exam questions

Exam 156-315.80 All Questions

View all questions & answers for the 156-315.80 exam

Exam 156-315.80 topic 1 question 138 discussion

Actual exam question from Checkpoint's 156-315.80
Question #: 138
Topic #: 1
[All 156-315.80 Questions]

Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?

  • A. Slow Path
  • B. Medium Path
  • C. Fast Path
  • D. Accelerated Path
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
bobby14
Highly Voted 2 years, 10 months ago
Correct answer is B not A. trust me !
upvoted 12 times
DriVen
4 months, 2 weeks ago
sounds convincing :D :D
upvoted 3 times
...
...
lukzka
Most Recent 2 weeks, 4 days ago
B is correct. • Firewall Path — Packets and connections that are inspected by the Firewall. These packets and connections are not processed by SecureXL. This path is also referred to as the Slow Path. • Medium Path — Packets that cannot use the accelerated path because they require deeper inspection. Although it is not necessary for the Firewall to inspect these packets, they can be offloaded by another feature. For example, packets that are examined by IPS cannot use the accelerated path and can be offloaded to the IPS Passive Streaming Library (PSL), which provides stream reassembly for TCP connections. As a result, SecureXL processes these packets quicker than packets on the slow path.
upvoted 1 times
...
pepso100
7 months, 1 week ago
Selected Answer: B
PXL pkts/Total pkts: This shows how many packets were not able to be completely handled by the Accelerated Path, but did not need to travel the full Firewall Path. The PXL path is known as the Medium Path, and is generally used to inspect traffic for IPS signatures but can also involve the firewall features Application Control/URL filtering, Anti-Virus/Anti-bot/Threat Emulation, and DLP. B is answer
upvoted 1 times
...
aharihara
1 year, 2 months ago
Selected Answer: B
Correct Answer is B Medium Path PSLXL & CPASXL– When SecureXL is enabled but packets cannot be accelerated, as they require further inspection by some blade such as IPS, Application Control, URL Filtering etc., a medium path is used. This path prevents a trip through all the irrelevant modules of the F2F path and directly sends packets to the Passive Streaming Layer (PSL) or the Check Point Active Streaming (CPAS) modules. The path that SecureXL uses to send packets to the PSL is called PSLXL, which is used for deeper inspection for IPS, Application Control, URL Filtering etc. In this path the gateway can do the inspection passively but cannot make changes or insert data in the stream. The path that SecureXL uses to send packets to the CPAS is called CPASXL, which is used by modules like Anti- Virus, HTTPS Inspection, VoIP, DLP etc. This module works like a transparent proxy, breaking the connection and acting as man- in- the- middle. This way it has complete control of the to connection and can make changes to the data inside the application.
upvoted 2 times
...
henkpoa
1 year, 3 months ago
Selected Answer: B
B is correct. Why? Because I am using the exact same configuration in my home network. Most of my traffic at home is HTTPS, and I have a sublayer for that with high and critical risk categories enabled. These utulize both Application control and URLF. my fwaccel stats -s command says that 99 % is passing PSLXL path. PSLXL, the new PXL, is Medium path, so B is correct.
upvoted 2 times
...
lordlich
1 year, 4 months ago
Slow Path
upvoted 2 times
lordlich
1 year, 4 months ago
It should be B, Medium path not Slow path
upvoted 1 times
...
...
ATHOOS
1 year, 7 months ago
Selected Answer: B
Answer should be B
upvoted 3 times
...
EduKeter
1 year, 9 months ago
This is surely medium path. There is no acceleration in Fastpath/Fw path.
upvoted 1 times
EduKeter
1 year, 9 months ago
Meant no acceleration in slowpath/firewall path. https://community.checkpoint.com/t5/General-Topics/Security-Gateway-Packet-Flow-and-Acceleration-with-Diagrams/td-p/40244
upvoted 1 times
...
...
Al789789
1 year, 10 months ago
The answer is A: When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions: .... All packets that match a rule with a Security Server (e.g., Authentication, Anti-Virus, URL Filtering, Anti-Spam). .... https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk32578
upvoted 2 times
daem0n
1 year, 8 months ago
Security Servers including Legacy URLF has nothing to do with software blades APCL and URLF. Correct answer is B: Medium Path.
upvoted 2 times
...
...
fvxtkwvylevvouexvf
1 year, 11 months ago
According to this link below, the AC module is in the medium path (so B is the answer): https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packet-Flow/td-p/41747
upvoted 1 times
...
Aychi
2 years, 7 months ago
Any traffic that use a blade that needs a content inspection like application control : where we need the content manager infrastructer CMI (in our case CMI will use Protocol parser, Classifier, observer and Handler and other component of the CMI to control application traffic )will go to medium path. Hence B is the correct answer.
upvoted 1 times
...
kyky123ko
2 years, 7 months ago
if there was a picture with GW(192.168.1.1), then it is Slow Path :)
upvoted 1 times
...
rr80
2 years, 7 months ago
I wanted to mark Slow path as traffic firstly needs to be matched against Firewall rule base. But I have 2 problems with it: 1st: Not sure if the name Slow Path is valid(it should be named Firewall path, shouldn't it? 2nd: juancho_ckp's explanations is very convincing
upvoted 1 times
...
juancho_ckp
2 years, 8 months ago
Medium Path. Run "fwaccel conns | grep 443" (or 80) on any firewall with app control and you'll see all connections there with an S flag. Which means medium-path/inspection.
upvoted 3 times
...
arvendel
2 years, 9 months ago
In regards to previous comments. (C) There is no fast path on 80+ it is called accelerated path. (D) is not valid here, because 'application control is inspecting the traffic' meaning this traffic is being inspected, thus it is in the kernel, in the fw_worker. Which leaves us with firewall path and medium path; from performance tuning admin guide 80.20: Medium Path (PXL) The CoreXL layer passes the packet to one of the CoreXL Firewall instances to process it. Even when CoreXL is disabled, the SecureXL uses the CoreXL infrastructure to send the packet to the single FW instance that still functions. When the Medium Path is available, the SecureXL fully accelerates the TCP handshake. Rule Base match is achieved for the yada yada... Exceptions are: yada yada... Application Control yada yada..... which leaves us with slow path answer.
upvoted 3 times
...
Berzerk
2 years, 10 months ago
Discarding the least matching options (1/2): Slow Path (Firewal path or F2F): This path is used when the packet flow cannot be accelerated. Now, sk32578 states: "When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions"; Application Control traffic matched does not match as a condition that disables acceleration. For me, this statement implies that Application Control traffic is accelerated by default (unless any of the conditions stated in sk32578 exists in app coontrol rules). This leaves only Accelerated Traffic (option D) as an available (and matching) correct answer. Or this is another ambigous and annoying bad constructed question from CCSE exam.
upvoted 1 times
...
Berzerk
2 years, 10 months ago
Discarding the least matching options (1/2): Medium path (PXL) - Packet flow when the packet is handled by the SecureXL device, except for IPS (some protections) / VPN (in some configurations) / Application Control / Content Awareness / Anti-Virus / Anti-Bot / HTTPS Inspection / Proxy mode / Mobile Access / VoIP / Web Portals. So... Medium path might be discarded because packet flow is excepted for Application control blade. Fast Path: Does not exist in SecureXL architecture, so.. Fast Path discarded.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago