ExamGecko
Search Search Login
Home Home / Checkpoint / 156-315.81

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 20

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
By default, the R81 web API uses which content-type in its response?
By default, which port does the WebUI listen on?
What are the steps to configure the HTTPS Inspection Policy?
When simulating a problem on ClusterXL cluster with cphaprob --d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
Which command would disable a Cluster Member permanently?
You find one of your cluster gateways showing ''Down'' when you run the ''cphaprob stat'' command. You then run the ''clusterXL_admin up'' on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

Question 191

Report
Export
Collapse

As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name 'cover-company-logo.png' and then copy that image file to which directory on the SmartEvent server?

A.
SFWDIR/smartevent/conf
A.
SFWDIR/smartevent/conf
Answers
B.
$RTDIR/smartevent/conf
B.
$RTDIR/smartevent/conf
Answers
C.
$RTDIR/smartview/conf
C.
$RTDIR/smartview/conf
Answers
D.
$FWDIR/smartview/conf
D.
$FWDIR/smartview/conf
Answers
Suggested answer: C

Explanation:

To add the company logo to reports, you would save the logo as a PNG file with the name 'cover-company-logo.png' and then copy that image file to the $RTDIR/smartview/conf directory on the SmartEvent server. The $RTDIR is an environment variable that points to the runtime directory of the SmartEvent server, which is usually /opt/CPrt-R81. The smartview/conf directory contains the configuration files for SmartView, which is a web-based interface for viewing reports and dashboards generated by SmartEvent.

Reference:SmartEvent Administration Guide,SK120193 - How to add a company logo to SmartView reports

Question 192

Report
Export
Collapse

Which one of the following is true about Threat Extraction?

A.
Always delivers a file to user
A.
Always delivers a file to user
Answers
B.
Works on all MS Office, Executables, and PDF files
B.
Works on all MS Office, Executables, and PDF files
Answers
C.
Can take up to 3 minutes to complete
C.
Can take up to 3 minutes to complete
Answers
D.
Delivers file only if no threats found
D.
Delivers file only if no threats found
Answers
Suggested answer: A

Explanation:

Threat Extraction is a software blade that always delivers a file to user. Threat Extraction removes or sanitizes the active content from the files and converts them to PDF format, which is safer and more compatible. Threat Extraction can also work together with Threat Emulation to provide both clean and original files to the users. Threat Extraction works on MS Office, PDF, and archive files, but not on executables. Threat Extraction can take up to 3 minutes to complete, depending on the file size and complexity.

Reference:Check Point Security Expert R81 Course,Threat Extraction Administration Guide

Question 193

Report
Export
Collapse

Which one of the following is true about Threat Emulation?

A.
Takes less than a second to complete
A.
Takes less than a second to complete
Answers
B.
Works on MS Office and PDF files only
B.
Works on MS Office and PDF files only
Answers
C.
Always delivers a file
C.
Always delivers a file
Answers
D.
Takes minutes to complete (less than 3 minutes)
D.
Takes minutes to complete (less than 3 minutes)
Answers
Suggested answer: D

Explanation:

Threat Emulation is a software blade that takes minutes to complete (less than 3 minutes). Threat Emulation analyzes files for malicious behavior by running them in a virtual sandbox. Threat Emulation works on MS Office, PDF, executables, and archive files. Threat Emulation does not always deliver a file, but only if no threats are found or if the user chooses to download the original file after seeing a warning message.

Reference:Check Point Security Expert R81 Course, Threat Emulation Administration Guide

Question 194

Report
Export
Collapse

Both ClusterXL and VRRP are fully supported by Gaia R81.20 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?

A.
cphaprob stat
A.
cphaprob stat
Answers
B.
cphaprob --a if
B.
cphaprob --a if
Answers
C.
cphaprob --l list
C.
cphaprob --l list
Answers
D.
cphaprob all show stat
D.
cphaprob all show stat
Answers
Suggested answer: D

Explanation:

The command cphaprob all show stat is not related to redundancy and functions. This command does not exist in ClusterXL or VRRP. The other commands are valid commands for checking the status of cluster members, interfaces, and synchronization. ClusterXL and VRRP are both high availability solutions that provide redundancy and load balancing for Check Point gateways.

Reference:Check Point Security Expert R81 Course, ClusterXL Administration Guide, VRRP Administration Guide

Question 195

Report
Export
Collapse

What is the purpose of a SmartEvent Correlation Unit?

A.
The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.
A.
The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.
Answers
B.
The SmartEvent Correlation Unit's task it to assign severity levels to the identified events.
B.
The SmartEvent Correlation Unit's task it to assign severity levels to the identified events.
Answers
C.
The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.
C.
The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.
Answers
D.
The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.
D.
The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.
Answers
Suggested answer: C

Explanation:

The purpose of a SmartEvent Correlation Unit is to evaluate logs from the log server component to identify patterns/threats and convert them to events. The SmartEvent Correlation Unit is a software module that runs on the SmartEvent server or on a dedicated server. It applies correlation rules and logic to the logs received from various sources, such as security gateways, endpoints, or third-party devices. It then generates events that represent security incidents or trends that require attention or action.

Reference:Check Point Security Expert R81 Course,SmartEvent Administration Guide

Question 196

Report
Export
Collapse

What are the main stages of a policy installations?

A.
Verification & Compilation, Transfer and Commit
A.
Verification & Compilation, Transfer and Commit
Answers
B.
Verification & Compilation, Transfer and Installation
B.
Verification & Compilation, Transfer and Installation
Answers
C.
Verification, Commit, Installation
C.
Verification, Commit, Installation
Answers
D.
Verification, Compilation & Transfer, Installation
D.
Verification, Compilation & Transfer, Installation
Answers
Suggested answer: A

Explanation:

The main stages of a policy installation are Verification & Compilation, Transfer and Commit. Verification & Compilation is the stage where the Security Management Server checks the validity and consistency of the policy and compiles it into a binary format. Transfer is the stage where the compiled policy is sent to the Security Gateways over a secure channel. Commit is the stage where the Security Gateways activate the new policy and update their connections table accordingly.

Reference:Check Point Security Expert R81 Course,Policy Installation Process

Question 197

Report
Export
Collapse

What is a best practice before starting to troubleshoot using the ''fw monitor'' tool?

A.
Run the command: fw monitor debug on
A.
Run the command: fw monitor debug on
Answers
B.
Clear the connections table
B.
Clear the connections table
Answers
C.
Disable CoreXL
C.
Disable CoreXL
Answers
D.
Disable SecureXL
D.
Disable SecureXL
Answers
Suggested answer: D

Explanation:

A best practice before starting to troubleshoot using the fw monitor tool is to disable SecureXL. SecureXL is a performance acceleration solution that optimizes the packet flow through the Security Gateway. However, SecureXL can also bypass some inspection points and cause some packets to be invisible to fw monitor. Therefore, disabling SecureXL can ensure that fw monitor captures all the relevant packets for troubleshooting purposes.

Reference:Check Point Security Expert R81 Course,fw monitor,SecureXL

Question 198

Report
Export
Collapse

SmartEvent does NOT use which of the following procedures to identify events:

A.
Matching a log against each event definition
A.
Matching a log against each event definition
Answers
B.
Create an event candidate
B.
Create an event candidate
Answers
C.
Matching a log against local exclusions
C.
Matching a log against local exclusions
Answers
D.
Matching a log against global exclusions
D.
Matching a log against global exclusions
Answers
Suggested answer: C

Explanation:

SmartEvent does not use matching a log against local exclusions to identify events. Local exclusions are filters that are applied to logs before they are sent to the SmartEvent server. They are used to reduce the amount of logs that are forwarded by the Security Gateways or Log Servers, and to avoid sending irrelevant or sensitive logs. Local exclusions do not affect the event detection process, which is performed by the SmartEvent Correlation Unit on the SmartEvent server.

Reference:Check Point Security Expert R81 Course, SmartEvent Administration Guide, SK120193 - How to configure Local Log Filtering on Security Gateway / Cluster / VSX

Question 199

Report
Export
Collapse

What is the most recommended way to install patches and hotfixes?

A.
CPUSE Check Point Update Service Engine
A.
CPUSE Check Point Update Service Engine
Answers
B.
rpm -Uv
B.
rpm -Uv
Answers
C.
Software Update Service
C.
Software Update Service
Answers
D.
UnixinstallScript
D.
UnixinstallScript
Answers
Suggested answer: A

Explanation:

The most recommended way to install patches and hotfixes is CPUSE (Check Point Update Service Engine). CPUSE is a tool that automates the process of upgrading and installing software packages on Check Point devices. CPUSE can work in online mode or offline mode. Online mode requires an Internet connection to download the packages from Check Point servers. Offline mode allows you to download the packages manually from another device and transfer them to the target device using a USB drive or SCP.

Reference:Check Point Security Expert R81 Course, CPUSE Administration Guide

Question 200

Report
Export
Collapse

Automation and Orchestration differ in that:

A.
Automation relates to codifying tasks, whereas orchestration relates to codifying processes.
A.
Automation relates to codifying tasks, whereas orchestration relates to codifying processes.
Answers
B.
Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.
B.
Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.
Answers
C.
Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.
C.
Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.
Answers
D.
Orchestration relates to codifying tasks, whereas automation relates to codifying processes.
D.
Orchestration relates to codifying tasks, whereas automation relates to codifying processes.
Answers
Suggested answer: A

Explanation:

Automation and Orchestration differ in that automation relates to codifying tasks, whereas orchestration relates to codifying processes. Automation is the process of converting manual tasks into executable scripts or programs that can be run by machines or software agents. Orchestration is the process of coordinating multiple automated tasks into a coherent workflow that achieves a desired outcome or goal. Orchestration can also involve integrating different systems, tools, and services through web service interactions such as XML and JSON.

Reference:Check Point Security Expert R81 Course, Automation & Orchestration Administration Guide

Total 626 questions
Go to page: of 63
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms