CheckPoint Checkpoint Certifications 156-215.81.20 Questions & Answers

• Question 541:

  Fill in the blank: Each cluster has __________ interfaces.

  A. Five

  B. Two

  C. Three

  D. Four

  Correct Answer: C

  Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm

• Question 542:

  What are the three essential components of the Check Point Security Management Architecture?

  A. SmartConsole, Security Management Server, Security Gateway

  B. SmartConsole, SmartUpdate, Security Gateway

  C. Security Management Server, Security Gateway, Command Line Interface

  D. WebUI, SmartConsole, Security Gateway

  Correct Answer: A

  Deployments

  Basic deployments:

  1.

  Standalone deployment - Security Gateway and the Security Management server are installed on the same machine.

  2.

  Distributed deployment - Security Gateway and the Security Management server are installed on different machines.

  

  Assume an environment with gateways on different sites. Each Security Gateway connects to the Internet on one side, and to a LAN on the other.

  You can create a Virtual Private Network (VPN) between the two Security Gateways, to secure all communication between them.

  The Security Management server is installed in the LAN, and is protected by a Security Gateway. The Security Management server manages the Security Gateways and lets remote users connect securely to the corporate network.

  SmartDashboard can be installed on the Security Management server or another computer.

  There can be other OPSEC-partner modules (for example, an Anti-Virus Server) to complete the network security with the Security Management server and its Security Gateways. Reference: https://sc1.checkpoint.com/documents/R77/

  CP_R77_SecurityManagement_WebAdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_SecurityManagement_WebAdminGuide/118037

• Question 543:

  What are the two types of address translation rules?

  A. Translated packet and untranslated packet

  B. Untranslated packet and manipulated packet

  C. Manipulated packet and original packet

  D. Original packet and translated packet

  Correct Answer: D

  NAT Rule Base

  The NAT Rule Base has two sections that specify how the IP addresses are translated:

  1.

  Original Packet

  2.

  Translated Packet Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm

• Question 544:

  You are unable to login to SmartDashboard. You log into the management server and run #cpwd_admin list with the following output:

  

  What reason could possibly BEST explain why you are unable to connect to SmartDashboard?

  A. CDP is down

  B. SVR is down

  C. FWM is down

  D. CPSM is down

  Correct Answer: C

  The correct answer would be FWM (is the process making available communication between SmartConsole applications and Security Management Server.). STATE is T (Terminate = Down) :

  Symptoms

  SmartDashboard fails to connect to the Security Management server.

  1.

  Verify if the FWM process is running. To do this, run the command: [Expert@HostName:0]# ps -aux | grep fwm

  2.

  If the FWM process is not running, then try force-starting the process with the following command: [Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"

  Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk97638 https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doGoviewsolutiondetails=andsolutionid=sk12120

• Question 545:

  What does ExternalZone represent in the presented rule?

  

  A. The Internet.

  B. Interfaces that administrator has defined to be part of External Security Zone.

  C. External interfaces on all security gateways.

  D. External interfaces of specific gateways.

  Correct Answer: B

  Configuring Interfaces

  Configure the Security Gateway 80 interfaces in the Interfaces tab in the Security Gateway window.

  To configure the interfaces:

  1.

  From the Devices window, double-click the Security Gateway 80. The Security Gateway window opens.

  2.

  Select the Interfaces tab.

  3.

  Select Use the following settings. The interface settings open.

  4.

  Select the interface and click Edit. The Edit window opens.

  5.

  From the IP Assignment section, configure the IP address of the interface:

  1.

  Select Static IP.

  2.

  Enter the IP address and subnet mask for the interface.

  6. In Security Zone, select Wireless, DMS, External, or Internal. Security zone is a type of zone, created by a bridge to easily create segments, while maintaining IP addresses and router configurations. Security zones let you choose if to enable or not the firewall between segments.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartProvisioning_WebAdmin/16741.htm

• Question 546:

  Fill in the blank: The R80 utility fw monitor is used to troubleshoot _____________ A. User data base corruption

  B. LDAP conflicts

  C. Traffic issues

  D. Phase two key negotiation

  Correct Answer: C

  Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark

  Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk30583

• Question 547:

  What are the two high availability modes?

  A. Load Sharing and Legacy

  B. Traditional and New

  C. Active and Standby

  D. New and Legacy

  Correct Answer: D

  ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages.

  1.

  Load Sharing Multicast Mode

  2.

  Load Sharing Unicast Mode

  3.

  New High Availability Mode

  4.

  High Availability Legacy Mode

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm#o7363

• Question 548:

  Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.

  A. Block Port Overflow

  B. Local Interface Spoofing

  C. Suspicious Activity Monitoring

  D. Adaptive Threat Prevention

  Correct Answer: C

  Suspicious Activity Rules Solution Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access). The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation Reference: https://sc1.checkpoint.com/documents/R76/ CP_R76_SmartViewMonitor_AdminGuide/17670.htm

• Question 549:

  Which Threat Prevention Software Blade provides comprehensive against malicious and unwanted network traffic, focusing on application and server vulnerabilities?

  A. Anti-Virus

  B. IPS

  C. Anti-Spam

  D. Anti-bot

  Correct Answer: B

  The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:

  1.

  Malware attacks

  2.

  Dos and DDoS attacks

  3.

  Application and server vulnerabilities

  4.

  Insider threats

  5.

  Unwanted application traffic, including IM and P2P

  Reference: https://www.checkpoint.com/products/ips-software-blade/

• Question 550:

  What is the purpose of Captive Portal?

  A. It provides remote access to SmartConsole

  B. It manages user permission in SmartConsole

  C. It authenticates users, allowing them access to the Internet and corporate resources

  D. It authenticates users, allowing them access to the Gaia OS

  Correct Answer: C

  Captive Portal ?a simple method that authenticates users through a web interface before granting them access to Intranet resources. When users try to access a protected resource, they get a web page that must be filled out to continue. Reference : https://www.checkpoint.com/products/identity-awareness-software-blade/