Checkpoint Updated 156-215.81 Exam Questions and Answers by lowri

The BEST way to tune the profile in order to lower the CPU load still maintaining security at good level is to set the Performance Impact to Medium or lower. This will reduce the number of packets that are inspected by the Threat Prevention blades, while still providing a high level of protection . Setting High Confidence to Low and Low Confidence to Inactive will lower the security level, as it will allow more traffic that may be malicious. The problem is likely with the Threat Prevention Profile, as it can have a significant impact on the CPU utilization of the Security Gateway. Adding more memory to the appliance will not solve the problem, as memory is not the bottleneck in this case. Setting the Performance Impact to Very Low Confidence to Prevent will increase the CPU load, as it will inspect more packets and block more traffic that may be false positives.

References: Threat Prevention Administration Guide, Check Point R81.10

 The answer is A because Identity Awareness commands are used to support identity sharing between Security Gateways. Policy Decision Point (PDP) is the Security Gateway that collects identities from various sources and shares them with other gateways. Policy Enforcement Point (PEP) is the Security Gateway that enforces the policy based on the identities received from the PDP12 References: Check Point R81 Identity Awareness Administration Guide, Check Point R81 Security Management Administration Guide

Back up and restores can be accomplished through SmartConsole, WebUI, or CLI12. These are the methods to perform system backup and restore, which save and restore the Gaia OS configuration and the Security Management Server database1. WebUI, CLI, or SmartUpdate are not valid methods, as SmartUpdate is used to install software packages and patches, not to back up or restore the system3. CLI, SmartUpdate, or SmartBackup are not valid methods, as SmartBackup is a feature of SmartProvisioning that allows backing up and restoring the configuration of Security Gateways and VSX clusters4. SmartUpdate, SmartBackup, or SmartConsole are not valid methods, as SmartConsole is used to configure and manage the Security Policy, not to back up or restore the system5.

References: System Backup and Restore feature in Gaia, Check Point R81.10, INSTALLATION AND UPGRADE GUIDE R81.10, SmartProvisioning R81.10 Administration Guide, QUANTUM SECURITY MANAGEMENT R81

 src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop is the correct log query to show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1. The AND operator means that all conditions must be true for the query to match. The OR operator means that any condition can be true for the query to match3. The other queries will either show packets that are not dropped or packets that have different source or destination addresses.