ExamGecko
Search Search Login
Home Home / Checkpoint / 156-315.81

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 12

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
By default, the R81 web API uses which content-type in its response?
What are the steps to configure the HTTPS Inspection Policy?
By default, which port does the WebUI listen on?
Which command would disable a Cluster Member permanently?
You find one of your cluster gateways showing ''Down'' when you run the ''cphaprob stat'' command. You then run the ''clusterXL_admin up'' on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
What is the limitation of employing Sticky Decision Function?

Question 111

Report
Export
Collapse

Which command shows actual allowed connections in state table?

A.
fw tab --t StateTable
A.
fw tab --t StateTable
Answers
B.
fw tab --t connections
B.
fw tab --t connections
Answers
C.
fw tab --t connection
C.
fw tab --t connection
Answers
D.
fw tab connections
D.
fw tab connections
Answers
Suggested answer: B

Explanation:

The correct command to show actual allowed connections in the state table is option B: fw tab --t connections. This command displays the contents of the 'connections' table, which contains information about the active connections being tracked by the firewall.

Option A (fw tab --t StateTable) is incorrect as there is no 'StateTable' table; it should be 'connections.'

Option C (fw tab --t connection) is also incorrect, as it should be 'connections.'

Option D (fw tab connections) is not the correct syntax for the command.

Question 112

Report
Export
Collapse

What SmartEvent component creates events?

A.
Consolidation Policy
A.
Consolidation Policy
Answers
B.
Correlation Unit
B.
Correlation Unit
Answers
C.
SmartEvent Policy
C.
SmartEvent Policy
Answers
D.
SmartEvent GUI
D.
SmartEvent GUI
Answers
Suggested answer: B

Explanation:

The SmartEvent component that creates events is the Correlation Unit, which is responsible for correlating and analyzing security events to identify patterns and potential threats.

Option A, 'Consolidation Policy,' does not create events but is used to configure policies for event consolidation.

Option C, 'SmartEvent Policy,' is not responsible for creating events but is used to configure policies related to SmartEvent.

Option D, 'SmartEvent GUI,' is the graphical user interface for managing SmartEvent but does not create events itself.

Question 113

Report
Export
Collapse

Which command collects diagnostic data for analyzing customer setup remotely?

A.
cpinfo
A.
cpinfo
Answers
B.
migrate export
B.
migrate export
Answers
C.
sysinfo
C.
sysinfo
Answers
D.
cpview
D.
cpview
Answers
Suggested answer: A

Explanation:

CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).

The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.

Question 114

Report
Export
Collapse

Which features are only supported with R81.20 Gateways but not R77.x?

A.
Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
A.
Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
Answers
B.
Limits the upload and download throughput for streaming media in the company to 1 Gbps.
B.
Limits the upload and download throughput for streaming media in the company to 1 Gbps.
Answers
C.
The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
C.
The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
Answers
D.
Time object to a rule to make the rule active only during specified times.
D.
Time object to a rule to make the rule active only during specified times.
Answers
Suggested answer: C

Explanation:

The features that are only supported with R81.20 Gateways and not with R77.x are described in option C:

'C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.'

This feature, known as Rule Base Layers, allows for greater flexibility and control in organizing and prioritizing security rules within the rule base.

Options A, B, and D do not specifically pertain to features introduced in R81.20 and are available in earlier versions as well.

Question 115

Report
Export
Collapse

Which CLI command will reset the IPS pattern matcher statistics?

A.
ips reset pmstat
A.
ips reset pmstat
Answers
B.
ips pstats reset
B.
ips pstats reset
Answers
C.
ips pmstats refresh
C.
ips pmstats refresh
Answers
D.
ips pmstats reset
D.
ips pmstats reset
Answers
Suggested answer: D

Explanation:

The CLI command to reset the IPS (Intrusion Prevention System) pattern matcher statistics is option D: ips pmstats reset. This command will reset the statistics related to the IPS pattern matcher.

Options A, B, and C are not the correct syntax for resetting the IPS pattern matcher statistics.

Question 116

Report
Export
Collapse

When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

A.
SecureID
A.
SecureID
Answers
B.
SecurID
B.
SecurID
Answers
C.
Complexity
C.
Complexity
Answers
D.
TacAcs
D.
TacAcs
Answers
Suggested answer: B

Explanation:

When requiring certificates for mobile devices, the authentication method should be set to one of the following:

Username and Password

RADIUS

SecurID (RSA SecurID)

So, the correct answer is option B, 'SecurID.'

Options A, C, and D are not standard authentication methods for mobile devices in this context.

Question 117

Report
Export
Collapse

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

A.
50%
A.
50%
Answers
B.
75%
B.
75%
Answers
C.
80%
C.
80%
Answers
D.
15%
D.
15%
Answers
Suggested answer: D

Explanation:

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to a certain threshold. In this case, the correct threshold is specified as option D: 15%.

So, when the available disk space reaches or falls below 15%, old log entries should be deleted to free up space.

Options A, B, and C do not represent the recommended threshold for deleting old log entries according to Check Point's best practices.

Topic 2, Exam Pool B

Question 118

Report
Export
Collapse

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

A.
Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
A.
Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
Answers
B.
Correlates all the identified threats with the consolidation policy.
B.
Correlates all the identified threats with the consolidation policy.
Answers
C.
Collects syslog data from third party devices and saves them to the database.
C.
Collects syslog data from third party devices and saves them to the database.
Answers
D.
Connects with the SmartEvent Client when generating threat reports.
D.
Connects with the SmartEvent Client when generating threat reports.
Answers
Suggested answer: A

Explanation:

The Correlation Unit in SmartEvent architecture has the function of analyzing each log entry as it arrives at the log server according to the Event Policy. When it identifies a threat pattern, it forwards an event to the SmartEvent Server. This is an essential function in threat detection and analysis, as it helps in identifying and alerting about security threats based on the configured policies.

Option A correctly describes the function of the Correlation Unit, making it the verified answer.

Question 119

Report
Export
Collapse

SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

A.
This statement is true because SecureXL does improve all traffic.
A.
This statement is true because SecureXL does improve all traffic.
Answers
B.
This statement is false because SecureXL does not improve this traffic but CoreXL does.
B.
This statement is false because SecureXL does not improve this traffic but CoreXL does.
Answers
C.
This statement is true because SecureXL does improve this traffic.
C.
This statement is true because SecureXL does improve this traffic.
Answers
D.
This statement is false because encrypted traffic cannot be inspected.
D.
This statement is false because encrypted traffic cannot be inspected.
Answers
Suggested answer: C

Explanation:

SecureXL is a performance-enhancing technology used in Check Point firewalls. It improves the throughput of both non-encrypted firewall traffic and encrypted VPN traffic. The statement in option C is true because SecureXL does improve both types of traffic by offloading processing to dedicated hardware acceleration, optimizing firewall and VPN operations.

Option C correctly states that SecureXL improves this traffic, making it the verified answer.

Question 120

Report
Export
Collapse

Which command gives us a perspective of the number of kernel tables?

A.
fw tab -t
A.
fw tab -t
Answers
B.
fw tab -s
B.
fw tab -s
Answers
C.
fw tab -n
C.
fw tab -n
Answers
D.
fw tab -k
D.
fw tab -k
Answers
Suggested answer: B

Explanation:

The command 'fw tab -s' is used to display information about the state of various kernel tables in a Check Point firewall. It provides a perspective on the number and status of these tables, which can be helpful for troubleshooting and monitoring firewall performance.

Option B correctly identifies the command that gives a perspective of the number of kernel tables, making it the verified answer.

Total 626 questions
Go to page: of 63
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms