ExamGecko
Search Search Login
Home Home / Checkpoint / 156-215.81

Checkpoint 156-215.81 Practice Test - Questions Answers, Page 10

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What needs to be configured if the NAT property 'Translate destination on client side' is not enabled in Global properties?
Which is a suitable command to check whether Drop Templates are activated or not?
Which Check Point software blade provides Application Security and identity control?
How are the backups stored in Check Point appliances?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Which of the following is true about Stateful Inspection?
Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.
What is the main difference between Threat Extraction and Threat Emulation?
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
When should you generate new licenses?

Question 91

Report
Export
Collapse

What is the Transport layer of the TCP/IP model responsible for?

A.
It transports packets as datagrams along different routes to reach their destination.
A.
It transports packets as datagrams along different routes to reach their destination.
Answers
B.
It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
B.
It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
Answers
C.
It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.
C.
It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.
Answers
D.
It deals with all aspects of the physical components of network connectivity and connects with different network types.
D.
It deals with all aspects of the physical components of network connectivity and connects with different network types.
Answers
Suggested answer: B

Explanation:

The Transport layer of the TCP/IP model is responsible for managing the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application. It also provides error detection and correction, flow control, and multiplexing. The Transport layer uses protocols such as TCP and UDP.

Question 92

Report
Export
Collapse

Which of the following is the most secure means of authentication?

A.
Password
A.
Password
Answers
B.
Certificate
B.
Certificate
Answers
C.
Token
C.
Token
Answers
D.
Pre-shared secret
D.
Pre-shared secret
Answers
Suggested answer: B

Explanation:

Certificate is the most secure means of authentication among the given options2. A certificate is a digital document that contains information about the identity of a user or a device, and is signed by a trusted authority. A certificate can be used to prove the identity of a user or a device without revealing any sensitive information, such as passwords or tokens. Password, token, and pre-shared secret are less secure means of authentication because they can be easily compromised, stolen, or guessed by attackers.

Reference:Secure User Authentication Methods - freeCodeCamp.org,What is the Most Secure Authentication Method for Your Organization ...

Question 93

Report
Export
Collapse

What is the BEST command to view configuration details of all interfaces in Gaia CLISH?

A.
ifconfig -a
A.
ifconfig -a
Answers
B.
show interfaces
B.
show interfaces
Answers
C.
show interfaces detail
C.
show interfaces detail
Answers
D.
show configuration interface
D.
show configuration interface
Answers
Suggested answer: D

Explanation:

The BEST command to view configuration details of all interfaces in Gaia CLISH isshow configuration interface3. This command displays the interface name, IP address, netmask, state, MTU, and other parameters for each interface. ifconfig -a, show interfaces, and show interfaces detail are not valid commands in Gaia CLISH.

Reference:How to configure static routes in CLISH on Gaia OS and IPSO OS,GAIA CLISH Commands - Fir3net,Gaia Administration Guide R80 - Check Point Software,Gaia Clish commands including User Defined (Extended) commands

Question 94

Report
Export
Collapse

Fill in the blank: Authentication rules are defined for ____________.

A.
User groups
A.
User groups
Answers
B.
Users using UserCheck
B.
Users using UserCheck
Answers
C.
Individual users
C.
Individual users
Answers
D.
All users in the database
D.
All users in the database
Answers
Suggested answer: A

Explanation:

Authentication rules are defined foruser groupsrather than individual users1. To define authentication rules, you must first define users and groups.You can define users with the Check Point user database, or with an external server, such as LDAP1.UserCheck is a feature that enables user interaction with security events2. Individual users and all users in the database are not valid options for defining authentication rules.

Reference:How to Configure Client Authentication,UserCheck

Question 95

Report
Export
Collapse

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

A.
ThreatWiki
A.
ThreatWiki
Answers
B.
Whitelist Files
B.
Whitelist Files
Answers
C.
AppWiki
C.
AppWiki
Answers
D.
IPS Protections
D.
IPS Protections
Answers
Suggested answer: A

Explanation:

ThreatWiki is a tool that provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed3. ThreatWiki is a web-based service that collects information about files from various sources, such as Check Point customers, partners, and researchers.Administrators can use ThreatWiki to view file reputation, upload files for analysis, and download indicators of compromise3. Whitelist Files, AppWiki, and IPS Protections are not tools that provide a list of trusted files.

Reference:Threat Prevention R80.40 Administration Guide

Question 96

Report
Export
Collapse

Which of the following is an authentication method used for Identity Awareness?

A.
SSL
A.
SSL
Answers
B.
Captive Portal
B.
Captive Portal
Answers
C.
PKI
C.
PKI
Answers
D.
RSA
D.
RSA
Answers
Suggested answer: B

Explanation:

Captive Portal is an authentication method used for Identity Awareness4. Captive Portal is a web-based authentication method that redirects users to a browser-based login page when they try to access the network. Users must provide their credentials to access the network resources.Captive Portal can be used for guest users or users who are not identified by other methods4. SSL, PKI, and RSA are not authentication methods used for Identity Awareness, but rather encryption or certificate technologies.

Reference:Identity Awareness Reference Architecture and Best Practices

Question 97

Report
Export
Collapse

The SIC Status ''Unknown'' means

A.
There is connection between the gateway and Security Management Server but it is not trusted.
A.
There is connection between the gateway and Security Management Server but it is not trusted.
Answers
B.
The secure communication is established.
B.
The secure communication is established.
Answers
C.
There is no connection between the gateway and Security Management Server.
C.
There is no connection between the gateway and Security Management Server.
Answers
D.
The Security Management Server can contact the gateway, but cannot establish SIC.
D.
The Security Management Server can contact the gateway, but cannot establish SIC.
Answers
Suggested answer: C

Explanation:

The SIC Status ''Unknown'' means that there is no connection between the gateway and Security Management Server.This can happen if the gateway is down, unreachable, or has not been initialized yet12.

Reference:Check Point R81 Security Management Administration Guide,Free Check Point CCSA Sample Questions and Study Guide

Question 98

Report
Export
Collapse

What is a reason for manual creation of a NAT rule?

A.
In R80 all Network Address Translation is done automatically and there is no need for manually defined NAT-rules.
A.
In R80 all Network Address Translation is done automatically and there is no need for manually defined NAT-rules.
Answers
B.
Network Address Translation of RFC1918-compliant networks is needed to access the Internet.
B.
Network Address Translation of RFC1918-compliant networks is needed to access the Internet.
Answers
C.
Network Address Translation is desired for some services, but not for others.
C.
Network Address Translation is desired for some services, but not for others.
Answers
D.
The public IP-address is different from the gateway's external IP
D.
The public IP-address is different from the gateway's external IP
Answers
Suggested answer: D

Explanation:

A reason for manual creation of a NAT rule is when the public IP-address is different from the gateway's external IP.This can happen when the gateway is behind another NAT device or firewall3.

Reference:Check Point R81 Security Gateway Administration Guide,Check Point CCSA - R81: Practice Test & Explanation

Question 99

Report
Export
Collapse

Which of the following commands is used to verify license installation?

A.
Cplic verify license
A.
Cplic verify license
Answers
B.
Cplic print
B.
Cplic print
Answers
C.
Cplic show
C.
Cplic show
Answers
D.
Cplic license
D.
Cplic license
Answers
Suggested answer: B

Explanation:

The command cplic print is used to verify license installation. It displays the installed licenses and their expiration dates .

Reference: [Check Point R81 Command Line Interface Reference Guide],Check Point :: Pearson VUE

Question 100

Report
Export
Collapse

To enforce the Security Policy correctly, a Security Gateway requires:

A.
a routing table
A.
a routing table
Answers
B.
awareness of the network topology
B.
awareness of the network topology
Answers
C.
a Demilitarized Zone
C.
a Demilitarized Zone
Answers
D.
a Security Policy install
D.
a Security Policy install
Answers
Suggested answer: B

Explanation:

To enforce the Security Policy correctly, a Security Gateway requires awareness of the network topology. This means that the gateway knows which networks and interfaces are internal and external, and how to route packets between them .

Reference: [Check Point R81 Security Gateway Technical Administration Guide],Check Point CCSA - R81: Practice Test & Explanation

Total 401 questions
Go to page: of 41
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms