New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

156-215.81 Check Point Certified Security Administrator R81.20 Questions and Answers

Questions 4

To enforce the Security Policy correctly, a Security Gateway requires:

Options:

A.

a routing table

B.

awareness of the network topology

C.

a Demilitarized Zone

D.

a Security Policy install

Buy Now
Questions 5

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Options:

A.

Go to clash-Run cpstop | Run cpstart

B.

Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway

C.

Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores

D.

Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy

Buy Now
Questions 6

You want to store the GAiA configuration in a file for later reference. What command should you use?

Options:

A.

write mem

B.

show config -f

C.

save config -o

D.

save configuration

Buy Now
Questions 7

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do?

Options:

A.

The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers.

B.

Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server.

C.

The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server.

D.

Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.

Buy Now
Questions 8

What is the SOLR database for?

Options:

A.

Used for full text search and enables powerful matching capabilities

B.

Writes data to the database and full text search

C.

Serves GUI responsible to transfer request to the DLE server

D.

Enables powerful matching capabilities and writes data to the database

Buy Now
Questions 9

Which of the following is NOT a component of Check Point Capsule?

Options:

A.

Capsule Docs

B.

Capsule Cloud

C.

Capsule Enterprise

D.

Capsule Workspace

Buy Now
Questions 10

Which deployment adds a Security Gateway to an existing environment without changing IP routing?

Options:

A.

Distributed

B.

Bridge Mode

C.

Remote

D.

Standalone

Buy Now
Questions 11

What are the types of Software Containers?

Options:

A.

Smart Console, Security Management, and Security Gateway

B.

Security Management, Security Gateway, and Endpoint Security

C.

Security Management, Log & Monitoring, and Security Policy

D.

Security Management, Standalone, and Security Gateway

Buy Now
Questions 12

Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

Options:

A.

All Connections (Clear or Encrypted)

B.

Accept all encrypted traffic

C.

Specific VPN Communities

D.

All Site-to-Site VPN Communities

Buy Now
Questions 13

How many layers make up the TCP/IP model?

Options:

A.

2

B.

7

C.

6

D.

4

Buy Now
Questions 14

Which option will match a connection regardless of its association with a VPN community?

Options:

A.

All Site-to-Site VPN Communities

B.

Accept all encrypted traffic

C.

All Connections (Clear or Encrypted)

D.

Specific VPN Communities

Buy Now
Questions 15

What is NOT an advantage of Stateful Inspection?

Options:

A.

High Performance

B.

Good Security

C.

No Screening above Network layer

D.

Transparency

Buy Now
Questions 16

Which part of SmartConsole allows administrators to add, edit delete, and clone objects?

Options:

A.

Object Browser

B.

Object Editor

C.

Object Navigator

D.

Object Explorer

Buy Now
Questions 17

Which method below is NOT one of the ways to communicate using the Management API’s?

Options:

A.

Typing API commands using the “mgmt_cli” command

B.

Typing API commands from a dialog box inside the SmartConsole GUI application

C.

Typing API commands using Gaia’s secure shell (clash)19+

D.

Sending API commands over an http connection using web-services

Buy Now
Questions 18

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

Options:

A.

Publish changes

B.

Save changes

C.

Install policy

D.

Install database

Buy Now
Questions 19

You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?

Options:

A.

Open SmartLog and connect remotely to the wireless controller

B.

Open SmartEvent to see why they are being blocked

C.

Open SmartDashboard and review the logs tab

D.

From SmartConsole, go to the Log & Monitor and filter for the IP address of the tablet.

Buy Now
Questions 20

When enabling tracking on a rule, what is the default option?

Options:

A.

Accounting Log

B.

Extended Log

C.

Log

D.

Detailed Log

Buy Now
Questions 21

Which of the following is used to enforce changes made to a Rule Base?

Options:

A.

Publish database

B.

Save changes

C.

Install policy

D.

Activate policy

Buy Now
Questions 22

Gaia has two default user accounts that cannot be deleted. What are those user accounts?

Options:

A.

Admin and Default

B.

Expert and Clish

C.

Control and Monitor

D.

Admin and Monitor

Buy Now
Questions 23

Which Threat Prevention profile uses sanitization technology?

Options:

A.

Cloud/data Center

B.

perimeter

C.

Sandbox

D.

Guest Network

Buy Now
Questions 24

Fill in the blank: By default, the SIC certificates issued by R80 Management Server are based on the ____________ algorithm.

Options:

A.

SHA-256

B.

SHA-200

C.

MD5

D.

SHA-128

Buy Now
Questions 25

What object type would you use to grant network access to an LDAP user group?

Options:

A.

Access Role

B.

User Group

C.

SmartDirectory Group

D.

Group Template

Buy Now
Questions 26

Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?

Options:

A.

Microsoft Publisher

B.

JSON

C.

Microsoft Word

D.

RC4 Encryption

Buy Now
Questions 27

Which is a suitable command to check whether Drop Templates are activated or not?

Options:

A.

fw ctl get int activate_drop_templates

B.

fwaccel stat

C.

fwaccel stats

D.

fw ctl templates –d

Buy Now
Questions 28

Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?

Options:

A.

The firewall topologies

B.

NAT Rules

C.

The Rule Base

D.

The VPN Domains

Buy Now
Questions 29

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

Options:

A.

INSPECT Engine

B.

Next-Generation Firewall

C.

Packet Filtering

D.

Application Layer Firewall

Buy Now
Questions 30

Which of the following is NOT a tracking option? (Select three)

Options:

A.

Partial log

B.

Log

C.

Network log

D.

Full log

Buy Now
Questions 31

Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?

Options:

A.

Windows Management Instrumentation (WMI)

B.

Hypertext Transfer Protocol Secure (HTTPS)

C.

Lightweight Directory Access Protocol (LDAP)

D.

Remote Desktop Protocol (RDP)

Buy Now
Questions 32

Fill in the blank: The_____is used to obtain identification and security information about network users.

Options:

A.

User index

B.

UserCheck

C.

User Directory

D.

User server

Buy Now
Questions 33

John is the administrator of a R80 Security Management server managing r R77.30 Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John’s changes available to other administrators, and to save the database before installing a policy, what must John do?

Options:

A.

Logout of the session

B.

File > Save

C.

Install database

D.

Publish the session

Buy Now
Questions 34

Fill in the blank: Back up and restores can be accomplished through_________.

Options:

A.

SmartConsole, WebUI, or CLI

B.

WebUI, CLI, or SmartUpdate

C.

CLI, SmartUpdate, or SmartBackup

D.

SmartUpdate, SmartBackup, or SmartConsole

Buy Now
Questions 35

What is the BEST command to view configuration details of all interfaces in Gaia CLISH?

Options:

A.

ifconfig -a

B.

show interfaces

C.

show interfaces detail

D.

show configuration interface

Buy Now
Questions 36

Core Protections are installed as part of what Policy?

Options:

A.

Access Control Policy.

B.

Desktop Firewall Policy

C.

Mobile Access Policy.

D.

Threat Prevention Policy.

Buy Now
Questions 37

How would you determine the software version from the CLI?

Options:

A.

fw ver

B.

fw stat

C.

fw monitor

D.

cpinfo

Buy Now
Questions 38

In ____________ NAT, the ____________ is translated.

Options:

A.

Hide; source

B.

Static; source

C.

Simple; source

D.

Hide; destination

Buy Now
Questions 39

Which command shows the installed licenses in Expert mode?

Options:

A.

print cplic

B.

show licenses

C.

fwlic print

D.

cplic print

Buy Now
Questions 40

What is the main difference between Static NAT and Hide NAT?

Options:

A.

Static NAT only allows incoming connections to protect your network.

B.

Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections.

C.

Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing connections.

D.

Hide NAT only allows incoming connections to protect your network.

Buy Now
Questions 41

What is the user ID of a user that have all the privileges of a root user?

Options:

A.

User ID 1

B.

User ID 2

C.

User ID 0

D.

User ID 99

Buy Now
Questions 42

Which of the following is NOT a component of a Distinguished Name?

Options:

A.

Common Name

B.

Country

C.

User container

D.

Organizational Unit

Buy Now
Questions 43

Application Control/URL filtering database library is known as:

Options:

A.

Application database

B.

AppWiki

C.

Application-Forensic Database

D.

Application Library

Buy Now
Questions 44

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ___________.

Options:

A.

Captive Portal and Transparent Kerberos Authentication

B.

UserCheck

C.

User Directory

D.

Captive Portal

Buy Now
Questions 45

Fill in the blanks: Gaia can be configured using _______ the ________.

Options:

A.

Command line interface; WebUI

B.

Gaia Interface; GaiaUI

C.

WebUI; Gaia Interface

D.

GaiaUI; command line interface

Buy Now
Questions 46

You had setup the VPN Community NPN-Stores' with 3 gateways. There are some issues with one remote gateway(l .1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways.

Options:

A.

action:”Key Install" AND 1.1.1.1 AND Quick Mode

B.

Blade:”VPN”AND VPN-Stores AND Main Mode

C.

action:”Key Install” AND 1.1.1.1 AND Main Mode

D.

Blade:”VPN”AND VPN-Stores AND Quick Mode

Buy Now
Questions 47

Fill in the blank RADIUS protocol uses_____to communicate with the gateway

Options:

A.

UDP

B.

CCP

C.

TDP

D.

HTTP

Buy Now
Questions 48

When you upload a package or license to the appropriate repository in SmartUpdate. where is the package or license stored?

Options:

A.

SmartConsole installed device

B.

Check Point user center

C.

Security Management Server

D.

Security Gateway

Buy Now
Questions 49

The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?

Options:

A.

Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with any UID and assign role to the user.

B.

Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with UID 0 and assign role to the user.

C.

Create a new access role.Add expert-mode access to the role.Create new user with UID 0 and assign role to the user.

D.

Create a new access role.Add expert-mode access to the role.Create new user with any UID and assign role to the user.

Buy Now
Questions 50

Fill in the blank RADIUS Accounting gets_____data from requests generated by the accounting client

Options:

A.

Location

B.

Payload

C.

Destination

D.

Identity

Buy Now
Questions 51

In which scenario will an administrator need to manually define Proxy ARP?

Options:

A.

When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.

B.

When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.

C.

When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.

D.

When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall's interfaces.

Buy Now
Questions 52

You want to set up a VPN tunnel to a external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.

Options:

A.

In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FWI file subnet_for_range_and_peer = { );

B.

In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to 'User defined' and put in the local network.

C.

In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDlR/cont/user.def.FW1 file subnet_for_range_and_peer = { };

D.

In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies / Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column.

Buy Now
Questions 53

What is UserCheck?

Options:

A.

Messaging tool user to verify a user’s credentials

B.

Communication tool used to inform a user about a website or application they are trying to access

C.

Administrator tool used to monitor users on their network

D.

Communication tool used to notify an administrator when a new user is created

Buy Now
Questions 54

Which two of these Check Point Protocols are used by ?

Options:

A.

ELA and CPD

B.

FWD and LEA

C.

FWD and CPLOG

D.

ELA and CPLOG

Buy Now
Questions 55

How is communication between different Check Point components secured in R80? As with all questions, select the best answer.

Options:

A.

By using IPSEC

B.

By using SIC

C.

By using ICA

D.

By using 3DES

Buy Now
Questions 56

What are the two types of NAT supported by the Security Gateway?

Options:

A.

Destination and Hide

B.

Hide and Static

C.

Static and Source

D.

Source and Destination

Buy Now
Questions 57

Aggressive Mode in IKEv1 uses how many packages for negotiation?

Options:

A.

6

B.

3

C.

depends on the make of the peer gateway

D.

5

Buy Now
Questions 58

You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

Options:

A.

Identity Awareness is not enabled.

B.

Log Trimming is enabled.

C.

Logging has disk space issues

D.

Content Awareness is not enabled.

Buy Now
Questions 59

Which of the following is considered a "Subscription Blade", requiring renewal every 1-3 years?

Options:

A.

IPS blade

B.

IPSEC VPN Blade

C.

Identity Awareness Blade

D.

Firewall Blade

Buy Now
Questions 60

Which message indicates IKE Phase 2 has completed successfully?

Options:

A.

Quick Mode Complete

B.

Aggressive Mode Complete

C.

Main Mode Complete

D.

IKE Mode Complete

Buy Now
Questions 61

In R80 Management, apart from using SmartConsole, objects or rules can also be modified using:

Options:

A.

3rd Party integration of CLI and API for Gateways prior to R80.

B.

A complete CLI and API interface using SSH and custom CPCode integration.

C.

3rd Party integration of CLI and API for Management prior to R80.

D.

A complete CLI and API interface for Management with 3rd Party integration.

Buy Now
Questions 62

What is a reason for manual creation of a NAT rule?

Options:

A.

In R80 all Network Address Translation is done automatically and there is no need for manually defined NAT-rules.

B.

Network Address Translation of RFC1918-compliant networks is needed to access the Internet.

C.

Network Address Translation is desired for some services, but not for others.

D.

The public IP-address is different from the gateway’s external IP

Buy Now
Questions 63

If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer

Options:

A.

Save and install the Policy

B.

Delete older versions of database

C.

Revert the session.

D.

Publish or discard the session

Buy Now
Questions 64

Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enable which path is handling the traffic?

Options:

A.

Slow Path

B.

Medium Path

C.

Fast Path

D.

Accelerated Path

Buy Now
Questions 65

Vanessa is attempting to log into the Gaia Web Portal. She is able to login successfully. Then she tries the same username and password for SmartConsole but gets the message in the screenshot image below. She has checked that the IP address of the Server is correct and the username and password she used to login into Gaia is also correct.

What is the most likely reason?

Options:

A.

Check Point R80 SmartConsole authentication is more secure than in previous versions and Vanessa requires a special authentication key for R80 SmartConsole. Check that the correct key details are used.

B.

Check Point Management software authentication details are not automatically the same as the Operating System authentication details. Check that she is using the correct details.

C.

SmartConsole Authentication is not allowed for Vanessa until a Super administrator has logged in first and cleared any other administrator sessions.

D.

Authentication failed because Vanessa’s username is not allowed in the new Threat Prevention console update checks even though these checks passed with Gaia.

Buy Now
Questions 66

Fill in the blank: SmartConsole, SmartEvent GUI client, and ___________ allow viewing of billions of consolidated logs and shows them as prioritized security events.

Options:

A.

SmartView Web Application

B.

SmartTracker

C.

SmartMonitor

D.

SmartReporter

Buy Now
Questions 67

Which application is used for the central management and deployment of licenses and packages?

Options:

A.

SmartProvisioning

B.

SmartLicense

C.

SmartUpdate

D.

Deployment Agent

Buy Now
Questions 68

When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security Policy?

Options:

A.

Access Role

B.

User Group

C.

SmartDirectory Group

D.

Group Template

Buy Now
Questions 69

The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method?

Options:

A.

The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically.

B.

No action is required if the firewall has internet access and a DNS server to resolve domain names.

C.

Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts.

D.

The cpinfo command must be run on the firewall with the switch -online-license-activation.

Buy Now
Questions 70

To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from ‘Medium’ to ‘High’ Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?

Options:

A.

The Access Control and Threat Prevention Policies.

B.

The Access Control Policy.

C.

The Access Control & HTTPS Inspection Policy.

D.

The Threat Prevention Policy.

Buy Now
Questions 71

An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE?

Options:

A.

Section titles are not sent to the gateway side.

B.

These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement.

C.

A Sectional Title can be used to disable multiple rules by disabling only the sectional title.

D.

Sectional Titles do not need to be created in the SmartConsole.

Buy Now
Questions 72

Which backup utility captures the most information and tends to create the largest archives?

Options:

A.

backup

B.

snapshot

C.

Database Revision

D.

migrate export

Buy Now
Questions 73

In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?

Options:

A.

Different computers or appliances.

B.

The same computer or appliance.

C.

Both on virtual machines or both on appliances but not mixed.

D.

In Azure and AWS cloud environments.

Buy Now
Questions 74

What needs to be configured if the NAT property ‘Translate destination on client side’ is not enabled in Global properties?

Options:

A.

A host route to route to the destination IP

B.

Use the file local.arp to add the ARP entries for NAT to work

C.

Nothing, the Gateway takes care of all details necessary

D.

Enabling ‘Allow bi-directional NAT’ for NAT to work correctly

Buy Now
Questions 75

Which of the following commands is used to monitor cluster members?

Options:

A.

cphaprob state

B.

cphaprob status

C.

cphaprob

D.

cluster state

Buy Now
Questions 76

Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?

Options:

A.

SmartManager

B.

SmartConsole

C.

Security Gateway

D.

Security Management Server

Buy Now
Questions 77

How do logs change when the "Accounting" tracking option is enabled on a traffic rule?

Options:

A.

Involved traffic logs will be forwarded to a log server.

B.

Provides log details view email to the Administrator.

C.

Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.

D.

Provides additional information to the connected user.

Buy Now
Questions 78

Which of the following is true about Stateful Inspection?

Options:

A.

Stateful Inspection tracks state using two tables, one for incoming traffic and one for outgoing traffic

B.

Stateful Inspection looks at both the headers of packets, as well as deeply examining their content.

C.

Stateful Inspection requires that a server reply to a request, in order to track a connection's state

D.

Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.

Buy Now
Questions 79

Which of the completed statements is NOT true? The WebUI can be used to manage Operating System user accounts and

Options:

A.

add users to your Gaia system.

B.

assign privileges to users.

C.

assign user rights to their home directory in the Security Management Server.

D.

edit the home directory of the user.

Buy Now
Questions 80

You are going to perform a major upgrade. Which back up solution should you use to ensure your database can be restored on that device?

Options:

A.

backup

B.

logswitch

C.

Database Revision

D.

snapshot

Buy Now
Questions 81

Which of the following is used to initially create trust between a Gateway and Security Management Server?

Options:

A.

Internal Certificate Authority

B.

Token

C.

One-time Password

D.

Certificate

Buy Now
Questions 82

Using ClusterXL, what statement is true about the Sticky Decision Function?

Options:

A.

Can only be changed for Load Sharing implementations

B.

All connections are processed and synchronized by the pivot

C.

Is configured using cpconfig

D.

Is only relevant when using SecureXL

Buy Now
Questions 83

Which default Gaia user has full read/write access?

Options:

A.

admin

B.

superuser

C.

monitor

D.

altuser

Buy Now
Questions 84

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Options:

A.

None, Security Management Server would be installed by itself.

B.

SmartConsole

C.

SecureClient

D.

SmartEvent

Buy Now
Questions 85

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

Options:

A.

Security Gateway IP-address cannot be changed without re-establishing the trust

B.

The Security Gateway name cannot be changed in command line without re-establishing trust

C.

The Security Management Server name cannot be changed in SmartConsole without re-establishing trust

D.

The Security Management Server IP-address cannot be changed without re-establishing the trust

Buy Now
Questions 86

What data MUST be supplied to the SmartConsole System Restore window to restore a backup?

Options:

A.

Server, Username, Password, Path, Version

B.

Username, Password, Path, Version

C.

Server, Protocol, Username, Password, Destination Path

D.

Server, Protocol, Username, Password, Path

Buy Now
Questions 87

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

Options:

A.

Symmetric routing

B.

Failovers

C.

Asymmetric routing

D.

Anti-Spoofing

Buy Now
Questions 88

Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?

Options:

A.

The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine.

B.

Licensed Check Point products for the Gala operating system and the Gaia operating system itself.

C.

The CPUSE engine and the Gaia operating system.

D.

The Gaia operating system only.

Buy Now
Questions 89

Which of the following is NOT an option to calculate the traffic direction?

Options:

A.

