A. Sessions ends when policy is pushed to the Security Gateway.
B. Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out.
C. Sessions locks the policy package for editing.
D. Starts when an Administrator publishes all the changes made on SmartConsole
Correct Answer: B
A session starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out. A session allows multiple administrators to work on the same policy simultaneously, without overwriting each other's changes. References: Check Point R81 Security Management Administration Guide, page 17.
Question 132:
If there is an Accept Implied Policy set to "First", what is the reason Jorge cannot see any logs?
A. Log Implied Rule was not set correctly on the track column on the rules base.
B. Track log column is set to Log instead of Full Log.
C. Track log column is set to none.
D. Log Implied Rule was not selected on Global Properties.
Correct Answer: D
If there is an Accept Implied Policy set to "First", Jorge cannot see any logs because Log Implied Rule was not selected on Global Properties. The Log Implied Rule option enables logging for all implied rules, such as DHCP, anti-spoofing,
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
A. Name of the application, identity of the user, and identity of the machine
B. Identity of the machine, username, and certificate
C. Network location, identity of a user, and identity of a machine
D. Browser-Based Authentication, identity of a user, and network location
Correct Answer: C
Identity Awareness allows the Security Administrator to configure network access based on network location, identity of a user, and identity of a machine. These are the three main identity sources that Identity Awareness supports. References: Identity Awareness R80.40 Administration Guide
Question 134:
Which of the following is NOT a policy type available for each policy package?
A. Threat Emulation
B. Access Control
C. Desktop Security
D. Threat Prevention
Correct Answer: A
References: Threat Emulation is not a policy type available for each policy package. Threat Emulation is a software blade that is part of the Threat Prevention policy type. The other options are valid policy types that can be configured for each
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company's security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Correct Answer: A
The correct answer is A because detecting and blocking malware by correlating multiple detection engines before users are affected is not a feature of the Check Point URL Filtering and Application Control Blade. This feature is part of the Check Point Anti-Virus and Anti-Bot Blades3. The other options are features of the Check Point URL Filtering and Application Control Blade. References: Check Point R81 URL Filtering and Application Control Administration Guide
Question 136:
Which of the following is true about Stateful Inspection?
A. Stateful Inspection tracks state using two tables, one for incoming traffic and one for outgoing traffic
B. Stateful Inspection looks at both the headers of packets, as well as deeply examining their content.
C. Stateful Inspection requires that a server reply to a request, in order to track a connection's state
D. Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.
Correct Answer: B
Stateful Inspection is true about looking at both the headers of packets, as well as deeply examining their content. Stateful Inspection inspects packets at all layers of the OSI model and maintains information about the state and context of each connection in a state table. References: Certified Security Administrator (CCSA) R81.20 Course Overview, page 6.
Question 137:
Which of the following is NOT an advantage to using multiple LDAP servers?
A. You achieve a faster access time by placing LDAP servers containing the database at remote sites
B. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
C. Information on a user is hidden, yet distributed across several servers.
D. You gain High Availability by replicating the same information on several servers
Correct Answer: C
The statement that information on a user is hidden, yet distributed across several servers is not an advantage to using multiple LDAP servers. LDAP (Lightweight Directory Access Protocol) is a protocol that allows access to a centralized directory service that stores information about users, groups, devices, etc. Using multiple LDAP servers can provide advantages such as faster access time, compartmentalization, and high availability, but not hiding information. Information on a user is not hidden by using multiple LDAP servers, but rather replicated or partitioned across them. Replication means that the same information is copied to all LDAP servers, while partitioning means that different information is stored on different LDAP servers. Both methods aim to improve performance and reliability, not security or privacy.References: [LDAP Integration], [LDAP]
Question 138:
Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? (Choose the best answer.)
A. IPS
B. Anti-Virus
C. Anti-Malware
D. Content Awareness
Correct Answer: B
The Threat Prevention Software Blade that provides protection from malicious software that can infect your network computers is Anti-Virus. Anti-Virus is a software blade that scans files and traffic for viruses, worms, trojans, spyware, and other malware. Anti-Virus can block or clean infected files and prevent malware outbreaks. IPS is a software blade that provides protection from network attacks and exploits. Anti-Malware is not a software blade, but rather a term that refers to any software that can detect and remove malware. Content Awareness is a software blade that provides visibility and control over data that enters or leaves the network based on file types, data types, and keywords.
Which of the following is NOT a valid deployment option for R80?
A. All-in-one (stand-alone)
B. Log server
C. SmartEvent
D. Multi-domain management server
Correct Answer: D
Multi-domain management server is a valid deployment option for R81, not R80. R80 supports multi-domain security management, which is a centralized management solution for large-scale, distributed environments with many different domain networks. References: Multi-Domain Security Management Administration Guide R80
Question 140:
What default layers are included when creating a new policy layer?
A. Application Control, URL Filtering and Threat Prevention
B. Access Control, Threat Prevention and HTTPS Inspection
C. Firewall, Application Control and IPSec VPN
D. Firewall, Application Control and IPS
Correct Answer: B
The default layers that are included when creating a new policy layer are Access Control, Threat Prevention, and HTTPS Inspection. Access Control is the layer that defines the basic firewall rules. Threat Prevention is the layer that enables the protection against various types of attacks, such as IPS, Anti-Virus, Anti-Bot, etc. HTTPS Inspection is the layer that allows the inspection of encrypted traffic. The other options are not the default layers that are included when creating a new policy layer.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.