CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81.20 Online Questions & Answers

• Question 271:

  You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?

  A. Manual copies of the directory $FWDIR/conf
  B. upgrade_export command
  C. Database Revision Control
  D. GAiA backup utilities
  C. Database Revision Control

• Question 272:

  Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

  A. Auditor
  B. Read Only All
  C. Super User
  D. Full Access
  B. Read Only All

  ---

  Explanation/Reference:

  To create a new permission profile:

  1.

  In SmartConsole, go to Manage and Settings > Permissions and Administrators > Permission Profiles.

  2.

  Click New Profile.

  The New Profile window opens.

  3.

  Enter a unique name for the profile.

  4.

  Select a profile type:

  Read/Write All - Administrators can make changes

  Auditor (Read Only All) - Administrators can see information but cannot make changes

  Customized - Configure custom settings

  5.

  Click OK.

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265

• Question 273:

  You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?

  A. Open SmartEvent to see why they are being blocked.
  B. From SmartConsole, go to the Log and Monitor tab and filter for the IP address of the tablet.
  C. Open SmartMonitor and connect remotely to the wireless controller.
  D. Open SmartUpdate and review the logs tab.
  B. From SmartConsole, go to the Log and Monitor tab and filter for the IP address of the tablet.

• Question 274:

  Which repositories are installed on the Security Management Server by SmartUpdate?

  A. License and Update
  B. Package Repository and Licenses
  C. Update and License and Contract
  D. License and Contract and Package Repository
  D. License and Contract and Package Repository

  ---

  Explanation/Reference:

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128.htm

• Question 275:

  Which policy type is used to enforce bandwidth and traffic control rules?

  A. Threat Emulation
  B. Access Control
  C. QoS
  D. Threat Prevention
  C. QoS

  ---

  Explanation/Reference:

  Check Point's QoS Solution QoS is a policy-based QoS management solution from Check Point Software Technologies Ltd., satisfies your needs for a bandwidth management solution. QoS is a unique, software-only based application that manages traffic end-to-end across networks, by distributing enforcement throughout network hardware and software. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_QoS_AdminGuide/index.html

• Question 276:

  Which default user has full read/write access?

  A. Monitor
  B. Altuser
  C. Administrator
  D. Superuser
  C. Administrator

• Question 277:

  At what point is the Internal Certificate Authority (ICA) created?

  A. Upon creation of a certificate
  B. During the primary Security Management Server installation process.
  C. When an administrator decides to create one.
  D. When an administrator initially logs into SmartConsole.
  B. During the primary Security Management Server installation process.

  ---

  Explanation/Reference:

  Introduction to the ICA The ICA is a Certificate Authority which is an integral part of the Check Point product suite. It is fully compliant with X.509 standards for both certificates and CRLs. See the relevant X.509 and PKI documentation, as well as RFC 2459 standards for more information. You can read more about Check Point and PKI in the R76 VPN Administration Guide. The ICA is located on the Security Management server. It is created during the installation process, when the Security Management server is configured. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/ html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/13118

• Question 278:

  Which of the following situations would not require a new license to be generated and installed?

  A. The existing license expires.
  B. The Security Gateway is upgraded.
  C. The license is upgraded.
  D. The IP address of the Security Management or Security Gateway has changed.
  B. The Security Gateway is upgraded.

• Question 279:

  Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

  A. Anti-spam and Email Security
  B. Anti-Virus
  C. Firewall
  D. Application Control
  B. Anti-Virus

• Question 280:

  How is communication between different Check Point components secured in R80? As with all questions, select the best answer.

  A. By using IPSEC
  B. By using SIC
  C. By using ICA
  D. By using 3DES
  B. By using SIC

  ---

  Explanation/Reference:

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/125443