Checkpoint Updated 156-315.81 Exam Questions and Answers by efa

 CPUSE (Check Point Upgrade Service Engine) is a tool that allows users to download, import, install, and uninstall software packages on Gaia OS. CPUSE has a web-based user interface that can be accessed through Gaia Portal. CPUSE offers four package options in the web GUI for different purposes4:

• Clean Install - This option performs a clean installation of a Major Version package, which erases all existing configuration and data on the system.
• Export Package - This option exports a package from CPUSE repository to an external location for backup or transfer purposes.
• Upgrade - This option performs an upgrade of a Major Version package or a Minor Version package, which preserves the existing configuration and data on the system.
• Database Conversion - This option converts the database schema of a Major Version package to match the current version.

Therefore, the correct answer is B.

References: 4: CPUSE - Gaia Deployment Agent

 SNX (SSL Network Extender) is a thin VPN client installed on an endpoint user computer that provides secure remote access to a corporate network. It can be used with Mobile Access blade or the IPsec VPN blade via the Mobile Access or SNX portals1. SNX has two modes: Network Mode and Application Mode2.

Network Mode: In this mode, SNX creates a virtual network adapter on the endpoint computer and assigns it an IP address from the internal network. This allows the endpoint computer to access all the resources on the internal network as if it was physically connected to it. Network Mode supports all IP-based applications, including TCP and UDP applications2.

Application Mode: In this mode, SNX does not create a virtual network adapter on the endpoint computer, but instead intercepts the traffic of specific applications and forwards it to the Security Gateway. Application Mode supports only TCP-based applications that are defined in the Mobile Access policy. Application Mode is useful when Network Mode is not supported or when granular control over the applications is required2.

References: : SSL Network Extender : SNX Modes

All connections that were initiated before the upgrade will be handled by the active gateway. According to the Check Point documentation1, a minimal effort upgrade is a procedure that allows you to upgrade each Security Gateway individually, without affecting the cluster operation. The active gateway continues to handle the traffic while the standby gateway is upgraded, and then they switch roles. This way, there is no network downtime and no need to synchronize the cluster members before or after the upgrade1. However, some connections may be dropped during the switch-over, so it is recommended to use a connectivity upgrade or a zero downtime upgrade for mission-critical environments2.

References: : Best Practices - Security Gateway Performance - Check Point Software : Checkpoint Cluster Firmware Upgrade - Check Point CheckMates

The option that is not supported by CPUSE is offline installations. CPUSE (Check Point Update Service Engine) is a Gaia software update agent that manages software updates on Gaia OS and Check Point products. It requires an internet connection to download and install updates from the Check Point Cloud or a local Deployment Agent. The other options are supported by CPUSE. It can automatically download full installation and upgrade packages, hotfixes, and private hotfixes. It can also install them manually or automatically according to a schedule. References: [CPUSE Overview]

https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/

html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/112109