CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81.20 Online Questions & Answers

• Question 521:

  While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?

  A. Security Gateways is not part of the Domain
  B. SmartConsole machine is not part of the domain
  C. SMS is not part of the domain
  D. Identity Awareness is not enabled on Global properties
  B. SmartConsole machine is not part of the domain

  ---

  Explanation/Reference:

  To enable Identity Awareness:

  1.

  Log in to SmartDashboard.

  2.

  From the Network Objects tree, expand the Check Point branch.

  3.

  Double-click the Security Gateway on which to enable Identity Awareness.

  4.

  In the Software Blades section, select Identity Awareness on the Network Security tab.

  The Identity Awareness Configuration wizard opens.

  5.

  Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.

  AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers.

  Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.

  Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address).

  See Choosing Identity Sources.

  Note - When you enable Browser-Based Authentication on a Security Gateway that is on an IP Series appliance, make sure to set the Voyager management application port to a port other than 443 or 80.

  6.

  Click Next.

  The Integration With Active Directory window opens.

  When SmartDashboard is part of the domain, SmartDashboard suggests this domain automatically. If you select this domain, the system creates an LDAP Account Unit with all of the domain controllers in the organization's Active Directory.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm

• Question 522:

  Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

  A. Full
  B. Light
  C. Custom
  D. Complete
  A. Full

  ---

  Explanation/Reference:

  Endpoint Identity Agents ?dedicated client agents installed on users' computers that acquire and report identities to the Security Gateway.

• Question 523:

  Fill in the blank: The ________ feature allows administrators to share a policy with other policy packages.

  A. Shared policy packages
  B. Shared policies
  C. Concurrent policy packages
  D. Concurrent policies
  A. Shared policy packages

• Question 524:

  You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?

  A. The POP3 rule is disabled.
  B. POP3 is accepted in Global Properties.
  C. The POP3 rule is hidden.
  D. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.
  C. The POP3 rule is hidden.

• Question 525:

  Check Point Update Service Engine (CPUSE), also known as Deployment Agent [DA], is an advanced and intuitive mechanism for software deployment on Gaia OS. What software packages are supported for deployment?

  A. It supports deployments of single HotFixes (HF), and of Major Versions. Blink Packages and HotFix Accumulators (Jumbo) are not supported.
  B. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions.
  C. It supports deployments of Major Versions and Blink packages only.
  D. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), but not of Major Versions.
  B. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions.

• Question 526:

  What are the two types of NAT supported by the Security Gateway?

  A. Destination and Hide
  B. Hide and Static
  C. Static and Source
  D. Source and Destination
  B. Hide and Static

  ---

  Explanation/Reference:

  A Security Gateway can use these procedures to translate IP addresses in your network:

  1.

  Static NAT - Each internal IP address is translated to a different public IP address. The Firewall can allow external traffic to access internal resources.

  2.

  Hide NAT - The Firewall uses port numbers to translate all specified internal IP addresses to a single public IP address and hides the internal IP structure. Connections can only start from internal computers, external computers CANNOT access internal servers. The Firewall can translate up to 50,000 connections at the same time from external computers and servers.

  3.

  Hide NAT with Port Translation - Use one IP address and let external users access multiple application servers in a hidden network. The Firewall uses the requested service (or destination port) to send the traffic to the correct server. A typical configuration can use these ports: FTP server (port 21), SMTP server (port 25) and an HTTP server (port 80). It is necessary to create manual NAT rules to use Port Translation.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm

• Question 527:

  Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?

  A. UserCheck
  B. Active Directory Query
  C. Account Unit Query
  D. User Directory Query
  B. Active Directory Query

  ---

  Explanation/Reference:

  :

  AD Query extracts user and computer identity information from the Active Directory Security Event Logs. The system generates a Security Event log entry when a user or computer accesses a network resource. For example, this occurs when

  a user logs in, unlocks a screen, or accesses a network drive.

  Reference : https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htm

• Question 528:

  Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.

  A. SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
  B. SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
  C. SmartView Tracker, CPINFO, SmartUpdate
  D. Security Policy Editor, Log Viewer, Real Time Monitor GUI
  C. SmartView Tracker, CPINFO, SmartUpdate

• Question 529:

  ALPHA Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes that even though he has logged in as an administrator, he is unable to make any changes because all configuration options are greyed out as shown in the screenshot image below. What is the likely cause for this?

  

  A. The Gaia /bin/confd is locked by another administrator from a SmartConsole session.
  B. The database is locked by another administrator SSH session.
  C. The Network address of his computer is in the blocked hosts.
  D. The IP address of his computer is not in the allowed hosts.
  B. The database is locked by another administrator SSH session.

  ---

  Explanation/Reference:

  There is a lock on top left side of the screen. B is the logical answer.

• Question 530:

  According to Check Point Best Practice, when adding a 3rd party gateway to a Check Point security solution what object SHOULD be added? A(n):

  A. Interoperable Device
  B. Network Node
  C. Externally managed gateway
  D. Gateway
  A. Interoperable Device