Winter Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

156-315.81 Sample Questions Answers

Questions 4

You need to see which hotfixes are installed on your gateway, which command would you use?

Options:

A.

cpinfo –h all

B.

cpinfo –o hotfix

C.

cpinfo –l hotfix

D.

cpinfo –y all

Buy Now
Questions 5

What scenario indicates that SecureXL is enabled?

Options:

A.

Dynamic objects are available in the Object Explorer

B.

SecureXL can be disabled in cpconfig

C.

fwaccel commands can be used in clish

D.

Only one packet in a stream is seen in a fw monitor packet capture

Buy Now
Questions 6

Which of the following will NOT affect acceleration?

Options:

A.

Connections destined to or originated from the Security gateway

B.

A 5-tuple match

C.

Multicast packets

D.

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Buy Now
Questions 7

What is the command to see cluster status in cli expert mode?

Options:

A.

fw ctl stat

B.

clusterXL stat

C.

clusterXL status

D.

cphaprob stat

Buy Now
Questions 8

Security Checkup Summary can be easily conducted within:

Options:

A.

Summary

B.

Views

C.

Reports

D.

Checkups

Buy Now
Questions 9

What processes does CPM control?

Options:

A.

Object-Store, Database changes, CPM Process and web-services

B.

web-services, CPMI process, DLEserver, CPM process

C.

DLEServer, Object-Store, CP Process and database changes

D.

web_services, dle_server and object_Store

Buy Now
Questions 10

What is mandatory for ClusterXL to work properly?

Options:

A.

The number of cores must be the same on every participating cluster node

B.

The Magic MAC number must be unique per cluster node

C.

The Sync interface must not have an IP address configured

D.

If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members

Buy Now
Questions 11

Both ClusterXL and VRRP are fully supported by Gaia R81.20 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?

Options:

A.

cphaprob stat

B.

cphaprob –a if

C.

cphaprob –l list

D.

cphaprob all show stat

Buy Now
Questions 12

Which one of the following is true about Threat Emulation?

Options:

A.

Takes less than a second to complete

B.

Works on MS Office and PDF files only

C.

Always delivers a file

D.

Takes minutes to complete (less than 3 minutes)

Buy Now
Questions 13

To add a file to the Threat Prevention Whitelist, what two items are needed?

Options:

A.

File name and Gateway

B.

Object Name and MD5 signature

C.

MD5 signature and Gateway

D.

IP address of Management Server and Gateway

Buy Now
Questions 14

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

Options:

A.

$FWDIR/database/fwauthd.conf

B.

$FWDIR/conf/fwauth.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/state/fwauthd.conf

Buy Now
Questions 15

What are the blades of Threat Prevention?

Options:

A.

IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

B.

DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction

C.

IPS, AntiVirus, AntiBot

D.

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

Buy Now
Questions 16

Which of the following is NOT a component of Check Point Capsule?

Options:

A.

Capsule Docs

B.

Capsule Cloud

C.

Capsule Enterprise

D.

Capsule Workspace

Buy Now
Questions 17

You want to store the GAIA configuration in a file for later reference. What command should you use?

Options:

A.

write mem

B.

show config –f

C.

save config –o

D.

save configuration

Buy Now
Questions 18

You have existing dbedit scripts from R77. Can you use them with R81.20?

Options:

A.

dbedit is not supported in R81.20

B.

dbedit is fully supported in R81.20

C.

You can use dbedit to modify threat prevention or access policies, but not create or modify layers

D.

dbedit scripts are being replaced by mgmt_cli in R81.20

Buy Now
Questions 19

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

Options:

A.

cphaprob set int fwha_vmac_global_param_enabled 1

B.

clusterXL set int fwha_vmac_global_param_enabled 1

C.

fw ctl set int fwha_vmac_global_param_enabled 1

D.

cphaconf set int fwha_vmac_global_param_enabled 1

Buy Now
Questions 20

: 131

Which command is used to display status information for various components?

Options:

A.

show all systems

B.

show system messages

C.

sysmess all

D.

show sysenv all

Buy Now
Questions 21

When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?

Options:

A.

Any size

B.

Less than 20GB

C.

More than 10GB and less than 20GB

D.

At least 20GB

Buy Now
Questions 22

With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?

Options:

A.

Threat Cloud Intelligence

B.

Threat Prevention Software Blade Package

C.

Endpoint Total Protection

D.

Traffic on port 25

Buy Now
Questions 23

In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

Options:

A.

Accounting

B.

Suppression

C.

Accounting/Suppression

D.

Accounting/Extended

Buy Now
Questions 24

Which encryption algorithm is the least secured?

Options:

A.

AES-128

B.

AES-256

C.

DES

D.

3DES

Buy Now
Questions 25

An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?

Options:

A.

He can use the fw accel stat command on the gateway.

B.

He can use the fw accel statistics command on the gateway.

C.

He can use the fwaccel stat command on the Security Management Server.

D.

He can use the fwaccel stat command on the gateway

Buy Now
Questions 26

What is considered Hybrid Emulation Mode?

Options:

A.

Manual configuration of file types on emulation location.

B.

Load sharing of emulation between an on premise appliance and the cloud.

C.

Load sharing between OS behavior and CPU Level emulation.

D.

High availability between the local SandBlast appliance and the cloud.

Buy Now
Questions 27

Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?

Options:

A.

cpwd

B.

fwd

C.

cpd

D.

fwm

Buy Now
Questions 28

Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?

Options:

A.

Export R81 configuration, clean install R81.20 and import the configuration

B.

CPUSE offline upgrade

C.

CPUSE online upgrade

D.

SmartUpdate upgrade

Buy Now
Questions 29

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

Options:

A.

Accept Template

B.

Deny Template

C.

Drop Template

D.

NAT Template

Buy Now
Questions 30

Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?

Options:

A.

enable DLP and select.exe and .bat file type

B.

enable .exe & .bat protection in IPS Policy

C.

create FW rule for particular protocol

D.

tecli advanced attributes set prohibited_file_types exe.bat

Buy Now
Questions 31

As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?

Options:

A.

SFWDIR/smartevent/conf

B.

$RTDIR/smartevent/conf

C.

$RTDIR/smartview/conf

D.

$FWDIR/smartview/conf

Buy Now
Questions 32

For Management High Availability, which of the following is NOT a valid synchronization status?

Options:

A.

Collision

B.

Down

C.

Lagging

D.

Never been synchronized

Buy Now
Questions 33

Which GUI client is supported in R81?

Options:

A.

SmartProvisioning

B.

SmartView Tracker

C.

SmartView Monitor

D.

SmartLog

Buy Now
Questions 34

What is the benefit of “tw monitor” over “tcpdump”?

Options:

A.

“fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.

B.

“fw monitor” is also available for 64-Bit operating systems.

C.

With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”

D.

“fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.

Buy Now
Questions 35

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

Options:

A.

That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.

B.

Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.

C.

Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.

D.

You can make sure that documents are sent to the intended recipients only.

Buy Now
Questions 36

Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?

Options:

A.

Slow Path

B.

Medium Path

C.

Fast Path

D.

Accelerated Path

Buy Now
Questions 37

Which Check Point daemon monitors the other daemons?

Options:

A.

fwm

B.

cpd

C.

cpwd

D.

fwssd

Buy Now
Questions 38

What is the most recommended way to install patches and hotfixes?

Options:

A.

CPUSE Check Point Update Service Engine

B.

rpm -Uv

C.

Software Update Service

D.

UnixinstallScript

Buy Now
Questions 39

Automation and Orchestration differ in that:

Options:

A.

Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

B.

Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.

C.

Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.

D.

Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

Buy Now
Questions 40

: 156

VPN Link Selection will perform the following when the primary VPN link goes down?

Options:

A.

The Firewall will drop the packets.

B.

The Firewall can update the Link Selection entries to start using a different link for the same tunnel.

C.

The Firewall will send out the packet on all interfaces.

D.

The Firewall will inform the client that the tunnel is down.

Buy Now
Questions 41

From SecureXL perspective, what are the tree paths of traffic flow:

Options:

A.

Initial Path; Medium Path; Accelerated Path

B.

Layer Path; Blade Path; Rule Path

C.

Firewall Path; Accept Path; Drop Path

D.

Firewall Path; Accelerated Path; Medium Path

Buy Now
Questions 42

Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?

Options:

A.

The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses

B.

The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

C.

The CoreXL FW instances assignment mechanism is based on IP Protocol type

D.

The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type

Buy Now
Questions 43

Office mode means that:

Options:

A.

SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

B.

Users authenticate with an Internet browser and use secure HTTPS connection.

C.

Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.

D.

Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Buy Now
Questions 44

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?

Options:

A.

20 minutes

B.

15 minutes

C.

Admin account cannot be unlocked automatically

D.

30 minutes at least

Buy Now
Questions 45

You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.

How many cores can be used in a Cluster for Firewall-kernel on the new device?

Options:

A.

3

B.

2

C.

1

D.

4

Buy Now
Questions 46

SandBlast appliances can be deployed in the following modes:

Options:

A.

using a SPAN port to receive a copy of the traffic only

B.

detect only

C.

inline/prevent or detect

D.

as a Mail Transfer Agent and as part of the traffic flow only

Buy Now
Questions 47

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

Options:

A.

Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.

B.

Correlates all the identified threats with the consolidation policy.

C.

Collects syslog data from third party devices and saves them to the database.

D.

Connects with the SmartEvent Client when generating threat reports.

Buy Now
Questions 48

In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

Options:

A.

SND is a feature to accelerate multiple SSL VPN connections

B.

SND is an alternative to IPSec Main Mode, using only 3 packets

C.

SND is used to distribute packets among Firewall instances

D.

SND is a feature of fw monitor to capture accelerated packets

Buy Now
Questions 49

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:

Options:

A.

Create new dashboards to manage 3rd party task

B.

Create products that use and enhance 3rd party solutions

C.

Execute automated scripts to perform common tasks

D.

Create products that use and enhance the Check Point Solution

Buy Now
Questions 50

Which of the following commands shows the status of processes?

Options:

A.

cpwd_admin -l

B.

cpwd -l

C.

cpwd admin_list

D.

cpwd_admin list

Buy Now
Questions 51

You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.

What must you do to get SIC to work?

Options:

A.

Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.

B.

Create a rule at the top in the Sydney firewall to allow control traffic from your network

C.

Nothing - Check Point control connections function regardless of Geo-Protection policy

D.

Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Buy Now
Questions 52

Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.

Which command should he use in CLI? (Choose the correct answer.)

Options:

A.

remove database lock

B.

The database feature has one command lock database override.

C.

override database lock

D.

The database feature has two commands lock database override and unlock database. Both will work.

Buy Now
Questions 53

What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?

Options:

A.

Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.

B.

Security Gateway failover as well as Security Management Server failover is a manual procedure.

C.

Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.

D.

Security Gateway failover as well as Security Management Server failover is an automatic procedure.

Buy Now
Questions 54

SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:

Options:

A.

ping, traceroute, netstat, and route

B.

ping, nslookup, Telnet, and route

C.

ping, whois, nslookup, and Telnet

D.

ping, traceroute, netstat, and nslookup

Buy Now
Questions 55

What is the responsibility of SOLR process on R81.20 management server?

Options:

A.

Validating all data before it’s written into the database

B.

It generates indexes of data written to the database

C.

Communication between SmartConsole applications and the Security Management Server

D.

Writing all information into the database

Buy Now
Questions 56

You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

Options:

A.

sim erdos –e 1

B.

sim erdos – m 1

C.

sim erdos –v 1

D.

sim erdos –x 1

Buy Now
Questions 57

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

Options:

A.

ffff

B.

1

C.

3

D.

2

Buy Now
Questions 58

Which is NOT a SmartEvent component?

Options:

A.

SmartEvent Server

B.

Correlation Unit

C.

Log Consolidator

D.

Log Server

Buy Now
Questions 59

What is true of the API server on R81.20?

Options:

A.

By default the API-server is activated and does not have hardware requirements.

B.

By default the API-server is not active and should be activated from the WebUI.

C.

By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).

D.

By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

Buy Now
Questions 60

On what port does the CPM process run?

Options:

A.

TCP 857

B.

TCP 18192

C.

TCP 900

D.

TCP 19009

Buy Now
Questions 61

Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.

Options:

A.

WMI

B.

Eventvwr

C.

XML

D.

Services.msc

Buy Now
Questions 62

Which NAT rules are prioritized first?

Options:

A.

Post-Automatic/Manual NAT rules

B.

Manual/Pre-Automatic NAT

C.

Automatic Hide NAT

D.

Automatic Static NAT

Buy Now
Questions 63

Check Point security components are divided into the following components:

Options:

A.

GUI Client, Security Gateway, WebUI Interface

B.

GUI Client, Security Management, Security Gateway

C.

Security Gateway, WebUI Interface, Consolidated Security Logs

D.

Security Management, Security Gateway, Consolidate Security Logs

Buy Now
Questions 64

Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.

What will happen to the changes already made?

Options:

A.

Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.

B.

Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.

C.

Tom’s changes will be lost since he lost connectivity and he will have to start again.

D.

Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

Buy Now
Questions 65

Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?

Options:

A.

SOAP

B.

REST

C.

XLANG

D.

XML-RPC

Buy Now
Questions 66

During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

Options:

A.

Dropped without sending a negative acknowledgment

B.

Dropped without logs and without sending a negative acknowledgment

C.

Dropped with negative acknowledgment

D.

Dropped with logs and without sending a negative acknowledgment

Buy Now
Questions 67

Which is not a blade option when configuring SmartEvent?

Options:

A.

Correlation Unit

B.

SmartEvent Unit

C.

SmartEvent Server

D.

Log Server

Buy Now
Questions 68

Which of the following is NOT an alert option?

Options:

A.

SNMP

B.

High alert

C.

Mail

D.

User defined alert

Buy Now
Questions 69

Which file gives you a list of all security servers in use, including port number?

Options:

A.

$FWDIR/conf/conf.conf

B.

$FWDIR/conf/servers.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/conf/serversd.conf

Buy Now
Questions 70

Which SmartConsole tab is used to monitor network and security performance?

Options:

A.

Manage Setting

B.

Security Policies

C.

Gateway and Servers

D.

Logs and Monitor

Buy Now
Questions 71

You can access the ThreatCloud Repository from:

Options:

A.

R81.20 SmartConsole and Application Wiki

B.

Threat Prevention and Threat Tools

C.

Threat Wiki and Check Point Website

D.

R81.20 SmartConsole and Threat Prevention

Buy Now
Questions 72

What is the default shell for the command line interface?

Options:

A.

Expert

B.

Clish

C.

Admin

D.

Normal

Buy Now
Questions 73

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Options:

A.

Run cprestart from clish

B.

After upgrading the hardware, increase the number of kernel instances using cpconfig

C.

Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores

D.

Hyperthreading must be enabled in the bios to use CoreXL

Buy Now
Questions 74

Identity Awareness allows the Security Administrator to configure network access based on which of the following?

Options:

A.

Name of the application, identity of the user, and identity of the machine

B.

Identity of the machine, username, and certificate

C.

Browser-Based Authentication, identity of a user, and network location

D.

Network location, identity of a user, and identity of a machine

Buy Now
Questions 75

What Is the difference between Updatable Objects and Dynamic Objects

Options:

A.

Dynamic Objects ate maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.

B.

Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally For Dynamic Objects

there is no need to install policy for the changes to take effect.

C.

Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally In both cases there is no

need to install policy for the changes to take effect.

D.

Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there rs no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.

Buy Now
Questions 76

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.

Why does it not allow him to specify the pre-shared secret?

Options:

A.

IPsec VPN blade should be enabled on both Security Gateway.

B.

Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.

C.

Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.

D.

The Security Gateways are pre-R75.40.

Buy Now
Questions 77

What solution is multi-queue intended to provide?

Options:

A.

Improve the efficiency of traffic handling by SecureXL SNDs

B.

Reduce the confusion for traffic capturing in FW Monitor

C.

Improve the efficiency of CoreXL Kernel Instances

D.

Reduce the performance of network interfaces

Buy Now
Questions 78

What can we infer about the recent changes made to the Rule Base?

Options:

A.

Rule 7 was created by the ‘admin’ administrator in the current session

B.

8 changes have been made by administrators since the last policy installation

C.

The rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator

D.

Rule 1 and object webserver are locked by another administrator

Buy Now
Questions 79

What is false regarding prerequisites for the Central Deployment usage?

Options:

A.

The administrator must have write permission on SmartUpdate

B.

Security Gateway must have the latest CPUSE Deployment Agent

C.

No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.

D.

The Security Gateway must have a policy installed

Buy Now
Questions 80

What command is used to manually failover a Multi-Version Cluster during the upgrade?

Options:

A.

clusterXL_admin down in Expert Mode

B.

clusterXL_admin down in Clish

C.

set cluster member state down in Clish

D.

set cluster down in Expert Mode

Buy Now
Questions 81

What ports are used for SmartConsole to connect to the Security Management Server?

Options:

A.

CPMI (18190)

B.

ICA_Pull (18210), CPMI (18190) https (443)

C.

CPM (19009), CPMI (18190) https (443)

D.

CPM (19009), CPMI (18190) CPD (18191)

Buy Now
Questions 82

Why is a Central License the preferred and recommended method of licensing?

Options:

A.

Central Licensing actually not supported with Gaia.

B.

Central Licensing is the only option when deploying Gala.

C.

Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.

D.

Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Buy Now
Questions 83

In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following:

Options:

A.

The Firewall kernel only touches the packet if the connection is accelerated

B.

The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

C.

The Firewall can run the same policy on all cores

D.

The Firewall can run different policies per core

Buy Now
Questions 84

According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side a process receives them and first stores them Into a temporary directory. Which process is true for receiving these Tiles;

Options:

A.

FWD

B.

CPD

C.

FWM

D.

RAD

Buy Now
Questions 85

View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)

Options:

A.

The current administrator has read-only permissions to Threat Prevention Policy.

B.

Another user has locked the rule for editing.

C.

Configuration lock is present. Click the lock symbol to gain read-write access.

D.

The current administrator is logged in as read-only because someone else is editing the policy.

Buy Now
Questions 86

What are the correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster(MVC)Upgrade?

Options:

A.

1) Enable the MVC mechanism on both cluster members #cphaprob mvc on

2) Upgrade the passive node M2 to R81.20

3) In SmartConsole, change the version of the cluster object

4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails

5) After examine the cluster states upgrade node M1 to R81.20

6) On each Cluster Member, disable the MVC mechani

B.

1) Enable the MVC mechanism on both cluster members #cphaprob mvc on

2) Upgrade the passive node M2 to R81.20

3) In SmartConsole, change the version of the cluster object

4) Install the Access Control Policy

5) After examine the cluster states upgrade node M1 to R81.20

6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy

C.

1) In SmartConsole, change the version of the cluster object

2) Upgrade the passive node M2 to R81.20

3) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 #cphaconf mvc on

4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails

5) After examine the cluster states upgrade node M1 to R81.20

6) On each Cluster Member, disabl

D.

1) Upgrade the passive node M2 to R81.20

2) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 #cphaconf mvc on

3) In SmartConsole, change the version of the cluster object

4) Install the Access Control Policy

5) After examine the cluster states upgrade node M1 to R81.20

6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.2

Buy Now
Questions 87

Native Applications require a thin client under which circumstances?

Options:

A.

If you want to use a legacy 32-Bit Windows OS

B.

If you want to use a VPN Client that is not officially supported by the underlying operating system

C.

If you want to have assigned a particular Office Mode IP address.

D.

If you are about to use a client (FTP. RDP, ...) that is installed on the endpoint.

Buy Now
Questions 88

You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

What does this mean?

Options:

A.

This rule No. 6 has been marked for deletion in your Management session.

B.

This rule No. 6 has been marked for deletion in another Management session.

C.

This rule No. 6 has been marked for editing in your Management session.

D.

This rule No. 6 has been marked for editing in another Management session.

Buy Now
Questions 89

Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?

Options:

A.

UserCheck

B.

Active Directory Query

C.

Account Unit Query

D.

User Directory Query

Buy Now
Questions 90

How can you see historical data with cpview?

Options:

A.

cpview -f

B.

cpview -e

C.

cpview -t

D.

cpview -d

Buy Now
Questions 91

How to can you make sure that the old logs will be available after updating the Management to version R81.20 using the Advanced Upgrade Method?

Options:

A.

Use the WebUI -> Maintenance > System Backup and store the backup on a remote FTP server

B.

The logs will be included running SFWDIR/scripts/migrate_server export -v R81.20

C.

Use the WebUI to save a snapshot before updating the Management -> Maintenance > Snapshot Management

D.

Use the migrate_server tool with the option '-I' for the logs and '-x' for the index

Buy Now
Questions 92

You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?

Options:

A.

Open SmartView Monitor and select the SmartEvent Window from the main menu.

B.

In the SmartConsole / Logs & Monitor --> open the Logs View and use type:Correlated as query filter.

C.

In the SmartConsole / Logs & Monitor -> open a new Tab and select External Apps / SmartEvent.

D.

Select the Events tab in the SmartEvent GUI or use the Events tab in the SmartView web interface.

Buy Now
Questions 93

What is the purpose of the command "ps aux | grep twd"?

Options:

A.

You can check the Process ID and the processing time of the twd process.

B.

You can convert the log file into Post Script format.

C.

You can list all Process IDs for all running services.

D.

You can check whether the IPS default setting is set to Detect or Prevent mode

Buy Now
Questions 94

Which process is used mainly for backward compatibility of gateways in R81.X? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.

Options:

A.

cpm

B.

fwd

C.

cpd

D.

fwm

D18912E1457D5D1DDCBD40AB3BF70D5D

Buy Now
Questions 95

What technologies are used to deny or permit network traffic?

Options:

A.

Stateful Inspection, Firewall Blade, and URL/Application Blade

B.

Packet Filtering, Stateful Inspection, and Application Layer Firewall

C.

Firewall Blade, URL/Application Blade, and IPS

D.

Stateful Inspection, URL/Application Blade, and Threat Prevention

Buy Now
Questions 96

What component of Management is used tor indexing?

Options:

A.

DBSync

B.

API Server

C.

fwm

D.

SOLR

Buy Now
Questions 97

The customer has about 150 remote access user with a Windows laptops. Not more than 50 Clients will be connected at the same time. The customer want to use multiple VPN Gateways as entry point and a personal firewall. What will be the best license for him?

Options:

A.

He will need Capsule Connect using MEP (multiple entry points).

B.

Because the customer uses only Windows clients SecuRemote will be sufficient and no additional license is needed

C.

He will need Harmony Endpoint because of the personal firewall.

D.

Mobile Access license because he needs only a 50 user license, license count is per concurrent user.

Buy Now
Questions 98

Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.

Options:

A.

Better understand the behavior of the Access Control Policy

B.

Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base

C.

Automatically rearrange Access Control Policy based on Hit Count Analysis

D.

Analyze a Rule Base - You can delete rules that have no matching connections

Buy Now
Questions 99

In R81.20 a new feature dynamic log distribution was added. What is this for?

  • Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy

  • In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log

  • Synchronize the log between the primary and secondary management server in case of a Management High Availability

Options:

A.

To save disk space in case of a firewall cluster local logs are distributed between the cluster members.

Buy Now
Questions 100

Main Mode in IKEv1 uses how many packages for negotiation?

Options:

A.

4

B.

depends on the make of the peer gateway

C.

3

D.

6

Buy Now
Questions 101

Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.

Which details she need to fill in System Restore window before she can click OK button and test the backup?

Options:

A.

Server, SCP, Username, Password, Path, Comment, Member

B.

Server, TFTP, Username, Password, Path, Comment, All Members

C.

Server, Protocol, Username, Password, Path, Comment, All Members

D.

Server, Protocol, username Password, Path, Comment, Member

Buy Now
Questions 102

With SecureXL enabled, accelerated packets will pass through the following:

Options:

A.

Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

B.

Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device

C.

Network Interface Card and the Acceleration Device

D.

Network Interface Card, OSI Network Layer, and the Acceleration Device

Buy Now
Questions 103

Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

Options:

A.

AV issues

B.

VPN errors

C.

Network traffic issues

D.

Authentication issues

Buy Now
Questions 104

What is the valid range for VRID value in VRRP configuration?

Options:

A.

1 - 254

B.

1 - 255

C.

0 - 254

D.

0 - 255

Buy Now
Questions 105

What is not a purpose of the deployment of Check Point API?

Options:

A.

Execute an automated script to perform common tasks

B.

Create a customized GUI Client for manipulating the objects database

C.

Create products that use and enhance the Check Point solution

D.

Integrate Check Point products with 3rd party solution

Buy Now
Questions 106

Which Check Point feature enables application scanning and the detection?

Options:

A.

Application Dictionary

B.

AppWiki

C.

Application Library

D.

CPApp

Buy Now
Questions 107

Which component is NOT required to communicate with the Web Services API?

Options:

A.

API key

B.

session ID token

C.

content-type

D.

Request payload

Buy Now
Questions 108

Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

Options:

A.

Auditor

B.

Read Only All

C.

Super User

D.

Full Access

Buy Now
Questions 109

Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

Options:

A.

All Connections (Clear or Encrypted)

B.

Accept all encrypted traffic

C.

Specific VPN Communities

D.

All Site-to-Site VPN Communities

Buy Now
Questions 110

What is NOT a Cluster Mode?

Options:

A.

Load Sharing Unicast

B.

Load Sharing Multicast

C.

Active-Active

D.

High Availability Multicast

Buy Now
Questions 111

In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

Options:

A.

Basic, Optimized, Strict

B.

Basic, Optimized, Severe

C.

General, Escalation, Severe

D.

General, purposed, Strict

Buy Now
Questions 112

By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?

Options:

A.

Six times per day

B.

Seven times per day

C.

Every two hours

D.

Every three hours

Buy Now
Questions 113

Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?

Options:

A.

fwm

B.

cpd

C.

cpwd

D.

cpm

Buy Now
Questions 114

What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)?

Options:

A.

Manually, Scheduled, Automatic

B.

Manually, Automatic, Disabled

C.

Manually, Scheduled, Disabled

D.

Manually, Scheduled, Enabled

Buy Now
Questions 115

How would you enable VMAC Mode in ClusterXL?

Options:

A.

Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC

B.

fw ctl set int vmac_mode 1

C.

cphaconf vmac_mode set 1

D.

Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC

Buy Now
Questions 116

What is false regarding a Management HA environment?

Options:

A.

Only one Management Server should be active, while any others be in standby mode

B.

It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior.

C.

SmartConsole can connect to any management server in Readonly mode.

D.

Synchronization will occur automatically with each Publish event if the Standby servers are available.

Buy Now
Questions 117

Kurt is planning to upgrade his Security Management Server to R81.X. What is the lowest supported version of the Security Management he can upgrade from?

Options:

A.

R76 Splat

B.

R77.X Gaia

C.

R75 Splat

D.

R75 Gaia

Buy Now
Questions 118

In which deployment is the security management server and Security Gateway installed on the same appliance?

Options:

A.

Standalone

B.

Remote

C.

Distributed

D.

Bridge Mode

Buy Now
Questions 119

Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory is true?

Options:

A.

$FWDIR/conf/client.scv

B.

$CPDIR/conf/local.scv

C.

$CPDIR/conf/client.svc

D.

$FWDIR/conf/local.scv

Buy Now
Questions 120

What does the "unknown" SIC status shown on SmartConsole mean?

Options:

A.

SIC activation key requires a reset

B.

Administrator input the wrong SIC key

C.

The management can contact the Security Gateway but cannot establish Secure Internal Communication

D.

There is no connection between the Security Gateway and Security Management Server

Buy Now
Questions 121

What two ordered layers make up the Access Control Policy Layer?

Options:

A.

URL Filtering and Network

B.

Network and Threat Prevention

C.

Application Control and URL Filtering

D.

Network and Application Control

Buy Now
Questions 122

How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?

Options:

A.

1

B.

3

C.

2

D.

4

Buy Now
Questions 123

What is the port used for SmartConsole to connect to the Security Management Server?

Options:

A.

CPMI port 18191/TCP

B.

CPM port/TCP port 19009

C.

SIC port 18191/TCP

D.

https port 4434/TCP

Buy Now
Questions 124

SmartEvent uses it's event policy to identify events. How can this be customized?

Options:

A.

By modifying the firewall rulebase

B.

By creating event candidates

C.

By matching logs against exclusions

D.

By matching logs against event rules

Buy Now
Questions 125

What is the correct Syntax for adding an access-rule via R80 API?

Options:

A.

add access-rule layer "Network" action "Allow"

B.

add access-rule layer "Network" position 1 name "Rule 1" service. 1 "SMTP" service.2 "hup"

C.

add access-rule and follow the wizard

D.

add rule position 1 name "Rule 1" policy-package "Standard" add service "http"

Buy Now
Questions 126

What is true about VRRP implementations?

Options:

A.

VRRP membership is enabled in cpconfig

B.

VRRP can be used together with ClusterXL, but with degraded performance

C.

You cannot have a standalone deployment

D.

You cannot have different VRIDs in the same physical network

Buy Now
Questions 127

What are the different command sources that allow you to communicate with the API server?

Options:

A.

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B.

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

C.

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

D.

API_cli Tool, Gaia CLI, Web Services

Buy Now
Questions 128

What is not a component of Check Point SandBlast?

Options:

A.

Threat Emulation

B.

Threat Simulator

C.

Threat Extraction

D.

Threat Cloud

Buy Now
Questions 129

Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

Options:

A.

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

B.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.

Time object to a rule to make the rule active only during specified times.

D.

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Buy Now
Questions 130

Which TCP-port does CPM process listen to?

Options:

A.

18191

B.

18190

C.

8983

D.

19009

Buy Now
Questions 131

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

Options:

A.

Inspect/Bypass

B.

Inspect/Prevent

C.

Prevent/Bypass

D.

Detect/Bypass

Buy Now
Questions 132

Which of the following process pulls application monitoring status?

Options:

A.

fwd

B.

fwm

C.

cpwd

D.

cpd

Buy Now
Questions 133

Which features are only supported with R81.20 Gateways but not R77.x?

Options:

A.

Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.

B.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

D.

Time object to a rule to make the rule active only during specified times.

Buy Now
Questions 134

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

Options:

A.

fw ctl multik set_mode 1

B.

fw ctl Dynamic_Priority_Queue on

C.

fw ctl Dynamic_Priority_Queue enable

D.

fw ctl multik set_mode 9

Buy Now
Questions 135

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

Options:

A.

TCP port 19009

B.

TCP Port 18190

C.

TCP Port 18191

D.

TCP Port 18209

Buy Now
Questions 136

Connections to the Check Point R81 Web API use what protocol?

Options:

A.

HTTPS

B.

RPC

C.

VPN

D.

SIC

Buy Now
Questions 137

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Options:

A.

None, Security Management Server would be installed by itself.

B.

SmartConsole

C.

SecureClient

D.

Security Gateway

E.

SmartEvent

Buy Now
Questions 138

Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

Options:

A.

Block Port Overflow

B.

Local Interface Spoofing

C.

Suspicious Activity Monitoring

D.

Adaptive Threat Prevention

Buy Now
Questions 139

Which statement is correct about the Sticky Decision Function?

Options:

A.

It is not supported with either the Performance pack of a hardware based accelerator card

B.

Does not support SPI’s when configured for Load Sharing

C.

It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

D.

It is not required L2TP traffic

Buy Now
Questions 140

How many images are included with Check Point TE appliance in Recommended Mode?

Options:

A.

2(OS) images

B.

images are chosen by administrator during installation

C.

as many as licensed for

D.

the newest image

Buy Now
Questions 141

You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Options:

A.

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

B.

Create a separate Security Policy package for each remote Security Gateway.

C.

Create network objects that restricts all applicable rules to only certain networks.

D.

Run separate SmartConsole instances to login and configure each Security Gateway directly.

Buy Now
Questions 142

Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

Options:

A.

User data base corruption

B.

LDAP conflicts

C.

Traffic issues

D.

Phase two key negotiations

Buy Now
Questions 143

Which of the following authentication methods ARE NOT used for Mobile Access?

Options:

A.

RADIUS server

B.

Username and password (internal, LDAP)

C.

SecurID

D.

TACACS+

Buy Now
Questions 144

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

Options:

A.

UDP port 265

B.

TCP port 265

C.

UDP port 256

D.

TCP port 256

Buy Now
Questions 145

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

Options:

A.

MySQL

B.

Postgres SQL

C.

MarisDB

D.

SOLR

Buy Now
Questions 146

SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?

Options:

A.

Management Dashboard

B.

Gateway

C.

Personal User Storage

D.

Behavior Risk Engine

Buy Now
Questions 147

You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

Options:

A.

restore_backup

B.

import backup

C.

cp_merge

D.

migrate import

Buy Now
Questions 148

What command verifies that the API server is responding?

Options:

A.

api stat

B.

api status

C.

show api_status

D.

app_get_status

Buy Now
Questions 149

In R81 spoofing is defined as a method of:

Options:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Buy Now
Questions 150

What is the difference between an event and a log?

Options:

A.

Events are generated at gateway according to Event Policy

B.

A log entry becomes an event when it matches any rule defined in Event Policy

C.

Events are collected with SmartWorkflow form Trouble Ticket systems

D.

Log and Events are synonyms

Buy Now
Questions 151

To fully enable Dynamic Dispatcher on a Security Gateway:

Options:

A.

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

B.

Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.

C.

Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

D.

run fw multik set_mode 1 in Expert mode and then reboot.

Buy Now
Questions 152

Which view is NOT a valid CPVIEW view?

Options:

A.

IDA

B.

RAD

C.

PDP

D.

VPN

Buy Now
Questions 153

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

Options:

A.

Symmetric routing

B.

Failovers

C.

Asymmetric routing

D.

Anti-Spoofing

Buy Now
Questions 154

Which command would disable a Cluster Member permanently?

Options:

A.

clusterXL_admin down

B.

cphaprob_admin down

C.

clusterXL_admin down-p

D.

set clusterXL down-p

Buy Now
Questions 155

The Event List within the Event tab contains:

Options:

A.

a list of options available for running a query.

B.

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

C.

events generated by a query.

D.

the details of a selected event.

Buy Now
Questions 156

Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

Options:

A.

infoCP

B.

infoview

C.

cpinfo

D.

fw cpinfo

Buy Now
Questions 157

Which command collects diagnostic data for analyzing customer setup remotely?

Options:

A.

cpinfo

B.

migrate export

C.

sysinfo

D.

cpview

Buy Now
Questions 158

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

Options:

A.

add host name ip-address

B.

add hostname ip-address

C.

set host name ip-address

D.

set hostname ip-address

Buy Now
Questions 159

Which command is used to set the CCP protocol to Multicast?

Options:

A.

cphaprob set_ccp multicast

B.

cphaconf set_ccp multicast

C.

cphaconf set_ccp no_broadcast

D.

cphaprob set_ccp no_broadcast

Buy Now
Questions 160

CoreXL is supported when one of the following features is enabled:

Options:

A.

Route-based VPN

B.

IPS

C.

IPv6

D.

Overlapping NAT

Buy Now
Questions 161

What is the limitation of employing Sticky Decision Function?

Options:

A.

With SDF enabled, the involved VPN Gateways only supports IKEv1

B.

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

C.

With SDF enabled, only ClusterXL in legacy mode is supported

D.

With SDF enabled, you can only have three Sync interfaces at most

Buy Now
Questions 162

The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .

Options:

A.

TCP 18211

B.

TCP 257

C.

TCP 4433

D.

TCP 443

Buy Now
Questions 163

What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

Options:

A.

Source address, Destination address, Source port, Destination port, Protocol

B.

Source MAC address, Destination MAC address, Source port, Destination port, Protocol

C.

Source address, Destination address, Source port, Destination port

D.

Source address, Destination address, Destination port, Protocol

Buy Now
Questions 164

Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

Options:

A.

15 sec

B.

60 sec

C.

5 sec

D.

30 sec

Buy Now
Questions 165

Which method below is NOT one of the ways to communicate using the Management API’s?

Options:

A.

Typing API commands using the “mgmt_cli” command

B.

Typing API commands from a dialog box inside the SmartConsole GUI application

C.

Typing API commands using Gaia’s secure shell(clish)19+

D.

Sending API commands over an http connection using web-services

Buy Now
Questions 166

Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?

Options:

A.

Severity

B.

Automatic reactions

C.

Policy

D.

Threshold

Buy Now
Questions 167

R81.20 management server can manage gateways with which versions installed?

Options:

A.

Versions R77 and higher

B.

Versions R76 and higher

C.

Versions R75.20 and higher

D.

Versions R75 and higher

Buy Now
Questions 168

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

Options:

A.

logd

B.

fwd

C.

fwm

D.

cpd

Buy Now
Questions 169

What is the least amount of CPU cores required to enable CoreXL?

Options:

A.

2

B.

1

C.

4

D.

6

Buy Now
Questions 170

Which of the SecureXL templates are enabled by default on Security Gateway?

Options:

A.

Accept

B.

Drop

C.

NAT

D.

None

Buy Now
Questions 171

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

Options:

A.

TCP Port 18190

B.

TCP Port 18209

C.

TCP Port 19009

D.

TCP Port 18191

Buy Now
Questions 172

In R81, how do you manage your Mobile Access Policy?

Options:

A.

Through the Unified Policy

B.

Through the Mobile Console

C.

From SmartDashboard

D.

From the Dedicated Mobility Tab

Buy Now
Questions 173

What is the order of NAT priorities?

Options:

A.

Static NAT, IP pool NAT, hide NAT

B.

IP pool NAT, static NAT, hide NAT

C.

Static NAT, automatic NAT, hide NAT

D.

Static NAT, hide NAT, IP pool NAT

Buy Now
Questions 174

Which Check Point software blade provides Application Security and identity control?

Options:

A.

Identity Awareness

B.

Data Loss Prevention

C.

URL Filtering

D.

Application Control

Buy Now
Questions 175

You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

Options:

A.

edit fwaffinity.conf; reboot required

B.

cpconfig; reboot required

C.

edit fwaffinity.conf; reboot not required

D.

cpconfig; reboot not required

Buy Now
Questions 176

What is the command to show SecureXL status?

Options:

A.

fwaccel status

B.

fwaccel stats -m

C.

fwaccel -s

D.

fwaccel stat

Buy Now
Questions 177

Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?

Options:

A.

Kerberos Ticket Renewed

B.

Kerberos Ticket Requested

C.

Account Logon

D.

Kerberos Ticket Timed Out

Buy Now
Questions 178

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Options:

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Buy Now
Questions 179

One of major features in R81 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

Options:

A.

A lock icon shows that a rule or an object is locked and will be available.

B.

AdminA and AdminB are editing the same rule at the same time.

C.

A lock icon next to a rule informs that any Administrator is working on this particular rule.

D.

AdminA, AdminB and AdminC are editing three different rules at the same time.

Buy Now
Questions 180

What is the minimum amount of RAM needed for a Threat Prevention Appliance?

Options:

A.

6 GB

B.

8GB with Gaia in 64-bit mode

C.

4 GB

D.

It depends on the number of software blades enabled

Buy Now
Questions 181

Please choose the path to monitor the compliance status of the Check Point R81.20 based management.

Options:

A.

Gateways & Servers --> Compliance View

B.

Compliance blade not available under R81.20

C.

Logs & Monitor --> New Tab --> Open compliance View

D.

Security & Policies --> New Tab --> Compliance View

Buy Now
Questions 182

When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:

Options:

A.

All UDP packets

B.

All IPv6 Traffic

C.

All packets that match a rule whose source or destination is the Outside Corporate Network

D.

CIFS packets

Buy Now
Questions 183

In what way are SSL VPN and IPSec VPN different?

Options:

A.

SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless

B.

SSL VPN adds an extra VPN header to the packet, IPSec VPN does not

C.

IPSec VPN does not support two factor authentication, SSL VPN does support this

D.

IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Buy Now
Questions 184

In which formats can Threat Emulation forensics reports be viewed in?

Options:

A.

TXT, XML and CSV

B.

PDF and TXT

C.

PDF, HTML, and XML

D.

PDF and HTML

Buy Now
Questions 185

Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?

Options:

A.

You can assign only one profile per gateway and a profile can be assigned to one rule Only.

B.

You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

C.

You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

D.

You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Buy Now
Questions 186

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

Options:

A.

Smart Cloud Services

B.

Load Sharing Mode Services

C.

Threat Agent Solution

D.

Public Cloud Services

Buy Now
Questions 187

After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

Options:

A.

cvpnd_restart

B.

cvpnd_restart

C.

cvpnd restart

D.

cvpnrestart

Buy Now
Questions 188

SmartEvent does NOT use which of the following procedures to identify events:

Options:

A.

Matching a log against each event definition

B.

Create an event candidate

C.

Matching a log against local exclusions

D.

Matching a log against global exclusions

Buy Now
Exam Code: 156-315.81
Exam Name: Check Point Certified Security Expert R81.20
Last Update: Feb 13, 2025
Questions: 628
$66  $164.99
$50  $124.99
$42  $104.99
buy now 156-315.81