CheckPoint Checkpoint Certifications 156-215.81 Questions & Answers

• Question 111:

  Fill in the blanks: The Application Layer Firewalls inspect traffic through the ______ layer(s) of the TCP/IP model and up to and including the ______ layer.

  A. Upper; Application

  B. First two; Internet

  C. Lower; Application

  D. First two; Transport

  Correct Answer: C

  The Application Layer Firewalls inspect traffic through the Lower layer(s) of the TCP/IP model and up to and including the Application layer. The lower layers are the Physical, Data Link, and Network layers, which deal with the transmission and routing of packets. The Application layer is the highest layer of the TCP/IP model, which provides services and protocols for specific applications such as HTTP, FTP, SMTP, etc. The Application Layer Firewalls can inspect the content and context of the traffic and enforce granular security policies based on various criteria such as user identity, application identity, content type, etc. References: [Check Point R81 Firewall Administration Guide]

• Question 112:

  To enforce the Security Policy correctly, a Security Gateway requires:

  A. a routing table

  B. awareness of the network topology

  C. a Demilitarized Zone

  D. a Security Policy install

  Correct Answer: B

  To enforce the Security Policy correctly, a Security Gateway requires awareness of the network topology. This means that the gateway knows which networks and interfaces are internal and external, and how to route packets between them . References: [Check Point R81 Security Gateway Technical Administration Guide],

• Question 113:

  The ______ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

  A. Next Generation Threat Prevention

  B. Next Generation Threat Emulation

  C. Next Generation Threat Extraction

  D. Next Generation Firewall

  Correct Answer: B

  The Next Generation Threat Emulation software blade package uses CPU-level and OS- level sandboxing in order to detect and block malware, p. 41. It emulates files in a virtual environment and inspects their behavior for malicious activity. , Check Point Threat Emulation Administration Guide R81

• Question 114:

  What technologies are used to deny or permit network traffic?

  A. Stateful Inspection. Firewall Blade, and URL'Application Blade

  B. Packet Filtenng. Stateful Inspection, and Application Layer Firewall

  C. Firewall Blade. URL/Application Blade and IPS

  D. Stateful Inspection. URL/Application Blade, and Threat Prevention

  Correct Answer: A

  The technologies that are used to deny or permit network traffic are Stateful Inspection, Firewall Blade, and URL/Application Blade. Stateful Inspection is a technology that inspects network traffic at the packet level and maintains the state and

  context of each connection. Firewall Blade is a software blade that enforces security policy and prevents unauthorized access to protected resources. URL/Application Blade is a software blade that enables administrators to control access to

  millions of websites and applications based on users, groups, and machines.

  References: Check Point R81 Security Gateway Administration Guide, page 9. : Check Point R81 Security Gateway Administration Guide, page 10. : Check Point R81 Security Gateway Administration Guide, page 12.

• Question 115:

  Fill in the blanks: There are ________ types of software containers ________.

  A. Three; security management, Security Gateway, and endpoint security

  B. Three; Security gateway, endpoint security, and gateway management

  C. Two; security management and endpoint security

  D. Two; endpoint security and Security Gateway

  Correct Answer: A

  There are three types of software containers: security management, Security Gateway, and endpoint security. A software container is a set of software blades that provide specific functionality. A security management container manages the security policy and configuration for one or more Security Gateways. A Security Gateway container enforces the security policy on the network traffic. An endpoint security container protects the data and network access of an endpoint device. The other options are not valid types of software containers. References: Software Containers

• Question 116:

  The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method?

  A. The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically.

  B. No action is required if the firewall has internet access and a DNS server to resolve domain names.

  C. Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts.

  D. The cpinfo command must be run on the firewall with the switch -online-license- activation.

  Correct Answer: C

  The Online Activation method is available for Check Point manufactured appliances. The administrator uses the Online Activation method by using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts. This method requires internet access and a valid User Center account. References: [Check Point Licensing and Contract Operations User Guide], [Check Point R81 Gaia Installation and Upgrade Guide]

• Question 117:

  What protocol is specifically used for clustered environments?

  A. Clustered Protocol

  B. Synchronized Cluster Protocol

  C. Control Cluster Protocol

  D. Cluster Control Protocol

  Correct Answer: D

  The protocol that is specifically used for clustered environments is Cluster Control Protocol (CCP). CCP is a proprietary Check Point protocol that is used for communication between cluster members and for cluster administration. CCP enables cluster members to exchange state information, synchronize connections, monitor interfaces, and perform failover operations. The other options are incorrect. Clustered Protocol, Synchronized Cluster Protocol, and Control Cluster Protocol are not valid terms in Check Point terminology. References: [Cluster Control Protocol (CCP) - Check Point Software]

• Question 118:

  When configuring Anti-Spoofing, which tracking options can an Administrator select?

  A. Log, Alert, None

  B. Log, Allow Packets, Email

  C. Drop Packet, Alert, None

  D. Log, Send SNMP Trap, Email

  Correct Answer: A

  Log, Alert, and None are the tracking options that an Administrator can select when configuring Anti-Spoofing. Log means that the packet will be logged in SmartView Tracker. Alert means that the packet will trigger an alert in SmartView Monitor. None means that no action will be taken. The other options are not valid tracking options.

• Question 119:

  What is the most recommended installation method for Check Point appliances?

  A. SmartUpdate installation

  B. DVD media created with Check Point ISOMorphic

  C. USB media created with Check Point ISOMorphic

  D. Cloud based installation

  Correct Answer: C

  USB media created with Check Point ISOMorphic is the most recommended installation method for Check Point appliances, as it provides a fast and easy way to install the Gaia operating system and the latest software version. SmartUpdate installation requires an existing Gaia installation and does not support fresh installations. DVD media created with Check Point ISOMorphic is less convenient than USB media, as it requires burning the image to a DVD and inserting it into the appliance. Cloud based installation is not applicable for Check Point appliances, as it is intended for cloud environments such as AWS or Azure. References: INSTALLATION AND UPGRADE GUIDE R81.10, Chassis R81 Installation and Upgrade Guide, Check Point R81.10

• Question 120:

  You can see the following graphic:

  

  What is presented on it?

  A. Properties of personal. p12 certificate file issued for user John.

  B. Shared secret properties of John's password.

  C. VPN certificate properties of the John's gateway.

  D. Expired. p12 certificate properties for user John.

  Correct Answer: A

  The answer is A because the graphic shows the properties of a personal .p12 certificate file issued for user John. A .p12 file is a file format that contains a user's private key and public key certificate. The graphic shows that the certificate file is valid and has an expiration date of 07-Apr-2018. The graphic also shows that the certificate file is issued by an internal CA, which is a Check Point component that manages certificates for users and gateways.References: Check Point R81 Certificate Management, Check Point R81 Internal CA