New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Checkpoint 156-315.81 Dumps Questions Answers

Page: 1 / 47
Total 628 questions

Check Point Certified Security Expert R81.20 Questions and Answers

Question 1

An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?

Options:

A.

He can use the fw accel stat command on the gateway.

B.

He can use the fw accel statistics command on the gateway.

C.

He can use the fwaccel stat command on the Security Management Server.

D.

He can use the fwaccel stat command on the gateway

Buy Now
Question 2

When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

Options:

A.

Includes the registry

B.

Gets information about the specified Virtual System

C.

Does not resolve network addresses

D.

Output excludes connection table

Question 3

Where do you create and modify the Mobile Access policy in R81?

Options:

A.

SmartConsole

B.

SmartMonitor

C.

SmartEndpoint

D.

SmartDashboard

Question 4

Which statement is true about ClusterXL?

Options:

A.

Supports Dynamic Routing (Unicast and Multicast)

B.

Supports Dynamic Routing (Unicast Only)

C.

Supports Dynamic Routing (Multicast Only)

D.

Does not support Dynamic Routing

Question 5

In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

Options:

A.

Mail, Block Source, Block Event Activity, External Script, SNMP Trap

B.

Mail, Block Source, Block Destination, Block Services, SNMP Trap

C.

Mail, Block Source, Block Destination, External Script, SNMP Trap

D.

Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

Question 6

Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?

Options:

A.

SOAP

B.

REST

C.

XLANG

D.

XML-RPC

Question 7

Which of the following will NOT affect acceleration?

Options:

A.

Connections destined to or originated from the Security gateway

B.

A 5-tuple match

C.

Multicast packets

D.

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Question 8

How do Capsule Connect and Capsule Workspace differ?

Options:

A.

Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.

B.

Capsule Workspace can provide access to any application.

C.

Capsule Connect provides Business data isolation.

D.

Capsule Connect does not require an installed application at client.

Question 9

What is the command to check the status of the SmartEvent Correlation Unit?

Options:

A.

fw ctl get int cpsead_stat

B.

cpstat cpsead

C.

fw ctl stat cpsemd

D.

cp_conf get_stat cpsemd

Question 10

You need to see which hotfixes are installed on your gateway, which command would you use?

Options:

A.

cpinfo –h all

B.

cpinfo –o hotfix

C.

cpinfo –l hotfix

D.

cpinfo –y all

Question 11

Which command gives us a perspective of the number of kernel tables?

Options:

A.

fw tab -t

B.

fw tab -s

C.

fw tab -n

D.

fw tab -k

Question 12

What is the protocol and port used for Health Check and State Synchronization in ClusterXL?

Options:

A.

CCP and 18190

B.

CCP and 257

C.

CCP and 8116

D.

CPC and 8116

Question 13

When an encrypted packet is decrypted, where does this happen?

Options:

A.

Security policy

B.

Inbound chain

C.

Outbound chain

D.

Decryption is not supported

Question 14

Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?

Options:

A.

Export R81 configuration, clean install R81.20 and import the configuration

B.

CPUSE offline upgrade

C.

CPUSE online upgrade

D.

SmartUpdate upgrade

Question 15

What is a best practice before starting to troubleshoot using the “fw monitor” tool?

Options:

A.

Run the command: fw monitor debug on

B.

Clear the connections table

C.

Disable CoreXL

D.

Disable SecureXL

Question 16

Which command shows the current connections distributed by CoreXL FW instances?

Options:

A.

fw ctl multik stat

B.

fw ctl affinity -l

C.

fw ctl instances -v

D.

fw ctl iflist

Question 17

With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:

Options:

A.

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.

B.

HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.

C.

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.

D.

HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.

Question 18

Which one of the following is true about Capsule Connect?

Options:

A.

It is a full layer 3 VPN client

B.

It offers full enterprise mobility management

C.

It is supported only on iOS phones and Windows PCs

D.

It does not support all VPN authentication methods

Question 19

When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?

Options:

A.

IP

B.

SIC

C.

NAT

D.

FQDN

Question 20

What scenario indicates that SecureXL is enabled?

Options:

A.

Dynamic objects are available in the Object Explorer

B.

SecureXL can be disabled in cpconfig

C.

fwaccel commands can be used in clish

D.

Only one packet in a stream is seen in a fw monitor packet capture

Question 21

What is the purpose of Priority Delta in VRRP?

Options:

A.

When a box up, Effective Priority = Priority + Priority Delta

B.

When an Interface is up, Effective Priority = Priority + Priority Delta

C.

When an Interface fail, Effective Priority = Priority – Priority Delta

D.

When a box fail, Effective Priority = Priority – Priority Delta

Question 22

Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?

Options:

A.

You can assign only one profile per gateway and a profile can be assigned to one rule Only.

B.

You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

C.

You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

D.

You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Question 23

What information is NOT collected from a Security Gateway in a Cpinfo?

Options:

A.

Firewall logs

B.

Configuration and database files

C.

System message logs

D.

OS and network statistics

Question 24

John detected high load on sync interface. Which is most recommended solution?

Options:

A.

For short connections like http service – delay sync for 2 seconds

B.

Add a second interface to handle sync traffic

C.

For short connections like http service – do not sync

D.

For short connections like icmp service – delay sync for 2 seconds

Question 25

SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

Options:

A.

Threat Emulation

B.

Mobile Access

C.

Mail Transfer Agent

D.

Threat Cloud

Question 26

Automation and Orchestration differ in that:

Options:

A.

Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

B.

Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.

C.

Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.

D.

Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

Question 27

You want to store the GAIA configuration in a file for later reference. What command should you use?

Options:

A.

write mem

B.

show config –f

C.

save config –o

D.

save configuration

Question 28

When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:

Options:

A.

Threat Emulation

B.

HTTPS

C.

QOS

D.

VoIP

Question 29

What is the most recommended way to install patches and hotfixes?

Options:

A.

CPUSE Check Point Update Service Engine

B.

rpm -Uv

C.

Software Update Service

D.

UnixinstallScript

Question 30

Which Check Point daemon monitors the other daemons?

Options:

A.

fwm

B.

cpd

C.

cpwd

D.

fwssd

Question 31

When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?

Options:

A.

Any size

B.

Less than 20GB

C.

More than 10GB and less than 20GB

D.

At least 20GB

Question 32

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

Options:

A.

That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.

B.

Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.

C.

Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.

D.

You can make sure that documents are sent to the intended recipients only.

Question 33

What is considered Hybrid Emulation Mode?

Options:

A.

Manual configuration of file types on emulation location.

B.

Load sharing of emulation between an on premise appliance and the cloud.

C.

Load sharing between OS behavior and CPU Level emulation.

D.

High availability between the local SandBlast appliance and the cloud.

Question 34

: 156

VPN Link Selection will perform the following when the primary VPN link goes down?

Options:

A.

The Firewall will drop the packets.

B.

The Firewall can update the Link Selection entries to start using a different link for the same tunnel.

C.

The Firewall will send out the packet on all interfaces.

D.

The Firewall will inform the client that the tunnel is down.

Question 35

The Correlation Unit performs all but the following actions:

Options:

A.

Marks logs that individually are not events, but may be part of a larger pattern to be identified later.

B.

Generates an event based on the Event policy.

C.

Assigns a severity level to the event.

D.

Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

Question 36

Both ClusterXL and VRRP are fully supported by Gaia R81.20 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?

Options:

A.

cphaprob stat

B.

cphaprob –a if

C.

cphaprob –l list

D.

cphaprob all show stat

Question 37

Which of the following links will take you to the SmartView web application?

Options:

A.

https:// /smartviewweb/

B.

https:// /smartview/

C.

https:// smartviewweb

D.

https:// /smartview

Question 38

What is the main difference between Threat Extraction and Threat Emulation?

Options:

A.

Threat Emulation never delivers a file and takes more than 3 minutes to complete.

B.

Threat Extraction always delivers a file and takes less than a second to complete.

C.

Threat Emulation never delivers a file that takes less than a second to complete.

D.

Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Question 39

How often does Threat Emulation download packages by default?

Options:

A.

Once a week

B.

Once an hour

C.

Twice per day

D.

Once per day

Question 40

SmartEvent does NOT use which of the following procedures to identify events:

Options:

A.

Matching a log against each event definition

B.

Create an event candidate

C.

Matching a log against local exclusions

D.

Matching a log against global exclusions

Question 41

Using ClusterXL, what statement is true about the Sticky Decision Function?

Options:

A.

Can only be changed for Load Sharing implementations

B.

All connections are processed and synchronized by the pivot

C.

Is configured using cpconfig

D.

Is only relevant when using SecureXL

Question 42

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

Options:

A.

fw ctl Dyn_Dispatch on

B.

fw ctl Dyn_Dispatch enable

C.

fw ctl multik set_mode 4

D.

fw ctl multik set_mode 1

Question 43

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

Options:

A.

Accept Template

B.

Deny Template

C.

Drop Template

D.

NAT Template

Question 44

Which one of the following is true about Threat Extraction?

Options:

A.

Always delivers a file to user

B.

Works on all MS Office, Executables, and PDF files

C.

Can take up to 3 minutes to complete

D.

Delivers file only if no threats found

Question 45

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.

Options:

A.

ffff

B.

1

C.

2

D.

3

Question 46

Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.20 SmartConsole application?

Options:

A.

IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.

B.

