ExamGecko
Search Search Login
Home Home / Checkpoint / 156-215.81

Checkpoint 156-215.81 Practice Test - Questions Answers, Page 21

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What needs to be configured if the NAT property 'Translate destination on client side' is not enabled in Global properties?
Which Check Point software blade provides Application Security and identity control?
Which is a suitable command to check whether Drop Templates are activated or not?
How are the backups stored in Check Point appliances?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.
Which of the following is true about Stateful Inspection?
What is the main difference between Threat Extraction and Threat Emulation?
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
When should you generate new licenses?

Question 201

Report
Export
Collapse

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?

A.
The Gateway is an SMB device
A.
The Gateway is an SMB device
Answers
B.
The checkbox ''Use only Shared Secret for all external members'' is not checked
B.
The checkbox ''Use only Shared Secret for all external members'' is not checked
Answers
C.
Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
C.
Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
Answers
D.
Pre-shared secret is already configured in Global Properties
D.
Pre-shared secret is already configured in Global Properties
Answers
Suggested answer: C

Explanation:

Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS. This is because certificate based authentication provides stronger security and easier management than pre-shared secret authentication. The other options are either incorrect or irrelevant for this scenario.

Reference: [Check Point R80.10 - Part 6 - Certificate Based Authentication]

Question 202

Report
Export
Collapse

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

A.
INSPECT Engine
A.
INSPECT Engine
Answers
B.
Next-Generation Firewall
B.
Next-Generation Firewall
Answers
C.
Packet Filtering
C.
Packet Filtering
Answers
D.
Application Layer Firewall
D.
Application Layer Firewall
Answers
Suggested answer: B

Explanation:

The INSPECT Engine is a technology that extracts detailed information from packets and stores that information in state tables.It enables stateful inspection and application layer filtering12Reference:INSPECT Engine,Stateful Inspection

Question 203

Report
Export
Collapse

What object type would you use to grant network access to an LDAP user group?

A.
Access Role
A.
Access Role
Answers
B.
User Group
B.
User Group
Answers
C.
SmartDirectory Group
C.
SmartDirectory Group
Answers
D.
Group Template
D.
Group Template
Answers
Suggested answer: B

Explanation:

The Access Role object type is used to grant network access to an LDAP user group.It defines a set of users and machines that can access a specific network resource34Reference:Access Role, LDAP User Group

Question 204

Report
Export
Collapse

View the rule below. What does the pen-symbol in the left column mean?

A.
Those rules have been published in the current session.
A.
Those rules have been published in the current session.
Answers
B.
Rules have been edited by the logged in administrator, but the policy has not been published yet.
B.
Rules have been edited by the logged in administrator, but the policy has not been published yet.
Answers
C.
Another user has currently locked the rules for editing.
C.
Another user has currently locked the rules for editing.
Answers
D.
The configuration lock is present. Click the pen symbol in order to gain the lock.
D.
The configuration lock is present. Click the pen symbol in order to gain the lock.
Answers
Suggested answer: B

Explanation:

The pen-symbol in the left column means that the rules have been edited by the logged in administrator, but the policy has not been published yet. It indicates that the changes are not yet effective and can be discarded.

Reference: Policy Editor, Publishing Changes

Question 205

Report
Export
Collapse

What data MUST be supplied to the SmartConsole System Restore window to restore a backup?

A.
Server, Username, Password, Path, Version
A.
Server, Username, Password, Path, Version
Answers
B.
Username, Password, Path, Version
B.
Username, Password, Path, Version
Answers
C.
Server, Protocol, Username, Password, Destination Path
C.
Server, Protocol, Username, Password, Destination Path
Answers
D.
Server, Protocol, Username, Password, Path
D.
Server, Protocol, Username, Password, Path
Answers
Suggested answer: D

Explanation:

According to the Check Point R81.10 SmartConsole for Windows1, to restore a backup, you need to supply the following data: Server, Protocol, Username, Password, and Path. The Server is the IP address or hostname of the Security Management Server. The Protocol is either SCP or SFTP. The Username and Password are the credentials for the Security Management Server. The Path is the location of the backup file on the Security Management Server.

Reference:Check Point R81.10 SmartConsole for Windows

Question 206

Report
Export
Collapse

Which repositories are installed on the Security Management Server by SmartUpdate?

A.
License and Update
A.
License and Update
Answers
B.
Package Repository and Licenses
B.
Package Repository and Licenses
Answers
C.
Update and License & Contract
C.
Update and License & Contract
Answers
D.
License & Contract and Package Repository
D.
License & Contract and Package Repository
Answers
Suggested answer: D

Explanation:

According to the Managing and Installing license via SmartUpdate2, there are two repositories installed on the Security Management Server by SmartUpdate: License & Contract and Package Repository. The License & Contract repository stores all licenses available and all of the assigned licenses. The Package Repository stores all packages downloaded from the Check Point Cloud or uploaded from a local device.

Reference:Managing and Installing license via SmartUpdate

Question 207

Report
Export
Collapse

Which back up method uses the command line to create an image of the OS?

A.
System backup
A.
System backup
Answers
B.
Save Configuration
B.
Save Configuration
Answers
C.
Migrate
C.
Migrate
Answers
D.
snapshot
D.
snapshot
Answers
Suggested answer: D

Explanation:

According to the Hewlett Packard Enterprise Support Center3, the snapshot command uses the command line to create an image of the OS. A snapshot is a point-in-time copy of a disk partition that can be used to restore the system in case of a failure or corruption.

Reference:Hewlett Packard Enterprise Support Center

Question 208

Report
Export
Collapse

To quickly review when Threat Prevention signatures were last updated, which Threat Tool would an administrator use?

A.
Protections
A.
Protections
Answers
B.
IPS Protections
B.
IPS Protections
Answers
C.
Profiles
C.
Profiles
Answers
D.
ThreatWiki
D.
ThreatWiki
Answers
Suggested answer: B

Explanation:

According to the Learn More About Threat Signatures4, to quickly review when Threat Prevention signatures were last updated, you can use the IPS Protections tool. This tool shows you the date and time of the last update, as well as the number of signatures and their categories.

Reference:Learn More About Threat Signatures

Question 209

Report
Export
Collapse

Which of the following is considered to be the more secure and preferred VPN authentication method?

A.
Password
A.
Password
Answers
B.
Certificate
B.
Certificate
Answers
C.
MD5
C.
MD5
Answers
D.
Pre-shared secret
D.
Pre-shared secret
Answers
Suggested answer: B

Question 210

Report
Export
Collapse

When a Security Gateway sends its logs to an IP address other than its own, which deployment option is installed?

A.
Distributed
A.
Distributed
Answers
B.
Standalone
B.
Standalone
Answers
C.
Bridge Mode
C.
Bridge Mode
Answers
D.
Targeted
D.
Targeted
Answers
Suggested answer: A

Explanation:

When a Security Gateway sends its logs to an IP address other than its own, it means that the deployment option is distributed. In a distributed deployment, the Security Management Server and the Security Gateway are installed on separate machines. The Security Management Server collects logs from one or more Security Gateways and manages them centrally. In a standalone deployment, the Security Management Server and the Security Gateway are installed on the same machine. The Security Gateway sends logs to its own IP address. In a bridge mode deployment, the Security Gateway acts as a transparent bridge between two network segments and does not have an IP address of its own.In a targeted deployment, the Security Gateway sends logs to a specific log server that is configured in the gateway object properties34Reference:Part 4 - Installing Security Gateway,Deployment Options

Total 401 questions
Go to page: of 41
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms