CheckPoint Checkpoint Certifications 156-215.81.20 Questions & Answers

• Question 521:

  Tina is a new administrator who is currently reviewing the new Check Point R80 Management console interface. In the Gateways view, she is reviewing the Summary screen as in the screenshot below. What as an 'Open Server'?

  

  A. Check Point software deployed on a non-Check Point appliance.

  B. The Open Server Consortium approved Server Hardware used for the purpose of Security and Availability.

  C. A check Point Management Server deployed using the Open Systems Interconnection (OSI) Server and Security deployment model.

  D. A check Point Management Server software using the Open SSL.

  Correct Answer: A

  

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/index.html

• Question 522:

  Choose what BEST describes the Policy Layer Traffic Inspection.

  A. If a packet does not match any of the inline layers, the matching continues to the next Layer.

  B. If a packet matches an inline layer, it will continue matching the next layer.

  C. If a packet does not match any of the inline layers, the packet will be matched against the Implicit Clean-up Rule.

  D. If a packet does not match a Network Policy Layer, the matching continues to its inline layer.

  Correct Answer: B

  Reference: https://community.checkpoint.com/thread/1092

• Question 523:

  What are the three conflict resolution rules in the Threat Prevention Policy Layers?

  A. Conflict on action, conflict on exception, and conflict on settings

  B. Conflict on scope, conflict on settings, and conflict on exception

  C. Conflict on settings, conflict on address, and conflict on exception

  D. Conflict on action, conflict on destination, and conflict on settings

  Correct Answer: C

• Question 524:

  What does the "unknown" SIC status shown on SmartConsole mean?

  A. The SMS can contact the Security Gateway but cannot establish Secure Internal Communication.

  B. SIC activation key requires a reset.

  C. The SIC activation key is not known by any administrator.

  D. There is no connection between the Security Gateway and SMS.

  Correct Answer: D

  The most typical status is Communicating. Any other status indicates that the SIC communication is problematic. For example, if the SIC status is Unknown then there is no connection between the Gateway and the Security Management server. If the SIC status is Not Communicating, the Security Management server is able to contact the gateway, but SIC communication cannot be established.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/118037

• Question 525:

  Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?

  

  A. set web ssl-port

  B. set Gaia-portal

  C. set Gaia-portal https-port

  D. set web https-port

  Correct Answer: A

  In Clish

  A. Connect to command line on Security Gateway / each Cluster member.

  B. Log in to Clish.

  C. Set the desired port (e.g., port 4434): HostName> set web ssl-port

  D. Save the changes: HostName> save config

  E. Verify that the configuration was saved: [Expert@HostName]# grep 'httpd:ssl_port' /config/db/initial Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk83482

• Question 526:

  Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

  A. User Directory

  B. Captive Portal and Transparent Kerberos Authentication

  C. Captive Portal

  D. UserCheck

  Correct Answer: B

  To enable Identity Awareness:

  1.

  Log in to SmartDashboard.

  2.

  From the Network Objects tree, expand the Check Point branch.

  3.

  Double-click the Security Gateway on which to enable Identity Awareness.

  4.

  In the Software Blades section, select Identity Awareness on the Network Security tab.

  The Identity Awareness Configuration wizard opens.

  5.

  Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.

  AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers.

  Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm

• Question 527:

  Which default user has full read/write access?

  A. Monitor

  B. Altuser

  C. Administrator

  D. Superuser

  Correct Answer: C

• Question 528:

  Fill in the blanks: The _________ collects logs and sends them to the _________ .

  A. Log server; security management server

  B. Log server; Security Gateway

  C. Security management server; Security Gateway

  D. Security Gateways; log server

  Correct Answer: D

• Question 529:

  The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is _______ .

  A. TCP 18211

  B. TCP 257

  C. TCP 4433

  D. TCP 443

  Correct Answer: D

• Question 530:

  Fill in the blank: To build an effective Security Policy, use a ________ and _______ rule.

  A. Cleanup; stealth

  B. Stealth; implicit

  C. Cleanup; default

  D. Implicit; explicit

  Correct Answer: A