CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81.20 Online Questions & Answers

• Question 351:

  Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

  A. mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt
  B. mgmt_cli add host name "Server_1" ip_address "10.15.123.10" --format json
  C. mgmt_cli add object-host "Server_1" ip_address "10.15.123.10" --format json
  D. mgmt_cli add object "Server_1" ip_address "10.15.123.10" --format json
  A. mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt

  ---

  Explanation/Reference:

  Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1

• Question 352:

  You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

  A. fwd
  B. fwm
  C. cpd
  D. cpwd
  B. fwm

• Question 353:

  One of major features in R80.x SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the same Security Policy?

  A. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
  B. AdminA and AdminB are editing the same rule at the same time.
  C. AdminB sees a pencil icon next the rule that AdminB is currently editing.
  D. AdminA, AdminB and AdminC are editing three different rules at the same time.
  A. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.

  ---

  Explanation/Reference:

  In SmartConsole, administrators work with sessions. A session is created each time an administrator logs into SmartConsole. Changes made in the session are saved automatically. These changes are private and available only to the administrator. To avoid configuration conflicts, other administrators see a lock icon on objects and rules that are being edited in other sessions.

  Reference: http://downloads.checkpoint.com/dc/download.htm?ID=65846

• Question 354:

  How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

  A. Install appliance TE250X on SpanPort on LAN switch in MTA mode
  B. Install appliance TE250X in standalone mode and setup MTA
  C. You can utilize only Check Point Cloud Services for this scenario
  D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance
  C. You can utilize only Check Point Cloud Services for this scenario

  ---

  Explanation/Reference:

  Reference: http://dl3.checkpoint.com/paid/f2/f2faf02dba06acad8cc4c57833593df6/CP_TE100X_TE250X_Appliance_GettingStartedGuide.pdf?HashKey=1517091196_a292abdde351bbdb4b3d28e82654b240andxtn=.pdf

• Question 355:

  MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?

  A. Using the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate.
  B. Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.
  C. Using the remote Gateway's IP address, and applying the license locally with command cplic put.
  D. Using each of the Gateway's IP addresses, and applying the licenses on the Security Management Server with the command cprlic put.
  B. Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.

• Question 356:

  Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

  A. User Directory
  B. Captive Portal and Transparent Kerberos Authentication
  C. Captive Portal
  D. UserCheck
  B. Captive Portal and Transparent Kerberos Authentication

  ---

  Explanation/Reference:

  To enable Identity Awareness:

  1.

  Log in to SmartDashboard.

  2.

  From the Network Objects tree, expand the Check Point branch.

  3.

  Double-click the Security Gateway on which to enable Identity Awareness.

  4.

  In the Software Blades section, select Identity Awareness on the Network Security tab.

  The Identity Awareness Configuration wizard opens.

  5.

  Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.

  AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers.

  Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm

• Question 357:

  When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?

  A. Any size
  B. Less than 20GB
  C. More than 10GB and less than 20 GB
  D. At least 20GB
  D. At least 20GB

  ---

  Explanation/Reference:

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829

• Question 358:

  Which of the following is NOT a back up method?

  A. Save backup
  B. System backup
  C. snapshot
  D. Migrate
  A. Save backup

  ---

  Explanation/Reference:

  The built-in Gaia backup procedures:

  Snapshot Management

  System Backup (and System Restore)

  Save/Show Configuration (and Load Configuration)

  Check Point provides three different procedures for backing up (and restoring) the operating system and networking parameters on your appliances.

  Snapshot (Revert)

  Backup (Restore)

  upgrade_export (Migrate)

  Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk108902 https://supportcenter.checkpoint.com/supportcenter/portal?

  eventSubmit_doGoviewsolutiondetails=andsolutionid=sk54100

• Question 359:

  Which utility allows you to configure the DHCP service on GAIA from the command line?

  A. ifconfig
  B. dhcp_cfg
  C. sysconfig
  D. cpconfig
  C. sysconfig

  ---

  Explanation/Reference:

  Sysconfig Configuration Options

  

  Refrence: https://sc1.checkpoint.com/documents/R76/CP_R76_Splat_AdminGuide/51548.htm

  NOTE:Question must be wrong because no answer is possible for GAIA system, this must be SPLAT version.

  DHCP CLI configuration for GAIA reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73181.htm#o80096

• Question 360:

  What is the benefit of Manual NAT over Automatic NAT?

  A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy
  B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
  C. You have the full control about the priority of the NAT rules
  D. On IPSO and GAIA Gateways, it is handled in a Stateful manner
  C. You have the full control about the priority of the NAT rules