CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81.20 Online Questions & Answers

• Question 461:

  Which of the following is TRUE about the Check Point Host object?

  A. Check Point Host has no routing ability even if it has more than one interface installed.
  B. When you upgrade to R80 from R77.30 or earlier versions, Check Point Host objects are converted to gateway objects.
  C. Check Point Host is capable of having an IP forwarding mechanism.
  D. Check Point Host can act as a firewall.
  A. Check Point Host has no routing ability even if it has more than one interface installed.

  ---

  Explanation/Reference:

  A Check Point host is a host with only one interface, on which Check Point software has been installed, and which is managed by the Security Management server. It is not a routing mechanism and is not capable of IP forwarding. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/13139

• Question 462:

  What is true about the IPS-Blade?

  A. in R80, IPS is managed by the Threat Prevention Policy
  B. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
  C. in R80, IPS Exceptions cannot be attached to "all rules"
  D. in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
  A. in R80, IPS is managed by the Threat Prevention Policy

• Question 463:

  In SmartEvent, a correlation unit (CU) is used to do what?

  A. Receive firewall and other software blade logs in a region and forward them to the primary log server.
  B. Collect security gateway logs, index the logs and then compress the logs.
  C. Send SAM block rules to the firewalls during a DOS attack.
  D. Analyze log entries and identify events.
  D. Analyze log entries and identify events.

• Question 464:

  Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?

  A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.
  B. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.
  C. Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.
  D. Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.
  A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

• Question 465:

  What key is used to save the current CPView page in a filename format cpview_"cpview process ID". cap"number of captures"?

  A. S
  B. W
  C. C
  D. Space bar
  C. C

  ---

  Explanation/Reference:

  Reference: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_SecurityManagement_AdminGuide/html_frameset.htm?topic=documents/R80.20_GA/WebAdminGuides/EN/ CP_R80.20_SecurityManagement_AdminGuide/204685

• Question 466:

  Why would an administrator see the message below?

  

  A. A new Policy Package created on both the Management and Gateway will be deleted and must be packed up first before proceeding.
  B. A new Policy Package created on the Management is going to be installed to the existing Gateway.
  C. A new Policy Package created on the Gateway is going to be installed on the existing Management.
  D. A new Policy Package created on the Gateway and transferred to the management will be overwritten by the Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.
  B. A new Policy Package created on the Management is going to be installed to the existing Gateway.

• Question 467:

  In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?

  A. Network Object
  B. IP Address
  C. Limit
  D. Custom Application / Site
  B. IP Address

• Question 468:

  Fill in the blank: Service blades must be attached to a ______________.

  A. Security Gateway
  B. Management container
  C. Management server
  D. Security Gateway container
  A. Security Gateway

  ---

  Explanation/Reference:

  Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk80840

• Question 469:

  Fill in the blank: A(n) _____ rule is created by an administrator and configured to allow or block traffic based on specified criteria.

  A. Explicit
  B. Implicit drop
  C. Implicit accept
  D. Inline
  A. Explicit

• Question 470:

  In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

  A. Install policy
  B. Publish changes
  C. Install database
  D. Save changes
  A. Install policy