156-315.81 Online Practice Questions and Answers

Correct Answer: D

Anti-Bot is a post-infection malware protection that detects and blocks botnet communications from infected hosts to Command and Control servers. It is different from other Threat Prevention mechanisms that prevent malware from entering the network or executing on the hosts. References: Anti-Bot Software Blade

Correct Answer: B

To add a file to the Threat Prevention Whitelist, you need two items:

B. Object Name and MD5 signature

You need the Object Name to identify the file or object you want to whitelist, and the MD5 signature to specify the unique hash value of that file. The MD5 signature ensures that the specific file you want to whitelist is identified accurately.

References: Check Point Certified Security Expert R81 Study Guide, Threat Prevention Administration Guide.

Correct Answer: B

The extended master key extension/session hash is a feature introduced in TLS 1.3 to prevent a Man-in-the-Middle attack/disclosure of the client-server communication. It works by generating a unique session hash for each connection, which is derived from the master key and other parameters. This session hash is then used to authenticate the application data and the end-of-handshake messages, ensuring that no one can tamper with or eavesdrop on the communication. References: Check Point Security Expert R81 Course, TLS 1.3 RFC

Correct Answer: C

DES (Data Encryption Standard) is a symmetric block cipher that uses a 56-bit key to encrypt and decrypt 64-bit blocks of data. It was developed by IBM in 1975 and adopted by the US government as a standard for encryption. However, DES has been proven to be insecure and vulnerable to various attacks, such as brute force, differential cryptanalysis, and linear cryptanalysis. A brute force attack can break DES in a matter of hours using modern hardware. Differential cryptanalysis can reduce the number of keys to be searched by a factor of four, and linear cryptanalysis can reduce it by a factor of two. Therefore, DES is the least secure encryption algorithm among the options given. References: Types of Encryption, Secure Organization's Data With These Encryption Algorithms, Comparative study of symmetric cryptographic algorithms

Correct Answer: C

The "fw monitor" tool can be best used to troubleshoot network traffic issues. Fw monitor is a tool that allows administrators to capture packets at different inspection points in the Firewall kernel, and apply filters and flags to analyze the traffic. Fw monitor can help troubleshoot network connectivity problems, packet drops, NAT issues, VPN issues, and more. The other options are either not related or less suitable for fw monitor.

Correct Answer: B

The responsibility of SOLR process on R81.20 management server is to generate indexes of data written to the database. SOLR is an open source search platform that provides fast and scalable indexing and querying capabilities. SOLR is used by the R81.20 management server to index data such as logs, objects, policies, tasks, and events, and to enable quick and efficient searches on this data by SmartConsole and SmartView applications.

Correct Answer: A

The correct answer is A. SecurelD.

SecurelD is an authentication method that uses a token-based system to generate one- time passwords (OTPs) for users. Users need to have a physical or software token that displays a code that changes periodically. The code is used

along with a personal identification number (PIN) to authenticate the user. DynamiclD is another authentication method that uses OTPs, but it does not require a token. Instead, it sends the OTP to the user's email or phone number. Radius

and TACACS are protocols that allow remote authentication of users through a centralized server. They do not use tokens, but they can support different types of authentication methods, such as passwords, certificates, or OTPs.

References:

Certified Security Expert (CCSE) R81.20 Course Overview1 What Is Token-Based Authentication? | Okta2

Correct Answer: B

In R81, you manage your Mobile Access Policy from the Mobile Console. The Mobile Console is a separate web-based interface that allows you to configure and monitor Mobile Access features, such as VPN, portal, applications, users, devices, and certificates. The Mobile Console can be accessed from any browser by entering https:///mobileconsole. References: [Mobile Console]

Correct Answer: B

It is false that it is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior. In fact, SIC is required between the primary and

secondary management server for Management HA to work properly. SIC ensures secure communication between the management servers and allows the standby server to receive updates from the active server. Without SIC, the standby

server will not be able to synchronize with the active server and will not be ready to take over in case of a failover.

References:

Solved: Management HA - Check Point CheckMates, section "Synchronizing Active and Standby Servers"

CheckPoint Management Server R81 HA Configuration | Udemy, section "How to set it up in the PNET lab environment"

Check Point R81, section "Management High Availability"

Correct Answer: C

The approach that will allow you to configure individual policies for each application when configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access is Very Advanced Approach. This approach lets you define compliance rules for each application separately and assign different actions for each rule. You can also create custom messages and notifications for each application. The other approaches are either less granular or not applicable in this scenario. The Basic Approach lets you define compliance rules for all applications globally and assign a single action for all rules. The Medium Approach lets you define compliance rules for all applications globally and assign different actions for each rule. The Strong Approach is not a valid option for Endpoint Compliance Settings. References: [Endpoint Compliance Settings]