156-315-81 Free Sample Questions

A financial services company is experiencing intermittent connectivity drops for high-volume trading applications passing through their R81.20 ClusterXL Active-Active cluster. A preliminary analysis with `fw ctl pstat` shows a large number of non-sticky connections. The network administrator suspects that the default load-sharing mechanism is not correctly distributing TCP connections that lack a PUSH flag in the SYN packet. Which command should be executed on the cluster members to ensure these connections are handled by the same member and become sticky?

A security architect is designing a security policy for a large enterprise that uses a shared services model. To improve management efficiency and policy readability, they decide to use Policy Layers. The goal is to have a baseline corporate policy applied first, followed by department-specific policies, and finally a global cleanup rule. What is the most effective way to structure the policy layers to achieve this? (Select TWO).

During a kernel debug session using `fw ctl zdebug`, an administrator observes a packet being dropped. The debug output contains the drop code `fw_log_drop_ex: Packet proto=6 ... dropped by fwchain_upd_exceptions_v4 Reason: PSL Drop: ASPII_MT`. What is the most likely cause of this packet drop?

True or False: When configuring Management High Availability (HA), the secondary Security Management Server must be installed with the exact same version and Jumbo Hotfix Accumulator as the primary server before initiating the first manual synchronization.

An administrator needs to create a scheduled task that automatically backs up the Security Management Server every Sunday at 2 AM. They want to use the most efficient, built-in method available in R81.20 SmartConsole. Which feature should they use?

A hospital is deploying HTTPS Inspection on its R81.20 gateways to inspect outbound traffic from clinical workstations. To comply with privacy regulations, traffic to specific financial and healthcare domains must not be decrypted. The security team also wants to ensure that if the gateway's CPU utilization for the `fwk` worker process exceeds 85%, HTTPS Inspection is temporarily bypassed to maintain network performance. Which two configuration steps are required to meet these requirements?

A system administrator notices that the Dynamic Dispatcher on a 16-core Security Gateway is assigning most traffic to a small subset of firewall instances, leading to high CPU on those cores while others remain underutilized. They have confirmed that SecureXL is enabled and connection templates are being used. Which CoreXL command should the administrator run to get a detailed, real-time view of the packet distribution per firewall instance (core)?

When implementing a route-based VPN (VTIs) on an R81.20 gateway, where is the encryption domain defined?

A global logistics company uses Updatable Objects to block traffic from Geo-locations known for malicious activity. The Security Management Server is in an isolated network segment with no direct internet access, but it can reach a dedicated proxy server. How must the administrator configure the Security Gateway and Management Server to allow the Updatable Objects to be updated successfully? ```mermaid graph TD Internet((Internet)) --> Proxy[Proxy Server] subgraph DMZ Proxy end subgraph MgmtNet [Management Network] SMS[Security Management Server] end subgraph InternalNet [Internal Network] GW[Security Gateway] end SMS --> Proxy GW --> Internet ```

## Case Study A retail corporation, 'GlobalMart', is upgrading its security infrastructure to a distributed R81.20 environment. They have two primary data centers (DC-A and DC-B) which will each host a Security Management Server in a Management High Availability (HA) configuration. The Primary SMS will be in DC-A, and the Secondary SMS will be in DC-B. A dedicated Log Server will also be deployed in each data center, and gateways will be configured to send logs to their local Log Server. **Current Situation:** All management components are currently on a single R80.40 server. The network team has provisioned new appliances for the R81.20 upgrade. The data centers are connected via a high-speed, low-latency WAN link. The primary goal is to ensure management redundancy and localized logging to reduce WAN traffic, with seamless failover in case the primary data center becomes unavailable. **Requirements:** 1. Establish a resilient Management HA pair between DC-A and DC-B. 2. Security Gateways in DC-A must log to the Log Server in DC-A. Gateways in DC-B must log to the Log Server in DC-B. 3. In the event of a failure of the Log Server in DC-A, the DC-A gateways must automatically start sending logs to the Log Server in DC-B. 4. The solution must be configured following Check Point best practices for performance and redundancy. Which configuration approach best satisfies all of GlobalMart's requirements?