Incoming

B.

Internal

C.

External

D.

Outgoing

Buy Now
Questions 90

Which of the following is NOT a role of the SmartCenter:

Options:

A.

Status monitoring

B.

Policy configuration

C.

Certificate authority

D.

Address translation

Buy Now
Questions 91

Fill in the bank: In Office mode, a Security Gateway assigns a remote client to an IP address once___________.

Options:

A.

the user connects and authenticates

B.

office mode is initiated

C.

the user requests a connection

D.

the user connects

Buy Now
Questions 92

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

Options:

A.

Smart Cloud Services

B.

Load Sharing Mode Services

C.

Threat Agent Solution

D.

Public Cloud Services

Buy Now
Questions 93

A SAM rule Is implemented to provide what function or benefit?

Options:

A.

Allow security audits.

B.

Handle traffic as defined in the policy.

C.

Monitor sequence activity.

D.

Block suspicious activity.

Buy Now
Questions 94

Fill in the blank: When a policy package is installed, ________ are also distributed to the target installation Security Gateways.

Options:

A.

User and objects databases

B.

Network databases

C.

SmartConsole databases

D.

User databases

Buy Now
Questions 95

Fill in the blank: To create policy for traffic to or from a particular location, use the _____________.

Options:

A.

DLP shared policy

B.

Geo policy shared policy

C.

Mobile Access software blade

D.

HTTPS inspection

Buy Now
Questions 96

How many users can have read/write access in Gaia Operating System at one time?

Options:

A.

One

B.

Three

C.

Two

D.

Infinite

Buy Now
Questions 97

Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages.

Options:

A.

Concurrent policy packages

B.

Concurrent policies

C.

Global Policies

D.

Shared policies

Buy Now
Questions 98

Name the pre-defined Roles included in Gaia OS.

Options:

A.

AdminRole, and MonitorRole

B.

ReadWriteRole, and ReadyOnly Role

C.

AdminRole, cloningAdminRole, and Monitor Role

D.

AdminRole

Buy Now
Questions 99

When connected to the Check Point R80 Management Server using the SmartConsole the first administrator to connect has a lock on:

Options:

A.

Only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.

B.

The entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.

C.

The entire Management Database and all sessions and other administrators can connect only as Read-only.

D.

Only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.

Buy Now
Questions 100

Identity Awareness allows easy configuration for network access and auditing based on what three items?

Options:

A.

Client machine IP address.

B.

Network location, the identity of a user and the identity of a machine.

C.

Log server IP address.

D.

Gateway proxy IP address.

Buy Now
Questions 101

Which of these is NOT a feature or benefit of Application Control?

Options:

A.

Eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk.

B.

Identify and control which applications are in your IT environment and which to add to the IT environment.

C.

Scans the content of files being downloaded by users in order to make policy decisions.

D.

Automatically identify trusted software that has authorization to run

Buy Now
Questions 102

Which SmartConsole tab is used to monitor network and security performance?

Options:

A.

Manage & Settings

B.

Security Policies

C.

Gateway & Servers

D.

Logs & Monitor

Buy Now
Questions 103

In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

Options:

A.

SND is a feature to accelerate multiple SSL VPN connections

B.

SND is an alternative to IPSec Main Mode, using only 3 packets

C.

SND is used to distribute packets among Firewall instances

D.

SND is a feature of fw monitor to capture accelerated packets

Buy Now
Questions 104

Check Point licenses come in two forms. What are those forms?

Options:

A.

Central and Local.

B.

Access Control and Threat Prevention.

C.

On-premise and Public Cloud.

D.

Security Gateway and Security Management.

Buy Now
Questions 105

Access roles allow the firewall administrator to configure network access according to:

Options:

A.

remote access clients.

B.

a combination of computer or computer groups and networks.

C.

users and user groups.

D.

All of the above.

Buy Now
Questions 106

What is NOT an advantage of Packet Filtering?

Options:

A.

Application Independence

B.

High Performance

C.

Scalability

D.

Low Security and No Screening above Network Layer

Buy Now
Questions 107

Where can administrator edit a list of trusted SmartConsole clients?

Options:

A.

cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.

B.

In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

C.

WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.

D.

Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

Buy Now
Questions 108

What is the most complete definition of the difference between the Install Policy button on the SmartConsole’s tab, and the Install Policy within a specific policy?

Options:

A.

The Global one also saves and published the session before installation.

B.

The Global one can install multiple selected policies at the same time.

C.

The local one does not install the Anti-Malware policy along with the Network policy.

D.

The second one pre-select the installation for only the current policy and for the applicable gateways.

Buy Now
Questions 109

What is the default shell for the command line interface?

Options:

A.

Clish

B.

Admin

C.

Normal

D.

Expert

Buy Now
Questions 110

If an administrator wants to restrict access to a network resource only allowing certain users to access it, and only when they are on a specific network what is the best way to accomplish this?

Options:

A.

Create an inline layer where the destination is the target network resource Define sub-rules allowing only specific sources to access the target resource

B.

Use a "New Legacy User at Location", specifying the LDAP user group that the users belong to, at the desired location

C.

Create a rule allowing only specific source IP addresses access to the target network resource.

D.

Create an Access Role object, with specific users or user groups specified, and specific networks defined Use this access role as the "Source" of an Access Control rule

Buy Now
Questions 111

Fill in the blank: It is Best Practice to have a _____ rule at the end of each policy layer.

Options:

A.

Explicit Drop

B.

Implied Drop

C.

Explicit Cleanup

D.

Implicit Drop

Buy Now
Questions 112

When should you generate new licenses?

Options:

A.

Before installing contract files.

B.

After an RMA procedure when the MAC address or serial number of the appliance changes.

C.

When the existing license expires, license is upgraded or the IP-address where the license is tied changes.

D.

Only when the license is upgraded.

Buy Now
Questions 113

Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.

Options:

A.

On all satellite gateway to satellite gateway tunnels

B.

On specific tunnels for specific gateways

C.

On specific tunnels in the community

D.

On specific satellite gateway to central gateway tunnels

Buy Now
Questions 114

When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?

Options:

A.

Log, send snmp trap, email

B.

Drop packet, alert, none

C.

Log, alert, none

D.

Log, allow packets, email

Buy Now
Questions 115

True or False: The destination server for Security Gateway logs depends on a Security Management Server configuration.

Options:

A.

False, log servers are configured on the Log Server General Properties

B.

True, all Security Gateways will only forward logs with a SmartCenter Server configuration

C.

True, all Security Gateways forward logs automatically to the Security Management Server

D.

False, log servers are enabled on the Security Gateway General Properties

Buy Now
Questions 116

Which tool allows for the automatic updating of the Gaia OS and Check Point products installed on the Gaia OS?

Options:

A.

CPASE - Check Point Automatic Service Engine

B.

CPAUE - Check Point Automatic Update Engine

C.

CPDAS - Check Point Deployment Agent Service

D.

CPUSE - Check Point Upgrade Service Engine

Buy Now
Questions 117

Fill in the blanks: The _______ collects logs and sends them to the _______.

Options:

A.

Log server; Security Gateway

B.

Log server; security management server

C.

Security management server; Security Gateway

D.

Security Gateways; log server

Buy Now
Questions 118

In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT ________.

Options:

A.

Upgrade the software version

B.

Open WebUI

C.

Open SSH

D.

Open service request with Check Point Technical Support

Buy Now
Questions 119

What are the three deployment options available for a security gateway?

Options:

A.

Standalone, Distributed, and Bridge Mode

B.

Bridge Mode, Remote, and Standalone

C.

Remote, Standalone, and Distributed

D.

Distributed, Bridge Mode, and Remote

Buy Now
Questions 120

Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

Options:

A.

Application Control

B.

Threat Emulation

C.

Anti-Virus

D.

Advanced Networking Blade

Buy Now
Exam Code: 156-215.81
Exam Name: Check Point Certified Security Administrator R81.20
Last Update: Dec 21, 2024
Questions: 400

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99