Firewall, IPS, Threat Emulation, Application Control.

C.

IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.

D.

Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.

Question 47

SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

Options:

A.

This statement is true because SecureXL does improve all traffic.

B.

This statement is false because SecureXL does not improve this traffic but CoreXL does.

C.

This statement is true because SecureXL does improve this traffic.

D.

This statement is false because encrypted traffic cannot be inspected.

Question 48

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Options:

A.

Stateful Mode

B.

VPN Routing Mode

C.

Wire Mode

D.

Stateless Mode

Question 49

What is true about the IPS-Blade?

Options:

A.

In R81, IPS is managed by the Threat Prevention Policy

B.

In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

C.

In R81, IPS Exceptions cannot be attached to “all rules”

D.

In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

Question 50

Which command can you use to verify the number of active concurrent connections?

Options:

A.

fw conn all

B.

fw ctl pstat

C.

show all connections

D.

show connections

Question 51

Which is NOT an example of a Check Point API?

Options:

A.

Gateway API

B.

Management API

C.

OPSC SDK

D.

Threat Prevention API

Question 52

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

Options:

A.

Inspect/Bypass

B.

Inspect/Prevent

C.

Prevent/Bypass

D.

Detect/Bypass

Question 53

Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

Options:

A.

infoCP

B.

infoview

C.

cpinfo

D.

fw cpinfo

Question 54

What is the least amount of CPU cores required to enable CoreXL?

Options:

A.

2

B.

1

C.

4

D.

6

Question 55

What is the difference between an event and a log?

Options:

A.

Events are generated at gateway according to Event Policy

B.

A log entry becomes an event when it matches any rule defined in Event Policy

C.

Events are collected with SmartWorkflow form Trouble Ticket systems

D.

Log and Events are synonyms

Question 56

Advanced Security Checkups can be easily conducted within:

Options:

A.

Reports

B.

Advanced

C.

Checkups

D.

Views

E.

Summary

Question 57

Connections to the Check Point R81 Web API use what protocol?

Options:

A.

HTTPS

B.

RPC

C.

VPN

D.

SIC

Question 58

What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

Options:

A.

Anti-Bot is the only countermeasure against unknown malware

B.

Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers

C.

Anti-Bot is the only signature-based method of malware protection.

D.

Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.

Question 59

You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Options:

A.

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

B.

Create a separate Security Policy package for each remote Security Gateway.

C.

Create network objects that restricts all applicable rules to only certain networks.

D.

Run separate SmartConsole instances to login and configure each Security Gateway directly.

Question 60

The Event List within the Event tab contains:

Options:

A.

a list of options available for running a query.

B.

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

C.

events generated by a query.

D.

the details of a selected event.

Question 61

NAT rules are prioritized in which order?

1. Automatic Static NAT

2. Automatic Hide NAT

3. Manual/Pre-Automatic NAT

4. Post-Automatic/Manual NAT rules

Options:

A.

1, 2, 3, 4

B.

1, 4, 2, 3

C.

3, 1, 2, 4

D.

4, 3, 1, 2

Question 62

Which command would disable a Cluster Member permanently?

Options:

A.

clusterXL_admin down

B.

cphaprob_admin down

C.

clusterXL_admin down-p

D.

set clusterXL down-p

Question 63

Where you can see and search records of action done by R81 SmartConsole administrators?

Options:

A.

In SmartView Tracker, open active log

B.

In the Logs & Monitor view, select “Open Audit Log View”

C.

In SmartAuditLog View

D.

In Smartlog, all logs

Question 64

What command verifies that the API server is responding?

Options:

A.

api stat

B.

api status

C.

show api_status

D.

app_get_status

Question 65

Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

Options:

A.

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

B.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.

Time object to a rule to make the rule active only during specified times.

D.

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Question 66

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

Options:

A.

Detects and blocks malware by correlating multiple detection engines before users are affected.

B.

Configure rules to limit the available network bandwidth for specified users or groups.

C.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

D.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Question 67

In R81, how do you manage your Mobile Access Policy?

Options:

A.

Through the Unified Policy

B.

Through the Mobile Console

C.

From SmartDashboard

D.

From the Dedicated Mobility Tab

Question 68

Which of the following process pulls application monitoring status?

Options:

A.

fwd

B.

fwm

C.

cpwd

D.

cpd

Question 69

What Factor preclude Secure XL Templating?

Options:

A.

Source Port Ranges/Encrypted Connections

B.

IPS

C.

ClusterXL in load sharing Mode

D.

CoreXL

Question 70

Which packet info is ignored with Session Rate Acceleration?

Options:

A.

source port ranges

B.

source ip

C.

source port

D.

same info from Packet Acceleration is used

Question 71

In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

Options:

A.

Big l

B.

Little o

C.

Little i

D.

Big O

Question 72

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

Options:

A.

MySQL

B.

Postgres SQL

C.

MarisDB

D.

SOLR

Question 73

The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .

Options:

A.

TCP 18211

B.

TCP 257

C.

TCP 4433

D.

TCP 443

Question 74

How many images are included with Check Point TE appliance in Recommended Mode?

Options:

A.

2(OS) images

B.

images are chosen by administrator during installation

C.

as many as licensed for

D.

the newest image

Question 75

Which CLI command will reset the IPS pattern matcher statistics?

Options:

A.

ips reset pmstat

B.

ips pstats reset

C.

ips pmstats refresh

D.

ips pmstats reset

Question 76

fwssd is a child process of which of the following Check Point daemons?

Options:

A.

fwd

B.

cpwd

C.

fwm

D.

cpd

Question 77

Which statement is correct about the Sticky Decision Function?

Options:

A.

It is not supported with either the Performance pack of a hardware based accelerator card

B.

Does not support SPI’s when configured for Load Sharing

C.

It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

D.

It is not required L2TP traffic

Question 78

In R81 spoofing is defined as a method of:

Options:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Question 79

Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

Options:

A.

15 sec

B.

60 sec

C.

5 sec

D.

30 sec

Question 80

Which of the following authentication methods ARE NOT used for Mobile Access?

Options:

A.

RADIUS server

B.

Username and password (internal, LDAP)

C.

SecurID

D.

TACACS+

Question 81

R81.20 management server can manage gateways with which versions installed?

Options:

A.

Versions R77 and higher

B.

Versions R76 and higher

C.

Versions R75.20 and higher

D.

Versions R75 and higher

Question 82

Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

Options:

A.

Dynamic ID

B.

RADIUS

C.

Username and Password

D.

Certificate

Question 83

To fully enable Dynamic Dispatcher on a Security Gateway:

Options:

A.

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

B.

Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.

C.

Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

D.

run fw multik set_mode 1 in Expert mode and then reboot.

Question 84

Which view is NOT a valid CPVIEW view?

Options:

A.

IDA

B.

RAD

C.

PDP

D.

VPN

Question 85

Which statement is true regarding redundancy?

Options:

A.

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.

B.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

C.

Machines in a ClusterXL High Availability configuration must be synchronized.

D.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Question 86

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Options:

A.

None, Security Management Server would be installed by itself.

B.

SmartConsole

C.

SecureClient

D.

Security Gateway

E.

SmartEvent

Question 87

What is the correct command to observe the Sync traffic in a VRRP environment?

Options:

A.

fw monitor –e “accept[12:4,b]=224.0.0.18;”

B.

fw monitor –e “accept port(6118;”

C.

fw monitor –e “accept proto=mcVRRP;”

D.

fw monitor –e “accept dst=224.0.0.18;”

Question 88

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

Options:

A.

Check Point Remote User

B.

Check Point Capsule Workspace

C.

Check Point Mobile Web Portal

D.

Check Point Capsule Remote

Question 89

The Firewall kernel is replicated multiple times, therefore:

Options:

A.

The Firewall kernel only touches the packet if the connection is accelerated

B.

The Firewall can run different policies per core

C.

The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

D.

The Firewall can run the same policy on all cores.

Question 90

Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.

Options:

A.

upgrade_import

B.

cpconfig

C.

fwm dbimport -p

D.

cpinfo –recover

Question 91

You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

Options:

A.

fw ctl multik dynamic_dispatching on

B.

fw ctl multik dynamic_dispatching set_mode 9

C.

fw ctl multik set_mode 9

D.

fw ctl multik pq enable

Question 92

There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?

Options:

A.

Using Web Services

B.

Using Mgmt_cli tool

C.

Using CLISH

D.

Using SmartConsole GUI console

E.

Events are collected with SmartWorkflow from Trouble Ticket systems

Question 93

Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

Options:

A.

Block Port Overflow

B.

Local Interface Spoofing

C.

Suspicious Activity Monitoring

D.

Adaptive Threat Prevention

Question 94

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?

Options:

A.

Application and Client Service

B.

Network and Application

C.

Network and Layers

D.

Virtual Adapter and Mobile App

Question 95

Which NAT rules are prioritized first?

Options:

A.

Post-Automatic/Manual NAT rules

B.

Manual/Pre-Automatic NAT

C.

Automatic Hide NAT

D.

Automatic Static NAT

Question 96

Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

Options:

A.

AV issues

B.

VPN errors

C.

Network traffic issues

D.

Authentication issues

Question 97

Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.

Options:

A.

SmartMonitor

B.

SmartView Web Application

C.

SmartReporter

D.

SmartTracker

Question 98

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.

What is the most likely reason that the traffic is not accelerated?

Options:

A.

There is a virus found. Traffic is still allowed but not accelerated.

B.

The connection required a Security server.

C.

Acceleration is not enabled.

D.

The traffic is originating from the gateway itself.

Question 99

After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

Options:

A.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

B.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

C.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

D.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

Question 100

Which Check Point feature enables application scanning and the detection?

Options:

A.

Application Dictionary

B.

AppWiki

C.

Application Library

D.

CPApp

Question 101

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Options:

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Question 102

What will SmartEvent automatically define as events?

Options:

A.

Firewall

B.

VPN

C.

IPS

D.

HTTPS

Question 103

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?

Options:

A.

4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.

B.

3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.

C.

1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.

D.

2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.

Question 104

Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?

Options:

A.

Kerberos Ticket Renewed

B.

Kerberos Ticket Requested

C.

Account Logon

D.

Kerberos Ticket Timed Out

Question 105

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

Options:

A.

ffff

B.

1

C.

3

D.

2

Question 106

On what port does the CPM process run?

Options:

A.

TCP 857

B.

TCP 18192

C.

TCP 900

D.

TCP 19009

Question 107

Which path below is available only when CoreXL is enabled?

Options:

A.

Slow path

B.

Firewall path

C.

Medium path

D.

Accelerated path

Question 108

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

Options:

A.

Security Gateway IP-address cannot be changed without re-establishing the trust.

B.

The Security Gateway name cannot be changed in command line without re-establishing trust.

C.

The Security Management Server name cannot be changed in SmartConsole without re-establishing trust.

D.

The Security Management Server IP-address cannot be changed without re-establishing the trust.

Question 109

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

Options:

A.

ThreatWiki

B.

Whitelist Files

C.

AppWiki

D.

IPS Protections

Question 110

The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

Options:

A.

Next Generation Threat Prevention

B.

Next Generation Threat Emulation

C.

Next Generation Threat Extraction

D.

Next Generation Firewall

Question 111

Which of the following is NOT a VPN routing option available in a star community?

Options:

A.

To satellites through center only.

B.

To center, or through the center to other satellites, to Internet and other VPN targets.

C.

To center and to other satellites through center.

D.

To center only.

Question 112

What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?

Options:

A.

S

B.

W

C.

C

D.

Space bar

Question 113

The SmartEvent R81 Web application for real-time event monitoring is called:

Options:

A.

SmartView Monitor

B.

SmartEventWeb

C.

There is no Web application for SmartEvent

D.

SmartView

Question 114

What kind of information would you expect to see using the sim affinity command?

Options:

A.

The VMACs used in a Security Gateway cluster

B.

The involved firewall kernel modules in inbound and outbound packet chain

C.

Overview over SecureXL templated connections

D.

Network interfaces and core distribution used for CoreXL

Question 115

Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.

What will happen to the changes already made?

Options:

A.

Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.

B.

Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.

C.

Tom’s changes will be lost since he lost connectivity and he will have to start again.

D.

Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

Question 116

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:

Options:

A.

Create new dashboards to manage 3rd party task

B.

Create products that use and enhance 3rd party solutions

C.

Execute automated scripts to perform common tasks

D.

Create products that use and enhance the Check Point Solution

Question 117

GAiA Software update packages can be imported and installed offline in situation where:

Options:

A.

Security Gateway with GAiA does NOT have SFTP access to Internet

B.

Security Gateway with GAiA does NOT have access to Internet.

C.

Security Gateway with GAiA does NOT have SSH access to Internet.

D.

The desired CPUSE package is ONLY available in the Check Point CLOUD.

Question 118

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

Options:

A.

User Directory

B.

Captive Portal and Transparent Kerberos Authentication

C.

Captive Portal

D.

UserCheck

Question 119

You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.

What must you do to get SIC to work?

Options:

A.

Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.

B.

Create a rule at the top in the Sydney firewall to allow control traffic from your network

C.

Nothing - Check Point control connections function regardless of Geo-Protection policy

D.

Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Question 120

Which is NOT an example of a Check Point API?

Options:

A.

Gateway API

B.

Management API

C.

OPSEC SDK

D.

Threat Prevention API

Question 121

What is the valid range for VRID value in VRRP configuration?

Options:

A.

1 - 254

B.

1 - 255

C.

0 - 254

D.

0 - 255

Question 122

SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:

Options:

A.

ping, traceroute, netstat, and route

B.

ping, nslookup, Telnet, and route

C.

ping, whois, nslookup, and Telnet

D.

ping, traceroute, netstat, and nslookup

Question 123

What are the types of Software Containers?

Options:

A.

Three; security management, Security Gateway, and endpoint security

B.

Three; Security Gateway, endpoint security, and gateway management

C.

Two; security management and endpoint security

D.

Two; endpoint security and Security Gateway

Question 124

In which formats can Threat Emulation forensics reports be viewed in?

Options:

A.

TXT, XML and CSV

B.

PDF and TXT

C.

PDF, HTML, and XML

D.

PDF and HTML

Question 125

Which blades and or features are not supported in R81?

Options:

A.

SmartEvent Maps

B.

SmartEvent

C.

Identity Awareness

D.

SmartConsole Toolbars

Question 126

Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.

What is one of the requirements for his success?

Options:

A.

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

B.

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

C.

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

D.

Size of the /var/log folder of the target machine must be at least 25GB or more

Question 127

What statement best describes the Proxy ARP feature for Manual NAT in R81.20?

Options:

A.

Automatic proxy ARP configuration can be enabled

B.

Translate Destination on Client Side should be configured

C.

fw ctl proxy should be configured

D.

local.arp file must always be configured

Question 128

Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.

Which details she need to fill in System Restore window before she can click OK button and test the backup?

Options:

A.

Server, SCP, Username, Password, Path, Comment, Member

B.

Server, TFTP, Username, Password, Path, Comment, All Members

C.

Server, Protocol, Username, Password, Path, Comment, All Members

D.

Server, Protocol, username Password, Path, Comment, Member

Question 129

Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.

Options:

A.

WMI

B.

Eventvwr

C.

XML

D.

Services.msc

Question 130

When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:

Options:

A.

All UDP packets

B.

All IPv6 Traffic

C.

All packets that match a rule whose source or destination is the Outside Corporate Network

D.

CIFS packets

Question 131

SandBlast agent extends 0 day prevention to what part of the network?

Options:

A.

Web Browsers and user devices

B.

DMZ server

C.

Cloud

D.

Email servers

Question 132

What command would show the API server status?

Options:

A.

cpm status

B.

api restart

C.

api status

D.

show api status

Question 133

How many policy layers do Access Control policy support?

Options:

A.

2

B.

4

C.

1

D.

3

Question 134

Which application should you use to install a contract file?

Options:

A.

SmartView Monitor

B.

WebUI

C.

SmartUpdate

D.

SmartProvisioning

Question 135

In what way are SSL VPN and IPSec VPN different?

Options:

A.

SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless

B.

SSL VPN adds an extra VPN header to the packet, IPSec VPN does not

C.

IPSec VPN does not support two factor authentication, SSL VPN does support this

D.

IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Question 136

NO: 219

What cloud-based SandBlast Mobile application is used to register new devices and users?

Options:

A.

Check Point Protect Application

B.

Management Dashboard

C.

Behavior Risk Engine

D.

Check Point Gateway

Question 137

With SecureXL enabled, accelerated packets will pass through the following:

Options:

A.

Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

B.

Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device

C.

Network Interface Card and the Acceleration Device

D.

Network Interface Card, OSI Network Layer, and the Acceleration Device

Question 138

Which of the following is NOT an option to calculate the traffic direction?

Options:

A.

Incoming

B.

Internal

C.

External

D.

Outgoing

Question 139

What is the order of NAT priorities?

Options:

A.

Static NAT, IP pool NAT, hide NAT

B.

IP pool NAT, static NAT, hide NAT

C.

Static NAT, automatic NAT, hide NAT

D.

Static NAT, hide NAT, IP pool NAT

Question 140

What is the command to show SecureXL status?

Options:

A.

fwaccel status

B.

fwaccel stats -m

C.

fwaccel -s

D.

fwaccel stat

Question 141

What is not a purpose of the deployment of Check Point API?

Options:

A.

Execute an automated script to perform common tasks

B.

Create a customized GUI Client for manipulating the objects database

C.

Create products that use and enhance the Check Point solution

D.

Integrate Check Point products with 3rd party solution

Question 142

What is the benefit of Manual NAT over Automatic NAT?

Options:

A.

If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy.

B.

There is no benefit since Automatic NAT has in any case higher priority over Manual NAT

C.

You have the full control about the priority of the NAT rules

D.

On IPSO and GAIA Gateways, it is handled in a stateful manner

Question 143

SmartEvent uses it's event policy to identify events. How can this be customized?

Options:

A.

By modifying the firewall rulebase

B.

By creating event candidates

C.

By matching logs against exclusions

D.

By matching logs against event rules

Question 144

How can you see historical data with cpview?

Options:

A.

cpview -f

B.

cpview -e

C.

cpview -t

D.

cpview -d

Question 145

Which of the following Central Deployment is NOT a limitation in R81.20 SmartConsole?

Options:

A.

Security Gateway Clusters in Load Sharing mode

B.

Dedicated Log Server

C.

Dedicated SmartEvent Server

D.

Security Gateways/Clusters in ClusterXL HA new mode

Question 146

By default, how often does Threat Emulation update the engine on the Security Gateway?

Options:

A.

Once per day

B.

Once an hour

C.

Once a week

D.

Twice per day

Question 147

Which 3 types of tracking are available for Threat Prevention Policy?

Options:

A.

SMS Alert, Log, SNMP alert

B.

Syslog, None, User-defined scripts

C.

None, Log, Syslog

D.

Alert, SNMP trap, Mail

Question 148

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

Options:

A.

fw ctl multik set_mode 1

B.

fw ctl multik prioq 2

C.

fw ctl Dyn_Dispatch on

D.

fw ctl Dyn_Dispatch enable

Question 149

After some changes in the firewall policy you run into some issues. You want to test if the policy from two weeks ago have the same issue. You don't want to lose the changes from the last weeks. What is the best way to do it?

Options:

A.

Use the Gaia WebUI to take a backup of the Gateway. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version

from two weeks ago and press the 'Install specific version' button

B.

Use the Gaia WebUI to take a snapshot of management. In the In SmartConsole under Manage & Settlings go to Sessions -> Revisions and select the revision from two

weeks ago. Run the action 'Revert to this revision...' Restore the management snapshot.

C.

In SmartConsole under Manage & Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...'.

D.

In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific

version' button

Question 150

What are the main stages of a policy installation?

Options:

A.

Initiation, Conversion and FWD REXEC

B.

Verification, Commit, Installation

C.

Initiation, Conversion and Save

D.

Verification Compilation, Transfer and Commit

Question 151

What is the purpose of Captive Portal?

Options:

A.

It authenticates users, allowing them access to the Gaia OS

B.

It authenticates users, allowing them access to the Internet and corporate resources

C.

It provides remote access to SmartConsole

D.

It manages user permission in SmartConsole

Question 152

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway.

Options:

A.

True, CLI is the prefer method for Licensing

B.

False, Central License are handled via Security Management Server

C.

False, Central Licenses are installed via Gaia on Security Gateways

D.

True, Central License can be installed with CPLIC command on a Security Gateway

Question 153

What command is used to manually failover a cluster during a zero-downtime upgrade?

Options:

A.

set cluster member down

B.

cpstop

C.

clusterXL_admin down

D.

set clusterXL down

Question 154

The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used?

Options:

A.

In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.

B.

In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up

C.

In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up

D.

In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.

Question 155

Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true:

Options:

A.

fwaccel suspend

B.

fwaccel standby

C.

fwaccel off

D.

fwaccel templates

Question 156

Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?

Options:

A.

ip show int eth0

B.

show interface eth0 mq

C.

ifconfig -i eth0 verbose

D.

ethtool -i eth0

Question 157

Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n)_____________ Server.

Options:

A.

SecurID

B.

NT domain

C.

LDAP

D.

SMTP

Question 158

What are the three SecureXL Templates available in R81.20?

Options:

A.

PEP Templates. QoS Templates. VPN Templates

B.

Accept Templates. Drop Templates. NAT Templates

C.

Accept Templates. Drop Templates. Reject Templates

D.

Accept Templates. PDP Templates. PEP Templates

Question 159

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

Options:

A.

Domain-based- VPN domains are pre-defined for all VPN Gateways.

When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

B.

Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to

forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

C.

Domain-based- VPN domains are pre-defined for all VPN Gateways.

A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

D.

Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

Question 160

An established connection is going to The Application Control Blade Is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?

Options:

A.

Slow Path

B.

Fast Path

C.

Medium Path

D.

Accelerated Path

Question 161

When Configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure individual policies for each application?

Options:

A.

Basic Approach

B.

Strong Approach

C.

Very Advanced Approach

D.

Medium Approach

Question 162

What is the command used to activated Multi-Version Cluster mode?

Options:

A.

set cluster member mvc on in Clish

B.

set mvc on on Clish

C.

set cluster MVC on in Expert Mode

D.

set cluster mvc on in Expert Mode

Question 163

What Is the difference between Updatable Objects and Dynamic Objects

Options:

A.

Dynamic Objects ate maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.

B.

Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally For Dynamic Objects

there is no need to install policy for the changes to take effect.

C.

Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally In both cases there is no

need to install policy for the changes to take effect.

D.

Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there rs no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.

Question 164

Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.

Options:

A.

Accept; redirect

B.

Accept; drop

C.

Redirect; drop

D.

Drop; accept

Question 165

Which of the following statements about SecureXL NAT Templates is true?

Options:

A.

NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new

connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.

B.

DROP Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new

connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.

C.

NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new

connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if Accept Templates are disabled.

D.

ACCEPT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.

Question 166

Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily (asks the API services from Check Point fof the Management API. Firstly she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:

Options:

A.

api mgmt status

B.

api status

C.

status api

D.

status mgmt apt

Question 167

Which two Identity Awareness daemons are used to support identity sharing?

