DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Achieve Success in the Check Point 156-215.81 Exam with Practice Tests

SPOTO's Check Point 156-215.81 practice questions are a crucial asset for candidates preparing for the Check Point Certified Security Administrator R81 exam. These practice tests feature a comprehensive array of exam questions and answers meticulously crafted to mirror the actual exam format. By consistently engaging with SPOTO's practice questions and mock exams, candidates can enhance their understanding of Check Point security concepts and boost their exam readiness. SPOTO's study materials and exam resources provide additional support, offering a structured approach to mastering the exam objectives. With SPOTO's effective exam preparation tools, candidates can approach the exam confidently and significantly increase their chances of passing successfully.

Take other online exams
Question #1
Which of the following situations would not require a new license to be generated and installed?A.The Security Gateway is upgraded.
B. he existing license expires
C. he license is upgraded
D. he IP address of the Security Management or Security Gateway has changed
View answer
Correct Answer: A
Question #2
Which tool allows automatic update of Gaia OS and Check Point products installed on Gaia OS?A. CPDAS - Check Point Deployment Agent Service
B. CPUSE - Check Point Upgrade Service Engine
C. CPASE - Check Point Automatic Service Engine
D. CPAUE - Check Point Automatic Update Engine
View answer
Correct Answer: B
Question #3
What is the default shell of Gaia CLI?A.Monitor
B. LI
C. ead-only
D. ash
View answer
Correct Answer: B
Question #4
Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows them as prioritized security events.A.SmartMonitor
B. martView Web Application
C. martReporter
D. martTracker
View answer
Correct Answer: B
Question #5
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?A.She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
B. he needs to run sysconfig and restart the SSH process
C. he needs to edit /etc/scpusers and add the Standard Mode account
D. he needs to run cpconfig to enable the ability to SCP files
View answer
Correct Answer: C
Question #6
Which of the following commands is used to verify license installation?A.Cplic verify license
B. plic print
C. plic show
D. plic license
View answer
Correct Answer: B
Question #7
Fill in the blank: The ________ feature allows administrators to share a policy with other policy packages.A.Shared policy packages
B. hared policies
C. oncurrent policy packages
D. oncurrent policies
View answer
Correct Answer: A
Question #8
Fill in the blank: RADIUS Accounting gets ______ data from requests generated by the accounting clientA.Destination
B. dentity
C. ayload
D. ocation
View answer
Correct Answer: B
Question #9
In which deployment is the security management server and Security Gateway installed on the same appliance?A. Switch
B. Standalone
C. Distributed
D. Remote
View answer
Correct Answer: B
Question #10
The Captive Portal tool:A.Acquires identities from unidentified users.
B. s only used for guest user authentication
C. llows access to users already identified
D. s deployed from the Identity Awareness page in the Global Properties settings
View answer
Correct Answer: A
Question #11
Which of the following is NOT a valid option when configuring access for Captive Portal?A.From the Internet
B. hrough internal interfaces
C. hrough all interfaces
D. ccording to the Firewall Policy
View answer
Correct Answer: A
Question #12
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?A.RADIUS
B. emote Access and RADIUS
C. D Query
D. D Query and Browser-based Authentication
View answer
Correct Answer: D
Question #13
True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security GatewayA.True, CLI is the prefer method for Licensing
B. alse, Central License are handled via Security Management Server
C. alse, Central License are installed via Gaia on Security Gateways
D. rue, Central License can be installed with CPLIC command on a Security Gateway
View answer
Correct Answer: D
Question #14
Where do we need to reset the SIC on a gateway object?A.SmartDashboard > Edit Gateway Object > General Properties > Communication
B. martUpdate > Edit Security Management Server Object > SIC
C. martUpdate > Edit Gateway Object > Communication
D. martDashboard > Edit Security Management Server Object > SIC
View answer
Correct Answer: A
Question #15
Which of the following is a valid deployment option?A. CloudSec deployment
B. Disliked deployment
C. Router only deployment
D. Standalone deployment
View answer
Correct Answer: D
Question #16
True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.A. True, every administrator works on a different database that is independent of the other administrators
B. False, only one administrator can login with write permission
C. True, every administrator works in a session that is independent of the other administrators
D. False, this feature has to be enabled in the Global Properties
View answer
Correct Answer: C
Question #17
The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?A.R80 Management contains compatibility packages for managing earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.
B. 80 Management requires the separate installation of compatibility hotfix packages for managing the earlier versions of Check Point Gateways prior to R80
C. 80 Management was designed as a completely different Management system and so can only monitor Check Point Gateways prior to R80
D. 80 Management cannot manage earlier versions of Check Point Gateways prior to R80
View answer
Correct Answer: A
Question #18
Which Check Point software blade provides protection from zero-day and undiscovered threats?A.Firewall
B. hreat Emulation
C. pplication Control
D. hreat Extraction
View answer
Correct Answer: B
Question #19
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?A.Check Point Password
B. ACACS
C. DAP
D. indows password
View answer
Correct Answer: C
Question #20
Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?A. Read Only All
B. Full Access
C. Editor
D. Super User
View answer
Correct Answer: A
Question #21
What is the appropriate default Gaia Portal address?A.HTTP://[IPADDRESS]
B. TTPS://[IPADDRESS]:8080
C. TTPS://[IPADDRESS]:4434
D. TTPS://[IPADDRESS]
View answer
Correct Answer: D
Question #22
Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?A.AD Query
B. erminal Servers Endpoint Identity Agent
C. ndpoint Identity Agent and Browser-Based Authentication
D. ADIUS and Account Logon
View answer
Correct Answer: C
Question #23
Can multiple administrators connect to a Security Management Server at the same time?A.No, only one can be connected
B. es, all administrators can modify a network object at the same time
C. es, every administrator has their own username, and works in a session that is independent of other administrators
D. es, but only one has the right to write
View answer
Correct Answer: C
Question #24
AdminA and AdminB are both logged in on SmartConsole. What does it mean if AdminB sees a locked icon on a rule? Choose the BEST answer.A.Rule is locked by AdminA, because the save bottom has not been press.
B. ule is locked by AdminA, because an object on that rule is been edited
C. ule is locked by AdminA, and will make it available if session is published
D. ule is locked by AdminA, and if the session is saved, rule will be available
View answer
Correct Answer: C
Question #25
Fill in the blank: Backup and restores can be accomplished through _____.A. CLI, SmartUpdate, or SmartBackup
B. SmartUpdate, SmartBackup, or SmartConsole
C. SmartConsole, WebUI, or CLI
D. WebUI, CLI, or SmartUpdate
View answer
Correct Answer: C
Question #26
Which of these components does NOT require a Security Gateway R77 license?A.Security Management Server
B. heck Point Gateway
C. martConsole
D. martUpdate upgrading/patching
View answer
Correct Answer: C
Question #27
When using Monitored circuit VRRP, what is a priority delta?A.When an interface fails the priority changes to the priority delta
B. hen an interface fails the delta claims the priority
C. hen an interface fails the priority delta is subtracted from the priority
D. hen an interface fails the priority delta decides if the other interfaces takes over
View answer
Correct Answer: C
Question #28
Provide very wide coverage for all products and protocols, with noticeable performance impact.How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.A.Set High Confidence to Low and Low Confidence to Inactive.
B. et the Performance Impact to Medium or lower
C. he problem is not with the Threat Prevention Profile
D. et the Performance Impact to Very Low Confidence to Prevent
View answer
Correct Answer: B
Question #29
Which of the following is used to initially create trust between a Gateway and Security Management Server?A.Internal Certificate Authority
B. oken
C. ne-time Password
D. ertificate
View answer
Correct Answer: C
Question #30
Which statement is NOT TRUE about Delta synchronization?A.Using UDP Multicast or Broadcast on port 8161
B. sing UDP Multicast or Broadcast on port 8116
C. uicker than Full sync
D. ransfers changes in the Kernel tables between cluster members
View answer
Correct Answer: A
Question #31
In SmartConsole, on which tab are Permissions and Administrators defined?A. MANAGE & SETTINGS
B. SECURITY POLICIES
C. GATEWAYS & SERVERS
D. LOGS & MONITOR
View answer
Correct Answer: A
Question #32
Which tool CANNOT be launched from SmartUpdate R77?A.IP Appliance Voyager
B. napshot
C. AiA WebUI
D. pinfo
View answer
Correct Answer: B
Question #33
Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia CLI?A.Blue > add local backup
B. xpert&Blue#add local backing
C. lue > set backup local
D. lue > add backup local
View answer
Correct Answer: D
Question #34
Which of the following is NOT an element of VPN Simplified Mode and VPN Communities?A."Encrypt" action in the Rule Base
B. ermanent Tunnels
C. VPN" column in the Rule Base
D. onfiguration checkbox "Accept all encrypted traffic"
View answer
Correct Answer: A
Question #35
Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.A.SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
