1. Home
  2. CheckPoint
  3. 156-215.13

CheckPoint 156-215.13 Online Practice Questions and Exam Preparation

156-215.13 Exam Details

  • Exam Code
    :156-215.13
  • Exam Name
    :Check Point Certified Security Administrator - GAiA
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :361 Q&As
  • Last Updated
    :Dec 15, 2021

CheckPoint 156-215.13 Online Questions & Answers

  • Question 121:

    What command syntax would you use to see accounts the gateway suspects are service accounts?

    A. pdp check_log
    B. adlog check_accounts
    C. pdp show service
    D. adlog a service_accounts

  • Question 122:

    How does the button Get Address, found on the Host Node Object > General Properties page retrieve the address?

    A. Route Table
    B. Address resolution (ARP, RARP)
    C. Name resolution (hosts file, DNS, cache)
    D. SNMP Get

  • Question 123:

    How can you activate the SNMP daemon on a Check Point Security Management Server?

    A. Using the command line, enter snmp_install.
    B. Any of these options will work.
    C. In SmartDashboard, right-click a Check Point object and select Activate SNMP.
    D. From cpconfig, select SNMP extension.

  • Question 124:

    You are running a R76 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?

    A. manual backup
    B. snapshot
    C. upgrade_export
    D. backup

  • Question 125:

    Captive Portal is a that allows the gateway to request login information from the user.

    A. LDAP server add-on
    B. Transparent network inspection tool
    C. Separately licensed feature
    D. Pre-configured and customizable web-based tool

  • Question 126:

    In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?

    A. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address.
    B. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.
    C. If you chose Automatic NAT instead, all necessary entries are done for you.
    D. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.

  • Question 127:

    You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's Remote Access properties and install policy; but SecureClient refuses to connect. What is the cause of this?

    A. Set Visitor Mode in Policy > Global Properties > Remote-Access > VPN - Advanced.
    B. Office mode is not configured.
    C. You need to start SSL Network Extender first, then use Visitor Mode.
    D. The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port.

  • Question 128:

    When launching SmartDashboard, what information is required to log into R76?

    A. User Name, Management Server IP, certificate fingerprint file
    B. User Name, Password, Management Server IP
    C. Password, Management Server IP
    D. Password, Management Server IP, LDAP Server IP

  • Question 129:

    Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

    A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
    B. All is fine and can be used as is.
    C. The two algorithms do not have the same key length and so don't work together. You will get the error .... No proposal chosen....
    D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

  • Question 130:

    What command with appropriate switches would you use to test Identity Awareness connectivity?

    A. test_ad
    B. test_ldap
    C. test_ad_connectivity
    D. test_ldap_connectivity
    E. No action is necessary. This access is available by default.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.13 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.