CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81.20 Online Questions & Answers

• Question 221:

  How many packets does the IKE exchange use for Phase 1 Main Mode?

  A. 12
  B. 1
  C. 3
  D. 6
  D. 6

• Question 222:

  Which policy type has its own Exceptions section?

  A. Thread Prevention
  B. Access Control
  C. Threat Emulation
  D. Desktop Security
  A. Thread Prevention

  ---

  Explanation/Reference:

  The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending on necessity.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/82209.htm#o97030

• Question 223:

  What are the two types of address translation rules?

  A. Translated packet and untranslated packet
  B. Untranslated packet and manipulated packet
  C. Manipulated packet and original packet
  D. Original packet and translated packet
  D. Original packet and translated packet

  ---

  Explanation/Reference:

  NAT Rule Base

  The NAT Rule Base has two sections that specify how the IP addresses are translated:

  1.

  Original Packet

  2.

  Translated Packet Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm

• Question 224:

  What are types of Check Point APIs available currently as part of R80.10 code?

  A. Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API
  B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
  C. OSE API, OPSEC SDK API, Threat Prevention API and Policy Editor API
  D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
  B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API

  ---

  Explanation/Reference:

  Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?HashKey=1517088487_4c0acda205460a92f44c83d399826a7bandxtn=.pdf

• Question 225:

  Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

  A. Security questions
  B. Check Point password
  C. SecurID
  D. RADIUS
  A. Security questions

  ---

  Explanation/Reference:

  Authentication Schemes :- Check Point Password

  -Operating System Password

  -RADIUS

  -SecurID

  -TACAS

  - Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied. Reference: http://dl3.checkpoint.com/paid/71/ How_to_Configure_Client_Authentication.pdf?HashKey=1479692369_23bc7cdfbeb67c147ec7bb882d557fd4andxtn=.pdf

• Question 226:

  Fill in the blank: Gaia can be configured using the _______ or ______ .

  A. Gaia; command line interface
  B. WebUI; Gaia Interface
  C. Command line interface; WebUI
  D. Gaia Interface; GaiaUI
  C. Command line interface; WebUI

  ---

  Explanation/Reference:

  Configuring Gaia for the First Time In This Section: Running the First Time Configuration Wizard in WebUI Running the First Time Configuration Wizard in CLI After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system and the Check Point products on it.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/112568

• Question 227:

  Provide very wide coverage for all products and protocols, with noticeable performance impact.

  

  How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

  A. Set High Confidence to Low and Low Confidence to Inactive.
  B. Set the Performance Impact to Medium or lower.
  C. The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.
  D. Set the Performance Impact to Very Low Confidence to Prevent.
  B. Set the Performance Impact to Medium or lower.

• Question 228:

  What is the default method for destination NAT?

  A. Destination side
  B. Source side
  C. Server side
  D. Client side
  D. Client side

  ---

  Explanation/Reference:

  Client Side NAT - destination is NAT`d by the inbound kernel

• Question 229:

  Which Threat Prevention Software Blade provides comprehensive against malicious and unwanted network traffic, focusing on application and server vulnerabilities?

  A. Anti-Virus
  B. IPS
  C. Anti-Spam
  D. Anti-bot
  B. IPS

  ---

  Explanation/Reference:

  The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:

  1.

  Malware attacks

  2.

  Dos and DDoS attacks

  3.

  Application and server vulnerabilities

  4.

  Insider threats

  5.

  Unwanted application traffic, including IM and P2P

  Reference: https://www.checkpoint.com/products/ips-software-blade/

• Question 230:

  Which of the following methods can be used to update the trusted log server regarding the policy and configuration changes performed on the Security Management Server?

  A. Save Policy
  B. Install Database
  C. Save session
  D. Install Policy
  D. Install Policy