B. martView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
C. martView Tracker, CPINFO, SmartUpdate
D. ecurity Policy Editor, Log Viewer, Real Time Monitor GUI
View answer
Correct Answer: C
Question #36
URL Filtering cannot be used to:A. Control Data Security
B. Decrease legal liability
C. Improve organizational security
D. Control Bandwidth issues
View answer
Correct Answer: A
Question #37
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?1. Run cpconfig on the Gateway, select Secure Internal Communication, enter the activation key, and reconfirm.2. Initialize Internal Certificate Authority (ICA.2, 3, 4, 1, 5
B. , 1, 3, 4, 5
C. , 3, 2, 4, 5
D. , 3, 4, 5, 1
View answer
Correct Answer: B
Question #38
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?A.3DES and MD5
B. ertificates and IPsec
C. ertificates and pre-shared secret
D. Psec and VPN Domains
View answer
Correct Answer: C
Question #39
Which feature in R77 permits blocking specific IP addresses for a specified time period?A.Suspicious Activity Monitoring
B. TTP Methods
C. ocal Interface Spoofing
D. lock Port Overflow
View answer
Correct Answer: A
Question #40
You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?A.XlateDst
B. lateSPort
C. lateDPort
D. lateSrc
View answer
Correct Answer: B
Question #41
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?A.SmartView Tracker and SmartView Monitor
B. martLSM and SmartUpdate
C. martDashboard and SmartView Tracker
D. martView Monitor and SmartUpdate
View answer
Correct Answer: D
Question #42
Which icon in the WebUI indicates that read/write access is enabled?A. Eyeglasses
B. Pencil
C. Padlock
D. Book
View answer
Correct Answer: B
Question #43
Fill in the blanks: A, High Availability deployment is referred to as a ______ cluster and a Load Sharing deployment is referred to as a ________ cluster.A.Standby/standby; active/active
B. ctive/active; standby/standby
C. ctive/active; active/standby;
D. ctive/standby; active/active
View answer
Correct Answer: D
Question #44
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save theSecurity Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?A.Run fwm dbexport -1 filename. Restore the database. Then, run fwm dbimport -1 filename to import the users.
B. un fwm_dbexport to export the user database
C. estore the entire database, except the user database, and then create the new user and user group
D. estore the entire database, except the user database
View answer
Correct Answer: D
Question #45
Identify the ports to which the Client Authentication daemon listens on by default?A.259, 900
B. 56, 257
C. 080, 529
D. 0, 256
View answer
Correct Answer: A
Question #46
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsible, which of these steps should NOT be performed:A.Rename the hostname of the Standby member to match exactly the hostname of the Active member.
B. hange the Standby Security Management Server to Active
C. hange the Active Security Management Server to Standby
D. anually synchronize the Active and Standby Security Management Servers
View answer
Correct Answer: A
Question #47
According to Check Point Best Practice, when adding a 3rd party gateway to a Check Point security solution what object SHOULD be added? A(n):A.Interoperable Device
B. etwork Node
C. xternally managed gateway
D. ateway
View answer
Correct Answer: A
Question #48
According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):A.Gateway
B. nteroperable Device
C. xternally managed gateway
D. etwork Node
View answer
Correct Answer: C
Question #49
Which remote Access Solution is clientless?A.Checkpoint Mobile
B. ndpoint Security Suite
C. ecuRemote
D. obile Access Portal
View answer
Correct Answer: D
Question #50
Which one of the following is true about Threat Extraction?A.Always delivers a file to user
B. orks on all MS Office, Executables, and PDF files
C. an take up to 3 minutes to complete
D. elivers file only if no threats found
View answer
Correct Answer: B
Question #51
As you review this Security Policy, what changes could you make to accommodate Rule 4?A.Remove the service HTTP from the column Service in Rule 4.
B. odify the column VPN in Rule 2 to limit access to specific traffic
C. othing at all
D. odify the columns Source or Destination in Rule 4
View answer
Correct Answer: B
Question #52
Identity Awareness allows the Security Administrator to configure network access based on which of the following?A.Name of the application, identity of the user, and identity of the machine
B. dentity of the machine, username, and certificate
C. etwork location, identity of a user, and identity of a machine
D. rowser-Based Authentication, identity of a user, and network location
View answer
Correct Answer: C
Question #53
What SmartEvent component creates events?A.Consolidation Policy
B. orrelation Unit
C. martEvent Policy
D. martEvent GUI
View answer
Correct Answer: B
Question #54
You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?A. Open SmartEvent to see why they are being blocked.
B. From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet
C. Open SmartMonitor and connect remotely to the wireless controller
D. Open SmartUpdate and review the logs tab
View answer
Correct Answer: B
Question #55
Which of the following is NOT a valid application navigation tab in SmartConsole?A. WEBUI & COMMAND LINE
B. SECURITY POLICIES
C. GATEWAYS & SERVERS
D. LOGS & MONITOR
View answer
Correct Answer: A
Question #56
Identify the API that is not supported by Check Point currently.A.R80 Management API-
B. dentity Awareness Web Services API
C. pen REST API
D. PSEC SDK
View answer
Correct Answer: C
Question #57
Which of the following is a hash algorithm?A.3DES
B. DEA
C. ES
D. D5
View answer
Correct Answer: D
Question #58
At what point is the Internal Certificate Authority (ICA) created?A.Upon creation of a certificate
B. uring the primary Security Management Server installation process
C. hen an administrator decides to create one
D. hen an administrator initially logs into SmartConsole
View answer
Correct Answer: B
Question #59
What Check Point tool is used to automatically update Check Point products for the Gaia OS?A. Check Point Update Engine
B. Check Point Upgrade Installation Service
C. Check Point Upgrade Service Engine (CPUSE)
D. Check Point INSPECT Engine
View answer
Correct Answer: C
Question #60
What CLI utility allows an administrator to capture traffic along the firewall inspection chain?A.show interface (interface) \xadchain
B. cpdump
C. cpdump /snoop
D. w monitor
View answer
Correct Answer: D
Question #61
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access toHR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The curreA.John should install the identity Awareness Agent
B. he firewall admin should install the Security Policy
C. ohn should lock and unlock the computer
D. nvestigate this as a network connectivity issue
View answer
Correct Answer: C
Question #62
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?A.Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. ail, Block Source, Block Destination, Block Services, SNMP Trap
C. ail, Block Source, Block Destination, External Script, SNMP Trap
D. ail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
View answer
Correct Answer: A
Question #63
What is the main objective when using Application Control?A. To see what users are doing.
B. Ensure security and privacy of information
C. To filter out specific content
D. To assist the firewall blade with handling traffic
View answer
Correct Answer: B
Question #64
Which of the following is NOT defined by an Access Role object?A.Source Network
B. ource Machine
C. ource User
D. ource Server
View answer
Correct Answer: D
Question #65
To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?A.Full HA Cluster
B. igh Availability
C. tandalone
D. istributed
View answer
Correct Answer: B
Question #66
When launching SmartDashboard, what information is required to log into R77?A.User Name, Management Server IP, certificate fingerprint file
B. ser Name, Password, Management Server IP
C. assword, Management Server IP
D. assword, Management Server IP, LDAP Server IP
View answer
Correct Answer: B
Question #67
Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in:A.When Joe logs in, Bob will be log out automatically.
B. ince they both are log in on different interfaces, they both will be able to make changes
C. f Joe tries to make changes, he won't, database will be locked
D. ob will be prompt that Joe logged in
View answer
Correct Answer: C
Question #68
Which of the following is NOT an advantage to using multiple LDAP servers?A.You achieve a faster access time by placing LDAP servers containing the database at remote sites
B. nformation on a user is hidden, yet distributed across several servers
C. ou achieve compartmentalization by allowing a large number of users to be distributed across several servers
D. ou gain High Availability by replicating the same information on several servers
View answer
Correct Answer: B
Question #69
Look at the following screenshot and select the BEST answer.A.Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP.
B. nternal clients can upload and download any-files to FTP_Ext-server using FTP
C. nternal clients can upload and download archive-files to FTP_Ext server using FTP
D. lients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP
View answer
Correct Answer: A
Question #70
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).Your partner site indicates they are successfully receiving the GRE encapsulated keep- alive packets A.The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
B. he log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt
C. he Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker
D. he Log Server is failing to log GRE traffic properly because it is VPN traffic
View answer
Correct Answer: C
Question #71
Which of these attributes would be critical for a site-to-site VPN?A.Scalability to accommodate user groups
B. entralized management
C. trong authentication
D. trong data encryption
View answer
Correct Answer: D
Question #72
How Capsule Connect and Capsule Workspace differ?A.Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications
B. apsule Workspace can provide access to any application
C. apsule Connect provides Business data isolation
D. apsule Connect does not require an installed application at client
View answer
Correct Answer: A
Question #73
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.A.You checked the cache password on desktop option in Global Properties.
B. nother rule that accepts HTTP without authentication exists in the Rule Base
C. ou have forgotten to place the User Authentication Rule before the Stealth Rule
D. sers must use the SecuRemote Client, to use the User Authentication Rule
View answer
Correct Answer: B
Question #74
Choose the SmartLog property that is TRUE.A.SmartLog has been an option since release R71.10.
B. martLog is not a Check Point product
C. martLog and SmartView Tracker are mutually exclusive
D. martLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search
View answer
Correct Answer: D
Question #75
Study the Rule base and Client Authentication Action properties screen.After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site. What happens when the user tries to FTP to another site using the command line? The:A.user is prompted for authentication by the Security Gateways again.
B. TP data connection is dropped after the user is authenticated successfully
C. ser is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication
D. TP connection is dropped by Rule 2
View answer
Correct Answer: C
Question #76
Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.What will happen to the changes already made?A. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
B. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes
C. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work
D. Tom’s changes will be lost since he lost connectivity and he will have to start again
View answer
Correct Answer: C
Question #77
Which of the following is considered to be the more secure and preferred VPN authentication method?A.Password
B. ertificate
C. D5
D. re-shared secret
View answer
Correct Answer: B
Question #78
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:A.assign privileges to users.
B. dit the home directory of the user
C. dd users to your Gaia system
D. ssign user rights to their home directory in the Security Management Server
View answer
Correct Answer: D
Question #79
Which of the following uses the same key to decrypt as it does to encrypt?A.Asymmetric encryption
B. ynamic encryption
C. ertificate-based encryption
D. ymmetric encryption
View answer
Correct Answer: D
Question #80
Choose the correct statement regarding Implicit Rules.A.To edit the Implicit rules you go to: Launch Button > Policy > Global Properties > Firewall.
B. mplied rules are fixed rules that you cannot change
C. ou can directly edit the Implicit rules by double-clicking on a specific Implicit rule
D. ou can edit the Implicit rules but only if requested by Check Point support personnel
View answer
Correct Answer: A
Question #81
Which command is used to obtain the configuration lock in Gaia?A.Lock database override
B. nlock database override
C. nlock database lock
D. ock database user
View answer
Correct Answer: A
Question #82
Vanessa is a Firewall administrator. She wants to test a backup of her company's production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment. Which details she need to fill in System Restore window before she can clickOK button and test the backup?A.Server, SCP, Username, Password, Path, Comment, Member
B. erver, TFTP, Username, Password, Path, Comment, All Members
C. erver, Protocol, Username, Password, Path, Comment, All Members
D. erver, Protocol, Username, Password, Path, Comment, Member
View answer
Correct Answer: C
Question #83
Fill in the blanks: A Check Point software license consists of a _____ and _____.A. Software container; software package
B. Software package; signature
C. Signature; software blade
D. Software blade; software container
View answer
Correct Answer: D
Question #84
Fill in the bank: In Office mode, a Security Gateway assigns a remote client to an IP address once___________.A.the user connects and authenticates
B. ffice mode is initiated
C. he user requests a connection
D. he user connects
View answer
Correct Answer: A
Question #85
The most important part of a site-to-site VPN deployment is the ________ .A.Internet
B. emote users
C. ncrypted VPN tunnel
D. PN gateways
View answer
Correct Answer: C
Question #86
What is a role of Publishing?A.The Publish operation sends the modifications made via SmartConsole in the private session and makes them public
B. he Security Management Server installs the updated policy and the entire database on Security Gateways
C. he Security Management Server installs the updated session and the entire Rule Base on Security Gateways
D. odifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base
View answer
Correct Answer: A
Question #87
Review the rules. Assume domain UDP is enabled in the implied rules.What happens when a user from the internal network tries to browse to the internet using HTTP? The user:A.can connect to the Internet successfully after being authenticated.
B. s prompted three times before connecting to the Internet successfully
C. an go to the Internet after Telnetting to the client authentication daemon port 259
D. an go to the Internet, without being prompted for authentication
View answer
Correct Answer: D
Question #88
What happens if the identity of a user is known?A.If the user credentials do not match an Access Role, the traffic is automatically dropped.
B. f the user credentials do not match an Access Role, the system displays a sandbox
C. f the user credentials do not match an Access Role, the gateway moves onto the next rule
D. f the user credentials do not match an Access Role, the system displays the Captive Portal
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.