Which two Cluster Solutions are available under R81.10?
Correct Answer: D
Explanation ClusterXL and VRRP are the two cluster solutions that are available under R81.10. According to the ClusterXL R81.10 Administration Guide1, ClusterXL is a Check Point software-based clustering solution that provides high availability and load sharing for Check Point Security Gateways and Cluster Members. ClusterXL supports two modes: High Availability and Load Sharing. In High Availability mode, all Cluster Members are connected to the same network segment and share a virtual IP address. One member is active and handles all traffic, while the others are in standby mode and ready to take over in case of a failure. In Load Sharing mode, all Cluster Members are active and share the traffic load according to a predefined algorithm. ClusterXL supports both unicast and multicast modes for Load Sharing1. VRRP (Virtual Router Redundancy Protocol) is an industry standard protocol that provides high availability for routers or firewalls by creating a virtual router with a virtual IP address that is shared by a group of routers or firewalls. One router or firewall is elected as the master and handles all traffic directed to the virtual IP address, while the others are backups that monitor the master and take over if it fails. VRRP can be used with Check Point Security Gateways to provide redundancy and failover for external interfaces1. NSRP (NetScreen Redundancy Protocol) is a proprietary protocol developed by Juniper Networks that provides high availability and load balancing for NetScreen firewalls. NSRP is not supported by Check Point products2. HSRP (Hot Standby Router Protocol) is a Cisco proprietary protocol that provides high availability for routers by creating a virtual router with a virtual IP address that is shared by a group of routers. One router is elected as the active router and handles all traffic directed to the virtual IP address, while another router is elected as the standby router and monitors the active router and takes over if it fails. HSRP is not supported by Check Point products. IP Clustering is a feature of Linux Virtual Server (LVS) that provides high availability and load balancing for IP-based services by creating a cluster of real servers that are accessed through a virtual IP address. The cluster is managed by a director that routes requests to the real servers according to a scheduling algorithm. IP Clustering is not supported by Check Point products. References: : ClusterXL R81.10 Administration Guide : Check Point R81.10 : Solved: R81.10 - Check Point CheckMates : [Hot Standby Router Protocol - Wikipedia] : [Linux Virtual Server - Wikipedia]
Question 207
What is the default shell for the command line interface?
Correct Answer: B
The default shell of the CLI is called clish
Question 208
What is false regarding prerequisites for the Central Deployment usage?
Correct Answer: C
Explanation Establishing SIC between gateways and the management server is a prerequisite for Central Deployment usage, as the CDT tool will not take care of this automatically1. The administrator must have write permission on SmartUpdate, the Security Gateway must have the latest CPUSE Deployment Agent, and the Security Gateway must have a policy installed2. These are the basic requirements for using the Central Deployment Tool (CDT), which is a utility that lets you manage a deployment of software packages from your Management Server to the multiple managed Security gateways and cluster members at the same time2. The CDT can perform various actions, such as installation of software packages, taking snapshots, running shell scripts, pushing/pulling files, and automating the RMA backup and restore process2. The CDT is supported on Check Point Appliances with R80.40 and higher versions2. References: How to keep your Security Gateways up to date - Check Point Software, Central Deployment Tool (CDT) - Check Point CheckMates.
Question 209
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
Correct Answer: C
Explanation NAT (Network Address Translation) is one item that will not be configured on the R81 Security Management Server when setting up an externally managed log server. NAT is a technique that allows devices with private IP addresses to communicate with devices with public IP addresses by translating the private addresses to public ones. NAT is not relevant for configuring an externally managed log server, which requires only the IP address, SIC (Secure Internal Communication), and FQDN (Fully Qualified Domain Name) of the log server. References: Check Point Security Expert R81 Course, Logging and Monitoring Administration Guide
