ExamGecko
Search Search Login
Home Home / Checkpoint / 156-215.81

Checkpoint 156-215.81 Practice Test - Questions Answers, Page 31

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What needs to be configured if the NAT property 'Translate destination on client side' is not enabled in Global properties?
Which is a suitable command to check whether Drop Templates are activated or not?
Which Check Point software blade provides Application Security and identity control?
How are the backups stored in Check Point appliances?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.
Which of the following is true about Stateful Inspection?
What is the main difference between Threat Extraction and Threat Emulation?
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
When should you generate new licenses?

Question 301

Report
Export
Collapse

Which of the following is considered a 'Subscription Blade', requiring renewal every 1-3 years?

A.
IPS blade
A.
IPS blade
Answers
B.
IPSEC VPN Blade
B.
IPSEC VPN Blade
Answers
C.
Identity Awareness Blade
C.
Identity Awareness Blade
Answers
D.
Firewall Blade
D.
Firewall Blade
Answers
Suggested answer: A

Explanation:

The following is considered a ''Subscription Blade'', requiring renewal every 1-3 years:IPS blade4. The IPS blade is a software blade that provides protection against network attacks and exploits by inspecting traffic and blocking malicious packets. The IPS blade requires a subscription license that includes updates for the IPS signatures and Geo Protection database. Other subscription blades include Anti-Bot, Anti-Virus, URL Filtering, Application Control, Threat Emulation, and Threat Extraction.

Reference:Check Point Licensing and Contract Operations User Guide

Question 302

Report
Export
Collapse

DLP and Geo Policy are examples of what type of Policy?

A.
Inspection Policies
A.
Inspection Policies
Answers
B.
Shared Policies
B.
Shared Policies
Answers
C.
Unified Policies
C.
Unified Policies
Answers
D.
Standard Policies
D.
Standard Policies
Answers
Suggested answer: B

Explanation:

DLP and Geo Policy are examples ofShared Policies. Shared Policies are policies that can be shared with other policy packages to save time and effort when managing multiple gateways with similar security requirements. Shared Policies can be applied to Access Control, Threat Prevention, and HTTPS Inspection layers. Other types of policies include Inspection Policies, Unified Policies, and Standard Policies.

Reference: [Check Point R81 Security Management Administration Guide], [Check Point R81 SmartConsole R81 Resolved Issues]

Question 303

Report
Export
Collapse

Fill in the blanks: The Application Layer Firewalls inspect traffic through the ______ layer(s) of the TCP/IP model and up to and including the ______ layer.

A.
Upper; Application
A.
Upper; Application
Answers
B.
First two; Internet
B.
First two; Internet
Answers
C.
Lower; Application
C.
Lower; Application
Answers
D.
First two; Transport
D.
First two; Transport
Answers
Suggested answer: C

Explanation:

The Application Layer Firewalls inspect traffic through theLowerlayer(s) of the TCP/IP model and up to and including theApplicationlayer. The lower layers are the Physical, Data Link, and Network layers, which deal with the transmission and routing of packets. The Application layer is the highest layer of the TCP/IP model, which provides services and protocols for specific applications such as HTTP, FTP, SMTP, etc. The Application Layer Firewalls can inspect the content and context of the traffic and enforce granular security policies based on various criteria such as user identity, application identity, content type, etc.

Reference: [Check Point R81 Firewall Administration Guide]

Question 304

Report
Export
Collapse

Fill in the blanks: The _______ collects logs and sends them to the _______.

A.
Log server; Security Gateway
A.
Log server; Security Gateway
Answers
B.
Log server; security management server
B.
Log server; security management server
Answers
C.
Security management server; Security Gateway
C.
Security management server; Security Gateway
Answers
D.
Security Gateways; log server
D.
Security Gateways; log server
Answers
Suggested answer: D

Explanation:

TheSecurity Gatewayscollect logs and send them to thelog server. The Security Gateways are the components that enforce the security policy on network traffic and generate logs for each connection that matches a rule with a tracking option. The log server is the component that receives and stores the logs from the Security Gateways and provides a centralized interface for viewing and analyzing them. The log server can be either a dedicated server or integrated with the Security Management Server.

Reference: [Check Point R81 Security Management Administration Guide]

Question 305

Report
Export
Collapse

When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take?

