CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-315.81

Free 156-315.81 Exam Braindumps (page: 39)

Page 38 of 158
PDF with 628 Questions

John is using Management H

  1. Which Smartcenter should be connected to for making changes?
  2. secondary Smartcenter
  3. active Smartenter
  4. connect virtual IP of Smartcenter HA
  5. primary Smartcenter

Answer(s): B

Explanation:

Management HA is a feature that allows the Security Management server to have one or more backup Standby Security Management servers that are ready to take over in case of failure1. The Active Security Management server is the one that handles all the management operations, such as policy installation, object creation, configuration backup, etc. The Standby Security Management servers are synchronized with the Active Security Management server and store the same data, such as databases, certificates, CRLs, etc. The Standby Security Management servers can also perform some operations, such as fetching a Security Policy or retrieving a CRL1. To make changes to the system, such as editing objects or policies, the administrator needs to connect to the Active Security Management server. This is because the Active Security Management server is the only one that can modify the data and synchronize it with the Standby Security Management servers. The administrator can use SmartConsole to connect to the Active Security Management server by entering its IP address or hostname1. The administrator can also use SmartDashboard to connect to the Active Security Management server by selecting Policy > Management High Availability. This shows information about the Security Management server that includes its peers - displayed with the name, status and type of Security Management server1.
The other options are incorrect because:
A) secondary Smartcenter: This is a synonym for a Standby Security Management server, which cannot be used to make changes to the system.
C) connect virtual IP of Smartcenter HA: This is not a valid option because there is no virtual IP for Smartcenter HA. Each Security Management server has its own IP address and hostname. D) primary Smartcenter: This is a synonym for the Active Security Management server, but it is not the correct term to use. The term primary implies that there is only one Active Security Management server, which is not true. The administrator can put the Active Security Management server on standby and promote a Standby Security Management server to active at any time1.


Reference:

How to Configure Management HA



You are asked to check the status of several user-mode processes on the management server and gateway.
Which of the following processes can only be seen on a Management Server?

  1. fwd
  2. fwm
  3. cpd
  4. cpwd

Answer(s): B

Explanation:

User-mode processes are processes that run in the user space of the operating system, as opposed to kernel-mode processes that run in the kernel space. User-mode processes are usually less privileged and have less access to system resources than kernel-mode processes. Check Point products use both user-mode and kernel-mode processes to provide various functionalities and services.

The following are some of the user-mode processes that can be seen on the management server and gateway:
fwd: This process is responsible for policy installation, logging, and communication with other Check Point components. It runs on both the management server and gateway. cpd: This process is responsible for licensing, certificate management, and communication with SmartConsole. It runs on both the management server and gateway. cpwd: This process is responsible for monitoring and restarting other processes. It runs on both the management server and gateway.
The following is a user-mode process that can only be seen on the management server:
fwm: This process is responsible for managing the security policy database, compiling the security policy, and generating reports. It runs only on the management server.
Therefore, the correct answer is B)


Reference:

Check Point Processes and Daemons, Check Point Processes Cheat Sheet, Check Point Firewall Security Solution



What scenario indicates that SecureXL is enabled?

  1. Dynamic objects are available in the Object Explorer
  2. SecureXL can be disabled in cpconfig
  3. fwaccel commands can be used in clish
  4. Only one packet in a stream is seen in a fw monitor packet capture

Answer(s): C

Explanation:

SecureXL is a technology that accelerates the performance of the Check Point Security Gateway by offloading CPU-intensive operations from the Firewall kernel to the SecureXL device. SecureXL can handle various types of traffic, such as TCP, UDP, ICMP, non-IP, VPN, NAT, etc. SecureXL can also work with various features, such as CoreXL, ClusterXL, QoS, etc. One way to indicate that SecureXL is enabled is to use the fwaccel commands in clish. Clish is a command-line shell that provides a user-friendly interface for configuring and managing Check Point products. The fwaccel commands are used to control and monitor SecureXL operations, such as enabling or disabling SecureXL, viewing SecureXL statistics, managing SecureXL templates, etc. For example, the command fwaccel stat shows the status of SecureXL, such as whether it is on or off, how many packets are accelerated or not accelerated, etc. The other options are not valid indicators of SecureXL being enabled:
A) Dynamic objects are available in the Object Explorer: Dynamic objects are objects that represent IP addresses that change over time, such as VPN clients, DHCP clients, etc. Dynamic objects are available in the Object Explorer regardless of whether SecureXL is enabled or not. B) SecureXL can be disabled in cpconfig: Cpconfig is a command-line tool that allows you to configure various settings of Check Point products, such as administrator password, GUI clients, SNMP extension, etc. SecureXL can be disabled in cpconfig only if it was enabled before. Therefore, this option does not indicate that SecureXL is enabled.
D) Only one packet in a stream is seen in a fw monitor packet capture: Fw monitor is a command-line tool that allows you to capture and analyze network traffic passing through the Security Gateway. Fw monitor shows the traffic at different inspection points in the Firewall kernel. If SecureXL is enabled, some packets may be accelerated by SecureXL and bypass the Firewall kernel inspection. Therefore, fw monitor may not see all packets in a stream. However, this does not mean that only one packet in a stream will be seen by fw monitor. Some packets may still go through the Firewall kernel inspection and be seen by fw monitor. Therefore, this option does not indicate that SecureXL is enabled.
Therefore, the correct answer is C.


Reference:

How to enable/disable Check Point SecureXL via CLI, Part 3 - SecureXL, What is SecureXL?, Clish - Command Line Interface Shell, sk30583: What is FW Monitor?



What processes does CPM control?

  1. Object-Store, Database changes, CPM Process and web-services
  2. web-services, CPMI process, DLEserver, CPM process
  3. DLEServer, Object-Store, CP Process and database changes
  4. web_services, dle_server and object_Store

Answer(s): D

Explanation:

CPM stands for Check Point Management, which is a process that runs on the Security Management server and controls the management operations, such as policy installation, object creation, configuration backup, etc. CPM also controls other processes that are related to the management functions, such as:
web_services: This process is responsible for providing web services for the communication between SmartConsole and the Security Management server. It handles requests from SmartConsole clients and forwards them to CPM or other processes.
dle_server: This process is responsible for managing the log files and indexes. It handles queries from SmartLog and SmartEvent and provides log data to CPM or other processes. object_Store: This process is responsible for storing and retrieving objects from the database. It handles requests from CPM or other processes and provides object data.
Therefore, the correct answer is D)
The other options are incorrect because:
A) Object-Store, Database changes, CPM Process and web-services: This option includes some processes that are controlled by CPM, such as Object-Store, CPM Process, and web-services, but it also includes Database changes, which is not a process but an action performed by CPM or other processes.
B) web-services, CPMI process, DLEserver, CPM process: This option includes some processes that are controlled by CPM, such as web-services, DLEserver, and CPM process, but it also includes CPMI process, which is not a process but a protocol used by CPM or other processes to communicate with each other.
C) DLEServer, Object-Store, CP Process and database changes: This option includes some processes that are controlled by CPM, such as DLEServer and Object-Store, but it also includes CP Process and database changes, which are not processes but a generic term for any Check Point process and an action performed by CPM or other processes respectively.


Reference:

Check Point Processes and Daemons, Check Point Processes Cheat Sheet, Check Point Firewall Security Solution






Post your Comments and Discuss Checkpoint 156-315.81 exam with other Community members:

156-315.81 Exam Discussions & Posts