Exam 156-215.80 topic 1 question 321 discussion

The correct answer is D) Accelerated Path. The accelerated path is the fastest and most efficient path for handling traffic on the gateway. It bypasses the kernel and uses SecureXL technology to process packets in user space. The accelerated path can handle traffic that matches the following criteria: • The connection is allowed by the security policy • The connection is not encrypted or decrypted • The connection does not require any inspection or transformation by the Application Control, URL Filtering, IPS, or Content Awareness blades • The connection does not match any of the SecureXL exclusions In this case, the traffic from source 192.168.1.1 to www.google.com meets all these criteria, assuming that the security policy allows it and that there are no SecureXL exclusions for it. Therefore, the traffic is handled by the accelerated path, which improves the performance and throughput of the gateway

My boss is CCSM and he say the correct is A... finish!!

Honestly, this question is tricky because its poorly phrased. Are we supposed to think that with "inspecting the traffic" its a new connection, therefore without previously generated templates so it will go straight to slow path? Or how are we supposed to know this from this question... If new connection, then slow path, if there was a previous connection, I suppose it would use Medium Path. Also, is Application Control one of the security modules from the link below? I assume yes, and that is shortened by "AC", but again more assumptions. https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packet-Flow/td-p/41747

The right answer is A. the key word is "gateway is inspecting the traffic". Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the Firewall. Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path.

B is the right answer

What is the right answer here ?

This one is tricky! A or Slow Path should be use if this is a new packet or new connection and does not required deeper inspection Otherwise the answer is B or Medium Path But then my answer is A! Accessing www.google.com does not need Application Control for inspection, unless the access is going to google application base. Any thoughts?

Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the Firewall. Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path. For example, packets that are inspected by IPS cannot use the accelerated path and can be offloaded to the IPS PSL (Passive Streaming Library). SecureXL processes these packets more quickly than packets on the slow path. The goal of a SecureXL configuration is to minimize the connections that are processed on the slow path.

Question states that acceleration is on (SecureXL) answer is Medium path for content inspection https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packet-Flow/td-p/41747

agree on B - "Medium Path is a situation when opening and closing a connection is handled by SecureXL, while data flow needs some further inspection and hence goes through Content Inspection."

i think B is correct not A https://community.checkpoint.com/t5/General-Topics/Security-Gateway-Packet-Flow-and-Acceleration-with-Diagrams/td-p/40244