A.
SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.
A.
SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.
Answers
B.
The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall.
B.
The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall.
Answers
C.
The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command 'sam block' must be used with the right parameters.
C.
The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command 'sam block' must be used with the right parameters.
Answers
D.
The administrator should open the LOGS & MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.
D.
The administrator should open the LOGS & MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.
Answers
Suggested answer: A

Explanation:

When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, the administrator needs to take the following action: SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required. SAM stands for Suspicious Activity Monitoring and is a feature that allows administrators to block or limit connections from specific sources or destinations without modifying the security policy. SAM rules can be created from SmartView Monitor or SmartEvent based on real-time network activity or security events.

Reference: [Check Point R81 SmartView Monitor Administration Guide]

Question 306

Report
Export
Collapse

Which policy type is used to enforce bandwidth and traffic control rules?

A.
Access Control
A.
Access Control
Answers
B.
Threat Emulation
B.
Threat Emulation
Answers
C.
Threat Prevention
C.
Threat Prevention
Answers
D.
QoS
D.
QoS
Answers
Suggested answer: D

Explanation:

The policy type that is used to enforce bandwidth and traffic control rules isQoS. QoS stands for Quality of Service and is a software blade that allows administrators to prioritize network traffic according to various criteria such as source, destination, service, application, user, etc. QoS can also limit the bandwidth consumption of certain traffic types or guarantee a minimum bandwidth for critical applications.

Reference: [Check Point R81 QoS Administration Guide]

Question 307

Report
Export
Collapse

To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data?

A.
Cache the data to speed up its own function.
A.
Cache the data to speed up its own function.
Answers
B.
Share the data to the ThreatCloud for use by other Threat Prevention blades.
B.
Share the data to the ThreatCloud for use by other Threat Prevention blades.
Answers
C.
Log the traffic for Administrator viewing.
C.
Log the traffic for Administrator viewing.
Answers
D.
Delete the data to ensure an analysis of the data is done each time.
D.
Delete the data to ensure an analysis of the data is done each time.
Answers
Suggested answer: B

Explanation:

To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway doesshare the data to the ThreatCloud for use by other Threat Prevention blades. The ThreatCloud is a collaborative network and cloud-driven knowledge base that delivers real-time dynamic security intelligence to security gateways. The Threat Prevention gateway can send and receive updates from the ThreatCloud about new threats and malicious data signatures.

Reference: [Check Point R81 Threat Prevention Administration Guide]

Question 308

Report
Export
Collapse

Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

A.
SmartDashboard
A.
SmartDashboard
Answers
B.
SmartEvent
B.
SmartEvent
Answers
C.
SmartView Monitor
C.
SmartView Monitor
Answers
D.
SmartUpdate
D.
SmartUpdate
Answers
Suggested answer: B

Explanation:

The product that correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices isSmartEvent. SmartEvent is a software blade that analyzes logs from various sources such as Security Gateways, Endpoint Security Servers, Identity Awareness Servers, etc. and generates security events based on predefined or custom rules. SmartEvent provides a graphical interface for viewing and managing security events in real-time or historical mode.

Reference: [Check Point R81 SmartEvent Administration Guide]

Question 309

Report
Export
Collapse

Which two Identity Awareness daemons are used to support identity sharing?

A.
Policy Activation Point (PAP) and Policy Decision Point (PDP)
A.
Policy Activation Point (PAP) and Policy Decision Point (PDP)
Answers
B.
Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
B.
Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
Answers
C.
Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
C.
Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
Answers
D.
Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
D.
Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
Answers
Suggested answer: D

Explanation:

The two Identity Awareness daemons that are used to support identity sharing arePolicy Decision Point (PDP)andPolicy Enforcement Point (PEP). PDP is a daemon that runs on the Security Management Server or a dedicated Identity Awareness Server and provides identity information to other components. PEP is a daemon that runs on the Security Gateway and enforces identity-based rules based on the information received from the PDP. Identity sharing is a feature that allows PDPs and PEPs to exchange identity information across different domains or networks.

Reference: [Check Point R81 Identity Awareness Administration Guide]

Question 310

Report
Export
Collapse

What is the default shell of Gaia CLI?

A.
clish
A.
clish
Answers
B.
Monitor
B.
Monitor
Answers
C.
Read-only
C.
Read-only
Answers
D.
Bash
D.
Bash
Answers
Suggested answer: A

Explanation:

The default shell of Gaia CLI is clish, which stands for Check Point command line interface shell1. It provides a user-friendly interface to configure and manage Check Point products.

Reference:Check Point Gaia Administration Guide

Total 401 questions
Go to page: of 41
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms