CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81.20 Online Questions & Answers

• Question 451:

  Which of these statements describes the Check Point ThreatCloud?

  A. Blocks or limits usage of web applications
  B. Prevents or controls access to web sites based on category
  C. Prevents Cloud vulnerability exploits
  D. A worldwide collaborative security network
  D. A worldwide collaborative security network

  ---

  Explanation/Reference:

  Reference: https://www.checkpoint.com/support-services/threatcloud-managed-security-service/

• Question 452:

  Which command can you use to enable or disable multi-queue per interface?

  A. cpmq set
  B. Cpmqueue set
  C. Cpmq config
  D. Set cpmq enable
  A. cpmq set

  ---

  Explanation/Reference:

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm

• Question 453:

  There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically?

  A. No, since "maintain current active cluster member" option on the cluster object properties is enabled by default
  B. No, since "maintain current active cluster member" option is enabled by default on the Global Properties
  C. Yes, since "Switch to higher priority cluster member" option on the cluster object properties is enabled by default
  D. Yes, since "Switch to higher priority cluster member" option is enabled by default on the Global Properties
  A. No, since "maintain current active cluster member" option on the cluster object properties is enabled by default

  ---

  Explanation/Reference:

  What Happens When a Security Gateway Recovers?

  In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are redistributed among all active members. High Availability and Load Sharing in ClusterXL ClusterXL Administration Guide R77

  Versions | 31 In a High Availability configuration, when the failed Security Gateway in a cluster recovers, the recovery method depends on the configured cluster setting. The options are:

  Maintain Current Active Security Gateway means that if one member passes on control to a lower priority member, control will be returned to the higher priority member only if the lower priority member fails. This mode is recommended if all

  members are equally capable of processing traffic, in order to minimize the number of failover events.

  Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher priority member is restored, then control will be returned to the higher priority member. This mode is recommended if one member is

  better equipped for handling connections, so it will be the default Security Gateway.

  Reference: http://dl3.checkpoint.com/paid/7e/7ef174cf00762ceaf228384ea20ea64a/CP_R77_ClusterXL_AdminGuide.pdf?HashKey=1479822138_31410b1f8360074be87fd8f1ab682464andxtn=.pdf

• Question 454:

  You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?

  A. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
  B. An office mode address must be obtained by the client.
  C. The SNX client application must be installed on the client.
  D. Active-X must be allowed on the client.
  A. SNX modifies the routing table to forward VPN traffic to the Security Gateway.

• Question 455:

  Vanessa is attempting to log into the Gaia Web Portal. She is able to login successfully. Then she tries the same username and password for SmartConsole but gets the message in the screenshot image below. She has checked that the IP address of the Server is correct and the username and password she used to login into Gaia is also correct.

  

  What is the most likely reason?

  A. Check Point R80 SmartConsole authentication is more secure than in previous versions and Vanessa requires a special authentication key for R80 SmartConsole. Check that the correct key details are used.
  B. Check Point Management software authentication details are not automatically the same as the Operating System authentication details. Check that she is using the correct details.
  C. SmartConsole Authentication is not allowed for Vanessa until a Super administrator has logged in first and cleared any other administrator sessions.
  D. Authentication failed because Vanessa's username is not allowed in the new Threat Prevention console update checks even though these checks passed with Gaia.
  B. Check Point Management software authentication details are not automatically the same as the Operating System authentication details. Check that she is using the correct details.

• Question 456:

  Which of the following is NOT an alert option?

  A. SNMP
  B. High alert
  C. Mail
  D. User defined alert
  B. High alert

  ---

  Explanation/Reference:

  In Action, select:

  1.

  none - No alert.

  2.

  log - Sends a log entry to the database.

  3.

  alert - Opens a pop-up window to your desktop.

  4.

  mail - Sends a mail alert to your Inbox.

  5.

  snmptrap - Sends an SNMP alert.

  6.

  useralert - Runs a script. Make sure a user-defined action is available. Go to SmartDashboard > Global Properties > Log and Alert > Alert Commands.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SmartViewMonitor_AdminGuide/101104.htm

• Question 457:

  An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?

  A. IPsec VPN blade should be enabled on both Security Gateway.
  B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
  C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
  D. The Security Gateways are pre-R75.40.
  C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.

• Question 458:

  Fill in the blank: The tool _______ generates a R80 Security Gateway configuration report.

  A. infoCP
  B. infoview
  C. cpinfo
  D. fw cpinfo
  C. cpinfo

  ---

  Explanation/Reference:

  CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).

  The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth

  analysis of customer's configuration and environment settings.

  When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security Gateways involved in your case. Reference: https://supportcenter.checkpoint.com/supportcenter/portal?

  eventSubmit_doGoviewsolutiondetails=andsolutionid=sk92739

• Question 459:

  Web Control Layer has been set up using the settings in the following dialogue:

  

  Consider the following policy and select the BEST answer.

  

  A. Traffic that does not match any rule in the subpolicy is dropped.
  B. All employees can access only Youtube and Vimeo.
  C. Access to Youtube and Vimeo is allowed only once a day.
  D. Anyone from internal network can access the internet, expect the traffic defined in drop rules 5.2, 5.5 and 5.6.
  D. Anyone from internal network can access the internet, expect the traffic defined in drop rules 5.2, 5.5 and 5.6.

  ---

  Explanation/Reference:

  Policy Layers and Sub-Policies R80 introduces the concept of layers and sub-policies, allowing you to segment your policy according to your network segments or business units/functions. In addition, you can also assign granular privileges by layer or sub-policy to distribute workload and tasks to the most qualified administrators

  1.

  With layers, the rule base is organized into a set of security rules. These set of rules or layers, are inspected in the order in which they are defined, allowing control over the rule base flow and the security functionalities that take precedence. If an "accept" action is performed across a layer, the inspection will continue to the next layer. For example, a compliance layer can be created to overlay across a cross-section of rules.

  2.

  Sub-policies are sets of rules that are created for a specific network segment, branch office or business unit, so if a rule is matched, inspection will continue through this subset of rules before it moves on to the next rule.

  3.

  Sub-policies and layers can be managed by specific administrators, according to their permissions profiles. This facilitates task delegation and workload distribution.

  Reference: https://community.checkpoint.com/docs/DOC-1065

• Question 460:

  Which command is used to add users to or from existing roles?

  A. Add rba user roles
  B. Add rba user
  C. Add user roles
  D. Add user
  A. Add rba user roles

  ---

  Explanation/Reference:

  Configuring Roles - CLI (rba)

  

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73101.htm