Options:

A.

Policy Activation Point (PAP) and Policy Decision Point (PDP)

B.

Policy Manipulation Point (PMP) and Policy Activation Point (PAP)

C.

Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)

D.

Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

Question 168

When synchronizing clusters, which of the following statements is FALSE?

Options:

A.

The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.

B.

Only cluster members running on the same OS platform can be synchronized.

C.

In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.

D.

Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

Question 169

How can you switch the active log file?

Options:

A.

Run fw logswitch on the gateway

B.

Run fwm logswitch on the Management Server

C.

Run fwm logswitch on the gateway

D.

Run fw logswitch on the Management Server

Question 170

The Check Point installation history feature in provides the following:

Options:

A.

View install changes and install specific version

B.

Policy Installation Date only

C.

Policy Installation Date, view install changes and install specific version

D.

View install changes

Question 171

When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called and what are you defining?

Options:

A.

Network, and defining your Class A space

B.

Topology, and you are defining the Internal network

C.

Internal addresses you are defining the gateways

D.

Internal network(s) you are defining your networks

Question 172

Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:

Options:

A.

assign privileges to users.

B.

edit the home directory of the user.

C.

add users to your Gaia system.

D.

assign user rights to their home directory in the Security Management Server.

Question 173

After verifying that API Server is not running, how can you start the API Server?

Options:

A.

Run command "set api start" in CLISH mode

B.

Run command "mgmt__cli set api start" in Expert mode

C.

Run command "mgmt api start" in CLISH mode

D.

Run command "api start" in Expert mode

Question 174

Why would an administrator see the message below?

Options:

A.

A new Policy Package created on both the Management and Gateway will be deleted and must be backed up first before proceeding.

B.

A new Policy Package created on the Management is going to be installed to the existing Gateway.

C.

A new Policy Package created on the Gateway is going to be installed on the existing Management.

D.

A new Policy Package created on the Gateway and transferred to the Management will be overwritten by the Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.

Question 175

Access roles allow the firewall administrator to configure network access according to:

Options:

A.

a combination of computer or computer groups and networks.

B.

All of the above.

C.

remote access clients.

D.

users and user groups.

Question 176

By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?

Options:

A.

Six times per day

B.

Seven times per day

C.

Every two hours

D.

Every three hours

Question 177

Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.

Options:

A.

Clientless remote access

B.

Clientless direct access

C.

Client-based remote access

D.

Direct access

Question 178

Name the authentication method that requires token authenticator.

Options:

A.

SecurelD

B.

DynamiclD

C.

Radius

D.

TACACS

Question 179

Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .

Options:

A.

On all satellite gateway to satellite gateway tunnels

B.

On specific tunnels for specific gateways

C.

On specific tunnels in the community

D.

On specific satellite gateway to central gateway tunnels

Question 180

What traffic does the Anti-bot feature block?

Options:

A.

Command and Control traffic from hosts that have been identified as infected

B.

Command and Control traffic to servers with reputation for hosting malware

C.

Network traffic that is directed to unknown or malicious servers

D.

Network traffic to hosts that have been identified as infected

Question 181

Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the

inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire

mode configuration, chain modules marked with _______ will not apply.

Options:

A.

ffffffff

B.

00000001

C.

00000002

D.

00000003

Question 182

What is the correct description for the Dynamic Balancing / Split feature?

Options:

A.

Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)

B.

Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)

C.

Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

D.

Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

Question 183

Which is the lowest gateway version supported by R81.20 management server?

Options:

A.

R77.30

B.

R80.20

C.

R77

D.

R65

Question 184

What a valid SecureXL paths in R81.20?

Options:

A.

F2F (Slow path). Templated Path. PQX and F2V

B.

F2F (Slow path). PXL, QXL and F2V

C.

F2F (Slow path), Accelerated Path, PQX and F2V

D.

F2F (Slow path), Accelerated Path, Medium Path and F2V

Question 185

Fill in the blank: An identity server uses a __________ for user authentication.

Options:

A.

Shared secret

B.

Certificate

C.

One-time password

D.

Token

Question 186

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

Options:

A.

Publish changes

B.

Save changes

C.

Install policy

D.

Install database

Question 187

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to___________via____________

Options:

A.

cpd, fwm

B.

cpm, cpd

C.

fwm, cpd

D.

cpwd, fwssd

Question 188

Which process handles connection from SmartConsole R81?

Options:

A.

fwm

B.

cpmd

C.

cpm

D.

cpd

Exam Detail
Vendor: Checkpoint
Certification: CCSE R81
Exam Code: 156-315.81
Last Update: Dec 25, 2024
156-315.81 Question Answers
Page: 1 / 47
Total 628 questions