterXL set int fwha_vmac_global_param_enabled 1
  3. fw ctl set int fwha_vmac_global_param_enabled 1
  4. cphaconf set int fwha_vmac_global_param_enabled 1

Answer(s): C

Explanation:

To enable VMAC mode on a cluster member, you need to set the value of the global kernel parameter fwha_vmac_global_param_enabled to 1. This can be done on-the-fly using the command fw ctl set int fwha_vmac_global_param_enabled 1 on all cluster members. This command does not require a reboot or a policy installation. VMAC mode allows the cluster to use a virtual MAC address for its virtual IP addresses, which reduces the number of gratuitous ARP packets sent upon failover and avoids ARP cache issues on some routers and switches.


Reference:

How to enable ClusterXL Virtual MAC (VMAC) mode



To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection.
Which of the these is NOT a SecureXL template?

  1. Accept Template
  2. Deny Template
  3. Drop Template
  4. NAT Template

Answer(s): B

Explanation:

SecureXL templates are a mechanism to accelerate the rate of connection establishment by grouping connections that match a particular service and whose sole differentiating element is the source port. SecureXL templates enable even the very first packets of a TCP handshake to be accelerated,

without waiting for the Firewall kernel to create a connection entry. The first packets of the first connection on the same service will be forwarded to the Firewall kernel, which will then create a template of the connection. The template will contain all the relevant information for the connection, such as source and destination IP addresses, destination port, NAT information, policy decision, etc. The template will be used by SecureXL to handle subsequent connections on the same service, without involving the Firewall kernel. This reduces the CPU load and increases the throughput.
There are three types of SecureXL templates: Accept, Drop, and NAT. Accept templates are used for connections that are allowed by the Firewall policy. Drop templates are used for connections that are blocked by the Firewall policy. NAT templates are used for connections that require NAT translation. Deny templates are not a valid type of SecureXL template.


Reference:

SecureXL NAT Templates in R80.20 and lower, Part 3 - SecureXL, Security Gateway Performance Optimization - Part 5 - SecureXL



Which of the following is NOT a type of Check Point API available in R81.x?

  1. Identity Awareness Web Services
  2. OPSEC SDK
  3. Mobile Access
  4. Management

Answer(s): C

Explanation:

Check Point API is a set of web services that enable the usage of functions and commands in a dynamic and automated fashion. Check Point API is available in different types, each serving a different purpose and functionality. According to the Check Point Resource Library1, the following are the types of Check Point API available in R81.x:
Identity Awareness Web Services: This type of API allows external applications to send identity and location information to the Security Gateway, which can then use this information for policy enforcement. Identity Awareness Web Services can be used for scenarios such as guest registration, captive portal, identity agents, etc.
OPSEC SDK: This type of API provides a framework for developing applications that interact with

Check Point products using the OPSEC (Open Platform for Security) protocol. OPSEC SDK can be used for scenarios such as log export, event management, anti-virus integration, etc. Management: This type of API allows external applications to perform management operations on the Check Point Management server using RESTful web services. Management API can be used for scenarios such as policy installation, object creation, configuration backup, etc. Mobile Access is not a type of Check Point API, but rather a feature that provides secure remote access to corporate resources from various devices. Mobile Access uses SSL VPN technology and supports different authentication methods and access scenarios.


Reference:

What is an API Gateway?, How to use Check Point API with Postman quick guide, Home - Check Point Developers, Introduction to RESTful APIs and JSON format, Checkpoint API tutorial, part 1 - getting started



When an encrypted packet is decrypted, where does this happen?

  1. Security policy
  2. Inbound chain
  3. Outbound chain
  4. Decryption is not supported

Answer(s): A

Explanation:

When an encrypted packet is received by a Check Point Security Gateway, it is decrypted according to the security policy. The security policy defines the rules and settings for encryption and decryption of traffic, such as the encryption algorithm, the encryption domain, the pre-shared secret or certificate, etc. The security policy is enforced by the Firewall kernel, which is responsible for decrypting the packets before passing them to the inbound chain for further inspection. The inbound chain consists of various inspection modules that apply security checks and actions on the decrypted packets. The outbound chain is the reverse process, where the packets are inspected and then encrypted according to the security policy before being sent out.


Reference:

Check Point Firewall Security Solution, Check Point R81 Cyber Security Platform, Check Point VPN Administration Guide R81






Post your Comments and Discuss Checkpoint 156-315.81 exam with other Community members:

156-315.81 Exam Discussions & Posts