Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

156-315-81-20 by Checkpoint - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Page 1 of 8 • Questions 1-25 of 187

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

What is “Accelerated Policy Installation”?

A Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly
B Starting in R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly
C Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly
D Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly

What is the biggest benefit of policy layers?

A To break one policy into several virtual policies.
B To include Threat Prevention as a sub policy for the firewall policy
C Policy Layers and Sub-Policies enable flexible control over the security policy
D They improve the performance on OS kernel version 3.0

Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R80.X. The Network Security Developer Team is having an issue testing the API with a newly deployed R80.X Security Management Server. Aaron wants to confirm API services are working properly. What should he do first?

A Aaron should check API Server status with “api status" from Expert mode. If services are stopped, he should start them with “api start".
B Aaron should check API Server status with “cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start”.
C Aaron should check API Server status with “fwm api status” from Expert mode. If services are stopped, he should start them with “fwm api start".
D Aaron should check API Server status with "cpm api status” from Expert mode. If services are stopped, he should start them with “cpi api start".

What command lists all interfaces using Multi-Queue?

A show interface all
B mq_mng –show
C show multiqueue all
D cpmq set

Which of the following cannot be configured in an Access Role Object?

A Networks
B Machines
C Users
D Time

Which of the following is NOT a type of Check Point API available in R80.x?

A Identity Awareness Web Services
B OPSEC SDK
C Management
D Mobile Access

Which User-mode process is responsible for the FW CLI commands?

A cpm
B cpd
C fwm
D fwd

What order should be used when upgrading a Management High Availability Cluster?

A Secondary Management, then Primary Management
B Active Management, then Standby Management
C Standby Management, then Active Management
D Primary Management, then Secondary Management

What could NOT be a reason for synchronization issues in a Management HA environment?

A Hardware clocks do not match even with adjustments for different time zones
B Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate
C There is a network connectivity failure between the servers
D The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server.

Which command shows only the table names of all kernel tables?

A fw tab –t
B fw tab –n
C fw tab –s
D fw tab –k

What is the command to check the status of Check Point processes?

A cphaprob list
B top
C cpwd_admin list
D cptop

What solution is Multi-queue intended to provide?

A Reduce the confusion for traffic capturing in FW Monitor
B Reduce the performance of network interfaces
C Improve the efficiency of CoreXL Kernel Instances
D Improve the efficiency of traffic handling by SecureXL SNDs

Which of the following is true regarding the Proxy ARP feature for Manual NAT?

A The local.arp file must always be configured
B Automatic proxy ARP configuration can be enabled
C fw ctl proxy should be configured
D Translate Destination on Client Side should be configured

What object type would you use to grant network access to an LDAP user group?

A Access Role
B Group Template
C SmartDirectory Group
D User Group

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using _______.

A UserCheck
B User Directory
C Captive Portal and Transparent Kerberos Authentication
D Captive Portal

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to ______ via ______.

A cpm, cpd
B cpwd, fwssd
C fwm, cpd
D cpd, fwm

What are the correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster(MVC)Upgrade?

A
1. In SmartConsole, change the version of the cluster object2) Upgrade the passive node M2 to R81.203) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 in CLISH: set cluster member mvc on4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails5) After examine the cluster states upgrade node M1 to R81.206) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole, change the version of the cluster object,
B
1. Enable the MVC mechanism on both cluster members #cphaprob mvc on2) Upgrade the passive node M2 to R81.203) In SmartConsole, change the version of the cluster object4) Install the Access Control Policy5) After examine the cluster states upgrade node M1 to R81.206) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy
C
1. Enable the MVC mechanism on both cluster members in CLISH: set cluster member mvc on2) Upgrade the passive node M2 to R81.203) In SmartConsole, change the version of the cluster object4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails5) After examine the cluster states upgrade node M1 to R81.206) On each Cluster Member, disable the MVC mechanism
D
1. Upgrade the passive node M2 to R81.202) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 #cphaconf mvc on3) In SmartConsole, change the version of the cluster object4) Install the Access Control Policy5) After examine the cluster states upgrade node M1 to R81.206) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.20

What destination versions are supported for a Multi-Version Cluster Upgrade?

A R77.30 and later
B R80.10 and Later
C R70 and Later
D R76 and later

You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?

A In the SmartConsole / Logs & Monitor –> open the Logs View and use type:Correlated as query filter.
B Select the Events tab in the SmartEvent GUI or use the Events tab in the SmartView web interface.
C Open SmartView Monitor and select the SmartEvent Window from the main menu.
D In the SmartConsole / Logs & Monitor –> open a new Tab and select External Apps / SmartEvent.

In SmartConsole, where do you manage your Mobile Access Policy?

A Through the Mobile Console
B Shared Gateways Policy
C From the Dedicated Mobility Tab
D Smart Dashboard

What is the difference between Updatable Objects and Dynamic Objects

A Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.
B Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there is no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.
C Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. For Dynamic Objects there is no need to install policy for the changes to take effect.
D Dynamic Objects are maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.

What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?

A There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing.
B The corresponding feature is new to R81.10 and is called “Management Data Plane Separation”
C The corresponding feature is called “Dynamic Split”
D The corresponding feature is called “Dynamic Dispatching”

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

A cpd
B fwd
C cpwd
D fwm

CoreXL is NOT supported when one of the following features is enabled:

A Overlapping NAT
B Route-based VPN
C IPv6
D IPS

The Check Point Central Deployment Tool (CDT) communicates with the Security Gateway(s) over Check Point SIC via ___________.

A TCP Port 19009
B TCP Port 18190
C TCP Port 18191
D TCP Port 18209

156-315-81-20Preview