Exam 156-215.80 All QuestionsBrowse all questions from this exam
Question 227

Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enable which path is handling the traffic?

    Correct Answer: B

    Since the question indicates that the Application Control Blade on the gateway is inspecting the traffic and assuming acceleration is enabled, the traffic is most likely handled by the Medium Path. The Medium Path is used for packets that need deeper inspection but do not require the Firewall to inspect them directly. Instead, they can be offloaded to SecureXL and are not processed by the Firewall, which aligns with the functionality described for the Application Control Blade, balancing performance and inspection.

Discussion
lcorona76Option: A

The right answer is A. the key word is "gateway is inspecting the traffic". Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the Firewall. Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path.

jm31Option: A

This one is tricky! A or Slow Path should be use if this is a new packet or new connection and does not required deeper inspection Otherwise the answer is B or Medium Path But then my answer is A! Accessing www.google.com does not need Application Control for inspection, unless the access is going to google application base. Any thoughts?

vvssOption: B

agree on B - "Medium Path is a situation when opening and closing a connection is handled by SecureXL, while data flow needs some further inspection and hence goes through Content Inspection."

djreymixOption: A

My boss is CCSM and he say the correct is A... finish!!

KurpOption: B

Question states that acceleration is on (SecureXL) answer is Medium path for content inspection https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packet-Flow/td-p/41747

uttOption: B

i think B is correct not A https://community.checkpoint.com/t5/General-Topics/Security-Gateway-Packet-Flow-and-Acceleration-with-Diagrams/td-p/40244

sis_net_secOption: D

The correct answer is D) Accelerated Path. The accelerated path is the fastest and most efficient path for handling traffic on the gateway. It bypasses the kernel and uses SecureXL technology to process packets in user space. The accelerated path can handle traffic that matches the following criteria: • The connection is allowed by the security policy • The connection is not encrypted or decrypted • The connection does not require any inspection or transformation by the Application Control, URL Filtering, IPS, or Content Awareness blades • The connection does not match any of the SecureXL exclusions In this case, the traffic from source 192.168.1.1 to www.google.com meets all these criteria, assuming that the security policy allows it and that there are no SecureXL exclusions for it. Therefore, the traffic is handled by the accelerated path, which improves the performance and throughput of the gateway

mauchi

Honestly, this question is tricky because its poorly phrased. Are we supposed to think that with "inspecting the traffic" its a new connection, therefore without previously generated templates so it will go straight to slow path? Or how are we supposed to know this from this question... If new connection, then slow path, if there was a previous connection, I suppose it would use Medium Path. Also, is Application Control one of the security modules from the link below? I assume yes, and that is shortened by "AC", but again more assumptions. https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packet-Flow/td-p/41747

AychiOption: B

B is the right answer

Gendeebongz

What is the right answer here ?

rafaelrodroliveira1988

A is correct. I believe that the A is correct because we supposed to consider the connect from source to the destination as the first one. Check these links: https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packet-Flow/td-p/41747 https://dl3.checkpoint.com/paid/b0/b0ee4949415966ea256470018c6e518f/CP_R80.20_PerformanceTuning_AdminGuide.pdf?HashKey=1618768748_574b9357265e88888c5d968041c279d8&xtn=.pdf https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eventSubmit_doGoviewsolutiondetails=&solutionid=sk32578#Acceleration%20of%20packets

Inovative23Option: A

Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the Firewall. Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path. For example, packets that are inspected by IPS cannot use the accelerated path and can be offloaded to the IPS PSL (Passive Streaming Library). SecureXL processes these packets more quickly than packets on the slow path. The goal of a SecureXL configuration is to minimize the connections that are processed on the slow path.