ExamGecko
Search Search Login
Home Home / Checkpoint / 156-315.81

Checkpoint 156-315.81 Practice Test - Questions Answers, Page 61

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
By default, the R81 web API uses which content-type in its response?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
What is the command used to activated Multi-Version Cluster mode?
Which TCP port does the CPM process listen on?
By default, which port does the WebUI listen on?
What are the steps to configure the HTTPS Inspection Policy?

Question 601

Report
Export
Collapse

What kind of information would you expect to see when using the 'sim affinity -I' command?

A.
Overview over SecureXL templated connections
A.
Overview over SecureXL templated connections
Answers
B.
The VMACs used in a Security Gateway cluster
B.
The VMACs used in a Security Gateway cluster
Answers
C.
Affinity Distribution
C.
Affinity Distribution
Answers
D.
The involved firewall kernel modules in inbound and outbound packet chain
D.
The involved firewall kernel modules in inbound and outbound packet chain
Answers
Suggested answer: C

Explanation:

The ''sim affinity -I'' command is a command that displays the affinity distribution of the Security Gateway's interfaces. Affinity distribution is the assignment of CPU cores to handle the traffic from different interfaces. The ''sim affinity -I'' command shows the following information for each interface:

The interface name, such as eth0, eth1, etc.

The interface index, such as 0, 1, 2, etc.

The interface type, such as physical, bond, VLAN, etc.

The interface state, such as up or down

The interface speed, such as 1000 Mbps, 10000 Mbps, etc.

The interface MTU, such as 1500, 9000, etc.

The interface MAC address, such as 00:11:22:33:44:55

The interface IP address, such as 192.168.1.1, 10.0.0.1, etc.

The interface affinity mask, such as 0x00000001, 0x00000002, etc. The affinity mask is a hexadecimal value that represents the CPU cores that are assigned to handle the traffic from the interface. For example, 0x00000001 means that only CPU core 0 is assigned, 0x00000003 means that CPU cores 0 and 1 are assigned, and so on.

The ''sim affinity -I'' command can help you to monitor and optimize the performance of your Security Gateway by showing you how the traffic load is distributed among the CPU cores. You can also use the ''sim affinity'' command with other options to change the affinity settings of the interfaces or the firewall instances. For more information, you can refer to the Check Point R81.20 (Titan) Resolved Issues and Enhancements1 or the Solved: Sim Affinity - Check Point CheckMates2.

Question 602

Report
Export
Collapse

Where is the license for Check Point Mobile users installed?

A.
The Primary Gateway
A.
The Primary Gateway
Answers
B.
The Standby Gateway
B.
The Standby Gateway
Answers
C.
The Endpoint Server
C.
The Endpoint Server
Answers
D.
The Security Management Server
D.
The Security Management Server
Answers
Suggested answer: D

Explanation:

The license for Check Point Mobile users is installed on the Security Management Server. Check Point Mobile is a client application that allows remote users to securely access corporate resources from their mobile devices. To use Check Point Mobile, you need to have a valid license for the Mobile Access Software Blade on the Security Management Server. The license determines the number of concurrent users that can connect to the Security Gateway using Check Point Mobile. You can view and manage the license from the SmartConsole or the CPUSE WebUI. For more information, you can refer to the Check Point R81 Mobile Access Blade Administration Guide1 or the Check Point Cybersecurity BootCamp R81.20 -- CCSA & CCSE Training2.

Question 603

Report
Export
Collapse

There are 4 ways to use the Management API for creating host object with the Management API. Which one is NOT correct?

A.
Using cpconfig
A.
Using cpconfig
Answers
B.
Using CLISH
B.
Using CLISH
Answers
C.
Using SmartConsole GUI console
C.
Using SmartConsole GUI console
Answers
D.
Using Web Services
D.
Using Web Services
Answers
Suggested answer: A

Question 604

Report
Export
Collapse

Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?

A.
ip show int eth0
A.
ip show int eth0
Answers
B.
show interface eth0 mq
B.
show interface eth0 mq
Answers
C.
ifconfig -i eth0 verbose
C.
ifconfig -i eth0 verbose
Answers
D.
ethtool -i eth0
D.
ethtool -i eth0
Answers
Suggested answer: D

Question 605

Report
Export
Collapse

Name the authentication method that requires token authenticator.

A.
SecurelD
A.
SecurelD
Answers
B.
DynamiclD
B.
DynamiclD
Answers
C.
Radius
C.
Radius
Answers
D.
TACACS
D.
TACACS
Answers
Suggested answer: A

Explanation:

The correct answer is A) SecurelD.

SecurelD is an authentication method that uses a token-based system to generate one-time passwords (OTPs) for users. Users need to have a physical or software token that displays a code that changes periodically. The code is used along with a personal identification number (PIN) to authenticate the user.

DynamiclD is another authentication method that uses OTPs, but it does not require a token. Instead, it sends the OTP to the user's email or phone number.

Radius and TACACS are protocols that allow remote authentication of users through a centralized server. They do not use tokens, but they can support different types of authentication methods, such as passwords, certificates, or OTPs.

Certified Security Expert (CCSE) R81.20 Course Overview1

What Is Token-Based Authentication? | Okta2

Question 606

Report
Export
Collapse

Identity Awareness lets an administrator easily configure network access and auditing based on three items. Choose the correct statement.

A.
Network location, the identity of a user and the identity of a machine.
A.
Network location, the identity of a user and the identity of a machine.
Answers
B.
Geographical location, the identity of a user and the identity of a machine.
B.
Geographical location, the identity of a user and the identity of a machine.
Answers
C.
Network location, the identity of a user and the active directory membership.
C.
Network location, the identity of a user and the active directory membership.
Answers
D.
Network location, the telephone number of a user and the UID of a machine.
D.
Network location, the telephone number of a user and the UID of a machine.
Answers
Suggested answer: A

Explanation:

The correct answer is A. Network location, the identity of a user and the identity of a machine.

Identity Awareness allows you to easily configure network access and auditing based on three items: network location, the identity of a user and the identity of a machine1. This enables you to create granular and accurate identity-based policies that control who can access what, when and how. You can also monitor and log user and machine activities for compliance and auditing purposes.

Geographical location, the telephone number of a user and the UID of a machine are not the items that Identity Awareness uses to identify and authorize users and machines.

Identity Awareness - Check Point Software1

Question 607

Report
Export
Collapse

Which of the following cannot be configured in an Access Role Object?

A.
Networks
A.
Networks
Answers
B.
Machines
B.
Machines
Answers
C.
Users
C.
Users
Answers
D.
Time
D.
Time
Answers
Suggested answer: D

Explanation:

The verified answer is D) Time.

An Access Role object is a logical representation of a set of users, machines, or networks that can be used in the security policy1. An Access Role object can include the following components1:

Networks: IP addresses or network objects that define the source or destination of the traffic.

Machines: Specific hosts or machine groups that are identified by their MAC addresses or certificates.

Users: Specific users or user groups that are authenticated by one or more identity sources, such as Active Directory, LDAP, or Identity Awareness.

Time is not a component of an Access Role object, and it cannot be configured in it. Time is a separate object type that can be used to define the validity period of a rule or a policy2.

LDAP group vs Access role objects - Check Point CheckMates3

THE IMPORTANCE OF ACCESS ROLES - Check Point Software1

Time Objects - Check Point Software2

Question 608

Report
Export
Collapse

While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?

A.
Security Gateway is not part of the Domain
A.
Security Gateway is not part of the Domain
Answers
B.
SmartConsole machine is not part of the domain
B.
SmartConsole machine is not part of the domain
Answers
C.
Identity Awareness is not enabled on Global properties
C.
Identity Awareness is not enabled on Global properties
Answers
D.
Security Management Server is not part of the domain
D.
Security Management Server is not part of the domain
Answers
Suggested answer: B

Explanation:

The verified answer is B) SmartConsole machine is not part of the domain.

The Identity Awareness wizard uses the SmartConsole machine to detect the windows domain by querying the Active Directory server using DCOM protocol1. If the SmartConsole machine is not part of the domain, the query will fail and the wizard will not automatically detect the domain. The user will have to manually enter the domain name and credentials to proceed with the configuration.

The Security Gateway, the Security Management Server, and the Identity Awareness global properties do not affect the domain detection by the wizard. However, they are required for other aspects of the Identity Awareness blade, such as AD Query, Identity Collector, and Browser-Based Authentication2.

Identity Awareness Configuration wizard authentication fails3

Identity Awareness - Check Point Software4

Question 609

Report
Export
Collapse

Which command collects diagnostic data for analyzing a customer setup remotely?

A.
cpv
A.
cpv
Answers
B.
cpinfo
B.
cpinfo
Answers
C.
migrate export
C.
migrate export
Answers
D.
sysinfo
D.
sysinfo
Answers
Suggested answer: B

Explanation:

The verified answer is B) cpinfo.

cpinfo is a command that collects diagnostic data for analyzing a customer setup remotely. It is an auto-updatable utility that runs on the customer's machine and uploads the data to Check Point servers. The data includes information about the system, the security policy, the objects, and the logs. Check Point support engineers can use the DiagnosticsView utility to open the cpinfo file and view the customer's configuration and environment settings1.

migrate export is a command that exports the Check Point configuration and database files to a compressed file. It is used for backup and migration purposes, not for remote analysis2.

sysinfo is a command that displays basic information about the system, such as the hostname, the OS version, the CPU model, and the memory size. It does not collect or upload any data to Check Point servers3.

cpv is not a valid command in Check Point.

Support, Support Requests, Training ... - Check Point Software1

Migrate export - Check Point Software

sysinfo - Check Point Software

Question 610

Report
Export
Collapse

Alice was asked by Bob to implement the Check Point Mobile Access VPN blade - therefore are some basic configuration steps required - which statement about the configuration steps is true?

A.
1. Add a rule in the Access Control Policy and install policy 2. Configure Mobile Access parameters in Security Gateway object 3. Enable Mobile Access blade on the Security Gateway object and complete the wizard 4. Connect to the Mobile Access Portal
A.
1. Add a rule in the Access Control Policy and install policy 2. Configure Mobile Access parameters in Security Gateway object 3. Enable Mobile Access blade on the Security Gateway object and complete the wizard 4. Connect to the Mobile Access Portal
Answers
B.
1. Connect to the Mobile Access Portal 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Configure Mobile Access parameters in Security Gateway object 4. Add a rule in the Access Control Policy and install policy
B.
1. Connect to the Mobile Access Portal 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Configure Mobile Access parameters in Security Gateway object 4. Add a rule in the Access Control Policy and install policy
Answers
C.
1. Configure Mobile Access parameters in Security Gateway object 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal
C.
1. Configure Mobile Access parameters in Security Gateway object 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal
Answers
D.
1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal
D.
1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal
Answers
Suggested answer: D

Explanation:

The verified answer is D) 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal

The basic configuration steps for the Check Point Mobile Access VPN blade are as follows1:

Enable Mobile Access blade on the Security Gateway object and complete the wizard: This step activates the Mobile Access blade on the selected gateway and guides you through the initial configuration, such as defining the portal name, the certificate, and the authentication methods.

Configure Mobile Access parameters in Security Gateway object: This step allows you to customize the Mobile Access settings, such as defining the supported applications, the access roles, the client settings, and the advanced options.

Add a rule in the Access Control Policy and install policy: This step creates a rule that allows the traffic from the Mobile Access portal to the protected resources and installs the policy on the gateway.

Connect to the Mobile Access Portal: This step verifies that the Mobile Access portal is accessible and functional from a web browser or a mobile device.

The other options are incorrect because they do not follow the correct order or include the necessary steps.

Mobile Access Administration Guide R81 - Check Point Software1

Total 626 questions
Go to page: of 63
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms