CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81.20 Online Questions & Answers

• Question 571:

  Which option, when applied to a rule, allows all encrypted and non-VPN traffic that matches the rule?

  A. All Site-to-Site VPN Communities
  B. Accept all encrypted traffic
  C. All Connections (Clear or Encrypted)
  D. Specific VPN Communities
  B. Accept all encrypted traffic

• Question 572:

  What is the purpose of the Stealth Rule?

  A. To reduce the amount of logs for performance issues.
  B. To reduce the number of rules in the database.
  C. To prevent users from directly connecting to a Security Gateway.
  D. To make the gateway visible to the Internet.
  C. To prevent users from directly connecting to a Security Gateway.

• Question 573:

  Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?

  A. Central
  B. Corporate
  C. Formal
  D. Local
  D. Local

• Question 574:

  What will be the effect of running the following command on the Security Management Server?

  

  A. Remove the installed Security Policy.
  B. Remove the local ACL lists.
  C. No effect.
  D. Reset SIC on all gateways.
  A. Remove the installed Security Policy.

  ---

  Explanation/Reference:

  This command uninstall actual security policy (already installed)

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/6751.htm

• Question 575:

  What is the main objective when using Application Control?

  A. To see what users are doing.
  B. Ensure security and privacy of information.
  C. To filter out specific content.
  D. To assist the firewall blade with handling traffic.
  B. Ensure security and privacy of information.

• Question 576:

  Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?

  A. Kerberos Ticket Renewed
  B. Kerberos Ticket Requested
  C. Account Logon
  D. Kerberos Ticket Timed Out
  D. Kerberos Ticket Timed Out

• Question 577:

  What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?

  A. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
  B. Install the View Implicit Rules package using SmartUpdate.
  C. Define two log servers on the R77 Gateway object. Lof Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
  D. Check the Log Implied Rules Globally box on the R77 Gateway object.
  A. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.

• Question 578:

  Which key is created during Phase 2 of a site-to-site VPN?

  A. Pre-shared secret
  B. Diffie-Hellman Public Key
  C. Symmetrical IPSec key
  D. Diffie-Hellman Private Key
  C. Symmetrical IPSec key

  ---

  Explanation/Reference:

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13847.htm

• Question 579:

  After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do?

  A. Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server.
  B. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.
  C. The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server.
  D. The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers.
  B. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.

• Question 580:

  A Check Point Software license consists of two components, the Software Blade and the Software Container. There are ______________ types of Software Containers: ______________.

  A. Three; Security Management, Security Gateway, and Endpoint Security
  B. Three; Security Gateway, Endpoint Security, and Gateway Management
  C. Two; Security Management and Endpoint Security
  D. Two; Endpoint Security and Security Gateway
  A. Three; Security Management, Security Gateway, and Endpoint Security

  ---

  Explanation/Reference:

  Reference: https://dl3.checkpoint.com/paid/a8/a81bd8771f3d7bf40a269f64f5b536e7/QuickLicenseGuide.pdf?HashKey=1591197932_63e138c47656005c0a28456090361659andxtn=.pdf page 11