CheckPoint Checkpoint Certifications 156-215.81.20 Questions & Answers

• Question 251:

  What does it mean if Deyra sees the gateway status:

  

  Choose the BEST answer.

  A. SmartCenter Server cannot reach this Security Gateway

  B. There is a blade reporting a problem

  C. VPN software blade is reporting a malfunction

  D. Security Gateway's MGNT NIC card is disconnected.

  Correct Answer: B

  

  Reference: https://sc1.checkpoint.com/sc/SolutionsStatics/NEW_SK_NOID1493612962436/active1704302237.fw.png

• Question 252:

  CPU-level of your Security gateway is peaking to 100% causing problems with traffic. You suspect that the problem might be the Threat Prevention settings. The following Threat Prevention Profile has been created.

  

  How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

  A. Set High Confidence to Low and Low Confidence to Inactive.

  B. Set the Performance Impact to Medium or lower.

  C. The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.

  D. Set the Performance Impact to Very Low Confidence to Prevent.

  Correct Answer: B

• Question 253:

  Which icon indicates that read/write access is enabled?

  A. Pencil

  B. Padlock

  C. Book

  D. Eyeglasses

  Correct Answer: A

• Question 254:

  What is NOT an advantage of Stateful Inspection?

  A. High Performance

  B. Good Security

  C. No Screening above Network layer

  D. Transparency

  Correct Answer: A

• Question 255:

  Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?

  A. Kerberos Ticket Renewed

  B. Kerberos Ticket Requested

  C. Account Logon

  D. Kerberos Ticket Timed Out

  Correct Answer: D

• Question 256:

  Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.

  A. On all satellite gateway to satellite gateway tunnels

  B. On specific tunnels for specific gateways

  C. On specific tunnels in the community

  D. On specific satellite gateway to central gateway tunnels

  Correct Answer: C

  Each VPN tunnel in the community may be set to be a Permanent Tunnel. Since Permanent Tunnels are constantly monitored, if the VPN tunnel is down, then a log, alert, or user defined action, can be issued. A VPN tunnel is monitored by periodically sending "tunnel test" packets. As long as responses to the packets are received the VPN tunnel is considered "up." If no response is received within a given time period, the VPN tunnel is considered "down." Permanent Tunnels can only be established between Check Point Security Gateways. The configuration of Permanent Tunnels takes place on the community level and:

  1.

  Can be specified for an entire community. This option sets every VPN tunnel in the community as permanent.

  2.

  Can be specified for a specific Security Gateway. Use this option to configure specific Security Gateways to have permanent tunnels.

  3.

  Can be specified for a single VPN tunnel. This feature allows configuring specific tunnels between specific Security Gateways as permanent.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_VPN_AdminGuide/14018

• Question 257:

  In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT

  A. Upgrade the software version

  B. Open WebUI

  C. Open SSH

  D. Open service request with Check Point Technical Support

  Correct Answer: C

• Question 258:

  Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers?

  A. Anti-Malware

  B. IPS

  C. Anti-bot

  D. Anti-Spam

  Correct Answer: C

  Anti-Bot The Need for Anti-Bot There are two emerging trends in today's threat landscape:

  1.

  A profit-driven cybercrime industry that uses different tools to meet its goals. This industry includes cyber-criminals, malware operators, tool providers, coders, and affiliate programs. Their "products" can be easily ordered online from

  numerous sites (for example, do-it-yourself malware kits, spam sending, data theft, and denial of service attacks) and organizations are finding it difficult to fight off these attacks.

  2.

  Ideological and state driven attacks that target people or organizations to promote a political cause or carry out a cyber-warfare campaign.

  Both of these trends are driven by bot attacks.

  A bot is malicious software that can invade your computer. There are many infection methods. These include opening attachments that exploit a vulnerability and accessing a web site that results in a malicious download.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/102176.htm

• Question 259:

  When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?

  A. Log, send snmp trap, email

  B. Drop packet, alert, none

  C. Log, alert, none

  D. Log, allow packets, email

  Correct Answer: C

  Explanation: Configure Spoof Tracking - select the tracking action that is done when spoofed packets are detected:

  1.

  Log - Create a log entry (default)

  2.

  Alert - Show an alert

  3.

  None - Do not log or alert

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197

• Question 260:

  Access roles allow the firewall administrator to configure network access according to:

  A. a combination of computer groups and network

  B. users and user groups

  C. all of above

  D. remote access clients

  Correct Answer: C

  To create an access role:

  1.

  Select Users and Administrators in the Objects Tree.

  2.

  Right-click Access Roles > New Access Role.

  The Access Role window opens.

  3.

  Enter a Name and Comment (optional) for the access role.

  4.

  In the Networks tab, select one of these:

  Any network

  Specific networks - Click the plus sign and select a network.

  Your selection is shown in the Networks node in the Role Preview pane.

  5.

  In the Users tab, select one of these:

  Any user

  All identified users - Includes users identified by a supported authentication method (internal users, AD users or LDAP users).

  Specific users - Click the plus sign.

  A window opens. You can search for Active Directory entries or select them from the list.

  6.

  In the Machines tab, select one of these:

  Any machine

  All identified machines - Includes machines identified by a supported authentication method (AD).

  Specific machines - Click the plus sign.

  You can search for AD entries or select them from the list.

  7.

  Optional: For computers that use Full Identity Agents, from the Machines tab select Enforce IP spoofing protection.

  8.

  Click OK.

  The access role is added to the Users and Administrators tree.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92705.htm