CheckPoint Checkpoint Certifications 156-215.81 Questions & Answers

• Question 181:

  The purpose of the Communication Initialization process is to establish a trust between the Security Management Server and the Check Point gateways.

  Which statement best describes this Secure Internal Communication (SIC)?

  A. After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.

  B. Secure Internal Communications authenticates the security gateway to the SMS before http communications are allowed.

  C. A SIC certificate is automatically generated on the gateway because the gateway hosts a subordinate CA to the SMS ICA.

  D. New firewalls can easily establish the trust by using the expert password defined on the SMS and the SMS IP address.

  Correct Answer: A

  The statement that best describes Secure Internal Communication (SIC) is:

  After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA. SIC is a mechanism that ensures secure communication between Check Point components by

  using certificates that are issued by an Internal Certificate Authority (ICA). The other statements are not accurate descriptions of SIC.

• Question 182:

  Which of the following is NOT a role of the SmartCenter:

  A. Status monitoring

  B. Policy configuration

  C. Certificate authority

  D. Address translation

  Correct Answer: D

  Address translation is not a role of the SmartCenter, as it is performed by the Security Gateway based on the NAT policy configured in the SmartConsole. The other options are roles of the SmartCenter, as it is responsible for status monitoring, policy configuration, and certificate authority for the Security Gateways. References: Gaia R81.10 Administration Guide, QUANTUM SECURITY MANAGEMENT R81, Remote Access VPN R81 Administration Guide

• Question 183:

  For Automatic Hide NAT rules created by the administrator what is a TRUE statement?

  A. Source Port Address Translation (PAT) is enabled by default

  B. Automate NAT rules are supported for Network objects only.

  C. Automatic NAT rules are supported for Host objects only.

  D. Source Port Address Translation (PAT) is disabled by default

  Correct Answer: A

  Automatic Hide NAT rules are created by the administrator when they configure NAT for network objects or groups in the object properties. Automatic Hide NAT rules allow multiple private IP addresses to share a single public IP address when accessing external networks. Source Port Address Translation (PAT) is enabled by default for Automatic Hide NAT rules, which means that the Security Gateway assigns a unique source port number for each connection from the same source IP address. This allows the Security Gateway to keep track of the connections and translate the reply packets correctly.

• Question 184:

  An administrator wishes to use Application objects in a rule in their policy but there are no Application objects listed as options to add when clicking the"+" to add new items to the "Services and Applications" column of a rule. What should be done to fix this?

  A. The administrator should drag-and-drop the needed Application objects from the Object Explorer into the new rule

  B. The "Application Control" blade should be enabled on a gateway

  C. "Applications and URL Filtering" should first be enabled on the policy layer where the rule is being created.

  D. The administrator should first create some applications to add to the rule.

  Correct Answer: C

  To use Application objects in a rule, the "Applications and URL Filtering" blade should be enabled on the policy layer where the rule is being created. Enabling the "Application Control" blade on a gateway is not enough. References: Check Point R81 Security Management Administration Guide, page 102.

• Question 185:

  How can the changes made by an administrator before publishing the session be seen by a superuser administrator?

  A. By impersonating the administrator with the `Login as...' option

  B. They cannot be seen

  C. From the SmartView Tracker audit log

  D. From Manage and Settings > Sessions, right click on the session and click `View Changes...'

  Correct Answer: D

  The changes made by an administrator before publishing the session can be seen by a superuser administrator from Manage and Settings > Sessions, right click on the session and click `View Changes...'. This option allows the superuser to review the changes made by another administrator in a pending session. References: Check Point R81 Security Management Administration Guide

• Question 186:

  What kind of NAT enables Source Port Address Translation by default?

  A. Automatic Static NAT

  B. Manual Hide NAT

  C. Automatic Hide NAT

  D. Manual Static NAT

  Correct Answer: C

  Automatic Hide NAT enables Source Port Address Translation by default. This means that the source IP address and port number are translated to a different IP address and port number. This allows multiple hosts to share a single IP address for outbound connections. References: Check Point R81 Firewall Administration Guide

• Question 187:

  You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

  A. fwd

  B. fwm

  C. cpd

  D. cpwd

  Correct Answer: B

  The fwm process is responsible for managing the communication between the SmartConsole and the Security Management Server. It can only be seen on a Management Server. References: Check Point Processes and Daemons,

• Question 188:

  Which of the following is NOT a tracking log option in R80.x?

  A. Log

  B. Full Log

  C. Detailed Log

  D. Extended Log

  Correct Answer: C

• Question 189:

  Examine the sample Rule Base.

  

  What will be the result of a verification of the policy from SmartConsole?

  A. No errors or Warnings

  B. Verification Error. Empty Source-List in Rule 5 (Mail Inbound)

  C. Verification Error. Rule 4 (Web Inbound) hides Rule 6 (Webmaster access)

  D. Verification Error. Rule 7 (Clean-Up Rule) hides Implicit Clean-up Rule

  Correct Answer: A

• Question 190:

  Which command shows the installed licenses in Expert mode?

  A. print cplic

  B. show licenses

  C. fwlic print

  D. cplic print

  Correct Answer: D

  The command that shows the installed licenses in Expert mode is cplic print. This command displays information about the licenses that are installed on the local machine or a remote machine. The other commands are not valid for showing licenses in Expert mode.