Customer's R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?
Correct Answer: C
Explanation CPUSE offline upgrade is the best upgrade method when the management server is not connected to the Internet. CPUSE (Check Point Upgrade Service Engine) is a tool that automates the process of upgrading and installing software packages on Check Point devices. CPUSE can work in online mode or offline mode. Online mode requires an Internet connection to download the packages from Check Point servers. Offline mode allows you to download the packages manually from another device and transfer them to the management server using a USB drive or SCP. References: Check Point Security Expert R81 Course, CPUSE Administration Guide
Question 322
From SecureXL perspective, what are the three paths of traffic flow:
Correct Answer: C
Explanation From SecureXL perspective, the three paths of traffic flow are Firewall Path, Accelerated Path, and Medium Path. Firewall Path is the path that handles packets that are not processed by SecureXL and are sent to the Firewall kernel for inspection. Accelerated Path is the path that handles packets that are processed by SecureXL and bypass the Firewall kernel. Medium Path is the path that handles packets that are partially processed by SecureXL and partially by the Firewall kernel1. References: Check Point R81 Performance Tuning Administration Guide
Question 323
By default, how often does Threat Emulation update the engine on the Security Gateway?
Correct Answer: A
Explanation By default, Threat Emulation updates the engine on the Security Gateway once per day. This is the recommended frequency for optimal performance and security. However, the admin can change the update frequency to a different value, such as once an hour, once a week, or twice per day, depending on the network needs and resources. The admin can also manually update the engine at any time using the SmartConsole or the command line interface. References: Threat Emulation Engine Release Updates - Check Point Software, Check Point R81.20 Gaia Fresh Install and upgrade
Question 324
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
Correct Answer: C
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".
Question 325
What can we infer about the recent changes made to the Rule Base?
Correct Answer: D
Explanation Based on the image provided by the user, we can infer that rule 1 and object webserver are locked by another administrator. This is because they have red lock icons next to them, which indicate that they are being edited by another administrator in another session. The lock icons prevent other administrators from modifying these objects until the changes are published or discarded by the original administrator. The lock icons also show the name of the administrator who locked the objects when hovered over with the mouse cursor. The other options are incorrect because: Rule 7 was not created by the 'admin' administrator in the current session, but by another administrator in another session. This is because it has a blue lock icon next to it, which indicates that it was added by another administrator in another session. The blue lock icon prevents other administrators from deleting this rule until the changes are published or discarded by the original administrator. 8 changes have not been made by administrators since the last policy installation, but in the current session by the 'admin' administrator. This is because there is a yellow number 8 next to the Install Policy button, which indicates that there are 8 unpublished changes in the current session by the 'admin' administrator. These changes will be published or discarded when the 'admin' administrator clicks on Publish or Discard buttons. The rules 1, 5 and 6 can be edited by the 'admin' administrator, but only after unlocking them from another administrator who locked them in another session. This is because they have red lock icons next to them, which indicate that they are being edited by another administrator in another session. The 'admin' administrator can unlock these rules by right-clicking on them and selecting Unlock from the menu. However, this will discard the changes made by the original administrator who locked them.
