156-315.81 Online Practice Questions and Answers

Correct Answer: A

The statement that is correct about the Sticky Decision Function is It is not supported with either the Performance pack of a hardware based accelerator card. The Sticky Decision Function (SDF) is a feature that ensures that packets from the same connection are handled by the same cluster member in a Load Sharing configuration. However, SDF is not compatible with SecureXL acceleration, which is enabled by default or by using a Performance pack or a hardware based accelerator card4. The other statements are either incorrect or outdated about SDF. References: Check Point R81 ClusterXL Administration Guide, Sticky Decision Function - Check Point CheckMates

Correct Answer: D

The main difference between SSL VPN (Secure Sockets Layer Virtual Private Network) and IPSec VPN (Internet Protocol Security Virtual Private Network) is in the way they operate:

SSL VPN typically does not require the installation of a resident VPN client. It often relies on a web browser to establish the VPN connection, making it more convenient for remote users who may not want to install dedicated VPN software.

IPSec VPN, on the other hand, often requires the installation of a resident VPN client on the user's device to establish the VPN connection. This client software is necessary for configuring and managing the VPN connection. Option C, stating

that SSL VPN and IPSec VPN are the same, is incorrect because they have distinct characteristics as described above.

Option A is incorrect because it inaccurately suggests that IPSec VPN does not require a resident VPN client, which is not true in most cases. Option B is incorrect because it wrongly claims that SSL VPN requires the installation of a resident

VPN client.

References: Check Point Certified Security Expert R81 Study Guide

Correct Answer: C

NAT (Network Address Translation) is one item that will not be configured on the R81 Security Management Server when setting up an externally managed log server. NAT is a technique that allows devices with private IP addresses to communicate with devices with public IP addresses by translating the private addresses to public ones. NAT is not relevant for configuring an externally managed log server, which requires only the IP address, SIC (Secure Internal Communication), and FQDN (Fully Qualified Domain Name) of the log server. References: Check Point Security Expert R81 Course, Logging and Monitoring Administration Guide

Correct Answer: C

Check Point Capsule is a suite of solutions designed to provide comprehensive mobile security and secure access. The components of Check Point Capsule include:

Capsule Docs (Option A): A component that secures document sharing and protects sensitive data.

Capsule Cloud (Option B): A component that provides cloud-based security services.

Capsule Workspace (Option D): A component that provides secure workspace on mobile devices.

Option C, "Capsule Enterprise," is not a recognized component of Check Point Capsule based on the available information. Therefore, it is the correct answer as the component that is NOT part of Check Point Capsule.

References: Check Point Certified Security Expert (CCSE) R81 training materials and documentation.

Correct Answer: B

According to the Check Point R81 release notes, acceleration is not supported for connections that require a Security server, such as HTTPS Inspection, Content Awareness, or Anti-Virus. The Security server performs deep inspection and modification of the traffic, which prevents acceleration. The other options are either false or not the most likely reason. References: Check Point R81

Correct Answer: D

Ken can use either of the two commands lock database override or unlock database to obtain a configuration lock from another administrator on R81 Security Management Server via CLI. These commands allow him to override the existing lock and gain exclusive access to the database. He can also use the WebUI to perform the same action. References: Training and Certification | Check Point Software, New Courses and Certificates for R81.20 - Check Point CheckMates

Correct Answer: B

The best log filter to see only the IKE Phase 2 agreed networks for both gateways is B. action:"Key Install" AND 1.1.1.1 AND Quick Mode1. This filter will show you the logs that indicate the successful establishment of IKE Phase 2, which is also known as Quick Mode2. In this phase, the Security Gateway and the remote gateway negotiate the IPSec Security Associations (SAs) and exchange the encryption keys for the VPN tunnel2. The action:"Key Install" field shows that the SAs were installed successfully3. The 1.1.1.1 field shows that the logs are related to the remote gateway with that IP address3. The Quick Mode field shows that the logs are related to IKE Phase 2, as opposed to Main Mode, which is IKE Phase 13. To use this filter, you need to go to SmartConsole, open SmartLog, and enter the filter expression in the search box3. References: How to troubleshoot VPN issues with IKEVIEW tool - Check Point Software, IPsec and IKE - Check Point Software, SmartLog R81.20 Administration Guide - Check Point Software

Correct Answer: C

CoreXL is a technology that improves the performance of the Security Gateway by utilizing multiple CPU cores for processing traffic. CoreXL creates multiple instances of the firewall kernel (fwk) that run in parallel on different CPU cores. The

number of kernel instances can be configured using the cpconfig command on the Security Gateway3. The minimum number of CPU cores required to enable CoreXL is 2, as one core is reserved for SND (Secure Network Distributor) and

one core is used for running a kernel instance4. If the Security Gateway has only one CPU core, CoreXL cannot be enabled. Therefore, the correct answer is C.

References: 3: CoreXL Administration Guide 4: [CoreXL Frequently Asked Questions (FAQ)]

Correct Answer: D

Based on the image provided by the user, we can infer that rule 1 and object webserver are locked by another administrator. This is because they have red lock icons next to them, which indicate that they are being edited by another administrator in another session. The lock icons prevent other administrators from modifying these objects until the changes are published or discarded by the original administrator. The lock icons also show the name of the administrator who locked the objects when hovered over with the mouse cursor. The other options are incorrect because: Rule 7 was not created by the `admin' administrator in the current session, but by another administrator in another session. This is because it has a blue lock icon next to it, which indicates that it was added by another administrator in another session. The blue lock icon prevents other administrators from deleting this rule until the changes are published or discarded by the original administrator. 8 changes have not been made by administrators since the last policy installation, but in the current session by the `admin' administrator. This is because there is a yellow number 8 next to the Install Policy button, which indicates that there are 8 unpublished changes in the current session by the `admin' administrator. These changes will be published or discarded when the `admin' administrator clicks on Publish or Discard buttons. The rules 1, 5 and 6 can be edited by the `admin' administrator, but only after unlocking them from another administrator who locked them in another session. This is because they have red lock icons next to them, which indicate that they are being edited by another administrator in another session. The `admin' administrator can unlock these rules by right-clicking on them and selecting Unlock from the menu. However, this will discard the changes made by the original administrator who locked them.

Correct Answer: B

Rugged appliances are small appliances with ruggedized hardware that are designed for harsh environments. Like Quantum Spark appliances, they use Gaia embedded as their operating system. Gaia embedded is a lightweight version of Gaia that supports a subset of features and commands. References: [Check Point R81 Gaia Embedded Administration Guide]