Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

156-315.81 Check Point Certified Security Expert R81.20 Questions and Answers

Questions 4

NAT rules are prioritized in which order?

1. Automatic Static NAT

2. Automatic Hide NAT

3. Manual/Pre-Automatic NAT

4. Post-Automatic/Manual NAT rules

Options:

A.

1, 2, 3, 4

B.

1, 4, 2, 3

C.

3, 1, 2, 4

D.

4, 3, 1, 2

Buy Now
Questions 5

Which command lists all tables in Gaia?

Options:

A.

fw tab –t

B.

fw tab –list

C.

fw-tab –s

D.

fw tab -1

Buy Now
Questions 6

What is not a component of Check Point SandBlast?

Options:

A.

Threat Emulation

B.

Threat Simulator

C.

Threat Extraction

D.

Threat Cloud

Buy Now
Questions 7

Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

Options:

A.

15 sec

B.

60 sec

C.

5 sec

D.

30 sec

Buy Now
Questions 8

With SecureXL enabled, accelerated packets will pass through the following:

Options:

A.

Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

B.

Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device

C.

Network Interface Card and the Acceleration Device

D.

Network Interface Card, OSI Network Layer, and the Acceleration Device

Buy Now
Questions 9

Which is not a blade option when configuring SmartEvent?

Options:

A.

Correlation Unit

B.

SmartEvent Unit

C.

SmartEvent Server

D.

Log Server

Buy Now
Questions 10

In R81 spoofing is defined as a method of:

Options:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Buy Now
Questions 11

Session unique identifiers are passed to the web api using which http header option?

Options:

A.

X-chkp-sid

B.

Accept-Charset

C.

Proxy-Authorization

D.

Application

Buy Now
Questions 12

To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?

Options:

A.

5 Network; Host; Objects; Services; API

B.

3 Incoming; Outgoing; Network

C.

2 Internal; External

D.

4 Incoming; Outgoing; Internal; Other

Buy Now
Questions 13

Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?

Options:

A.

fw accel stat

B.

fwaccel stat

C.

fw acces stats

D.

fwaccel stats

Buy Now
Questions 14

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

Options:

A.

fw ctl multik set_mode 1

B.

fw ctl Dynamic_Priority_Queue on

C.

fw ctl Dynamic_Priority_Queue enable

D.

fw ctl multik set_mode 9

Buy Now
Questions 15

Which of the following process pulls application monitoring status?

Options:

A.

fwd

B.

fwm

C.

cpwd

D.

cpd

Buy Now
Questions 16

SandBlast agent extends 0 day prevention to what part of the network?

Options:

A.

Web Browsers and user devices

B.

DMZ server

C.

Cloud

D.

Email servers

Buy Now
Questions 17

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

Options:

A.

MySQL

B.

Postgres SQL

C.

MarisDB

D.

SOLR

Buy Now
Questions 18

Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

Options:

A.

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

B.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.

Time object to a rule to make the rule active only during specified times.

D.

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Buy Now
Questions 19

SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?

Options:

A.

Management Dashboard

B.

Gateway

C.

Personal User Storage

D.

Behavior Risk Engine

Buy Now
Questions 20

How many policy layers do Access Control policy support?

Options:

A.

2

B.

4

C.

1

D.

3

Buy Now
Questions 21

Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

Options:

A.

AV issues

B.

VPN errors

C.

Network traffic issues

D.

Authentication issues

Buy Now
Questions 22

What is the SandBlast Agent designed to do?

Options:

A.

Performs OS-level sandboxing for SandBlast Cloud architecture

B.

Ensure the Check Point SandBlast services is running on the end user’s system

C.

If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

D.

Clean up email sent with malicious attachments

Buy Now
Questions 23

What kind of information would you expect to see using the sim affinity command?

Options:

A.

The VMACs used in a Security Gateway cluster

B.

The involved firewall kernel modules in inbound and outbound packet chain

C.

Overview over SecureXL templated connections

D.

Network interfaces and core distribution used for CoreXL

Buy Now
Questions 24

Which statement is true regarding redundancy?

Options:

A.

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.

B.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

C.

Machines in a ClusterXL High Availability configuration must be synchronized.

D.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Buy Now
Questions 25

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

Options:

A.

Symmetric routing

B.

Failovers

C.

Asymmetric routing

D.

Anti-Spoofing

Buy Now
Questions 26

Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

Options:

A.

Block Port Overflow

B.

Local Interface Spoofing

C.

Suspicious Activity Monitoring

D.

Adaptive Threat Prevention

Buy Now
Questions 27

During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

Options:

A.

Dropped without sending a negative acknowledgment

B.

Dropped without logs and without sending a negative acknowledgment

C.

Dropped with negative acknowledgment

D.

Dropped with logs and without sending a negative acknowledgment

Buy Now
Questions 28

CoreXL is supported when one of the following features is enabled:

Options:

A.

Route-based VPN

B.

IPS

C.

IPv6

D.

Overlapping NAT

Buy Now
Questions 29

Which TCP-port does CPM process listen to?

Options:

A.

18191

B.

18190

C.

8983

D.

19009

Buy Now
Questions 30

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

Options:

A.

logd

B.

fwd

C.

fwm

D.

cpd

Buy Now
Questions 31

Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

Options:

A.

User data base corruption

B.

LDAP conflicts

C.

Traffic issues

D.

