CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 141:

  Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?

  A. Both License (.lic) and Contract (.xml) files
  B. cp.macro
  C. Contract file (.xml)
  D. license File (.lie)
  B. cp.macro

  ---

  Explanation/Reference:

  The file that is an electronically signed file used by Check Point to translate the features in the license into a code is cp.macro. This file contains a list of macros that define the license features and their values. It is located in the $FWDIR/conf directory on the Security Management Server or Security Gateway.References: [Check Point R81 Licensing Guide], [Check Point R80.40 Licensing Guide]

• Question 142:

  What is the purpose of the CPCA process?

  A. Monitoring the status of processes
  B. Sending and receiving logs
  C. Communication between GUI clients and the SmartCenter server
  D. Generating and modifying certificates
  D. Generating and modifying certificates

  ---

  Explanation/Reference:

  The purpose of the CPCA process is generating and modifying certificates. CPCA stands for Check Point Certificate Authority and it is a process that runs on the Security Management Server or Log Server. It is responsible for creating and

  managing certificates for internal communication between Check Point components, such as SIC .

  References: [Check Point R81 Quantum Security Management Administration Guide], [Check Point R81 Quantum Security Gateway Guide]

• Question 143:

  A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?

  A. Anti-Bot protection
  B. Anti-Malware protection
  C. Policy-based routing
  D. Suspicious Activity Monitoring (SAM) rules
  D. Suspicious Activity Monitoring (SAM) rules

  ---

  Explanation/Reference:

  If a network administrator has identified a malicious host on the network and instructed you to block it, but you cannot make any firewall policy changes at this time, you can use Suspicious Activity Monitoring (SAM) rules to block this traffic. SAM rules are temporary rules that allow you to block or limit traffic from specific sources or destinations without modifying the security policy. SAM rules are created and managed by SmartView Monitor and are enforced by the security gateway for a specified duration. Anti-Bot protection, Anti-Malware protection, and Policy-based routing are not tools that can be used to block traffic without changing the firewall policy. References: [Check Point R81 SmartView Monitor Administration Guide]

• Question 144:

  When dealing with rule base layers, what two layer types can be utilized?

  A. Ordered Layers and Inline Layers
  B. Inbound Layers and Outbound Layers
  C. R81.10 does not support Layers
  D. Structured Layers and Overlap Layers
  A. Ordered Layers and Inline Layers

  ---

  Explanation/Reference:

  When dealing with rule base layers, two layer types can be utilized: Ordered Layers and Inline Layers5. Ordered Layers are executed sequentially according to their order in the policy. Inline Layers are embedded in a parent layer and are executed only if the parent rule matches. References: Check Point R81 Firewall Administration Guide, [Check Point R81 Security Management Administration Guide]

• Question 145:

  What type of NAT is a one-to-one relationship where each host is translated to a unique address?

  A. Source
  B. Static
  C. Hide
  D. Destination
  B. Static

  ---

  Explanation/Reference:

  The type of NAT that is a one-to-one relationship where each host is translated to a unique address is Static NAT. Static NAT maps an unregistered IP address to a registered IP address on a one-to-one basis. This means that for each internal host, there is a corresponding external address that represents it. Therefore, the correct answer is B

• Question 146:

  Fill in the blanks: Default port numbers for an LDAP server is ______ for standard connections and _______ SSL connections.

  A. 675, 389
  B. 389, 636
  C. 636, 290
  D. 290, 675
  B. 389, 636

  ---

  Explanation/Reference:

  The default port numbers for an LDAP server are 389 for standard connections and 636 for SSL connections. LDAP (Lightweight Directory Access Protocol) is a protocol that allows access to directory services over TCP/IP. Therefore, the correct answer is B. 389, 636.

• Question 147:

  Security Zones do no work with what type of defined rule?

  A. Application Control rule
  B. Manual NAT rule
  C. IPS bypass rule
  D. Firewall rule
  B. Manual NAT rule

  ---

  Explanation/Reference:

  Security Zones are a feature of Application Control and Identity Awareness that allow you to define groups of network objects based on their level of trust. Security Zones do not work with Manual NAT rules, because Manual NAT rules are applied before the Application Control and Identity Awareness policy is enforced. References: Check Point R81 Security Management Administration Guide

• Question 148:

  Aggressive Mode in IKEv1 uses how many packages for negotiation?

  A. 6
  B. 3
  C. depends on the make of the peer gateway
  D. 5
  B. 3

  ---

  Explanation/Reference:

  Aggressive Mode in IKEv1 uses three packets for negotiation, with all data required for the SA passed by the initiator. The responder sends the proposal, key material, and ID, and authenticates the session in the next packet. The initiator

  replies and authenticates the session.

  The other answers are not correct because they either refer to the Main Mode in IKEv1, which uses six packets for negotiation, or they are irrelevant to the number of packets used in Aggressive Mode.

  Understand IPsec IKEv1 Protocol - Cisco

  Negotiation modes for phase 1 - IBM

  FAQ-What are the differences between IKEv1 and IKEv2- Huawei

• Question 149:

  R80.10 management server can manage gateways with which versions installed?

  A. Versions R77 and higher
  B. Versions R76 and higher
  C. Versions R75.20 and higher
  D. Version R75 and higher
  B. Versions R76 and higher

  ---

  Explanation/Reference:

  The R80.10 management server can manage gateways with versions R76 and higher. Versions lower than R76 are not supported by the R80.10 management server. References: Check Point R80.10 Release Notes, Free Check Point CCSA Sample Questions and Study Guide

• Question 150:

  You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

  A. fwd
  B. fwm
  C. cpd
  D. cpwd
  B. fwm

  ---

  Explanation/Reference:

  The fwm process is responsible for managing the communication between the SmartConsole and the Security Management Server. It can only be seen on a Management Server. References: Check Point Processes and Daemons,