156-315.81.20 VS 156-315.81, Which is the Correct Exam for Check Point Certified Security Expert (CCSE) Certification?

1. Identify the API that is not supported by Check Point currently.

2. SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data.

Which component is NOT part of the SandBlast Mobile solution?

3. What are the different command sources that allow you to communicate with the API server?

4. What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

5. Which TCP-port does CPM process listen to?

6. Which method below is NOT one of the ways to communicate using the Management API’s?

7. Your manager asked you to check the status of SecureXL, and its enabled templates and features.

What command will you use to provide such information to manager?

8. SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser.

What are the two modes of SNX?

9. Which command would disable a Cluster Member permanently?

10. Which two of these Check Point Protocols are used by SmartEvent Processes?

11. Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

12. Which of these statements describes the Check Point ThreatCloud?

13. Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

14. Which command will allow you to see the interface status?

15. Which command can you use to enable or disable multi-queue per interface?

16. To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab.

How many options are available to calculate the traffic direction?

17. There are 4 ways to use the Management API for creating host object with R81 Management API.

Which one is NOT correct?

18. CoreXL is supported when one of the following features is enabled:

19. You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher.

How can you enable them?

20. Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

21. Which command is used to set the CCP protocol to Multicast?

22. Which packet info is ignored with Session Rate Acceleration?

23. Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?

24. During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity.

Which of those hosts should you try to remediate first?

25. In R81 spoofing is defined as a method of:

26. Connections to the Check Point R81 Web API use what protocol?

27. Which command lists all tables in Gaia?

28. What is true about the IPS-Blade?

29. Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

30. What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

31. What Factor preclude Secure XL Templating?

32. In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

33. Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

34. The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

35. What is not a component of Check Point SandBlast?

36. Full synchronization between cluster members is handled by Firewall Kernel.

Which port is used for this?

37. Fill in the blank: The command ___________________ provides the most complete restoration of a

R81 configuration.

38. Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:

39. Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

40. Which of the SecureXL templates are enabled by default on Security Gateway?

41. What happen when IPS profile is set in Detect Only Mode for troubleshooting?

42. What is true about VRRP implementations?

43. The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______.

44. Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

45. In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

46. What is the mechanism behind Threat Extraction?

47. You want to gather and analyze threats to your mobile device. It has to be a lightweight app.

Which application would you use?

48. Which view is NOT a valid CPVIEW view?

49. Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

50. fwssd is a child process of which of the following Check Point daemons?

51. Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

52. CPM process stores objects, policies, users, administrators, licenses and management data in a database.

The database is:

53. If you needed the Multicast MAC address of a cluster, what command would you run?

54. Which is NOT an example of a Check Point API?

55. What are the three components for Check Point Capsule?

56. Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

57. The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

58. You have successfully backed up Check Point configurations without the OS information.

What command would you use to restore this backup?

59. The Firewall Administrator is required to create 100 new host objects with different IP addresses.

What API command can he use in the script to achieve the requirement?

60. Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

61. You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

62. When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

63. On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

64. How many images are included with Check Point TE appliance in Recommended Mode?

65. What is the least amount of CPU cores required to enable CoreXL?

66. You are working with multiple Security Gateways enforcing an extensive number of rules.

To simplify security administration, which action would you choose?

67. Which of the following authentication methods ARE NOT used for Mobile Access?

68. What is the correct command to observe the Sync traffic in a VRRP environment?

69. What has to be taken into consideration when configuring Management HA?

70. What is the difference between an event and a log?

71. What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

72. Which statement is NOT TRUE about Delta synchronization?

73. The Event List within the Event tab contains:

74. Which statement is correct about the Sticky Decision Function?

75. Which statement is true regarding redundancy?

76. Post-Automatic/Manual NAT rules

77. In R81, how do you manage your Mobile Access Policy?

78. R81.10 management server can manage gateways with which versions installed?

79. Which command can you use to verify the number of active concurrent connections?

80. Which of the following statements is TRUE about R81 management plug-ins?

81. How can SmartView application accessed?

82. What command verifies that the API server is responding?

83. Where you can see and search records of action done by R81 SmartConsole administrators?

84. Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

85. The Firewall kernel is replicated multiple times, therefore:

86. Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane.

Which is NOT an option to adjust or configure?

87. To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

88. Advanced Security Checkups can be easily conducted within:

89. What is the limitation of employing Sticky Decision Function?

90. Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

91. Which of the following process pulls application monitoring status?

92. To fully enable Dynamic Dispatcher on a Security Gateway:

93. Session unique identifiers are passed to the web api using which http header option?

94. Which command shows actual allowed connections in state table?

95. What SmartEvent component creates events?

96. Which command collects diagnostic data for analyzing customer setup remotely?