Phase two key negotiations

Buy Now
Questions 32

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

Options:

A.

fwd via cpm

B.

fwm via fwd

C.

cpm via cpd

D.

fwd via cpd

Buy Now
Questions 33

Which method below is NOT one of the ways to communicate using the Management API’s?

Options:

A.

Typing API commands using the “mgmt_cli” command

B.

Typing API commands from a dialog box inside the SmartConsole GUI application

C.

Typing API commands using Gaia’s secure shell(clish)19+

D.

Sending API commands over an http connection using web-services

Buy Now
Questions 34

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Options:

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Buy Now
Questions 35

How many images are included with Check Point TE appliance in Recommended Mode?

Options:

A.

2(OS) images

B.

images are chosen by administrator during installation

C.

as many as licensed for

D.

the newest image

Buy Now
Questions 36

What are the three components for Check Point Capsule?

Options:

A.

Capsule Docs, Capsule Cloud, Capsule Connect

B.

Capsule Workspace, Capsule Cloud, Capsule Connect

C.

Capsule Workspace, Capsule Docs, Capsule Connect

D.

Capsule Workspace, Capsule Docs, Capsule Cloud

Buy Now
Questions 37

To fully enable Dynamic Dispatcher on a Security Gateway:

Options:

A.

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

B.

Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.

C.

Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

D.

run fw multik set_mode 1 in Expert mode and then reboot.

Buy Now
Questions 38

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

Options:

A.

50%

B.

75%

C.

80%

D.

15%

Buy Now
Questions 39

What command verifies that the API server is responding?

Options:

A.

api stat

B.

api status

C.

show api_status

D.

app_get_status

Buy Now
Questions 40

Which is NOT an example of a Check Point API?

Options:

A.

Gateway API

B.

Management API

C.

OPSC SDK

D.

Threat Prevention API

Buy Now
Questions 41

Which CLI command will reset the IPS pattern matcher statistics?

Options:

A.

ips reset pmstat

B.

ips pstats reset

C.

ips pmstats refresh

D.

ips pmstats reset

Buy Now
Questions 42

On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

Options:

A.

18210

B.

18184

C.

257

D.

18191

Buy Now
Questions 43

If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:

Options:

A.

Rename the hostname of the Standby member to match exactly the hostname of the Active member.

B.

Change the Standby Security Management Server to Active.

C.

Change the Active Security Management Server to Standby.

D.

Manually synchronize the Active and Standby Security Management Servers.

Buy Now
Questions 44

Which command will allow you to see the interface status?

Options:

A.

cphaprob interface

B.

cphaprob –I interface

C.

cphaprob –a if

D.

cphaprob stat

Buy Now
Questions 45

What is true about VRRP implementations?

Options:

A.

VRRP membership is enabled in cpconfig

B.

VRRP can be used together with ClusterXL, but with degraded performance

C.

You cannot have a standalone deployment

D.

You cannot have different VRIDs in the same physical network

Buy Now
Questions 46

Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

Options:

A.

infoCP

B.

infoview

C.

cpinfo

D.

fw cpinfo

Buy Now
Questions 47

In which deployment is the security management server and Security Gateway installed on the same appliance?

Options:

A.

Standalone

B.

Remote

C.

Distributed

D.

Bridge Mode

Buy Now
Questions 48

Which packet info is ignored with Session Rate Acceleration?

Options:

A.

source port ranges

B.

source ip

C.

source port

D.

same info from Packet Acceleration is used

Buy Now
Questions 49

Which statement is correct about the Sticky Decision Function?

Options:

A.

It is not supported with either the Performance pack of a hardware based accelerator card

B.

Does not support SPI’s when configured for Load Sharing

C.

It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

D.

It is not required L2TP traffic

Buy Now
Questions 50

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

Options:

A.

TCP Port 18190

B.

TCP Port 18209

C.

TCP Port 19009

D.

TCP Port 18191

Buy Now
Questions 51

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?

Options:

A.

fw ctl set int fwha vmac global param enabled

B.

fw ctl get int vmac global param enabled; result of command should return value 1

C.

cphaprob-a if

D.

fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Buy Now
Questions 52

What are the methods of SandBlast Threat Emulation deployment?

Options:

A.

Cloud, Appliance and Private

B.

Cloud, Appliance and Hybrid

C.

Cloud, Smart-1 and Hybrid

D.

Cloud, OpenServer and Vmware

Buy Now
Questions 53

In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

Options:

A.

SND is a feature to accelerate multiple SSL VPN connections

B.

SND is an alternative to IPSec Main Mode, using only 3 packets

C.

SND is used to distribute packets among Firewall instances

D.

SND is a feature of fw monitor to capture accelerated packets

Buy Now
Questions 54

What two ordered layers make up the Access Control Policy Layer?

Options:

A.

URL Filtering and Network

B.

Network and Threat Prevention

C.

Application Control and URL Filtering

D.

Network and Application Control

Buy Now
Questions 55

What is the amount of Priority Queues by default?

Options:

A.

There are 8 priority queues and this number cannot be changed.

B.

There is no distinct number of queues since it will be changed in a regular basis based on its system requirements.

C.

There are 7 priority queues by default and this number cannot be changed.

D.

There are 8 priority queues by default, and up to 8 additional queues can be manually configured

Buy Now
Questions 56

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Options:

A.

After upgrading the hardware, increase the number of kernel instances using cpconfig

B.

