ExamGecko
Search Search Login
Home Home / Checkpoint / 156-215.81

Checkpoint 156-215.81 Practice Test - Questions Answers, Page 29

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What needs to be configured if the NAT property 'Translate destination on client side' is not enabled in Global properties?
Which is a suitable command to check whether Drop Templates are activated or not?
Which Check Point software blade provides Application Security and identity control?
How are the backups stored in Check Point appliances?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.
Which of the following is true about Stateful Inspection?
What is the main difference between Threat Extraction and Threat Emulation?
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
When should you generate new licenses?

Question 281

Report
Export
Collapse

What are the Threat Prevention software components available on the Check Point Security Gateway?

A.
IPS, Threat Emulation and Threat Extraction
A.
IPS, Threat Emulation and Threat Extraction
Answers
B.
IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
B.
IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
Answers
C.
IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
C.
IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
Answers
D.
IDS, Forensics, Anti-Virus, Sandboxing
D.
IDS, Forensics, Anti-Virus, Sandboxing
Answers
Suggested answer: C

Explanation:

Threat Prevention is a comprehensive solution that protects networks from malicious attacks by using multiple security blades, such as Anti-Bot, Anti-Virus, IPS, Threat Emulation, and Threat Extraction. These are the Threat Prevention software components available on the Check Point Security Gateway. IPS (Intrusion Prevention System) is a blade that detects and prevents network attacks by using signatures and behavioral patterns. Anti-Bot is a blade that detects and blocks botnet communications by using reputation services and heuristics. Anti-Virus is a blade that scans files and web content for malware by using signatures and emulation. Threat Emulation is a blade that analyzes suspicious files in a sandbox environment and blocks malicious files from entering the network.Threat Extraction is a blade that removes exploitable content from files and delivers clean files to users2.

Reference:Check Point R81 Threat Prevention Administration Guide

Question 282

Report
Export
Collapse

You have enabled 'Extended Log' as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

A.
Identity Awareness is not enabled.
A.
Identity Awareness is not enabled.
Answers
B.
Log Trimming is enabled.
B.
Log Trimming is enabled.
Answers
C.
Logging has disk space issues
C.
Logging has disk space issues
Answers
D.
Content Awareness is not enabled.
D.
Content Awareness is not enabled.
Answers
Suggested answer: D

Explanation:

Extended Log is a tracking option that enables administrators to see additional information about the traffic that matches a security rule, such as data type, file name, file size, etc. However, to see any data type information, Content Awareness must be enabled on the Security Gateway. Content Awareness is a blade that inspects files based on their type, size, name, and data.Content Awareness is required for Extended Log to work properly3.

Reference:Check Point R81 Content Awareness Administration Guide

Question 283

Report
Export
Collapse

Identity Awareness allows easy configuration for network access and auditing based on what three items?

A.
Client machine IP address.
A.
Client machine IP address.
Answers
B.
Network location, the identity of a user and the identity of a machine.
B.
Network location, the identity of a user and the identity of a machine.
Answers
C.
Log server IP address.
C.
Log server IP address.
Answers
D.
Gateway proxy IP address.
D.
Gateway proxy IP address.
Answers
Suggested answer: B

Explanation:

Identity Awareness is a blade that enables administrators to define access rules based on the identity of users and machines, rather than just IP addresses. Identity Awareness allows easy configuration for network access and auditing based on three items: network location, the identity of a user, and the identity of a machine. Network location refers to the source or destination network segment of the traffic. The identity of a user refers to the username or group membership of the user who initiates or receives the traffic. The identity of a machine refers to the hostname or certificate of the machine that initiates or receives the traffic.

Reference: [Check Point R81 Identity Awareness Administration Guide]

Question 284

Report
Export
Collapse

What are the three deployment options available for a security gateway?

A.
Standalone, Distributed, and Bridge Mode
A.
Standalone, Distributed, and Bridge Mode
Answers
B.
Bridge Mode, Remote, and Standalone
B.
Bridge Mode, Remote, and Standalone
Answers
C.
Remote, Standalone, and Distributed
C.
Remote, Standalone, and Distributed
Answers
D.
Distributed, Bridge Mode, and Remote
D.
Distributed, Bridge Mode, and Remote
Answers
Suggested answer: A

Explanation:

A security gateway is a device that enforces the security policy on the traffic that passes through it. There are three deployment options available for a security gateway: Standalone, Distributed, and Bridge Mode. Standalone means that the security gateway and the security management server are installed on the same machine. Distributed means that the security gateway and the security management server are installed on separate machines.Bridge Mode means that the security gateway acts as a transparent bridge between two network segments, without changing the IP addressing scheme1.

Reference:Check Point R81 Security Gateway Technical Administration Guide

Question 285

Report
Export
Collapse

In which scenario will an administrator need to manually define Proxy ARP?

A.
When they configure an 'Automatic Static NAT' which translates to an IP address that does not belong to one of the firewall's interfaces.
A.
When they configure an 'Automatic Static NAT' which translates to an IP address that does not belong to one of the firewall's interfaces.
Answers
B.
When they configure an 'Automatic Hide NAT' which translates to an IP address that does not belong to one of the firewall's interfaces.
B.
When they configure an 'Automatic Hide NAT' which translates to an IP address that does not belong to one of the firewall's interfaces.
Answers
C.
When they configure a 'Manual Static NAT' which translates to an IP address that does not belong to one of the firewall's interfaces.
C.
When they configure a 'Manual Static NAT' which translates to an IP address that does not belong to one of the firewall's interfaces.
Answers
D.
When they configure a 'Manual Hide NAT' which translates to an IP address that belongs to one of the firewall's interfaces.
D.
When they configure a 'Manual Hide NAT' which translates to an IP address that belongs to one of the firewall's interfaces.
Answers
Suggested answer: C

Explanation:

NAT (Network Address Translation) is a technique that modifies the IP addresses or ports of packets that pass through a security gateway. NAT can be configured in two ways: Automatic or Manual. Automatic NAT means that the NAT rules are generated automatically by the security gateway based on the NAT properties of network objects. Manual NAT means that the NAT rules are defined explicitly by the administrator in the NAT policy. Proxy ARP (Address Resolution Protocol) is a technique that allows a security gateway to answer ARP requests on behalf of other hosts. Proxy ARP is needed when a host on one network segment tries to communicate with a host on another network segment that has a different IP address than its own. In some scenarios, an administrator will need to manually define Proxy ARP for NAT to work properly.One such scenario is when they configure a Manual Static NAT which translates to an IP address that does not belong to one of the firewall's interfaces2.

Reference:Check Point R81 Network Address Translation Administration Guide

Question 286

Report
Export
Collapse

Which of the following is NOT a component of a Distinguished Name?

A.
Common Name
A.
Common Name
Answers
B.
Country
B.
Country
Answers
C.
User container
C.
User container
Answers
D.
Organizational Unit
D.
Organizational Unit
Answers
Suggested answer: C

Explanation:

A Distinguished Name (DN) is a unique identifier for an entry in an LDAP directory. A DN consists of a sequence of relative distinguished names (RDNs) separated by commas. Each RDN is composed of an attribute type and an attribute value, such as cn=John Smith or ou=Sales. A DN can have different components depending on the structure and schema of the LDAP directory, but some common components are: Common Name (cn), Country , Organizational Unit (ou), Organization (o), State or Province (st), and Locality (l).User container is not a component of a DN3.

Reference:Check Point R81 Identity Awareness Administration Guide

Question 287

Report
Export
Collapse

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?

A.
Anti-Bot protection
A.
Anti-Bot protection
Answers
B.
Anti-Malware protection
B.
Anti-Malware protection
Answers
C.
Policy-based routing
C.
Policy-based routing
Answers
D.
Suspicious Activity Monitoring (SAM) rules
D.
Suspicious Activity Monitoring (SAM) rules
Answers
Suggested answer: D

Explanation:

If a network administrator has identified a malicious host on the network and instructed you to block it, but you cannot make any firewall policy changes at this time, you can use Suspicious Activity Monitoring (SAM) rules to block this traffic. SAM rules are temporary rules that allow you to block or limit traffic from specific sources or destinations without modifying the security policy. SAM rules are created and managed by SmartView Monitor and are enforced by the security gateway for a specified duration. Anti-Bot protection, Anti-Malware protection, and Policy-based routing are not tools that can be used to block traffic without changing the firewall policy.

Reference: [Check Point R81 SmartView Monitor Administration Guide]

Question 288

Report
Export
Collapse

What command from the CLI would be used to view current licensing?

A.
license view
A.
license view
Answers
B.
fw ctl tab -t license -s
B.
fw ctl tab -t license -s
Answers
C.
show license -s
C.
show license -s
Answers
D.
cplic print
D.
cplic print
Answers
Suggested answer: D

Explanation:

The commandcplic printdisplays the installed licenses and their expiration dates on the CLI1.

Reference:Check Point CLI Reference Card

Question 289

Report
Export
Collapse

In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?

A.
Different computers or appliances.
A.
Different computers or appliances.
Answers
B.
The same computer or appliance.
B.
The same computer or appliance.
Answers
C.
Both on virtual machines or both on appliances but not mixed.
C.
Both on virtual machines or both on appliances but not mixed.
Answers
D.
In Azure and AWS cloud environments.
D.
In Azure and AWS cloud environments.
Answers
Suggested answer: A

Explanation:

In a Distributed deployment, the Security Gateway and the Security Management software are installed on different computers or appliances2. This allows for better scalability and performance.

Reference:Check Point Security Management Administration Guide R81

Question 290

Report
Export
Collapse

Which of the following licenses are considered temporary?

A.
Plug-and-play (Trial) and Evaluation
A.
Plug-and-play (Trial) and Evaluation
Answers
B.
Perpetual and Trial
B.
Perpetual and Trial
Answers
C.
Evaluation and Subscription
C.
Evaluation and Subscription
Answers
D.
Subscription and Perpetual
D.
Subscription and Perpetual
Answers
Suggested answer: A

Explanation:

Plug-and-play (Trial) and Evaluation licenses are considered temporary because they expire after a certain period of time3. Plug-and-play licenses are valid for 15 days, while Evaluation licenses are valid for 30 days.

Reference:Check Point Licensing and Contract Operations User Guide

Total 401 questions
Go to page: of 41
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms