ExamGecko
Search Search Login
Home Home / Checkpoint / 156-315.81

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 19

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
By default, the R81 web API uses which content-type in its response?
What are the steps to configure the HTTPS Inspection Policy?
By default, which port does the WebUI listen on?
When simulating a problem on ClusterXL cluster with cphaprob --d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
Which command would disable a Cluster Member permanently?
You find one of your cluster gateways showing ''Down'' when you run the ''cphaprob stat'' command. You then run the ''clusterXL_admin up'' on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

Question 181

Report
Export
Collapse

With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:

A.
HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.
A.
HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.
Answers
B.
HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.
B.
HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.
Answers
C.
HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.
C.
HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.
Answers
D.
HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
D.
HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
Answers
Suggested answer: A

Explanation:

Mobile Access encrypts all traffic using HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender, which is a lightweight VPN client that creates a secure SSL tunnel to the Mobile Access gateway. The SSL Network Extender supports various types of native applications, such as email clients, file sharing, and remote desktop.

Reference:Mobile Access Administration Guide,SSL Network Extender

Question 182

Report
Export
Collapse

What is the benefit of ''tw monitor'' over ''tcpdump''?

A.
''fw monitor'' reveals Layer 2 information, while ''tcpdump'' acts at Layer 3.
A.
''fw monitor'' reveals Layer 2 information, while ''tcpdump'' acts at Layer 3.
Answers
B.
''fw monitor'' is also available for 64-Bit operating systems.
B.
''fw monitor'' is also available for 64-Bit operating systems.
Answers
C.
With ''fw monitor'', you can see the inspection points, which cannot be seen in ''tcpdump''
C.
With ''fw monitor'', you can see the inspection points, which cannot be seen in ''tcpdump''
Answers
D.
''fw monitor'' can be used from the CLI of the Management Server to collect information from multiple gateways.
D.
''fw monitor'' can be used from the CLI of the Management Server to collect information from multiple gateways.
Answers
Suggested answer: C

Explanation:

The benefit of fw monitor over tcpdump is that with fw monitor, you can see the inspection points, which cannot be seen in tcpdump. Inspection points are the locations in the firewall kernel where packets are inspected by the security policy and other software blades. Fw monitor allows you to capture packets at different inspection points and see how they are processed by the firewall. Tcpdump, on the other hand, is a generic packet capture tool that only shows the packets as they enter or leave the network interface.

Reference:Check Point Security Expert R81 Course,fw monitor, tcpdump

Question 183

Report
Export
Collapse

Which of the following describes how Threat Extraction functions?

A.
Detect threats and provides a detailed report of discovered threats.
A.
Detect threats and provides a detailed report of discovered threats.
Answers
B.
Proactively detects threats.
B.
Proactively detects threats.
Answers
C.
Delivers file with original content.
C.
Delivers file with original content.
Answers
D.
Delivers PDF versions of original files with active content removed.
D.
Delivers PDF versions of original files with active content removed.
Answers
Suggested answer: D

Explanation:

Threat Extraction is a software blade that delivers PDF versions of original files with active content removed. Active content, such as macros, scripts, or embedded objects, can be used by attackers to deliver malware or exploit vulnerabilities. Threat Extraction removes or sanitizes the active content from the files and converts them to PDF format, which is safer and more compatible. Threat Extraction can also work together with Threat Emulation to provide both clean and original files to the users.

Reference:Check Point Security Expert R81 Course, Threat Extraction Administration Guide

Question 184

Report
Export
Collapse

Security Checkup Summary can be easily conducted within:

A.
Summary
A.
Summary
Answers
B.
Views
B.
Views
Answers
C.
Reports
C.
Reports
Answers
D.
Checkups
D.
Checkups
Answers
Suggested answer: B

Explanation:

Security Checkup Summary can be easily conducted within Views. Views is a feature in SmartConsole that allows you to create customized dashboards and reports based on various security data sources, such as logs, events, audit trails, and more. You can use Views to perform a Security Checkup Summary, which is a comprehensive analysis of your network security posture and potential risks. You can use predefined templates or create your own views to generate the summary.

Reference:Check Point Security Expert R81 Course, Views Administration Guide

Question 185

Report
Export
Collapse

What command can you use to have cpinfo display all installed hotfixes?

A.
cpinfo -hf
A.
cpinfo -hf
Answers
B.
cpinfo --y all
B.
cpinfo --y all
Answers
C.
cpinfo --get hf
C.
cpinfo --get hf
Answers
D.
cpinfo installed_jumbo
D.
cpinfo installed_jumbo
Answers
Suggested answer: B

Explanation:

The command cpinfo -y all can be used to have cpinfo display all installed hotfixes. Cpinfo is a tool that collects diagnostic data from a Check Point gateway or management server. The data includes configuration files, logs, status reports, and more. The -y parameter is used to specify which sections of data to include in the cpinfo output. The value all means to include all sections, including the hotfixes section, which shows the list of hotfixes installed on the system.

Reference:Check Point Security Expert R81 Course, cpinfo Utility

Question 186

Report
Export
Collapse

What is the port used for SmartConsole to connect to the Security Management Server?

A.
CPMI port 18191/TCP
A.
CPMI port 18191/TCP
Answers
B.
CPM port/TCP port 19009
B.
CPM port/TCP port 19009
Answers
C.
SIC port 18191/TCP
C.
SIC port 18191/TCP
Answers
D.
https port 4434/TCP
D.
https port 4434/TCP
Answers
Suggested answer: A

Explanation:

The port used for SmartConsole to connect to the Security Management Server is CPMI port 18191/TCP. CPMI stands for Check Point Management Interface, which is a proprietary protocol that enables secure communication between the SmartConsole and the Security Management Server. CPMI uses SSL encryption and authentication to protect the data exchange.

Reference:Check Point Security Expert R81 Course,SK52421 - Ports used by Check Point software

Question 187

Report
Export
Collapse

What is considered Hybrid Emulation Mode?

A.
Manual configuration of file types on emulation location.
A.
Manual configuration of file types on emulation location.
Answers
B.
Load sharing of emulation between an on premise appliance and the cloud.
B.
Load sharing of emulation between an on premise appliance and the cloud.
Answers
C.
Load sharing between OS behavior and CPU Level emulation.
C.
Load sharing between OS behavior and CPU Level emulation.
Answers
D.
High availability between the local SandBlast appliance and the cloud.
D.
High availability between the local SandBlast appliance and the cloud.
Answers
Suggested answer: B

Explanation:

Hybrid Emulation Mode is a mode of operation that allows load sharing of emulation between an on premise appliance and the cloud. Emulation is a process that analyzes files for malicious behavior by running them in a virtual sandbox. Hybrid Emulation Mode enables you to optimize the performance and scalability of your Threat Emulation solution by distributing the emulation workload between your local SandBlast appliance and the Check Point cloud service.

Reference:Check Point Security Expert R81 Course,Threat Emulation Administration Guide

Question 188

Report
Export
Collapse

When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?

A.
IP
A.
IP
Answers
B.
SIC
B.
SIC
Answers
C.
NAT
C.
NAT
Answers
D.
FQDN
D.
FQDN
Answers
Suggested answer: C

Explanation:

NAT (Network Address Translation) is one item that will not be configured on the R81 Security Management Server when setting up an externally managed log server. NAT is a technique that allows devices with private IP addresses to communicate with devices with public IP addresses by translating the private addresses to public ones. NAT is not relevant for configuring an externally managed log server, which requires only the IP address, SIC (Secure Internal Communication), and FQDN (Fully Qualified Domain Name) of the log server.

Reference:Check Point Security Expert R81 Course,Logging and Monitoring Administration Guide

Question 189

Report
Export
Collapse

Customer's R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?

A.
Export R81 configuration, clean install R81.20 and import the configuration
A.
Export R81 configuration, clean install R81.20 and import the configuration
Answers
B.
CPUSE offline upgrade
B.
CPUSE offline upgrade
Answers
C.
CPUSE online upgrade
C.
CPUSE online upgrade
Answers
D.
SmartUpdate upgrade
D.
SmartUpdate upgrade
Answers
Suggested answer: C

Explanation:

CPUSE offline upgrade is the best upgrade method when the management server is not connected to the Internet. CPUSE (Check Point Upgrade Service Engine) is a tool that automates the process of upgrading and installing software packages on Check Point devices. CPUSE can work in online mode or offline mode. Online mode requires an Internet connection to download the packages from Check Point servers. Offline mode allows you to download the packages manually from another device and transfer them to the management server using a USB drive or SCP.

Reference:Check Point Security Expert R81 Course, CPUSE Administration Guide

Question 190

Report
Export
Collapse

When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?

A.
Any size
A.
Any size
Answers
B.
Less than 20GB
B.
Less than 20GB
Answers
C.
More than 10GB and less than 20GB
C.
More than 10GB and less than 20GB
Answers
D.
At least 20GB
D.
At least 20GB
Answers
Suggested answer: D

Explanation:

At least 20GB is the recommended size of the root partition when installing a dedicated R81 SmartEvent server. The root partition is the primary partition that contains the operating system files and other essential files for booting and running the system. The SmartEvent server requires at least 20GB of free space on the root partition to install and operate properly. If the root partition size is less than 20GB, you may encounter errors or performance issues with SmartEvent.

Reference:Check Point Security Expert R81 Course, SmartEvent Administration Guide

Total 626 questions
Go to page: of 63
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms