ExamGecko
Search Search Login
Home Home / Checkpoint / 156-315.81

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 39

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
By default, the R81 web API uses which content-type in its response?
By default, which port does the WebUI listen on?
What are the steps to configure the HTTPS Inspection Policy?
When simulating a problem on ClusterXL cluster with cphaprob --d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
Which command would disable a Cluster Member permanently?
You find one of your cluster gateways showing ''Down'' when you run the ''cphaprob stat'' command. You then run the ''clusterXL_admin up'' on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

Question 381

Report
Export
Collapse

The Check Point history feature in R81 provides the following:

A.
View install changes and install specific version
A.
View install changes and install specific version
Answers
B.
View install changes
B.
View install changes
Answers
C.
Policy Installation Date, view install changes and install specific version
C.
Policy Installation Date, view install changes and install specific version
Answers
D.
Policy Installation Date only
D.
Policy Installation Date only
Answers
Suggested answer: A

Explanation:

The Check Point history feature in R81 provides the following functions:

View install changes: This function allows you to view the changes that were made in each policy installation, such as added, modified, or deleted rules, objects, settings, etc. You can also compare the changes between different policy installations and filter them by various criteria.

Install specific version: This function allows you to install a specific version of the policy from the history, which can be useful for reverting to a previous policy or testing different policies. You can also view the changes that will be applied by installing a specific version before installing it.

Reference:R81 Security Management Administration Guide, page 85.

Question 382

Report
Export
Collapse

You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

What does this mean?

A.
This rule No. 6 has been marked for deletion in your Management session.
A.
This rule No. 6 has been marked for deletion in your Management session.
Answers
B.
This rule No. 6 has been marked for deletion in another Management session.
B.
This rule No. 6 has been marked for deletion in another Management session.
Answers
C.
This rule No. 6 has been marked for editing in your Management session.
C.
This rule No. 6 has been marked for editing in your Management session.
Answers
D.
This rule No. 6 has been marked for editing in another Management session.
D.
This rule No. 6 has been marked for editing in another Management session.
Answers
Suggested answer: C

Explanation:

You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

This means that rule No.6 has been marked for editing in your Management session. In R81, every administrator works in a session that is independent of other administrators. Changes made by one administrator are not visible to others until they are published. When you edit a rule, it is marked with a pencil icon to indicate that it has been modified in your session. You can also lock a rule to prevent other administrators from editing it until you unlock it or publish your session.

Reference:R81 Security Management Administration Guide, page 43.

Question 383

Report
Export
Collapse

SandBlast agent extends 0-day prevention to what part of the network?

A.
Web Browsers and user devices
A.
Web Browsers and user devices
Answers
B.
DMZ server
B.
DMZ server
Answers
C.
Cloud
C.
Cloud
Answers
D.
Email servers
D.
Email servers
Answers
Suggested answer: A

Explanation:

SandBlast Agent is a comprehensive endpoint security solution that extends 0-day prevention to web browsers and user devices. It protects against advanced threats such as ransomware, phishing, and zero-day attacks by using a combination of static, dynamic, and behavioral analysis.

Reference: [SandBlast Agent Datasheet]

Question 384

Report
Export
Collapse

What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?

A.
Use Multi-Domain Management Server.
A.
Use Multi-Domain Management Server.
Answers
B.
Choose different setting for log storage and SmartEvent db
B.
Choose different setting for log storage and SmartEvent db
Answers
C.
Install Management and SmartEvent on different machines.
C.
Install Management and SmartEvent on different machines.
Answers
D.
it is not possible.
D.
it is not possible.
Answers
Suggested answer: C

Explanation:

The recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days is to install Management and SmartEvent on different machines. This is because SmartLog and SmartEvent use different databases and storage methods, and having them on separate machines allows for better performance and scalability.

Reference: [SmartLog Administration Guide]

Question 385

Report
Export
Collapse

The log server sends what to the Correlation Unit?

A.
Authentication requests
A.
Authentication requests
Answers
B.
CPMI dbsync
B.
CPMI dbsync
Answers
C.
Logs
C.
Logs
Answers
D.
Event Policy
D.
Event Policy
Answers
Suggested answer: C

Explanation:

The log server sends logs to the Correlation Unit. The Correlation Unit analyzes the logs and generates events based on the event policy. The events are then sent to the SmartEvent Server, which displays them in the SmartEvent GUI.

Reference: [SmartEvent Administration Guide]

Question 386

Report
Export
Collapse

SmartEvent uses it's event policy to identify events. How can this be customized?

A.
By modifying the firewall rulebase
A.
By modifying the firewall rulebase
Answers
B.
By creating event candidates
B.
By creating event candidates
Answers
C.
By matching logs against exclusions
C.
By matching logs against exclusions
Answers
D.
By matching logs against event rules
D.
By matching logs against event rules
Answers
Suggested answer: D

Explanation:

SmartEvent uses its event policy to identify events. The event policy can be customized by matching logs against event rules. Event rules define the conditions and actions for generating events. You can create, edit, delete, enable, or disable event rules in the SmartEvent Policy tab of the SmartConsole.

Reference: [SmartEvent Administration Guide]

Question 387

Report
Export
Collapse

When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?

A.
Toni? AND 10.0.4.210 NOT 10.0.4.76
A.
Toni? AND 10.0.4.210 NOT 10.0.4.76
Answers
B.
To** AND 10.0.4.210 NOT 10.0.4.76
B.
To** AND 10.0.4.210 NOT 10.0.4.76
Answers
C.
Ton* AND 10.0.4.210 NOT 10.0.4.75
C.
Ton* AND 10.0.4.210 NOT 10.0.4.75
Answers
D.
'Toni' AND 10.0.4.210 NOT 10.0.4.76
D.
'Toni' AND 10.0.4.210 NOT 10.0.4.76
Answers
Suggested answer: D

Explanation:

When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, you would use the following query syntax:

''Toni'' AND 10.0.4.210 NOT 10.0.4.76

This query will match logs that contain the exact phrase ''Toni'' and the IP address 10.0.4.210, but not the IP address 10.0.4.76. The quotation marks around ''Toni'' ensure that only logs with that exact word are matched, not variations like Toni? or To**. The AND operator combines two conditions that must both be true, while the NOT operator excludes logs that match a certain condition.

Reference: [SmartLog User Guide]

Question 388

Report
Export
Collapse

Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:

A.
cpexport
A.
cpexport
Answers
B.
sysinfo
B.
sysinfo
Answers
C.
cpsizeme
C.
cpsizeme
Answers
D.
cpinfo
D.
cpinfo
Answers
Suggested answer: D

Explanation:

Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called cpinfo. Cpinfo is a utility that collects diagnostic data on a Check Point gateway, management server, or log server. It generates a file that contains information such as product version, license details, OS details, network configuration, installed hotfixes, status of Check Point processes, firewall tables, etc. This file can be used by Check Point Support to troubleshoot issues or analyze performance.

Reference: [Cpinfo Utility]

Question 389

Report
Export
Collapse

How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?

A.
By dropping traffic from websites identified through ThreatCloud Verification and URL Caching
A.
By dropping traffic from websites identified through ThreatCloud Verification and URL Caching
Answers
B.
By dropping traffic that is not proven to be from clean websites in the URL Filtering blade
B.
By dropping traffic that is not proven to be from clean websites in the URL Filtering blade
Answers
C.
By allowing traffic from websites that are known to run Antivirus Software on servers regularly
C.
By allowing traffic from websites that are known to run Antivirus Software on servers regularly
Answers
D.
By matching logs against ThreatCloud information about the reputation of the website
D.
By matching logs against ThreatCloud information about the reputation of the website
Answers
Suggested answer: D

Explanation:

The Anti-Virus feature of the Threat Prevention policy blocks traffic from infected websites by matching logs against ThreatCloud information about the reputation of the website. ThreatCloud is a collaborative network that collects and analyzes threat data from millions of sources worldwide. It assigns a reputation score to each website based on its malicious activity and behavior. If a website has a low reputation score, it is considered infected and blocked by the Anti-Virus blade.

Reference:Training & Certification | Check Point Software, CCSE section

Question 390

Report
Export
Collapse

What level of CPU load on a Secure Network Distributor would indicate that another may be necessary?

A.
Idle <20%
A.
Idle <20%
Answers
B.
USR <20%
B.
USR <20%
Answers
C.
SYS <20%
C.
SYS <20%
Answers
D.
Wait <20%
D.
Wait <20%
Answers
Suggested answer: A

Explanation:

The CPU load on a Secure Network Distributor (SND) indicates how much processing power is available for distributing traffic among cluster members. If the CPU load is high, it means that the SND is overloaded and cannot handle more traffic efficiently. A good indicator of SND overload is when the Idle CPU percentage is less than 20%. In this case, you may need to add another SND to balance the load or optimize your cluster configuration.

Reference:Getting Started - Check Point Software, section ''Monitoring ClusterXL Status''

Total 626 questions
Go to page: of 63
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms