ExamGecko
Search Search Login
Home Home / Checkpoint / 156-315.81

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 57

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
By default, the R81 web API uses which content-type in its response?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
What is the command used to activated Multi-Version Cluster mode?
Which TCP port does the CPM process listen on?
By default, which port does the WebUI listen on?
What are the steps to configure the HTTPS Inspection Policy?

Question 561

Report
Export
Collapse

What are the main stages of a policy installation?

A.
Initiation, Conversion and FWD REXEC
A.
Initiation, Conversion and FWD REXEC
Answers
B.
Verification, Commit, Installation
B.
Verification, Commit, Installation
Answers
C.
Initiation, Conversion and Save
C.
Initiation, Conversion and Save
Answers
D.
Verification Compilation, Transfer and Commit
D.
Verification Compilation, Transfer and Commit
Answers
Suggested answer: D

Explanation:

The main stages of a policy installation are Verification, Compilation, Transfer, and Commit. Verification is the stage where the policy is checked for syntax errors and conflicts. Compilation is the stage where the policy is translated into a binary format that can be executed by the Security Gateway. Transfer is the stage where the policy is sent from the Security Management Server to the Security Gateway.Commit is the stage where the policy is activated on the Security Gateway3.

Reference:Check Point R81 Security Management Guide

Question 562

Report
Export
Collapse

You pushed a policy to your gateway and you cannot access the gateway remotely any more. What command should you use to remove the policy from the gateway by logging in through console access?

A.
'fw cpstop'
A.
'fw cpstop'
Answers
B.
'fw unloadlocal'
B.
'fw unloadlocal'
Answers
C.
'fwundo'
C.
'fwundo'
Answers
D.
'fw unloadpolicy''
D.
'fw unloadpolicy''
Answers
Suggested answer: B

Explanation:

The command that should be used to remove the policy from the gateway by logging in through console access is ''fw unloadlocal''. This command will unload all security policies from a gateway or cluster member and allow all traffic to pass through it. This command can be useful for troubleshooting purposes or for emergency access to a gateway.

Reference: [Check Point R81 CLI Reference Guide]

Question 563

Report
Export
Collapse

How to can you make sure that the old logs will be available after updating the Management to version R81.20 using the Advanced Upgrade Method?

A.
Use the WebUI -> Maintenance > System Backup and store the backup on a remote FTP server
A.
Use the WebUI -> Maintenance > System Backup and store the backup on a remote FTP server
Answers
B.
The logs will be included running SFWDIR/scripts/migrate_server export -v R81.20
B.
The logs will be included running SFWDIR/scripts/migrate_server export -v R81.20
Answers
C.
Use the WebUI to save a snapshot before updating the Management -> Maintenance > Snapshot Management
C.
Use the WebUI to save a snapshot before updating the Management -> Maintenance > Snapshot Management
Answers
D.
Use the migrate_server tool with the option '-I' for the logs and '-x' for the index
D.
Use the migrate_server tool with the option '-I' for the logs and '-x' for the index
Answers
Suggested answer: B

Explanation:

The best way to make sure that the old logs will be available after updating the Management to version R81.20 using the Advanced Upgrade Method is to use the migrate_server tool with the option '-l' for the logs and '-x' for the index. This option will export both logs and index files from an existing Security Management Server or Multi-Domain Server to a specified directory or file. The exported data can then be imported to a new server using a similar command with '-i' option.

Reference: [Check Point R81 Installation and Upgrade Guide]

Question 564

Report
Export
Collapse

After some changes in the firewall policy you run into some issues. You want to test if the policy from two weeks ago have the same issue. You don't want to lose the changes from the last weeks. What is the best way to do it?

A.
Use the Gaia WebUI to take a backup of the Gateway. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific version' button
A.
Use the Gaia WebUI to take a backup of the Gateway. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific version' button
Answers
B.
Use the Gaia WebUI to take a snapshot of management. In the In SmartConsole under Manage & Settlings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...' Restore the management snapshot.
B.
Use the Gaia WebUI to take a snapshot of management. In the In SmartConsole under Manage & Settlings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...' Restore the management snapshot.
Answers
C.
In SmartConsole under Manage & Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...'.
C.
In SmartConsole under Manage & Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...'.
Answers
D.
In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific
D.
In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific
Answers
Suggested answer: D

Explanation:

The best way to test if the policy from two weeks ago have the same issue is to install the specific version of the policy from the installation history view of the gateway. This way, you can keep the changes from the last weeks in the management server and revert back to them later if needed. You do not need to take a backup or a snapshot of the gateway or the management server for this purpose.

Reference: [Check Point Security Expert R81 Administration Guide], page 34.

Question 565

Report
Export
Collapse

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

A.
Domain-based- VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.
A.
Domain-based- VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.
Answers
B.
Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.
B.
Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.
Answers
C.
Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.
C.
Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.
Answers
D.
Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.
D.
Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.
Answers
Suggested answer: C

Explanation:

The statement that is not true about site-to-site VPN domain-based is that a VPN domain is a service or user that can send or receive VPN traffic through a VPN gateway. A VPN domain is a host or network that can send or receive VPN traffic through a VPN gateway, not a service or user. A service or user can be part of a VPN community, which defines the encryption and authentication methods for the VPN traffic.

Reference: [Check Point Security Expert R81 Administration Guide], page 146.

Question 566

Report
Export
Collapse

What is the correct Syntax for adding an access-rule via R80 API?

A.
add access-rule layer 'Network' action 'Allow'
A.
add access-rule layer 'Network' action 'Allow'
Answers
B.
add access-rule layer 'Network' position 1 name 'Rule 1' service. 1 'SMTP' service.2 'hup'
B.
add access-rule layer 'Network' position 1 name 'Rule 1' service. 1 'SMTP' service.2 'hup'
Answers
C.
add access-rule <CR> and follow the wizard
C.
add access-rule <CR> and follow the wizard
Answers
D.
add rule position 1 name 'Rule 1' policy-package 'Standard' add service 'http'
D.
add rule position 1 name 'Rule 1' policy-package 'Standard' add service 'http'
Answers
Suggested answer: B

Explanation:

The correct syntax for adding an access-rule via R80 API is to use the add access-rule command with the layer, position, name, and service parameters. The layer parameter specifies the name of the access control policy layer where the rule will be added. The position parameter specifies the ordinal number in which to place the rule in the rulebase. The name parameter specifies the name of the rule. The service parameter specifies one or more services that match this rule.

Reference: [Check Point Security Expert R81 API Reference Guide], page 18.

Question 567

Report
Export
Collapse

Alice & Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS):

A.
set mdps split brain on
A.
set mdps split brain on
Answers
B.
set mdps split plane on
B.
set mdps split plane on
Answers
C.
set mdps mgmt plane on
C.
set mdps mgmt plane on
Answers
D.
set mdps data plane off
D.
set mdps data plane off
Answers
Suggested answer: C

Explanation:

The correct command for enabling the management data plane separation (MDPS) is set mdps mgmt plane on. This command enables routing separation between management and data planes on a security gateway. This means that management traffic will use a different routing table than data traffic, which can improve security and performance.

Reference: [Check Point Security Expert R81 Administration Guide], page 76.

Question 568

Report
Export
Collapse

You have used the 'set inactivity-timeout 120' command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?

A.
The idle timeout for the web session is specified with the 'set web session-timeout' command.
A.
The idle timeout for the web session is specified with the 'set web session-timeout' command.
Answers
B.
The number specified is the amount of the idle timeout in seconds rather than in minutes. So you have to use the command 'set inactivity-timeout 600' instead.
B.
The number specified is the amount of the idle timeout in seconds rather than in minutes. So you have to use the command 'set inactivity-timeout 600' instead.
Answers
C.
Probably, you have forgotten to make sure that nobody is accessing the management server via the SmartConsole which locks the management database.
C.
Probably, you have forgotten to make sure that nobody is accessing the management server via the SmartConsole which locks the management database.
Answers
D.
The number of minutes is correct. Probably, you have forgotten to save this setting with the 'save config' command.
D.
The number of minutes is correct. Probably, you have forgotten to save this setting with the 'save config' command.
Answers
Suggested answer: A

Explanation:

The reason why the web session is being disconnected after 10 minutes is that the idle timeout for the web session is specified with the ''set web session-timeout'' command, not the ''set inactivity-timeout'' command. The ''set inactivity-timeout'' command only affects the CLI session, not the web session. To prevent the web session from being disconnected after 10 minutes of inactivity, you need to use the ''set web session-timeout'' command with a higher value than 10 minutes.

Reference: [Check Point Security Expert R81 Administration Guide], page 77.

Question 569

Report
Export
Collapse

How can you grant GAiAAPI Permissions for a newly created user?

A.
Assign the user a permission profile in SmartConsole
A.
Assign the user a permission profile in SmartConsole
Answers
B.
Assign the user the admin RBAC role in dish
B.
Assign the user the admin RBAC role in dish
Answers
C.
No need to grant access since every user has access by default.
C.
No need to grant access since every user has access by default.
Answers
D.
In bash, use the following command: 'gaia_api access --user Tom -enable true'
D.
In bash, use the following command: 'gaia_api access --user Tom -enable true'
Answers
Suggested answer: A

Explanation:

To grant GAiAAPI permissions for a newly created user, you need to assign the user a permission profile in SmartConsole. A permission profile defines the access level and scope of actions that a user can perform using the GAiAAPI. You can choose from predefined permission profiles or create your own custom profiles. You cannot grant GAiAAPI permissions using dish or bash commands.

Reference: [Check Point Security Expert R81 API Reference Guide], page 9.

Question 570

Report
Export
Collapse

Which one is not a valid upgrade method to R81.20?

A.
RPM Upgrade
A.
RPM Upgrade
Answers
B.
Upgrade with Migration
B.
Upgrade with Migration
Answers
C.
Advanced Upgrade
C.
Advanced Upgrade
Answers
D.
CPUSE Upgrade
D.
CPUSE Upgrade
Answers
Suggested answer: A

Explanation:

RPM upgrade is not a valid upgrade method to R81.20. RPM upgrade is a method of upgrading from R80.20.M1 to R80.20.M2 or later, but it is not supported for upgrading to R81.20. The valid upgrade methods to R81.20 are CPUSE upgrade, advanced upgrade, and upgrade with migration.

Reference: [Check Point Security Expert R81 Installation and Upgrade Guide], page 12.

Total 626 questions
Go to page: of 63
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms