Checkpoint 156-315.81 - Check Point Certified Security Expert R81.20

After installing a new multicore CPU to replace the existing single core CPU, the administrator is required to perform one additional task, which is to increase the number of kernel instances using cpconfig. This is because by default, only one kernel instance is enabled on a Security Gateway. To take advantage of multiple cores, the administrator needs to configure more kernel instances according to the number of cores available on the CPU. References: Configuring CoreXL

 The only way to make objects locked for editing available for other administrators is to publish or discard the session that contains the changes. Publishing the session will save and share the changes with other administrators, while discarding the session will undo and discard the changes. Saving the session will only save the changes locally, but not share them with others or release the locks. Reverting the session will restore a previous version of the session, but not affect the locks. Saving and installing the policy will only install the policy on the gateways, but not share or discard the changes in SmartConsole. Deleting older versions of database will only free up disk space, but not affect the locks. 

 Secure Configuration Verification (SCV) is a feature that allows the Mobile Access Gateway to check the compliance of remote access clients with the enterprise security policy before granting them access to internal resources. SCV checks can be defined in a file named local.scv, which is located in the $FWDIR/conf directory on the Mobile Access Gateway1. The file can be edited manually or using the SCV Editor tool2. Therefore, the correct answer is D.

References: 1: Secure Configuration Verification 2: SCV Editor

The best way to test if the policy from two weeks ago have the same issue is to install the specific version of the policy from the installation history view of the gateway. This way, you can keep the changes from the last weeks in the management server and revert back to them later if needed. You do not need to take a backup or a snapshot of the gateway or the management server for this purpose. References: [Check Point Security Expert R81 Administration Guide], page 34.

The CPD daemon is a Firewall Kernel Process that does not pull application monitoring status. The CPD daemon is responsible for Secure Internal Communication (SIC), restarting daemons if they fail, transferring messages between Firewall processes, and managing policy installation. References: CPD process

 Tom will need two machines to install Check Point R81 in a distributed deployment, if he does not include a SmartConsole machine in his calculations. A distributed deployment consists of a Security Management Server that manages one or more Security Gateways. Therefore, Tom will need one machine for the Security Management Server and another machine for the Security Gateway. The other options are either too few or too many machines for a distributed deployment. References: Check Point R81 Installation and Upgrade Guide

The cpinfo tool generates a R81 Security Gateway configuration report that includes information about the hardware, operating system, product version, patches, and configuration settings. References: cpinfo - Check Point Support Center

 Gateway API is not an example of a Check Point API. Check Point APIs are interfaces that enable interactions with Check Point products using automation scripts or external applications. The examples of Check Point APIs are Management API, OPSEC SDK, Threat Prevention API, Identity Awareness Web Services API, and others4. Gateway API is not a valid Check Point API name. References: Check Point R81 Security Management Administration Guide, Check Point APIs

The Event List within the Event tab contains events generated by a query. The Event List shows the events that match the query criteria, such as time range, filter, and aggregation. The events can be sorted by different columns, such as severity, time, action, and source3. The other options are either not part of the Event tab or not related to the Event List. References: Check Point R81 Logging and Monitoring Administration Guide

The CPM process is the core process of the Security Management Server that handles all management operations. It listens to TCP-port 19009 by default. References: CPM process

To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. You can enable them by using the command fw ctl multik set_mode 9. This command sets the SecureXL mode to 9, which means that Priority Queues are enabled and Dynamic Dispatcher is fully enabled. References: SecureXL Mechanism

 When doing a Stand-Alone Installation, you would install the Security Management Server with the Security Gateway as the other Check Point architecture component. A Stand-Alone Installation is where the Security Management Server and the Security Gateway are installed on the same machine2. The other options are either not Check Point architecture components, or not suitable for a Stand-Alone Installation. References: Check Point R81 Installation and Upgrade Guide

References:

The Audit Log is a feature that records all the actions performed by R81 SmartConsole administrators, such as logging in, logging out, publishing, installing policy, creating objects, modifying rules, etc. You can see and search records of action done by R81 SmartConsole administrators by following these steps:

In SmartConsole, go to Logs & Monitor view.

In the left pane, select Open Audit Log View.

In the right pane, you will see a table that shows all the audit log records. You can filter, sort, group, or search the records by using the toolbar options.

You can also double-click on a record to see more details in a pop-up window. References: R81 Logging and Monitoring Administration Guide

 The attributes that SecureXL will check after the connection is allowed by Security Policy are Source address, Destination address, Source port, Destination port, Protocol. These are the five tuple parameters that define a connection and are used by SecureXL to accelerate the traffic. The other options are either missing some of the parameters or include irrelevant ones, such as MAC addresses1. References: Check Point R81 SecureXL Administration Guide