ExamGecko
Search Search Login
Home Home / Checkpoint / 156-215.81

Checkpoint 156-215.81 Practice Test - Questions Answers, Page 5

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What needs to be configured if the NAT property 'Translate destination on client side' is not enabled in Global properties?
Which is a suitable command to check whether Drop Templates are activated or not?
How are the backups stored in Check Point appliances?
Which Check Point software blade provides Application Security and identity control?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Which of the following is true about Stateful Inspection?
Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.
What is the main difference between Threat Extraction and Threat Emulation?
When should you generate new licenses?
When a Security Gateways sends its logs to an IP address other than its own, which deployment option is installed?

Question 41

Report
Export
Collapse

Which firewall daemon is responsible for the FW CLI commands?

A.
fwd
A.
fwd
Answers
B.
fwm
B.
fwm
Answers
C.
cpm
C.
cpm
Answers
D.
cpd
D.
cpd
Answers
Suggested answer: A

Explanation:

The correct answer is A because the fwd daemon is responsible for the FW CLI commands3. The fwm daemon handles the communication between the Security Management server and the GUI clients. The cpm daemon handles the communication between the Security Management server and SmartConsole. The cpd daemon monitors the status of critical processes on the Security Gateway.

Reference:Check Point Firewall Processes and Daemons

Question 42

Report
Export
Collapse

If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsible, which of these steps should NOT be performed:

A.
Rename the hostname of the Standby member to match exactly the hostname of the Active member.
A.
Rename the hostname of the Standby member to match exactly the hostname of the Active member.
Answers
B.
Change the Standby Security Management Server to Active.
B.
Change the Standby Security Management Server to Active.
Answers
C.
Change the Active Security Management Server to Standby.
C.
Change the Active Security Management Server to Standby.
Answers
D.
Manually synchronize the Active and Standby Security Management Servers.
D.
Manually synchronize the Active and Standby Security Management Servers.
Answers
Suggested answer: A

Explanation:

The correct answer is A because renaming the hostname of the Standby member to match exactly the hostname of the Active member is not a recommended step to prevent data loss.The hostname of the Standby member should be different from the hostname of the Active member1.The other steps are necessary to ensure a smooth failover and synchronization between the Active and Standby Security Management Servers2.

Reference:Check Point R81.20 Administration Guide,156-315.81 Checkpoint Exam Info and Free Practice Test

Question 43

Report
Export
Collapse

Using R80 Smart Console, what does a ''pencil icon'' in a rule mean?

A.
I have changed this rule
A.
I have changed this rule
Answers
B.
Someone else has changed this rule
B.
Someone else has changed this rule
Answers
C.
This rule is managed by check point's SOC
C.
This rule is managed by check point's SOC
Answers
D.
This rule can't be changed as it's an implied rule
D.
This rule can't be changed as it's an implied rule
Answers
Suggested answer: A

Explanation:

The correct answer is A because a pencil icon in a rule means that you have changed this rule3. The pencil icon indicates that the rule has been modified but not published yet.You can hover over the pencil icon to see who made the change and when3. The other options are not related to the pencil icon.

Reference:Check Point Learning and Training Frequently Asked Questions (FAQs)

Question 44

Report
Export
Collapse

Which method below is NOT one of the ways to communicate using the Management API's?

A.
Typing API commands using the ''mgmt_cli'' command
A.
Typing API commands using the ''mgmt_cli'' command
Answers
B.
Typing API commands from a dialog box inside the SmartConsole GUI application
B.
Typing API commands from a dialog box inside the SmartConsole GUI application
Answers
C.
Typing API commands using Gaia's secure shell (clash)19+
C.
Typing API commands using Gaia's secure shell (clash)19+
Answers
D.
Sending API commands over an http connection using web-services
D.
Sending API commands over an http connection using web-services
Answers
Suggested answer: D

Explanation:

The correct answer is D because sending API commands over an http connection using web-services is not one of the ways to communicate using the Management API's3.The Management API's support HTTPS protocol only, not HTTP3.The other methods are valid ways to communicate using the Management API's3.

Reference:Check Point Learning and Training Frequently Asked Questions (FAQs)

Question 45

Report
Export
Collapse

Session unique identifiers are passed to the web api using which http header option?

A.
X-chkp-sid
A.
X-chkp-sid
Answers
B.
Accept-Charset
B.
Accept-Charset
Answers
C.
Proxy-Authorization
C.
Proxy-Authorization
Answers
D.
Application
D.
Application
Answers
Suggested answer: A

Explanation:

The correct answer is A because session unique identifiers are passed to the web api using the X-chkp-sid http header option1.The X-chkp-sid header is used to authenticate and authorize API calls1. The other options are not related to session unique identifiers.

Reference:Check Point R81 Security Management Administration Guide

Question 46

Report
Export
Collapse

What is the main difference between Threat Extraction and Threat Emulation?

A.
Threat Emulation never delivers a file and takes more than 3 minutes to complete
A.
Threat Emulation never delivers a file and takes more than 3 minutes to complete
Answers
B.
Threat Extraction always delivers a file and takes less than a second to complete
B.
Threat Extraction always delivers a file and takes less than a second to complete
Answers
C.
Threat Emulation never delivers a file that takes less than a second to complete
C.
Threat Emulation never delivers a file that takes less than a second to complete
Answers
D.
Threat Extraction never delivers a file and takes more than 3 minutes to complete
D.
Threat Extraction never delivers a file and takes more than 3 minutes to complete
Answers
Suggested answer: B

Explanation:

The correct answer is B because Threat Extraction always delivers a file and takes less than a second to complete2.Threat Extraction removes exploitable content from files and delivers a clean and safe file to the user2.Threat Emulation analyzes files in a sandbox environment and delivers a verdict of malicious or benign2.Threat Emulation can take more than 3 minutes to complete depending on the file size and complexity2.

Reference:Check Point R81 Threat Prevention Administration Guide

Question 47

Report
Export
Collapse

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

A.
Detects and blocks malware by correlating multiple detection engines before users are affected.
A.
Detects and blocks malware by correlating multiple detection engines before users are affected.
Answers
B.
Configure rules to limit the available network bandwidth for specified users or groups.
B.
Configure rules to limit the available network bandwidth for specified users or groups.
Answers
C.
Use UserCheck to help users understand that certain websites are against the company's security policy.
C.
Use UserCheck to help users understand that certain websites are against the company's security policy.
Answers
D.
Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
D.
Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Answers
Suggested answer: A

Explanation:

The correct answer is A because detecting and blocking malware by correlating multiple detection engines before users are affected is not a feature of the Check Point URL Filtering and Application Control Blade3.This feature is part of the Check Point Anti-Virus and Anti-Bot Blades3.The other options are features of the Check Point URL Filtering and Application Control Blade3.

Reference:Check Point R81 URL Filtering and Application Control Administration Guide

Question 48

Report
Export
Collapse

You want to store the GAiA configuration in a file for later reference. What command should you use?

A.
write mem <filename>
A.
write mem <filename>
Answers
B.
show config -f <filename>
B.
show config -f <filename>
Answers
C.
save config -o <filename>
C.
save config -o <filename>
Answers
D.
save configuration <filename>
D.
save configuration <filename>
Answers
Suggested answer: D

Explanation:

The correct answer is D because the commandsave configuration <filename>stores the Gaia configuration in a file for later reference1.The other commands are not valid in Gaia Clish1.

Reference:Gaia R81.10 Administration Guide

Question 49

Report
Export
Collapse

Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enable which path is handling the traffic?

A.
Slow Path
A.
Slow Path
Answers
B.
Medium Path
B.
Medium Path
Answers
C.
Fast Path
C.
Fast Path
Answers
D.
Accelerated Path
D.
Accelerated Path
Answers
Suggested answer: A

Explanation:

The correct answer is A because the traffic from source 192.168.1.1 to www.google.com is handled by the Slow Path if the Application Control Blade on the gateway is inspecting the traffic2.The Slow Path is used when traffic requires inspection by one or more Software Blades2.The other paths are used for different scenarios2.

Reference:Check Point R81 Performance Tuning Administration Guide

Question 50

Report
Export
Collapse

From SecureXL perspective, what are the tree paths of traffic flow:

A.
Initial Path; Medium Path; Accelerated Path
A.
Initial Path; Medium Path; Accelerated Path
Answers
B.
Layer Path; Blade Path; Rule Path
B.
Layer Path; Blade Path; Rule Path
Answers
C.
Firewall Path; Accept Path; Drop Path
C.
Firewall Path; Accept Path; Drop Path
Answers
D.
Firewall Path; Accelerated Path; Medium Path
D.
Firewall Path; Accelerated Path; Medium Path
Answers
Suggested answer: D

Explanation:

The correct answer is D because from SecureXL perspective, the three paths of traffic flow are Firewall Path, Accelerated Path, and Medium Path3.The Firewall Path is used when SecureXL is disabled or traffic is not eligible for acceleration3.The Accelerated Path is used when SecureXL handles the entire connection and bypasses the Firewall kernel3.The Medium Path is used when SecureXL handles part of the connection and forwards packets to the Firewall kernel for further inspection3.The other options are not valid paths of traffic flow from SecureXL perspective3.

Reference:Check Point R81 Performance Tuning Administration Guide

Total 401 questions
Go to page: of 41
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms