Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
A. ThreatWiki
B. Whitelist Files
C. AppWiki
D. IPS Protections
Correct Answer: A
ThreatWiki is a tool that provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed. ThreatWiki is a web-based service that collects information about files from various sources, such as Check Point customers, partners, and researchers. Administrators can use ThreatWiki to view file reputation, upload files for analysis, and download indicators of compromise. Whitelist Files, AppWiki, and IPS Protections are not tools that provide a list of trusted files. References: Threat Prevention R80.40 Administration Guide
Question 172:
When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:
A. Security Management Server's /home/.fgpt file and is available for future SmartConsole authentications.
B. Windows registry is available for future Security Management Server authentications.
C. There is no memory used for saving a fingerprint anyway.
D. SmartConsole cache is available for future Security Management Server authentications.
Correct Answer: D
When logging in for the first time to a Security Management Server through SmartConsole, a fingerprint is saved to the SmartConsole cache and is available for future Security Management Server authentications. The fingerprint is a unique identifier of the Security Management Server that is used to verify its identity and prevent man-in-the- middle attacks. The SmartConsole cache is a local folder on the client machine that stores temporary files and settings. References: Check Point Security Management Administration Guide R81, p. 25-26
Question 173:
What is required for a certificate-based VPN tunnel between two gateways with separate management systems?
A. Shared Secret Passwords
B. Unique Passwords
C. Shared User Certificates
D. Mutually Trusted Certificate Authorities
Correct Answer: D
This answer is correct because for a certificate-based VPN tunnel, both gateways need to have a certificate issued by a certificate authority (CA) that they trust. A CA is a trusted entity that verifies the identity of the gateways and signs their certificates. The gateways can either use the same CA or different CAs, as long as they trust each other's CA. This way, the gateways can authenticate each other using their certificates and establish a secure VPN tunnel. The other answers are not correct because they are either irrelevant or incompatible with certificate-based VPN tunnel. Shared secret passwords and unique passwords are used for pre-shared key (PSK) authentication, which is a different method than certificate authentication. PSK authentication is less secure and more vulnerable to brute force attacks than certificate authentication. Shared user certificates are not used for gateway authentication, but for user authentication, which is a different level of authentication than gateway authentication. User authentication is optional and can be used in addition to gateway authentication to provide more granular access control. Configure server settings for P2S VPN Gateway connections - certificate authentication VPN certificates and how they work Create Certificate Based Site to Site VPN between 2 Check Point Gateways HowTo Set Up Certificate Based VPNs with Check Point Appliances
Question 174:
In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?
A. Display policies and logs on the administrator's workstation.
B. Processing and sending alerts such as SNMP traps and email notifications.
C. Verify and compile Security Policies.
D. Store firewall logs to hard drive storage.
Correct Answer: A
The Security Management Server does not display policies and logs on the administrator's workstation. That is the function of the SmartConsole, which is a separate component that connects to the Security Management Server. References: Certified Security Administrator (CCSA) R81.20 Course Overview, page 4.
Question 175:
Name the authentication method that requires token authenticator.
A. SecureID
B. Radius
C. DynamicID
D. TACACS
Correct Answer: A
SecureID is the authentication method that requires token authenticator. SecureID is a two-factor authentication method that uses a hardware or software token to generate a one-time password. The user must enter the token code along with their username and password to authenticate. References: Check Point R81 Identity Awareness Administration Guide
Question 176:
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?
A. Go to clash-Run cpstop | Run cpstart
B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway
C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
D. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy
Correct Answer: B
The correct answer is B because after installing a new multicore CPU, the administrator needs to configure CoreXL to make use of the additional cores and reboot the Security Gateway. Installing the Security Policy is not necessary because it does not affect the CoreXL configuration. References: Check Point R81 Security Management Administration Guide
Question 177:
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer.
A. fw ctl set int fwha vmac global param enabled
B. fw ctl get int fwha vmac global param enabled; result of command should return value 1
C. cphaprob -a if
D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value
Correct Answer: B
To ensure that VMAC mode is enabled, you should run the command fw ctl get int fwha_vmac_global_param_enabled on all cluster members and check that the result of the command returns the value 11. This command shows the current value of the global kernel parameter fwha_vmac_global_param_enabled, which controls whether VMAC mode is enabled or disabled. VMAC mode is a feature that associates a Virtual MAC address with each Virtual IP address of the cluster, which reduces the need for Gratuitous ARP packets and improves failover performance. The other options are incorrect. Option A is not a valid command. Option C is a command to show the status of cluster interfaces, not VMAC mode. Option D is a command to show the value of a different global kernel parameter, fwha_vmac_global_param_enabled, which controls whether VMAC mode is enabled for all interfaces or only for non-VLAN interfaces.
Question 178:
Fill in the bank: In Office mode, a Security Gateway assigns a remote client to an IP address once___________.
A. the user connects and authenticates
B. office mode is initiated
C. the user requests a connection
D. the user connects
Correct Answer: A
In Office mode, a Security Gateway assigns a remote client to an IP address once the user connects and authenticates. Office mode allows a remote client to get an IP address from the internal network of the organization. The IP address is assigned during the IKE negotiation, after the user has successfully authenticated with the Security Gateway. The other options are not correct timings for assigning an IP address in Office mode. References: Office Mode
Question 179:
From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server?
A. Verify a Security Policy
B. Open a terminal shell
C. Add a static route
D. View Security Management GUI Clients
Correct Answer: A
From the Gaia web interface, the operation that CANNOT be performed on a Security Management Server is Verify a Security Policy. This operation can only be done from SmartConsole4. References: Check Point R81 SmartConsole Online Help
Question 180:
Which repositories are installed on the Security Management Server by SmartUpdate?
A. License and Update
B. Package Repository and Licenses
C. Update and License and Contract
D. License and Contract and Package Repository
Correct Answer: D
According to the Managing and Installing license via SmartUpdate, there are two repositories installed on the Security Management Server by SmartUpdate: License and Contract and Package Repository. The License and Contract repository stores all licenses available and all of the assigned licenses. The Package Repository stores all packages downloaded from the Check Point Cloud or uploaded from a local device. References: Managing and Installing license via SmartUpdate
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.