CheckPoint Checkpoint Certifications 156-215.81.20 Questions & Answers

• Question 481:

  Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

  A. SmartView Monitor

  B. SmartEvent

  C. SmartUpdate

  D. SmartDashboard

  Correct Answer: B

  SmartEvent correlates logs from all Check Point enforcement points, including end-points, to identify suspicious activity from the clutter. Rapid data analysis and custom event logs immediately alert administrators to anomalous behavior such as someone attempting to use the same credential in multiple geographies simultaneously.

  Reference: https://www.checkpoint.com/products/smartevent/

• Question 482:

  What will be the effect of running the following command on the Security Management Server?

  

  A. Remove the installed Security Policy.

  B. Remove the local ACL lists.

  C. No effect.

  D. Reset SIC on all gateways.

  Correct Answer: A

  This command uninstall actual security policy (already installed)

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/6751.htm

• Question 483:

  An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?

  A. IPsec VPN blade should be enabled on both Security Gateway.

  B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.

  C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.

  D. The Security Gateways are pre-R75.40.

  Correct Answer: C

• Question 484:

  ABC Corp., and have recently returned from a training course on Check Point's new advanced R80 management platform. You are presenting an in-house R80 Management to the other administrators in ABC Corp.

  

  How will you describe the new "Publish" button in R80 Management Console?

  A. The Publish button takes any changes an administrator has made in their management session, publishes a copy to the Check Point of R80, and then saves it to the R80 database.

  B. The Publish button takes any changes an administrator has made in their management session and publishes a copy to the Check Point Cloud of R80 and but does not save it to the R80

  C. The Publish button makes any changes an administrator has made in their management session visible to all other administrator sessions and saves it to the Database.

  D. The Publish button makes any changes an administrator has made in their management session visible to the new Unified Policy session and saves it to the Database.

  Correct Answer: C

  To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197

• Question 485:

  Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.

  A. High Availability

  B. Load Sharing Multicast

  C. Load Sharing Pivot

  D. Master/Backup

  Correct Answer: B

  :

  ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will

  reach all members in the cluster.

  Reference:

  https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm

• Question 486:

  Fill in the blank: With the User Directory Software Blade, you can create R80 user definitions on a(an) ___________ Server.

  A. NT domain

  B. SMTP

  C. LDAP

  D. SecurID

  Correct Answer: C

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197

• Question 487:

  Which of the following is NOT a component of a Distinguished Name?

  A. Organization Unit

  B. Country

  C. Common name

  D. User container

  Correct Answer: D

  Distinguished Name Components CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/71950

• Question 488:

  What are the three authentication methods for SIC?

  A. Passwords, Users, and standards-based SSL for the creation of security channels

  B. Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption

  C. Packet Filtering, certificates, and 3DES or AES128 for encryption

  D. Certificates, Passwords, and Tokens

  Correct Answer: B

  Secure Internal Communication (SIC)

  Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between gateways, management servers and other Check Point components. SIC is

  required to install polices on gateways and to send logs between gateways and management servers.

  These security measures make sure of the safety of SIC:

  1.

  Certificates for authentication

  2.

  Standards-based SSL for the creation of the secure channel

  3.

  3DES for encryption

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/71950

• Question 489:

  You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

  A. Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.

  B. Data Awareness is not enabled.

  C. Identity Awareness is not enabled.

  D. Logs are arriving from Pre-R80 gateways.

  Correct Answer: A

  The most likely reason for the logs data to stop is the low disk space on the logging device, which can be the Management Server or the Gateway Server.

• Question 490:

  What is the order of NAT priorities?

  A. Static NAT, IP pool NAT, hide NAT

  B. IP pool NAT, static NAT, hide NAT

  C. Static NAT, automatic NAT, hide NAT

  D. Static NAT, hide NAT, IP pool NAT

  Correct Answer: A

  The order of NAT priorities is:

  1.

  Static NAT

  2.

  IP Pool NAT

  3.

  Hide NAT Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority than the other NAT methods. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm#o6919