ExamGecko
Search Search Login
Home Home / Checkpoint / 156-215.81

Checkpoint 156-215.81 Practice Test - Questions Answers, Page 17

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What needs to be configured if the NAT property 'Translate destination on client side' is not enabled in Global properties?
Which is a suitable command to check whether Drop Templates are activated or not?
Which Check Point software blade provides Application Security and identity control?
How are the backups stored in Check Point appliances?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.
Which of the following is true about Stateful Inspection?
What is the main difference between Threat Extraction and Threat Emulation?
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
When should you generate new licenses?

Question 161

Report
Export
Collapse

Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?

A.
Microsoft Publisher
A.
Microsoft Publisher
Answers
B.
JSON
B.
JSON
Answers
C.
Microsoft Word
C.
Microsoft Word
Answers
D.
RC4 Encryption
D.
RC4 Encryption
Answers
Suggested answer: B

Explanation:

The way that the objects can be manipulated using the new API integration in R80 Management is JSON. JSON (JavaScript Object Notation) is a lightweight data-interchange format that is easy for humans and machines to read and write. The R80 Management API uses JSON as the primary data format for requests and responses. Therefore, the correct answer is B. JSON.

Question 162

Report
Export
Collapse

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway

A.
True, CLI is the prefer method for Licensing
A.
True, CLI is the prefer method for Licensing
Answers
B.
False, Central License are handled via Security Management Server
B.
False, Central License are handled via Security Management Server
Answers
C.
False, Central License are installed via Gaia on Security Gateways
C.
False, Central License are installed via Gaia on Security Gateways
Answers
D.
True, Central License can be installed with CPLIC command on a Security Gateway
D.
True, Central License can be installed with CPLIC command on a Security Gateway
Answers
Suggested answer: D

Explanation:

In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway using the CPLIC command1.This command allows you to install a license from a file or from the User Center1. Therefore, the correct answer is D.True, Central License can be installed with CPLIC command on a Security Gateway.

Question 163

Report
Export
Collapse

Which of the following is NOT an identity source used for Identity Awareness?

A.
Remote Access
A.
Remote Access
Answers
B.
UserCheck
B.
UserCheck
Answers
C.
AD Query
C.
AD Query
Answers
D.
RADIUS
D.
RADIUS
Answers
Suggested answer: B

Explanation:

UserCheck is not an identity source used for Identity Awareness.UserCheck is a feature that allows you to interact with users when they trigger Data Loss Prevention or Threat Prevention incidents2.Identity Awareness uses different methods to acquire identities, such as AD Query, Identity Agent, Browser-Based Authentication, Terminal Servers, Captive Portal, and RADIUS3. Therefore, the correct answer is B.UserCheck.

Question 164

Report
Export
Collapse

Fill in the blanks: Default port numbers for an LDAP server is ______ for standard connections and _______ SSL connections.

A.
675, 389
A.
675, 389
Answers
B.
389, 636
B.
389, 636
Answers
C.
636, 290
C.
636, 290
Answers
D.
290, 675
D.
290, 675
Answers
Suggested answer: B

Explanation:

The default port numbers for an LDAP server are 389 for standard connections and 636 for SSL connections. LDAP (Lightweight Directory Access Protocol) is a protocol that allows access to directory services over TCP/IP. Therefore, the correct answer is B. 389, 636.

Question 165

Report
Export
Collapse

Which of the following is NOT supported by Bridge Mode Check Point Security Gateway

A.
Antivirus
A.
Antivirus
Answers
B.
Data Loss Prevention
B.
Data Loss Prevention
Answers
C.
NAT
C.
NAT
Answers
D.
Application Control
D.
Application Control
Answers
Suggested answer: C

Explanation:

Bridge Mode Check Point Security Gateway does not support NAT. Bridge Mode is a deployment option that allows the Security Gateway to inspect traffic without being a routing hop.In Bridge Mode, the Security Gateway does not have an IP address and cannot perform NAT1. Therefore, the correct answer is C.NAT.

Question 166

Report
Export
Collapse

Which option, when applied to a rule, allows all encrypted and non-VPN traffic that matches the rule?

A.
All Site-to-Site VPN Communities
A.
All Site-to-Site VPN Communities
Answers
B.
Accept all encrypted traffic
B.
Accept all encrypted traffic
Answers
C.
All Connections (Clear or Encrypted)
C.
All Connections (Clear or Encrypted)
Answers
D.
Specific VPN Communities
D.
Specific VPN Communities
Answers
Suggested answer: B

Explanation:

The option that allows all encrypted and non-VPN traffic that matches the rule is Accept all encrypted traffic.This option enables you to allow traffic to any destination that is encrypted, regardless of whether it is part of a VPN community or not2. Therefore, the correct answer is B.Accept all encrypted traffic.

Question 167

Report
Export
Collapse

In which scenario is it a valid option to transfer a license from one hardware device to another?

A.
From a 4400 Appliance to a 2200 Appliance
A.
From a 4400 Appliance to a 2200 Appliance
Answers
B.
From a 4400 Appliance to an HP Open Server
B.
From a 4400 Appliance to an HP Open Server
Answers
C.
From an IBM Open Server to an HP Open Server
C.
From an IBM Open Server to an HP Open Server
Answers
D.
From an IBM Open Server to a 2200 Appliance
D.
From an IBM Open Server to a 2200 Appliance
Answers
Suggested answer: A

Explanation:

The scenario where it is a valid option to transfer a license from one hardware device to another is from a 4400 Appliance to a 2200 Appliance. This is because both appliances are Check Point products and have the same license type (Central License).You can transfer a license from one hardware device to another if they have the same license type and vendor3. Therefore, the correct answer is A.From a 4400 Appliance to a 2200 Appliance.

Question 168

Report
Export
Collapse

Fill in the blanks: A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.

A.
Formal; corporate
A.
Formal; corporate
Answers
B.
Local; formal
B.
Local; formal
Answers
C.
Local; central
C.
Local; central
Answers
D.
Central; local
D.
Central; local
Answers
Suggested answer: D

Explanation:

A central license is automatically attached to a Security Gateway when it is installed.A local license requires an administrator to designate a gateway for attachment1, p. 8.

Reference:Check Point CCSA - R81: Practice Test & Explanation

Question 169

Report
Export
Collapse

Which of the following is NOT a valid configuration screen of an Access Role Object?

A.
Users
A.
Users
Answers
B.
Networks
B.
Networks
Answers
C.
Time
C.
Time
Answers
D.
Machines
D.
Machines
Answers
Suggested answer: C

Explanation:

An Access Role Object has four configuration screens: Users, Machines, Networks, and Identity Tags1, p. 27. Time is not a valid configuration screen of an Access Role Object.

Reference:Check Point CCSA - R81: Practice Test & Explanation

Question 170

Report
Export
Collapse

What is the purpose of the Stealth Rule?

A.
To prevent users from directly connecting to a Security Gateway.
A.
To prevent users from directly connecting to a Security Gateway.
Answers
B.
To reduce the number of rules in the database.
B.
To reduce the number of rules in the database.
Answers
C.
To reduce the amount of logs for performance issues.
C.
To reduce the amount of logs for performance issues.
Answers
D.
To hide the gateway from the Internet.
D.
To hide the gateway from the Internet.
Answers
Suggested answer: A

Explanation:

The Stealth Rule is used to prevent users from directly connecting to a Security Gateway.It is usually placed at the top of the rule base, before any other rule that allows traffic to the Security Gateway1, p. 32.

Reference:Check Point CCSA - R81: Practice Test & Explanation

Total 401 questions
Go to page: of 41
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms