DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare Efficiently with Latest Check Point 156-215.81 Exam Study Materials

SPOTO's Check Point 156-215.81 practice questions are an invaluable resource for candidates preparing for the Check Point Certified Security Administrator R81 exam. These practice tests provide a comprehensive set of exam questions and answers, carefully designed to simulate the actual exam environment. By regularly engaging with SPOTO's practice questions and mock exams, candidates can enhance their understanding of Check Point security concepts and improve their exam readiness. SPOTO's study materials and exam resources further supplement the preparation process, offering a structured approach to mastering the exam objectives. With SPOTO's effective exam preparation tools and resources, candidates can confidently approach the exam and increase their chances of passing successfully.
Take other online exams

Question #1
What are the three tabs available in SmartView Tracker?
A. etwork & Endpoint, Management, and Active
B. etwork, Endpoint, and Active
C. redefined, All Records, Custom Queries
D. ndpoint, Active, and Custom Queries
View answer
Correct Answer: C
Question #2
While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?1)Select Active Mode tab in SmartView Tracker.2) Select Tools > Block Intruder.3) Select Log Viewing tab in SmartView Tracker.4) Set Blocking Timeout value to 60 minutes.5) Highlight connection that should be blocked.
A. , 2, 5, 4
B. , 2, 5, 4
C. , 5, 2, 4
D. , 5, 2, 4
View answer
Correct Answer: C
Question #3
The SmartEvent R80 Web application for real-time event monitoring is called:
A. martView Monitor
B. martEventWeb
C. here is no Web application for SmartEvent
D. martView
View answer
Correct Answer: B
Question #4
What port is used for delivering logs from the gateway to the management server?
A. ort 258
B. ort 18209
C. ort 257
D. ort 981
View answer
Correct Answer: C
Question #5
Fill in the blank: Licenses can be added to the License and Contract repository ________ .
A. rom the User Center, from a file, or manually
B. rom a file, manually, or from SmartView Monitor
C. anually, from SmartView Monitor, or from the User Center
D. rom SmartView Monitor, from the User Center, or from a file
View answer
Correct Answer: A
Question #6
What is the purpose of the Clean-up Rule?
A. o log all traffic that is not explicitly allowed or denied in the Rule Base
B. o clean up policies found inconsistent with the compliance blade reports
C. o remove all rules that could have a conflict with other rules in the database
D. o eliminate duplicate log entries in the Security Gateway
View answer
Correct Answer: A
Question #7
Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not amember of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.To make this scenario work, the IT administrator must:1) Enable Iden
A. ave the security administrator select the Action field of the Firewall Rule "Redirect HTTP connections to an authentication (captive) portal"
B. ave the security administrator reboot the firewall
C. ave the security administrator select Any for the Machines tab in the appropriate Access Role
D. nstall the Identity Awareness agent on her iPad
View answer
Correct Answer: A
Question #8
Which of the following licenses are considered temporary?
A. erpetual and Trial
B. lug-and-play and Evaluation
C. ubscription and Perpetual
D. valuation and Subscription
View answer
Correct Answer: B
Question #9
DLP and Mobile Access Policy are examples of what type of Policy?
A. Shared Policies
B. Unified Policies
C. Inspection Policies
D. Standard Policies
View answer
Correct Answer: A
Question #10
Can a Check Point gateway translate both source IP address and destination IP address in a given packet?
A. es
B. o
C. es, but only when using Automatic NAT
D. es, but only when using Manual NAT
View answer
Correct Answer: A
Question #11
You want to define a selected administrator's permission to edit a layer. However, when you click the + sign in the "Select additional profile that will be able edit this layer" you do not see anything. What is the most likely cause of this problem? Select the BEST answer.
A. Edit layers by Software Blades" is unselected in the Permission Profile
B. here are no permission profiles available and you need to create one first
C. ll permission profiles are in use
D. Edit layers by selected profiles in a layer editor" is unselected in the Permission profile
View answer
Correct Answer: B
Question #12
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. he two algorithms do not have the same key length and so don't work together
B. ll is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel
C. nly 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1
D. ll is fine and can be used as is
View answer
Correct Answer: C
Question #13
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
A. TP
B. MTP
C. TTP
D. LOGIN
View answer
Correct Answer: B
Question #14
Which of the following is NOT a set of Regulatory Requirements related to Information Security?
A. SO 37001
B. arbanes Oxley (SOX)
C. IPPA
D. CI
View answer
Correct Answer: A
Question #15
Choose what BEST describes a Session.
A. tarts when an Administrator publishes all the changes made on SmartConsole
B. tarts when an Administrator logs in to the Security Management Server through SmartConsole and ends when it is published
C. essions ends when policy is pushed to the Security Gateway
D. essions locks the policy package for editing
View answer
Correct Answer: B
Question #16
Office mode means that:
A. ecureID client assigns a routable MAC address
B. sers authenticate with an Internet browser and use secure HTTPS connection
C. ocal ISP (Internet service Provider) assigns a non-routable IP address to the remote user
D. llows a security gateway to assign a remote client an IP address
View answer
Correct Answer: D
Question #17
Which authentication scheme requires a user to possess a token?
A. ACACS
B. ecurID
C. heck Point password
D. ADIUS
View answer
Correct Answer: B
Question #18
Fill in the blank: Each cluster, at a minimum, should have at least ___________ interfaces.
A. ive
B. wo
C. hree
D. our
View answer
Correct Answer: C
Question #19
What action can be performed from SmartUpdate R77?
A. pgrade_export
B. w stat -1
C. pinfo
D. emote_uninstall_verifier
View answer
Correct Answer: C
Question #20
Which set of objects have an Authentication tab?
A. emplates, Users
B. sers, Networks
C. sers, User Group
D. etworks, Hosts
View answer
Correct Answer: A
Question #21
You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?
A. estore_backup
B. mport backup
C. p_merge
D. igrate import
View answer
Correct Answer: A
Question #22
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. s expert user, issue these commands:# IP link set eth0 down# IP link set eth0 addr00:0C:29:12:34:56# IP link set eth0 up
B. dit the file /etc/sysconfig/netconf
C. s expert user, issue the command:# IP link set eth0 addr 00:0C:29:12:34:56
D. pen the WebUI, select Network > Connections > eth0
View answer
Correct Answer: C
Question #23
What is the mechanism behind Threat Extraction?
A. his is a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender
B. his is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient
C. his is a new mechanism to identify the IP address of the sender of malicious codes and to put it into the SAM database (Suspicious Activity Monitoring)
D. ny active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast
View answer
Correct Answer: D
Question #24
Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitor displays _____________ for the given VPN tunnel.
A. own
B. o Response
C. nactive
D. ailed
View answer
Correct Answer: A
Question #25
Fill in the blanks: The Application Layer Firewalls inspect traffic through the ________ layer(s) of the TCP/IP model and up to and including the ________ layer.
A. ower; Application
B. irst two; Internet
C. irst two; Transport
D. pper; Application
View answer
Correct Answer: A
Question #26
What is the Manual Client Authentication TELNET port?
A. 3
B. 64
C. 00
D. 59
View answer
Correct Answer: D
Question #27
The WebUI offers three methods for downloading Hotfixes via CPUSE. One of them is Automatic method. How many times per day will CPUSE agent check for hotfixes and automatically download them?
A. ix times per day
B. even times per day
C. very two hours
D. very three hours
View answer
Correct Answer: D
Question #28
Which of the following technologies extracts detailed information from packets and stores that information in different tables?
A. Application Layer Firewall
B. Packet Filtering
C. Next-Generation Firewall
D. Stateful Inspection
View answer
Correct Answer: D
Question #29
Which method below is NOT one of the ways to communicate using the Management API's?
A. yping API commands using the "mgmt_cli" command
B. yping API commands from a dialog box inside the SmartConsole GUI application
C. yping API commands using Gaia's secure shell (clash)19+
D. ending API commands over an http connection using web-services
View answer
Correct Answer: D
Question #30
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
A. 8210
B. 8184
C. 57
D. 8191
View answer
Correct Answer: B
Question #31
In the R80 SmartConsole, on which tab are Permissions and Administrators defined?
A. ecurity Policies
B. ogs and Monitor
C. anage and Settings
D. ateway and Servers
View answer
Correct Answer: C
Question #32
NAT can NOT be configured on which of the following objects?
A. TTP Logical Server
B. ateway
C. ddress Range
D. ost
View answer
Correct Answer: A
Question #33
Where can administrator edit a list of trusted SmartConsole clients in R80?
A. pconfig on a Security Management Server, in the WebUI logged into a Security Management Server
B. nly using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients
C. n cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients
D. ebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients, via cpconfig on a Security Gateway
View answer
Correct Answer: C
Question #34
You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?
A. anual copies of the directory $FWDIR/conf
B. pgrade_export command
C. atabase Revision Control
D. AiA backup utilities
View answer
Correct Answer: C
Question #35
Examine the sample Rule Base.What will be the result of a verification of the policy from SmartConsole?
A. o errors or Warnings
B. erification Error
C. erification Error
D. erification Error
View answer
Correct Answer: C
Question #36
Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .
A. irewall policy install
B. hreat Prevention policy install
C. nti-bot policy install
D. ccess Control policy install
View answer
Correct Answer: B
Question #37
Administrator wishes to update IPS from SmartConsole by clicking on the option "update now" under the IPS tab. Which device requires internet access for the update to work?
A. ecurity Gateway
B. evice where SmartConsole is installed
C. MS
D. martEvent
View answer
Correct Answer: B
Question #38
Which rule is responsible for the user authentication failure?
A. ule 4
B. ule 6
C. ule 3
D. ule 5
View answer
Correct Answer: C
Question #39
Which default Gaia user has full read/write access?
A. superuser
B. monitor
C. altuser
D. admin
View answer
Correct Answer: D
Question #40
What happens when you run the command: fw sam -J src [Source IP Address]?
A. onnections from the specified source are blocked without the need to change the Security Policy
B. onnections to the specified target are blocked without the need to change the Security Policy
C. onnections to and from the specified target are blocked without the need to change theSecurity Policy
D. onnections to and from the specified target are blocked with the need to change the Security Policy
View answer
Correct Answer: A
Question #41
After the initial installation the First Time Configuration Wizard should be run. Select the BEST answer.
A. irst Time Configuration Wizard can be run from the Unified SmartConsole
B. irst Time Configuration Wizard can be run from the command line or from the WebUI
C. irst time Configuration Wizard can only be run from the WebUI
D. onnection to the internet is required before running the First Time Configuration wizard
View answer
Correct Answer: B
Question #42
Where would an administrator enable Implied Rules logging?
A. n Smart Log Rules View
B. n SmartDashboard on each rule
C. n Global Properties under Firewall
D. n Global Properties under log and alert
View answer
Correct Answer: B
Question #43
What component of R80 Management is used for indexing?
A. BSync
B. PI Server
C. wm
D. OLR
View answer
Correct Answer: D
Question #44
What are the two elements of address translation rules?
A. Original packet and translated packet
B. Manipulated packet and original packet
C. Untranslated packet and manipulated packet
D. Translated packet and untranslated packet
View answer
Correct Answer: A
Question #45
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational. When it re-joins the c
A. o, since "maintain current active cluster member" option on the cluster object properties is enabled by default
B. o, since "maintain current active cluster member" option is enabled by default on the Global Properties
C. es, since "Switch to higher priority cluster member" option on the cluster object properties is enabled by default
D. es, since "Switch to higher priority cluster member" option is enabled by default on the Global Properties
View answer
Correct Answer: A
Question #46
R80 Security Management Server can be installed on which of the following operating systems?
A. aia only
B. aia, SPLAT, Windows Server only
C. aia, SPLAT, Windows Server and IPSO only
D. aia and SPLAT only
View answer
Correct Answer: A
Question #47
Which the following type of authentication on Mobile Access can NOT be used as the first authentication method?
A. ynamic ID
B. ADIUS
C. sername and Password
D. ertificate
View answer
Correct Answer: A
Question #48
Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?
A. ll options stop Check Point processes
B. ackup
C. igrate export
D. napshot
View answer
Correct Answer: D
Question #49
You want to reset SIC between smberlin and sgosaka.In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the menu. When trying to establish a connection, instead of a working connection, you receive this error message:What is the reason for this behavior?
A. he Gateway was not rebooted, which is necessary to change the SIC key
B. ou must first initialize the Gateway object in SmartDashboard (i
C. he check Point services on the Gateway were not restarted because you are still in the cpconfig utility
D. he activation key contains letters that are on different keys on localized keyboards
View answer
Correct Answer: C
Question #50
As a Security Administrator, you must refresh the Client Authentication authorized time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:
A. n the user object's Authentication screen
B. n the Gateway object's Authentication screen
C. n the Limit tab of the Client Authentication Action Properties screen
D. n the Global Properties Authentication screen
View answer
Correct Answer: C
Question #51
The fw monitor utility is used to troubleshoot which of the following problems?
A. hase two key negotiation
B. ddress translation
C. og Consolidation Engine
D. ser data base corruption
View answer
Correct Answer: B
Question #52
If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer.
A. Delete older versions of database
B. Publish or discard the session
C. Revert the session
D. Save and install the Policy
View answer
Correct Answer: B
Question #53
What is the best sync method in the ClusterXL deployment?
A. se 1 cluster + 1st sync
B. se 1 dedicated sync interface
C. se 3 clusters + 1st sync + 2nd sync + 3rd sync
D. se 2 clusters + 1st sync + 2nd sync
View answer
Correct Answer: B
Question #54
Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection?
A. ource Address
B. estination Address
C. CP Acknowledgment Number
D. ource Port
View answer
Correct Answer: C
Question #55
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?
A. NX modifies the routing table to forward VPN traffic to the Security Gateway
B. n office mode address must be obtained by the client
C. he SNX client application must be installed on the client
D. ctive-X must be allowed on the client
View answer
Correct Answer: A
Question #56
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?
A. andBlast Threat Emulation
B. andBlast Agent
C. heck Point Protect
D. andBlast Threat Extraction
View answer
Correct Answer: D
Question #57
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
A. hreatWiki
B. hitelist Files
C. ppWiki
D. PS Protections
View answer
Correct Answer: A
Question #58
Which policy type is used to enforce bandwidth and traffic control rules?
A. hreat Emulation
B. ccess Control
C. oS
D. hreat Prevention
View answer
Correct Answer: C
Question #59
Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?
A. he firewall topologies
B. AT Rules
C. he Rule Base
D. he VPN Domains
View answer
Correct Answer: C
Question #60
What are the three main components of Check Point security management architecture?
A. Smart Console, Standalone, Security Management Server
B. Policy-Client, Security Management Server, Security Gateway
C. SmartConsole, Security Policy Server, Logs & Monitoring
D. SmartConsole, Security Management Server, Security Gateway
View answer
Correct Answer: D
Question #61
Using ClusterXL, what statement is true about the Sticky Decision Function?
A. an only be changed for Load Sharing implementations
B. ll connections are processed and synchronized by the pivot
C. s configured using cpconfig
D. s only relevant when using SecureXL
View answer
Correct Answer: A
Question #62
Which component functions as the Internal Certificate Authority for R77?
A. ecurity Gateway
B. anagement Server
C. olicy Server
D. martLSM
View answer
Correct Answer: B
Question #63
You are going to upgrade from R77 to R80. Before the upgrade, you want to back up the system so that, if there are any problems, you can easily restore to the old version with all configuration and management files intact. What is the BEST backup method in this scenario?
A. ackup
B. atabase Revision
C. napshot
D. igrate export
View answer
Correct Answer: C
Question #64
Which of the following statements accurately describes the command snapshot?
A. napshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway
B. napshot creates a Security Management Server full system-level backup on any OS
C. napshot stores only the system-configuration settings on the Gateway
D. Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server
View answer
Correct Answer: A
Question #65
Application Control/URL filtering database library is known as:
A. AppWiki
B. Application-Forensic Database
C. Application Library
D. Application database
View answer
Correct Answer: A
Question #66
How many users can have read/write access in Gaia at one time?
A. nfinite
B. ne
C. hree
D. wo
View answer
Correct Answer: B
Question #67
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
A. nstall appliance TE250X on SpanPort on LAN switch in MTA mode
B. nstall appliance TE250X in standalone mode and setup MTA
C. ou can utilize only Check Point Cloud Services for this scenario
D. t is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance
View answer
Correct Answer: C
Question #68
Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?
A. irewall
B. dentity Awareness
C. pplication Control
D. RL Filtering
View answer
Correct Answer: B
Question #69
If there is an Accept Implied Policy set to "First", what is the reason Jorge cannot see any logs?
A. og Implied Rule was not selected on Global Properties
B. og Implied Rule was not set correctly on the track column on the rules base
C. rack log column is set to none
D. rack log column is set to Log instead of Full Log
View answer
Correct Answer: A
Question #70
Which SmartConsole component can Administrators use to track changes to the Rule Base?
A. ebUI
B. martView Tracker
C. martView Monitor
D. martReporter
View answer
Correct Answer: B
Question #71
What is the main difference between Threat Extraction and Threat Emulation?
A. hreat Emulation never delivers a file and takes more than 3 minutes to complete
B. hreat Extraction always delivers a file and takes less than a second to complete
C. hreat Emulation never delivers a file that takes less than a second to complete
D. hreat Extraction never delivers a file and takes more than 3 minutes to complete
View answer
Correct Answer: B
Question #72
One of major features in SmartConsole is concurrent administration.Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
A. AdminB sees a pencil icon next the rule that AdminB is currently editing
B. AdminA, AdminB and AdminC are editing three different rules at the same time
C. AdminA and AdminB are editing the same rule at the same time
D. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator
View answer
Correct Answer: C
Question #73
What are the two deployment options available for a security gateway?
A. Bridge and Switch
B. Local and Remote
C. Cloud and Router
D. Standalone and Distributed
View answer
Correct Answer: D
Question #74
MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway.How do you apply the license?
A. sing the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate
B. sing your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate
C. sing the remote Gateway's IP address, and applying the license locally with command cplic put
D. sing each of the Gateway's IP addresses, and applying the licenses on the Security Management Server with the command cprlic put
View answer
Correct Answer: B
Question #75
Which command can you use to enable or disable multi-queue per interface?
A. pmq set
B. pmqueue set
C. pmq config
D. et cpmq enable
View answer
Correct Answer: A
Question #76
Look at the screenshot below. What CLISH command provides this output?
A. how configuration all
B. how confd configuration
C. how confd configuration all
D. how configuration
View answer
Correct Answer: D
Question #77
Where do you verify that UserDirectory is enabled?
A. erify that Security Gateway > General Properties > Authentication > Use UserDirectory(LDAP) for Security Gateways is checked
B. erify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
C. erify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
D. erify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
View answer
Correct Answer: D
Question #78
Which NAT rules are prioritized first?
A. ost-Automatic/Manual NAT rules
B. anual/Pre-Automatic NAT
C. utomatic Hide NAT
D. utomatic Static NAT
View answer
Correct Answer: B
Question #79
Which R77 GUI would you use to see number of packets accepted since the last policy install?
A. martView Monitor
B. martView Tracker
C. martDashboard
D. martView Status
View answer
Correct Answer: A
Question #80
Fill in the blank: The _________ software blade enables Application Security policies to allow, block, or limit website access based on user, group, and machine identities.
A. pplication Control
B. ata Awareness
C. RL Filtering
D. hreat Emulation
View answer
Correct Answer: A
Question #81
You are the Security Administrator for MegaCorp. In order to see how efficient your firewallRule Base is, you would like to see how many often the particular rules match. Where can you see it? Give the BEST answer.
A. n the SmartView Tracker, if you activate the column Matching Rate
B. n SmartReporter, in the section Firewall Blade \xad Activity > Network Activity with information concerning Top Matched Logged Rules
C. martReporter provides this information in the section Firewall Blade \xad Security > Rule Base Analysis with information concerning Top Matched Logged Rules
D. t is not possible to see it directly
View answer
Correct Answer: C
Question #82
Which of the following is TRUE about the Check Point Host object?
A. heck Point Host has no routing ability even if it has more than one interface installed
B. hen you upgrade to R80 from R77
C. heck Point Host is capable of having an IP forwarding mechanism
D. heck Point Host can act as a firewall
View answer
Correct Answer: A
Question #83
Which SmartConsole tab is used to monitor network and security performance?
A. Logs Monitor
B. Manage Settings
C. Security Policies
D. Gateway Servers
View answer
Correct Answer: A
Question #84
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?
A. n Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column)
B. nstall the View Implicit Rules package using SmartUpdate
C. efine two log servers on the R77 Gateway object
D. heck the Log Implied Rules Globally box on the R77 Gateway object
View answer
Correct Answer: A
Question #85
What is the difference between SSL VPN and IPSec VPN?
A. PSec VPN does not require installation of a resident VPN client
B. SL VPN requires installation of a resident VPN client
C. SL VPN and IPSec VPN are the same
D. PSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser
View answer
Correct Answer: D
Question #86
In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?
A. Verify and compile Security Policies
B. Display policies and logs on the administrator's workstation
C. Store firewall logs to hard drive storage
D. Manage the object database
View answer
Correct Answer: B
Question #87
What is also referred to as Dynamic NAT?
A. utomatic NAT
B. tatic NAT
C. anual NAT
D. ide NAT
View answer
Correct Answer: D
Question #88
When using LDAP as an authentication method for Identity Awareness, the query:
A. equires client and server side software
B. rompts the user to enter credentials
C. equires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway
D. s transparent, requiring no client or server side software, or client intervention
View answer
Correct Answer: D
Question #89
When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?
A. og, send snmp trap, email
B. rop packet, alert, none
C. og, alert, none
D. og, allow packets, email
View answer
Correct Answer: C
Question #90
One of major features in R80.x SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the same Security Policy?
A. dminC sees a lock icon which indicates that the rule is locked for editing by another administrator
B. dminA and AdminB are editing the same rule at the same time
C. dminB sees a pencil icon next the rule that AdminB is currently editing
D. dminA, AdminB and AdminC are editing three different rules at the same time
View answer
Correct Answer: A
Question #91
How many packets does the IKE exchange use for Phase 1 Main Mode?
A. 2
B.
C.
D.
View answer
Correct Answer: D
Question #92
What is the purpose of Priority Delta in VRRP?
A. hen a box is up, Effective Priority = Priority + Priority Delta
B. hen an Interface is up, Effective Priority = Priority + Priority Delta
C. hen an Interface fails, Effective Priority = Priority - Priority Delta
D. hen a box fails, Effective Priority = Priority - Priority Delta
View answer
Correct Answer: C
Question #93
Fill in the blank: Back up and restores can be accomplished through_________.
A. martConsole, WebUI, or CLI
B. ebUI, CLI, or SmartUpdate
C. LI, SmartUpdate, or SmartBackup
D. martUpdate, SmartBackup, or SmartConsole
View answer
Correct Answer: A
Question #94
What is NOT an advantage of Stateful Inspection?
A. igh Performance
B. ood Security
C. o Screening above Network layer
D. ransparency
View answer
Correct Answer: A
Question #95
Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all of the following except:
A. reate new dashboards to manage 3rd party task
B. reate products that use and enhance 3rd party solutions
C. xecute automated scripts to perform common tasks
D. reate products that use and enhance the Check Point Solution
View answer
Correct Answer: A
Question #96
You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
A. se dbedit to script the addition of a rule directly into the Rule Bases_5_0
B. elect Block intruder from the Tools menu in SmartView Tracker
C. reate a Suspicious Activity Rule in Smart Monitor
D. dd a temporary rule using SmartDashboard and select hide rule
View answer
Correct Answer: C
Question #97
What does it mean if Bob gets this result on an object search? Refer to the image below.Choose the BEST answer.
A. earch detailed is missing the subnet mask
B. here is no object on the database with that name or that IP address
C. here is no object on the database with that IP address
D. bject does not have a NAT IP address
View answer
Correct Answer: B
Question #98
Fill in the blank: ________information is included in the "Full Log" tracking option, but is not included in the "Log" tracking option?
A. ile attributes
B. pplication
C. estination port
D. ata type
View answer
Correct Answer: D
Question #99
Choose what BEST describes a Session.
A. Sessions ends when policy is pushed to the Security Gateway
B. Sessions locks the policy package for editing
C. Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out
D. Starts when an Administrator publishes all the changes made on SmartConsole
View answer
Correct Answer: C
Question #100
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?
A. here is a virus found
B. he connection required a Security server
C. cceleration is not enabled
D. he traffic is originating from the gateway itself
View answer
Correct Answer: D
Question #101
Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST toaccomplish this task?
A. se SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port
B. se SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols
C. atch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic
D. end the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings
View answer
Correct Answer: A
Question #102
Which of the following are types of VPN communities?
A. entagon, star, and combination
B. tar, octagon, and combination
C. ombined and star
D. eshed, star, and combination
View answer
Correct Answer: D
Question #103
Which of the below is the MOST correct process to reset SIC from SmartDashboard?
A. un cpconfig, and click Reset
B. lick the Communication button for the firewall object, then click Reset
C. un cpconfig, and select Secure Internal Communication > Change One Time Password
D. lick Communication > Reset on the Gateway object, and type a new activation key
View answer
Correct Answer: B
Question #104
What are two basic rules Check Point recommends for building an effective security policy?
A. Accept Rule and Drop Rule
B. Explicit Rule and Implied Rule
C. Cleanup Rule and Stealth Rule
D. NAT Rule and Reject Rule
View answer
Correct Answer: C
Question #105
Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?
A. Data Awareness
B. Threat Emulation
C. Application Control
D. Identity Awareness
View answer
Correct Answer: D
Question #106
Choose what BEST describes users on Gaia Platform.
A. here is one default user that cannot be deleted
B. here are two default users and one cannot be deleted
C. here is one default user that can be deleted
D. here are two default users that cannot be deleted and one SmartConsole Administrator
View answer
Correct Answer: B
Question #107
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?
A. he POP3 rule is disabled
B. OP3 is accepted in Global Properties
C. he POP3 rule is hidden
D. OP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77
View answer
Correct Answer: C
Question #108
Which one of the following is the preferred licensing model? Select the BEST answer.
A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server
B. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency
C. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway
D. Central licensing because it ties the package license to the MAC-address of the Security Management Server's Mgmt-interface and has no dependency on the gateway
View answer
Correct Answer: C
Question #109
Fill in the blank: Once a license is activated, a ________ should be installed.
A. icense Management file
B. ecurity Gateway Contract file
C. ervice Contract file
D. icense Contract file
View answer
Correct Answer: C
Question #110
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. ule 0
B. lank field under Rule Number
C. ule 1
D. leanup Rule
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: