ExamGecko
Login
Home / Checkpoint / 156-315.81 / List of questions
Ask Question

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 12

Add to Whishlist

List of questions

Question 111

Report Export Collapse

Which command shows actual allowed connections in state table?

fw tab --t StateTable
fw tab --t StateTable
fw tab --t connections
fw tab --t connections
fw tab --t connection
fw tab --t connection
fw tab connections
fw tab connections
Suggested answer: B
Explanation:

The correct command to show actual allowed connections in the state table is option B: fw tab --t connections. This command displays the contents of the 'connections' table, which contains information about the active connections being tracked by the firewall.

Option A (fw tab --t StateTable) is incorrect as there is no 'StateTable' table; it should be 'connections.'

Option C (fw tab --t connection) is also incorrect, as it should be 'connections.'

Option D (fw tab connections) is not the correct syntax for the command.

asked 16/09/2024
Rui Carrapico
36 questions

Question 112

Report Export Collapse

What SmartEvent component creates events?

Consolidation Policy
Consolidation Policy
Correlation Unit
Correlation Unit
SmartEvent Policy
SmartEvent Policy
SmartEvent GUI
SmartEvent GUI
Suggested answer: B
Explanation:

The SmartEvent component that creates events is the Correlation Unit, which is responsible for correlating and analyzing security events to identify patterns and potential threats.

Option A, 'Consolidation Policy,' does not create events but is used to configure policies for event consolidation.

Option C, 'SmartEvent Policy,' is not responsible for creating events but is used to configure policies related to SmartEvent.

Option D, 'SmartEvent GUI,' is the graphical user interface for managing SmartEvent but does not create events itself.

asked 16/09/2024
Vagner Nicodemo
35 questions

Question 113

Report Export Collapse

Which command collects diagnostic data for analyzing customer setup remotely?

cpinfo
cpinfo
migrate export
migrate export
sysinfo
sysinfo
cpview
cpview
Suggested answer: A
Explanation:

CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).

The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.

asked 16/09/2024
Joice Lira
34 questions

Question 114

Report Export Collapse

Which features are only supported with R81.20 Gateways but not R77.x?

Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
Limits the upload and download throughput for streaming media in the company to 1 Gbps.
Limits the upload and download throughput for streaming media in the company to 1 Gbps.
The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
Time object to a rule to make the rule active only during specified times.
Time object to a rule to make the rule active only during specified times.
Suggested answer: C
Explanation:

The features that are only supported with R81.20 Gateways and not with R77.x are described in option C:

'C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.'

This feature, known as Rule Base Layers, allows for greater flexibility and control in organizing and prioritizing security rules within the rule base.

Options A, B, and D do not specifically pertain to features introduced in R81.20 and are available in earlier versions as well.

asked 16/09/2024
Carlos Augusto Quintal
34 questions

Question 115

Report Export Collapse

Which CLI command will reset the IPS pattern matcher statistics?

ips reset pmstat
ips reset pmstat
ips pstats reset
ips pstats reset
ips pmstats refresh
ips pmstats refresh
ips pmstats reset
ips pmstats reset
Suggested answer: D
Explanation:

The CLI command to reset the IPS (Intrusion Prevention System) pattern matcher statistics is option D: ips pmstats reset. This command will reset the statistics related to the IPS pattern matcher.

Options A, B, and C are not the correct syntax for resetting the IPS pattern matcher statistics.

asked 16/09/2024
Gianmarco Salvaticchio
30 questions

Question 116

Report Export Collapse

When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

SecureID
SecureID
SecurID
SecurID
Complexity
Complexity
TacAcs
TacAcs
Suggested answer: B
Explanation:

When requiring certificates for mobile devices, the authentication method should be set to one of the following:

Username and Password

RADIUS

SecurID (RSA SecurID)

So, the correct answer is option B, 'SecurID.'

Options A, C, and D are not standard authentication methods for mobile devices in this context.

asked 16/09/2024
Patricia Vontitte
42 questions

Question 117

Report Export Collapse

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

50%
50%
75%
75%
80%
80%
15%
15%
Suggested answer: D
Explanation:

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to a certain threshold. In this case, the correct threshold is specified as option D: 15%.

So, when the available disk space reaches or falls below 15%, old log entries should be deleted to free up space.

Options A, B, and C do not represent the recommended threshold for deleting old log entries according to Check Point's best practices.

Topic 2, Exam Pool B

asked 16/09/2024
john ignacio echavarria lopez
38 questions

Question 118

Report Export Collapse

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
Correlates all the identified threats with the consolidation policy.
Correlates all the identified threats with the consolidation policy.
Collects syslog data from third party devices and saves them to the database.
Collects syslog data from third party devices and saves them to the database.
Connects with the SmartEvent Client when generating threat reports.
Connects with the SmartEvent Client when generating threat reports.
Suggested answer: A
Explanation:

The Correlation Unit in SmartEvent architecture has the function of analyzing each log entry as it arrives at the log server according to the Event Policy. When it identifies a threat pattern, it forwards an event to the SmartEvent Server. This is an essential function in threat detection and analysis, as it helps in identifying and alerting about security threats based on the configured policies.

Option A correctly describes the function of the Correlation Unit, making it the verified answer.

asked 16/09/2024
Richard Villanueva
39 questions

Question 119

Report Export Collapse

SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

This statement is true because SecureXL does improve all traffic.
This statement is true because SecureXL does improve all traffic.
This statement is false because SecureXL does not improve this traffic but CoreXL does.
This statement is false because SecureXL does not improve this traffic but CoreXL does.
This statement is true because SecureXL does improve this traffic.
This statement is true because SecureXL does improve this traffic.
This statement is false because encrypted traffic cannot be inspected.
This statement is false because encrypted traffic cannot be inspected.
Suggested answer: C
Explanation:

SecureXL is a performance-enhancing technology used in Check Point firewalls. It improves the throughput of both non-encrypted firewall traffic and encrypted VPN traffic. The statement in option C is true because SecureXL does improve both types of traffic by offloading processing to dedicated hardware acceleration, optimizing firewall and VPN operations.

Option C correctly states that SecureXL improves this traffic, making it the verified answer.

asked 16/09/2024
Elvis WANDJI NGASSA
45 questions

Question 120

Report Export Collapse

Which command gives us a perspective of the number of kernel tables?

fw tab -t
fw tab -t
fw tab -s
fw tab -s
fw tab -n
fw tab -n
fw tab -k
fw tab -k
Suggested answer: B
Explanation:

The command 'fw tab -s' is used to display information about the state of various kernel tables in a Check Point firewall. It provides a perspective on the number and status of these tables, which can be helpful for troubleshooting and monitoring firewall performance.

Option B correctly identifies the command that gives a perspective of the number of kernel tables, making it the verified answer.

asked 16/09/2024
Veacheslav Stasiuc
40 questions
Total 626 questions
Go to page: of 63
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory is true?
When simulating a problem on ClusterXL cluster with cphaprob --d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
What is the command used to activated Multi-Version Cluster mode?
Which TCP port does the CPM process listen on?
By default, the R81 web API uses which content-type in its response?
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
You have existing dbedit scripts from R77. Can you use them with R81.20?