After the initial installation on Check Point appliance, you notice that the Management interface and default gateway are incorrect. Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
A. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config
The commands you could use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1 after the initial installation on Check Point appliance are:
set interface Mgmt ipv4-address 192.168.80.200 mask-length 24. This command sets the IPv4 address and subnet mask of the Management interface. set static-route default nexthop gateway address 192.168.80.1 on. This command sets
the default gateway for IPv4 routing.
save config. This command saves the configuration changes. References: [Check Point R81 Gaia CLI Reference Guide], [Check Point R81 Gaia Administration Guide]
Question 122:
What are the three deployment options available for a security gateway?
A. Standalone, Distributed, and Bridge Mode
B. Bridge Mode, Remote, and Standalone
C. Remote, Standalone, and Distributed
D. Distributed, Bridge Mode, and Remote
Correct Answer: A
A security gateway is a device that enforces the security policy on the traffic that passes through it. There are three deployment options available for a security gateway: Standalone, Distributed, and Bridge Mode. Standalone means that the security gateway and the security management server are installed on the same machine. Distributed means that the security gateway and the security management server are installed on separate machines. Bridge Mode means that the security gateway acts as a transparent bridge between two network segments, without changing the IP addressing scheme. References: Check Point R81 Security Gateway Technical Administration Guide
Question 123:
When a Security Gateway sends its logs to an IP address other than its own, which deployment option is installed?
A. Distributed
B. Standalone
C. Bridge Mode
D. Targeted
Correct Answer: A
When a Security Gateway sends its logs to an IP address other than its own, it means that the deployment option is distributed. In a distributed deployment, the Security Management Server and the Security Gateway are installed on separate machines. The Security Management Server collects logs from one or more Security Gateways and manages them centrally. In a standalone deployment, the Security Management Server and the Security Gateway are installed on the same machine. The Security Gateway sends logs to its own IP address. In a bridge mode deployment, the Security Gateway acts as a transparent bridge between two network segments and does not have an IP address of its own. In a targeted deployment, the Security Gateway sends logs to a specific log server that is configured in the gateway object properties34 References: Part 4 - Installing Security Gateway, Deployment Options
Question 124:
In order to modify Security Policies, the administrator can use which of the following tools? (Choose the best answer.)
A. SmartConsole and WebUI on the Security Management Server.
B. SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed.
C. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
D. mgmt_cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server.
Correct Answer: B
In order to modify Security Policies, the administrator can use SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed. SmartConsole is a graphical tool that allows the administrator to create, edit, and manage security policies using a web browser. mgmt_cli (API) is a command-line tool that allows the administrator to perform the same tasks using commands and scripts. Both tools can connect to the Security Management Server remotely from any computer that has SmartConsole installed.References: [SmartConsole Overview], [mgmt_cli (API)]
Question 125:
From SecureXL perspective, what are the tree paths of traffic flow:
A. Initial Path; Medium Path; Accelerated Path
B. Layer Path; Blade Path; Rule Path
C. Firewall Path; Accept Path; Drop Path
D. Firewall Path; Accelerated Path; Medium Path
Correct Answer: D
The correct answer is D because from SecureXL perspective, the three paths of traffic flow are Firewall Path, Accelerated Path, and Medium Path. The Firewall Path is used when SecureXL is disabled or traffic is not eligible for acceleration.
The Accelerated Path is used when SecureXL handles the entire connection and bypasses the Firewall kernel. The Medium Path is used when SecureXL handles part of the connection and forwards packets to the Firewall kernel for further
inspection3. The other options are not valid paths of traffic flow from SecureXL perspective.
References: Check Point R81 Performance Tuning Administration Guide
Question 126:
Which of the following is used to enforce changes made to a Rule Base?
A. Publish database
B. Save changes
C. Install policy
D. Activate policy
Correct Answer: C
The option that is used to enforce changes made to a Rule Base is Install policy. Installing policy is the process of sending the security policy and the network objects from the Security Management Server to the Security Gateway, p. 22.
Publishing database and saving changes are options that are used to save changes made to a Rule Base, but they do not enforce them on the Security Gateway. Activating policy is not a valid option in SmartConsole.
, Check Point SmartConsole R81 Help
Question 127:
Name one limitation of using Security Zones in the network?
A. Security zones will not work in Automatic NAT rules
B. Security zone will not work in Manual NAT rules
C. Security zones will not work in firewall policy layer
D. Security zones cannot be used in network topology
Correct Answer: B
One limitation of using Security Zones in the network is that Security Zones will not work in Manual NAT rules. Manual NAT rules are rules that explicitly define how to translate the source and destination IP addresses and ports of each connection. Manual NAT rules do not support using Security Zones as objects, only network objects or groups. Automatic NAT rules are rules that automatically define how to translate the source and destination IP addresses and ports of each connection based on the network objects or groups properties. Automatic NAT rules support using Security Zones as objects. Security Zones can also work in firewall policy layer and network topology.References: [Security Zones Best Practices], [NAT Methods]
Question 128:
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
A. INSPECT Engine
B. Next-Generation Firewall
C. Packet Filtering
D. Application Layer Firewall
Correct Answer: B
The INSPECT Engine is a technology that extracts detailed information from packets and stores that information in state tables. It enables stateful inspection and application layer filtering References: INSPECT Engine, Stateful Inspection
Question 129:
What are the three main components of Check Point security management architecture?
A. SmartConsole, Security Management, and Security Gateway
B. Smart Console, Standalone, and Security Management
C. SmartConsole, Security policy, and Logs and Monitoring
D. GUI-Client, Security Management, and Security Gateway
Correct Answer: A
The three main components of Check Point security management architecture are SmartConsole, Security Management, and Security Gateway. SmartConsole is the graphical user interface that allows administrators to manage and monitor Check Point products. Security Management is the server that stores the security policy and configuration data. Security Gateway is the device that enforces the security policy on the network traffic. References: Check Point R81 Security Management Administration Guide
Question 130:
Which option will match a connection regardless of its association with a VPN community?
A. All Site-to-Site VPN Communities
B. Accept all encrypted traffic
C. All Connections (Clear or Encrypted)
D. Specific VPN Communities
Correct Answer: B
Accept all encrypted traffic is the option that will match a connection regardless of its association with a VPN community. This option allows encrypted traffic from any VPN peer, even if it is not defined in a VPN community.
References: Site to Site VPN in R80.x - Tutorial for Beginners
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.