CheckPoint Checkpoint Certifications 156-215.81.20 Questions & Answers

• Question 531:

  Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?

  A. Central

  B. Corporate

  C. Formal

  D. Local

  Correct Answer: D

• Question 532:

  Which utility shows the security gateway general system information statistics like operating system information and resource usage, and individual software blade statistics of VPN, Identity Awareness and DLP?

  A. cpconfig

  B. fw ctl pstat

  C. cpview

  D. fw ctl multik stat

  Correct Answer: C

  CPView Utility is a text based built-in utility that can be run ('cpview' command) on Security Gateway / Security Management Server / Multi-Domain Security Management Server. CPView Utility shows statistical data that contain both general system information (CPU, Memory, Disk space) and information for different Software Blades (only on Security Gateway). The data is continuously updated in easy to access views. Reference: https://supportcenter.checkpoint.com/ supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk101878

• Question 533:

  The following graphic shows: A. View from SmartLog for logs initiated from source address 10.1.1.202

  

  B. View from SmartView Tracker for logs of destination address 10.1.1.202

  C. View from SmartView Tracker for logs initiated from source address 10.1.1.202

  D. View from SmartView Monitor for logs initiated from source address 10.1.1.202

  Correct Answer: C

• Question 534:

  In R80, Unified Policy is a combination of

  A. Access control policy, QoS Policy, Desktop Security Policy and endpoint policy.

  B. Access control policy, QoS Policy, Desktop Security Policy and Threat Prevention Policy.

  C. Firewall policy, address Translation and application and URL filtering, QoS Policy, Desktop Security Policy and Threat Prevention Policy.

  D. Access control policy, QoS Policy, Desktop Security Policy and VPN policy.

  Correct Answer: D

  D is the best answer given the choices.

  Unified Policy

  In R80 the Access Control policy unifies the policies of these pre-R80 Software Blades:

  1.

  Firewall and VPN

  2.

  Application Control and URL Filtering

  3.

  Identity Awareness

  4.

  Data Awareness

  5.

  Mobile Access

  6.

  Security Zones Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197andanchor=o129934

• Question 535:

  Fill in the blank: The command __________ provides the most complete restoration of a R80 configuration.

  A. upgrade_import

  B. cpconfig

  C. fwm dbimport -p

  D. cpinfo -recover

  Correct Answer: A

  (Should be "migrate import")

  "migrate import" Restores backed up configuration for R80 version, in previous versions the command was " upgrade_import ".

  Reference: http://dl3.checkpoint.com/paid/08/08586e2852acc054809517b267402a35/CP_R80_Gaia_InstallationAndUpgradeGuide.pdf?HashKey=1479700086_4553ede4b53a7882cd8052eed7c347beandxtn=.pdf

• Question 536:

  The Gaia operating system supports which routing protocols?

  A. BGP, OSPF, RIP

  B. BGP, OSPF, EIGRP, PIM, IGMP

  C. BGP, OSPF, RIP, PIM, IGMP

  D. BGP, OSPF, RIP, EIGRP

  Correct Answer: A

  The Advanced Routing Suite The Advanced Routing Suite CLI is available as part of the Advanced Networking Software Blade. For organizations looking to implement scalable, fault-tolerant, secure networks, the Advanced Networking blade enables them to run industry-standard dynamic routing protocols including BGP, OSPF, RIPv1, and RIPv2 on security gateways. OSPF, RIPv1, and RIPv2 enable dynamic routing over a single autonomous system--like a single department, company, or service provider--to avoid network failures. BGP provides dynamic routing support across more complex networks involving multiple autonomous systems--such as when a company uses two service providers or divides a network into multiple areas with different administrators responsible for the performance of each. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecurePlatform_AdvancedRouting_WebAdmin/html_frameset.htm

• Question 537:

  Joey wants to configure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?

  A. https://

  B. https://:443

  C. https://:10000

  D. https://:4434

  Correct Answer: A

  Access to Web UI Gaia administration interface, initiate a connection from a browser to the default administration IP address:

  Logging in to the WebUI

  Logging in

  To log in to the WebUI:

  1.

  Enter this URL in your browser:

  https://

  2.

  Enter your user name and password.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/75930

• Question 538:

  Which application should you use to install a contract file?

  A. SmartView Monitor

  B. WebUI

  C. SmartUpdate

  D. SmartProvisioning

  Correct Answer: C

  Using SmartUpdate: If you already use an NGX R65 (or higher) Security Management / Provider-1 / Multi-Domain Management Server, SmartUpdate allows you to import the service contract file that you have downloaded in Step #3. Open SmartUpdate and from the Launch Menu select 'Licenses and Contracts' -> 'Update Contracts' -> 'From File...' and provide the path to the file you have downloaded in Step #3:

  

  Note: If SmartUpdate is connected to the Internet, you can download the service contract file directly from the UserCenter without going through the download and import steps. Reference: https://supportcenter.checkpoint.com/supportcenter/ portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk33089

• Question 539:

  Which feature is NOT provided by all Check Point Mobile Access solutions?

  A. Support for IPv6

  B. Granular access control

  C. Strong user authentication

  D. Secure connectivity

  Correct Answer: A

  Types of Solutions

  All of Check Point's Remote Access solutions provide:

  1.

  Enterprise-grade, secure connectivity to corporate resources.

  2.

  Strong user authentication.

  3.

  Granular access control.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/83586.htm

• Question 540:

  You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right protections in place. Check Point has been selected for the security vendor. Which Check Point products protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?

  A. IPS and Application Control

  B. IPS, anti-virus and anti-bot

  C. IPS, anti-virus and e-mail security

  D. SandBlast

  Correct Answer: D

  SandBlast Zero-Day Protection

  Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point provides a deeper level of inspection so you can prevent more malware and zero-day

  attacks, while ensuring quick delivery of safe content to your users.

  Reference: https://www.checkpoint.com/products-solutions/zero-day-protection/