Hyperthreading must be enabled in the bios to use CoreXL

C.

Run cprestart from dish

D.

Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores.

Buy Now
Questions 57

Matt wants to upgrade his old Security Management server to R81.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade?

Options:

A.

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

B.

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

C.

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

D.

Size of the /var/log folder of the target machine must be at least 25GB or more

Buy Now
Questions 58

After some changes in the firewall policy you run into some issues. You want to test if the policy from two weeks ago have the same issue. You don't want to lose the changes from the last weeks. What is the best way to do it?

Options:

A.

Use the Gaia WebUI to take a backup of the Gateway. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version

from two weeks ago and press the 'Install specific version' button

B.

Use the Gaia WebUI to take a snapshot of management. In the In SmartConsole under Manage & Settlings go to Sessions -> Revisions and select the revision from two

weeks ago. Run the action 'Revert to this revision...' Restore the management snapshot.

C.

In SmartConsole under Manage & Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action 'Revert to this revision...'.

D.

In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the 'Install specific

version' button

Buy Now
Questions 59

What is the command to check the status of the SmartEvent Correlation Unit?

Options:

A.

fw ctl get int cpsead_stat

B.

cpstat cpsead

C.

fw ctl stat cpsemd

D.

cp_conf get_stat cpsemd

Buy Now
Questions 60

You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?

Options:

A.

The idle timeout for the web session is specified with the "set web session-timeout" command.

B.

The number specified is the amount of the idle timeout in seconds rather than in minutes. So you have to use the command "set inactivity-timeout 600" instead.

C.

Probably, you have forgotten to make sure that nobody is accessing the management server via the SmartConsole which locks the management database.

D.

The number of minutes is correct. Probably, you have forgotten to save this setting with the "save config" command.

Buy Now
Questions 61

Why is a Central License the preferred and recommended method of licensing?

Options:

A.

Central Licensing actually not supported with Gaia.

B.

Central Licensing is the only option when deploying Gala.

C.

Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.

D.

Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Buy Now
Questions 62

By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?

Options:

A.

Six times per day

B.

Seven times per day

C.

Every two hours

D.

Every three hours

Buy Now
Questions 63

While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?

Options:

A.

Security Gateway is not part of the Domain

B.

SmartConsole machine is not part of the domain

C.

Identity Awareness is not enabled on Global properties

D.

Security Management Server is not part of the domain

Buy Now
Questions 64

What command is used to manually failover a Multi-Version Cluster during the upgrade?

Options:

A.

clusterXL_admin down in Expert Mode

B.

clusterXL_admin down in Clish

C.

set cluster member state down in Clish

D.

set cluster down in Expert Mode

Buy Now
Questions 65

Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:

Options:

A.

224.0.0.18

B.

224 00 5

C.

224.0.0.102

D.

224.0.0.22

Buy Now
Questions 66

Which of the following is NOT a method used by Identity Awareness for acquiring identity?

Options:

A.

Remote Access

B.

Active Directory Query

C.

Cloud IdP (IdentityProvider)

D.

RADIUS

Buy Now
Questions 67

Which of the following is true regarding the Proxy ARP feature for Manual NAT?

Options:

A.

The local.arp file must always be configured

B.

Automatic proxy ARP configuration can be enabled

C.

fw ctl proxy should be configured

D.

Translate Destination on Client Side should be configured

Buy Now
Questions 68

What are valid authentication methods for mutual authenticating the VPN gateways?

Options:

A.

PKI Certificates and Kerberos Tickets

B.

PKI Certificates and DynamicID OTP

C.

Pre-Shared Secrets and Kerberos Ticket

D.

Pre-shared Secret and PKI Certificates

Buy Now
Questions 69

Which of the following is NOT a valid type of SecureXL template?

Options:

A.

Accept Template

B.

Deny template

C.

Drop Template

D.

NAT Template

Buy Now
Questions 70

Which Check Point software blade provides protection from zero-day and undiscovered threats?

Options:

A.

Firewall

B.

Threat Emulation

C.

Application Control

D.

Threat Extraction

Buy Now
Questions 71

What Is the difference between Updatable Objects and Dynamic Objects

Options:

A.

Dynamic Objects ate maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.

B.

Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally For Dynamic Objects

there is no need to install policy for the changes to take effect.

C.

Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally In both cases there is no

need to install policy for the changes to take effect.

D.

Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there rs no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.

Buy Now
Questions 72

What are possible Automatic Reactions in SmartEvent?

Options:

A.

Mail. SNMP Trap, Block Source. Block Event Activity, External Script

B.

Web Mail. Block Destination, SNMP Trap. SmartTask

C.

Web Mail, Block Service. SNMP Trap. SmartTask, Geo Protection

D.

Web Mail, Forward to SandBlast Appliance, SNMP Trap, External Script

Buy Now
Questions 73

156-315.81 Question 73

You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

What does this mean?

Options:

A.

This rule No. 6 has been marked for deletion in your Management session.

B.

This rule No. 6 has been marked for deletion in another Management session.

C.

This rule No. 6 has been marked for editing in your Management session.

D.

This rule No. 6 has been marked for editing in another Management session.

Buy Now
Questions 74

Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?

Options:

A.

fwm

B.

cpd

C.

cpwd

D.

cpm

Buy Now
Questions 75

Fill in the blank: The IPS policy for pre-R81 gateways is installed during the _______ .

Options:

A.

Firewall policy install

B.

Threat Prevention policy install

C.

Anti-bot policy install

D.

Access Control policy install

Buy Now
Questions 76

The customer has about 150 remote access user with a Windows laptops. Not more than 50 Clients will be connected at the same time. The customer want to use multiple VPN Gateways as entry point and a personal firewall. What will be the best license for him?

Options:

A.

He will need Capsule Connect using MEP (multiple entry points).

B.

Because the customer uses only Windows clients SecuRemote will be sufficient and no additional license is needed

C.

He will need Harmony Endpoint because of the personal firewall.

D.

Mobile Access license because he needs only a 50 user license, license count is per concurrent user.

Buy Now
Questions 77

Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?

Options:

A.

Application Control

B.

Firewall

C.

Identity Awareness

D.

URL Filtering

Buy Now
Questions 78

When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?

Options:

A.

If the Action is Accept, the gateway allows the packet to pass through the gateway.

B.

If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.

C.

If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.

D.

If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.

Buy Now
Questions 79

After replacing a faulty Gateway the admin installed the new Hardware and want to push the policy. Installing the policy using the SmartConsole he got an Error for the Threat Prevention Policy. There is no error for the Access Control Policy. What will be the most common cause for the issue?

Options:

A.

The admin forgot to reestablish the SIC for the new hardware. That is typically the case when configure only the interfaces of the replacement hardware instead restoring a backup.

B.

The IPS Protection engine on the replacement hardware is too old. Before pushing the Threat Prevention Policy use SmartConsole -> Security Policies -> Updates -> IPS 'Update Now' to update the engine.

C.

The admin forgot to apply the new license. The Access Control license is included by default but the service subscriptions for the Threat Prevention Blades are missing.

D.

The Threat Prevention Policy can't be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.

Buy Now
Questions 80

What is "Accelerated Policy Installation"?

Options:

A.

Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly

B.

Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly

C.

Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly

D.

Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly

Buy Now
Questions 81

Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?

156-315.81 Question 81

Options:

A.

set web ssl-port

B.

set Gaia-portal port

C.

set Gaia-portal https-port

D.

set web https-port

Buy Now
Questions 82

Which command is used to obtain the configuration lock in Gaia?

Options:

A.

Lock database override

B.

Unlock database override

C.

Unlock database lock

D.

Lock database user

Buy Now
Questions 83

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Options:

A.

Run cprestart from clish

B.

After upgrading the hardware, increase the number of kernel instances using cpconfig

C.

Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores

D.

Hyperthreading must be enabled in the bios to use CoreXL

Buy Now
Questions 84

You plan to automate creating new objects using new R81 Management API. You decide to use GAIA CLI for this task.

What is the first step to run management API commands on GAIA’s shell?

Options:

A.

mgmt_admin@teabag > id.txt

B.

mgmt_login

C.

login user admin password teabag

D.

mgmt_cli login user “admin” password “teabag” > id.txt

Buy Now
Questions 85

Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly deployed R81.X Security Management Server Aaron wants to confirm API services are working properly. What should he do first?

Options:

A.

Aaron should check API Server status with "fwm api status" from Expert mode If services are stopped, he should start them with "fwm api start".

B.

Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start"

C.

Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start"

D.

Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start".

Buy Now
Questions 86

Which Check Point feature enables application scanning and the detection?

Options:

A.

Application Dictionary

B.

AppWiki

C.

Application Library

D.

CPApp

Buy Now
Questions 87

Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:

Options:

A.

assign privileges to users.

B.

edit the home directory of the user.

C.

add users to your Gaia system.

D.

assign user rights to their home directory in the Security Management Server.

Buy Now
Questions 88

Kurt is planning to upgrade his Security Management Server to R81.X. What is the lowest supported version of the Security Management he can upgrade from?

Options:

A.

R76 Splat

B.

R77.X Gaia

C.

R75 Splat

D.

R75 Gaia

Buy Now
Questions 89

Is it possible to establish a VPN before the user login to the Endpoint Client?

Options:

A.

yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password

attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway

B.

no, the user must login first.

C.

yes. you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the

trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway

D.

yes, you had to enable Machine Authentication in the Gateway object of the Smart Console

Buy Now
Questions 90

Which feature is NOT provided by all Check Point Mobile Access solutions?

Options:

A.

Support for IPv6

B.

Granular access control

C.

Strong user authentication

D.

Secure connectivity

Buy Now
Questions 91

Which one is not a valid Package Option In the Web GUI for CPUSE?

Options:

A.

Clean Install

B.

Export Package

C.

Upgrade

D.

Database Conversion to R81.20 only

Buy Now
Questions 92

Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?

Options:

A.

You can install Hotfixes with the Central Deployment in SmartConsole

B.

You can install Jumbo Hotfix accumulators with the Central Deployment in SmartConsole.

C.

Only be installed Hotfixes can with the Central Deployment in SmartConsole

D.

You can upgrade your cluster without user intervention with the Central Deployment in SmartConsole from R80.40 to R81.20.

Buy Now
Questions 93

You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Options:

A.

Check Point Capsule Cloud

B.

Sandblast Mobile Protect

C.

SecuRemote

D.

SmartEvent Client Info

Buy Now
Questions 94

Which command collects diagnostic data for analyzing a customer setup remotely?

Options:

A.

cpv

B.

cpinfo

C.

migrate export

D.

sysinfo

Buy Now
Questions 95

The admin is connected via ssh lo the management server. He wants to run a mgmt_dl command but got a Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue?

156-315.81 Question 95

Options:

A.

Wrong Management API Access setting^for Ihe client IP To correct it go to SmartConsole / Management & Settings / Blades / Management API and press "Advanced Settings..' and choose GUI clients or ALL IP's.

B.

The API didn't run on the default port check it with api status' and add '-port 4434' to the mgmt_clt command.

C.

The management permission in the user profile is mrssing. Go to SmartConsole / Management & Settings I Permissions & Administrators / Permission Profiles. Select the profile of the user and enable 'Management API Login' under Management Permissions

D.

The API is not running, the services shown by netstat are the gaia services. To start the API run 'api start'

Buy Now
Questions 96

From SecureXL perspective, what are the three paths of traffic flow:

Options:

A.

Initial Path; Medium Path; Accelerated Path

B.

Layer Path; Blade Path; Rule Path

C.

Firewall Path; Accelerated Path; Medium Path

D.

Firewall Path; Accept Path; Drop Path

Buy Now
Questions 97

Which components allow you to reset a VPN tunnel?

Options:

A.

vpn tu command or SmartView monitor

B.

delete vpn ike sa or vpn she11 command

C.

vpn tunnelutil or delete vpn ike sa command

D.

SmartView monitor only

Buy Now
Questions 98

UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?

Options:

A.

Ask

B.

Drop

C.

Inform

D.

Reject

Buy Now
Questions 99

Which one of the following is true about Capsule Connect?

Options:

A.

It is a full layer 3 VPN client

B.

It offers full enterprise mobility management

C.

It is supported only on iOS phones and Windows PCs

D.

It does not support all VPN authentication methods

Buy Now
Questions 100

By default, the R81 web API uses which content-type in its response?

Options:

A.

Java Script

B.

XML

C.

Text

D.

JSON

Buy Now
Questions 101

What kind of information would you expect to see when using the "sim affinity -I" command?

Options:

A.

Overview over SecureXL templated connections

B.

The VMACs used in a Security Gateway cluster

C.

Affinity Distribution

D.

The involved firewall kernel modules in inbound and outbound packet chain

Buy Now
Questions 102

SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:

Options:

A.

19090,22

B.

19190,22

C.

18190,80

D.

19009,443

Buy Now
Questions 103

How often does Threat Emulation download packages by default?

Options:

A.

Once a week

B.

Once an hour

C.

Twice per day

D.

Once per day

Buy Now
Questions 104

Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?

Options:

A.

You can assign only one profile per gateway and a profile can be assigned to one rule Only.

B.

You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

C.

You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

D.

You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Buy Now
Questions 105

The following command is used to verify the CPUSE version:

Options:

A.

HostName:0>show installer status build

B.

[Expert@HostName:0]#show installer status

C.

[Expert@HostName:0]#show installer status build

D.

HostName:0>show installer build

Buy Now
Questions 106

What information is NOT collected from a Security Gateway in a Cpinfo?

Options:

A.

Firewall logs

B.

Configuration and database files

C.

System message logs

D.

OS and network statistics

Buy Now
Questions 107

Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?

Options:

A.

Export R81 configuration, clean install R81.20 and import the configuration

B.

CPUSE offline upgrade

C.

CPUSE online upgrade

D.

SmartUpdate upgrade

Buy Now
Questions 108

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

Options:

A.

Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.

B.

Correlates all the identified threats with the consolidation policy.

C.

Collects syslog data from third party devices and saves them to the database.

D.

Connects with the SmartEvent Client when generating threat reports.

Buy Now
Questions 109

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

Options:

A.

fwd

B.

fwm

C.

cpd

D.

cpwd

Buy Now
Questions 110

What is the main difference between Threat Extraction and Threat Emulation?

Options:

A.

Threat Emulation never delivers a file and takes more than 3 minutes to complete.

B.

Threat Extraction always delivers a file and takes less than a second to complete.

C.

Threat Emulation never delivers a file that takes less than a second to complete.

D.

Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Buy Now
Questions 111

You need to see which hotfixes are installed on your gateway, which command would you use?

Options:

A.

cpinfo –h all

B.

cpinfo –o hotfix

C.

cpinfo –l hotfix

D.

cpinfo –y all

Buy Now
Questions 112

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

Options:

A.

$FWDIR/database/fwauthd.conf

B.

$FWDIR/conf/fwauth.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/state/fwauthd.conf

Buy Now
Questions 113

An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?

Options:

A.

He can use the fw accel stat command on the gateway.

B.

He can use the fw accel statistics command on the gateway.

C.

He can use the fwaccel stat command on the Security Management Server.

D.

He can use the fwaccel stat command on the gateway

Buy Now
Questions 114

Which encryption algorithm is the least secured?

Options:

A.

AES-128

B.

AES-256

C.

DES

D.

3DES

Buy Now
Questions 115

Which command shows the current connections distributed by CoreXL FW instances?

Options:

A.

fw ctl multik stat

B.

fw ctl affinity -l

C.

fw ctl instances -v

D.

fw ctl iflist

Buy Now
Questions 116

Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?

Options:

A.

host name myHost12 ip-address 10.50.23.90

B.

mgmt: add host name ip-address 10.50.23.90

C.

add host name emailserver1 ip-address 10.50.23.90

D.

mgmt: add host name emailserver1 ip-address 10.50.23.90

Buy Now
Questions 117

How do Capsule Connect and Capsule Workspace differ?

Options:

A.

Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.

B.

Capsule Workspace can provide access to any application.

C.

Capsule Connect provides Business data isolation.

D.

Capsule Connect does not require an installed application at client.

Buy Now
Questions 118

What is the most recommended way to install patches and hotfixes?

Options:

A.

CPUSE Check Point Update Service Engine

B.

rpm -Uv

C.

Software Update Service

D.

UnixinstallScript

Buy Now
Questions 119

What is the port used for SmartConsole to connect to the Security Management Server?

Options:

A.

CPMI port 18191/TCP

B.

CPM port/TCP port 19009

C.

SIC port 18191/TCP

D.

https port 4434/TCP

Buy Now
Questions 120

Which of the following will NOT affect acceleration?

Options:

A.

Connections destined to or originated from the Security gateway

B.

A 5-tuple match

C.

Multicast packets

D.

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Buy Now
Questions 121

Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?

Options:

A.

enable DLP and select.exe and .bat file type

B.

enable .exe & .bat protection in IPS Policy

C.

create FW rule for particular protocol

D.

tecli advanced attributes set prohibited_file_types exe.bat

Buy Now
Questions 122

Which of the following is NOT a component of Check Point Capsule?

Options:

A.

Capsule Docs

B.

Capsule Cloud

C.

Capsule Enterprise

D.

Capsule Workspace

Buy Now
Questions 123

Which directory below contains log files?

Options:

A.

/opt/CPSmartlog-R81/log

B.

/opt/CPshrd-R81/log

C.

/opt/CPsuite-R81/fw1/log

D.

/opt/CPsuite-R81/log

Buy Now
Questions 124

Which of the following describes how Threat Extraction functions?

Options:

A.

Detect threats and provides a detailed report of discovered threats.

B.

Proactively detects threats.

C.

Delivers file with original content.

D.

Delivers PDF versions of original files with active content removed.

Buy Now
Questions 125

SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

Options:

A.

Threat Emulation

B.

Mobile Access

C.

Mail Transfer Agent

D.

Threat Cloud

Buy Now
Questions 126

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

Options:

A.

cphaprob set int fwha_vmac_global_param_enabled 1

B.

clusterXL set int fwha_vmac_global_param_enabled 1

C.

fw ctl set int fwha_vmac_global_param_enabled 1

D.

cphaconf set int fwha_vmac_global_param_enabled 1

Buy Now
Questions 127

Which statement is true about ClusterXL?

Options:

A.

Supports Dynamic Routing (Unicast and Multicast)

B.

Supports Dynamic Routing (Unicast Only)

C.

Supports Dynamic Routing (Multicast Only)

D.

Does not support Dynamic Routing

Buy Now
Questions 128

Which one of the following is true about Threat Emulation?

Options:

A.

Takes less than a second to complete

B.

Works on MS Office and PDF files only

C.

Always delivers a file

D.

Takes minutes to complete (less than 3 minutes)

Buy Now
Questions 129

What is the purpose of Priority Delta in VRRP?

Options:

A.

When a box up, Effective Priority = Priority + Priority Delta

B.

When an Interface is up, Effective Priority = Priority + Priority Delta

C.

When an Interface fail, Effective Priority = Priority – Priority Delta

D.

When a box fail, Effective Priority = Priority – Priority Delta

Buy Now
Questions 130

Which of the following is NOT a type of Check Point API available in R81.x?

Options:

A.

Identity Awareness Web Services

B.

OPSEC SDK

C.

Mobile Access

D.

Management

Buy Now
Questions 131

After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

Options:

A.

cvpnd_restart

B.

cvpnd_restart

C.

cvpnd restart

D.

cvpnrestart

Buy Now
Questions 132

Which one of the following is true about Threat Extraction?

Options:

A.

Always delivers a file to user

B.

Works on all MS Office, Executables, and PDF files

C.

Can take up to 3 minutes to complete

D.

Delivers file only if no threats found

Buy Now
Questions 133

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

Options:

A.

fw ctl Dyn_Dispatch on

B.

fw ctl Dyn_Dispatch enable

C.

fw ctl multik set_mode 4

D.

fw ctl multik set_mode 1

Buy Now
Questions 134

What is the benefit of “tw monitor” over “tcpdump”?

Options:

A.

“fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.

B.

“fw monitor” is also available for 64-Bit operating systems.

C.

With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”

D.

“fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.

Buy Now
Questions 135

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

Options:

A.

Accept Template

B.

Deny Template

C.

Drop Template

D.

NAT Template

Buy Now
Questions 136

SandBlast appliances can be deployed in the following modes:

Options:

A.

using a SPAN port to receive a copy of the traffic only

B.

detect only

C.

inline/prevent or detect

D.

as a Mail Transfer Agent and as part of the traffic flow only

Buy Now
Questions 137

: 156

VPN Link Selection will perform the following when the primary VPN link goes down?

Options:

A.

The Firewall will drop the packets.

B.

The Firewall can update the Link Selection entries to start using a different link for the same tunnel.

C.

The Firewall will send out the packet on all interfaces.

D.

The Firewall will inform the client that the tunnel is down.

Buy Now
Questions 138

What is the name of the secure application for Mail/Calendar for mobile devices?

Options:

A.

Capsule Workspace

B.

Capsule Mail

C.

Capsule VPN

D.

Secure Workspace

Buy Now
Questions 139

When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?

Options:

A.

IP

B.

SIC

C.

NAT

D.

FQDN

Buy Now
Questions 140

What is the command to see cluster status in cli expert mode?

Options:

A.

fw ctl stat

B.

clusterXL stat

C.

clusterXL status

D.

cphaprob stat

Buy Now
Questions 141

As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?

Options:

A.

SFWDIR/smartevent/conf

B.

$RTDIR/smartevent/conf

C.

$RTDIR/smartview/conf

D.

$FWDIR/smartview/conf

Buy Now
Questions 142

When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

Options:

A.

cphaprob –d STOP unregister

B.

cphaprob STOP unregister

C.

cphaprob unregister STOP

D.

cphaprob –d unregister STOP

Buy Now
Questions 143

What are the main stages of a policy installations?

Options:

A.

Verification & Compilation, Transfer and Commit

B.

Verification & Compilation, Transfer and Installation

C.

Verification, Commit, Installation

D.

Verification, Compilation & Transfer, Installation

Buy Now
Questions 144

Can multiple administrators connect to a Security Management Server at the same time?

Options:

A.

No, only one can be connected

B.

Yes, all administrators can modify a network object at the same time

C.

Yes, every administrator has their own username, and works in a session that is independent of other administrators.

D.

Yes, but only one has the right to write.

Buy Now
Questions 145

When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:

Options:

A.

Threat Emulation

B.

HTTPS

C.

QOS

D.

VoIP

Buy Now
Questions 146

Using ClusterXL, what statement is true about the Sticky Decision Function?

Options:

A.

Can only be changed for Load Sharing implementations

B.

All connections are processed and synchronized by the pivot

C.

Is configured using cpconfig

D.

Is only relevant when using SecureXL

Buy Now
Questions 147

Which command can you use to verify the number of active concurrent connections?

Options:

A.

fw conn all

B.

fw ctl pstat

C.

show all connections

D.

show connections

Buy Now
Questions 148

You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Options:

A.

SmartEvent Client Info

B.

SecuRemote

C.

Check Point Protect

D.

Check Point Capsule Cloud

Buy Now
Questions 149

Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?

Options:

A.

The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses

B.

The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

C.

The CoreXL FW instances assignment mechanism is based on IP Protocol type

D.

The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type

Buy Now
Questions 150

R81.20 management server can manage gateways with which versions installed?

Options:

A.

Versions R77 and higher

B.

Versions R76 and higher

C.

Versions R75.20 and higher

D.

Versions R75 and higher

Buy Now
Questions 151

With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?

Options:

A.

Threat Cloud Intelligence

B.

Threat Prevention Software Blade Package

C.

Endpoint Total Protection

D.

Traffic on port 25

Buy Now
Questions 152

You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

Options:

A.

sim erdos –e 1

B.

sim erdos – m 1

C.

sim erdos –v 1

D.

sim erdos –x 1

Buy Now
Questions 153

How many layers make up the TCP/IP model?

Options:

A.

2

B.

7

C.

6

D.

4

Buy Now
Questions 154

Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.

What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

Options:

A.

Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

B.

Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.

C.

Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.

D.

Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

Buy Now
Questions 155

NO: 219

What cloud-based SandBlast Mobile application is used to register new devices and users?

Options:

A.

Check Point Protect Application

B.

Management Dashboard

C.

Behavior Risk Engine

D.

Check Point Gateway

Buy Now
Questions 156

Which path below is available only when CoreXL is enabled?

Options:

A.

Slow path

B.

Firewall path

C.

Medium path

D.

Accelerated path

Buy Now
Questions 157

What is the Implicit Clean-up Rule?

Options:

A.

A setting is defined in the Global Properties for all policies.

B.

A setting that is configured per Policy Layer.

C.

Another name for the Clean-up Rule.

D.

Automatically created when the Clean-up Rule is defined.

Buy Now
Questions 158

What command lists all interfaces using Multi-Queue?

Options:

A.

cpmq get

B.

show interface all

C.

cpmq set

D.

show multiqueue all

Buy Now
Questions 159

What is UserCheck?

Options:

A.

Messaging tool used to verify a user’s credentials.

B.

Communication tool used to inform a user about a website or application they are trying to access.

C.

Administrator tool used to monitor users on their network.

D.

Communication tool used to notify an administrator when a new user is created.

Buy Now
Questions 160

The SmartEvent R81 Web application for real-time event monitoring is called:

Options:

A.

SmartView Monitor

B.

SmartEventWeb

C.

There is no Web application for SmartEvent

D.

SmartView

Buy Now
Questions 161

Which file gives you a list of all security servers in use, including port number?

Options:

A.

$FWDIR/conf/conf.conf

B.

$FWDIR/conf/servers.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/conf/serversd.conf

Buy Now
Questions 162

Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.

Options:

A.

SmartMonitor

B.

SmartView Web Application

C.

SmartReporter

D.

SmartTracker

Buy Now
Questions 163

What happen when IPS profile is set in Detect Only Mode for troubleshooting?

Options:

A.

It will generate Geo-Protection traffic

B.

Automatically uploads debugging logs to Check Point Support Center

C.

It will not block malicious traffic

D.

Bypass licenses requirement for Geo-Protection control

Buy Now
Questions 164

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

Options:

A.

Check Point Remote User

B.

Check Point Capsule Workspace

C.

Check Point Mobile Web Portal

D.

Check Point Capsule Remote

Buy Now
Questions 165

When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.

Which phase of the VPN negotiations has failed?

Options:

A.

IKE Phase 1

B.

IPSEC Phase 2

C.

IPSEC Phase 1

D.

IKE Phase 2

Buy Now
Questions 166

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:

Options:

A.

Create new dashboards to manage 3rd party task

B.

Create products that use and enhance 3rd party solutions

C.

Execute automated scripts to perform common tasks

D.

Create products that use and enhance the Check Point Solution

Buy Now
Questions 167

Check Point security components are divided into the following components:

Options:

A.

GUI Client, Security Gateway, WebUI Interface

B.

GUI Client, Security Management, Security Gateway

C.

Security Gateway, WebUI Interface, Consolidated Security Logs

D.

Security Management, Security Gateway, Consolidate Security Logs

Buy Now
Questions 168

Which command would you use to set the network interfaces’ affinity in Manual mode?

Options:

A.

sim affinity -m

B.

sim affinity -l

C.

sim affinity -a

D.

sim affinity -s

Buy Now
Questions 169

In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

Options:

A.

Accounting

B.

Suppression

C.

Accounting/Suppression

D.

Accounting/Extended

Buy Now
Questions 170

Which of the following is NOT a VPN routing option available in a star community?

Options:

A.

To satellites through center only.

B.

To center, or through the center to other satellites, to Internet and other VPN targets.

C.

To center and to other satellites through center.

D.

To center only.

Buy Now
Questions 171

What is true of the API server on R81.20?

Options:

A.

By default the API-server is activated and does not have hardware requirements.

B.

By default the API-server is not active and should be activated from the WebUI.

C.

By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).

D.

By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

Buy Now
Questions 172

SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:

Options:

A.

ping, traceroute, netstat, and route

B.

ping, nslookup, Telnet, and route

C.

ping, whois, nslookup, and Telnet

D.

ping, traceroute, netstat, and nslookup

Buy Now
Questions 173

What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?

Options:

A.

S

B.

W

C.

C

D.

Space bar

Buy Now
Questions 174

When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?

Options:

A.

ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data

B.

ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments

C.

ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud

D.

ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

Buy Now
Questions 175

What statement best describes the Proxy ARP feature for Manual NAT in R81.20?

Options:

A.

Automatic proxy ARP configuration can be enabled

B.

Translate Destination on Client Side should be configured

C.

fw ctl proxy should be configured

D.

local.arp file must always be configured

Buy Now
Questions 176

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

Options:

A.

ffff

B.

1

C.

3

D.

2

Buy Now
Questions 177

Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.

What will happen to the changes already made?

Options:

A.

Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.

B.

Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.

C.

Tom’s changes will be lost since he lost connectivity and he will have to start again.

D.

Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

Buy Now
Questions 178

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

Options:

A.

ThreatWiki

B.

Whitelist Files

C.

AppWiki

D.

IPS Protections

Buy Now
Questions 179

On what port does the CPM process run?

Options:

A.

TCP 857

B.

TCP 18192

C.

TCP 900

D.

TCP 19009

Buy Now
Questions 180

Which of the following is NOT an alert option?

Options:

A.

SNMP

B.

High alert

C.

Mail

D.

User defined alert

Buy Now
Questions 181

One of major features in R81 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

Options:

A.

A lock icon shows that a rule or an object is locked and will be available.

B.

AdminA and AdminB are editing the same rule at the same time.

C.

A lock icon next to a rule informs that any Administrator is working on this particular rule.

D.

AdminA, AdminB and AdminC are editing three different rules at the same time.

Buy Now
Questions 182

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

Options:

A.

INSPECT Engine

B.

Stateful Inspection

C.

Packet Filtering

D.

Application Layer Firewall

Buy Now
Questions 183

What is the command to show SecureXL status?

Options:

A.

fwaccel status

B.

fwaccel stats -m

C.

fwaccel -s

D.

fwaccel stat

Buy Now
Questions 184

fwssd is a child process of which of the following Check Point daemons?

Options:

A.

fwd

B.

cpwd

C.

fwm

D.

cpd

Buy Now
Questions 185

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

Options:

A.

TCP port 19009

B.

TCP Port 18190

C.

TCP Port 18191

D.

TCP Port 18209

Buy Now
Questions 186

What are the different command sources that allow you to communicate with the API server?

Options:

A.

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B.

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

C.

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

D.

API_cli Tool, Gaia CLI, Web Services

Buy Now
Questions 187

Which of the following authentication methods ARE NOT used for Mobile Access?

Options:

A.

RADIUS server

B.

Username and password (internal, LDAP)

C.

SecurID

D.

TACACS+

Buy Now
Questions 188

What Factor preclude Secure XL Templating?

Options:

A.

Source Port Ranges/Encrypted Connections

B.

IPS

C.

ClusterXL in load sharing Mode

D.

CoreXL

Buy Now
Exam Code: 156-315.81
Exam Name: Check Point Certified Security Expert R81.20
Last Update: Dec 2, 2024
Questions: 628

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now 156-315.81 testing engine

PDF (Q&A)

$42  $104.99
buy now 156-315.81 pdf