CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 191:

  The purpose of the Communication Initialization process is to establish a trust between the Security Management Server and the Check Point gateways.

  Which statement best describes this Secure Internal Communication (SIC)?

  A. After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.
  B. Secure Internal Communications authenticates the security gateway to the SMS before http communications are allowed.
  C. A SIC certificate is automatically generated on the gateway because the gateway hosts a subordinate CA to the SMS ICA.
  D. New firewalls can easily establish the trust by using the expert password defined on the SMS and the SMS IP address.
  A. After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.

  ---

  Explanation/Reference:

  The statement that best describes Secure Internal Communication (SIC) is:

  After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA. SIC is a mechanism that ensures secure communication between Check Point components by

  using certificates that are issued by an Internal Certificate Authority (ICA). The other statements are not accurate descriptions of SIC.

• Question 192:

  Which backup utility captures the most information and tends to create the largest archives?

  A. backup
  B. snapshot
  C. Database Revision
  D. migrate export
  B. snapshot

  ---

  Explanation/Reference:

  Snapshot is the backup utility that captures the most information and tends to create the largest archives. Snapshot creates an image of the entire system, including operating system files, configuration files, databases, and logs. It can be used to restore the system in case of a failure or corruption. Backup creates a compressed file that contains configuration files and databases, but not operating system files or logs. It can be used to restore configuration settings and policies. Database Revision creates a backup of only the database files that store policies and objects. It can be used to revert to a previous revision of the database. Migrate export creates a compressed file that contains configuration files, databases, and logs, but not operating system files. It can be used to migrate data from one machine to another with different hardware or software versions.References: [Backup and Restore], [Database Revision Control], [Migrate Tools], [Hewlett Packard Enterprise Support Center]

• Question 193:

  What protocol is specifically used for clustered environments?

  A. Clustered Protocol
  B. Synchronized Cluster Protocol
  C. Control Cluster Protocol
  D. Cluster Control Protocol
  D. Cluster Control Protocol

  ---

  Explanation/Reference:

  The protocol that is specifically used for clustered environments is Cluster Control Protocol (CCP). CCP is a proprietary Check Point protocol that is used for communication between cluster members and for cluster administration. CCP enables cluster members to exchange state information, synchronize connections, monitor interfaces, and perform failover operations. The other options are incorrect. Clustered Protocol, Synchronized Cluster Protocol, and Control Cluster Protocol are not valid terms in Check Point terminology. References: [Cluster Control Protocol (CCP) - Check Point Software]

• Question 194:

  Which one of the following is TRUE?

  A. Ordered policy is a sub-policy within another policy
  B. One policy can be either inline or ordered, but not both
  C. Inline layer can be defined as a rule action
  D. Pre-R80 Gateways do not support ordered layers
  C. Inline layer can be defined as a rule action

  ---

  Explanation/Reference:

  The answer is C because inline layer can be defined as a rule action in a policy layer. Inline layer is a sub-policy that contains additional rules that are applied only if the parent rule matches. Ordered layer is a policy layer that contains rules that are applied in order, from top to bottom. One policy can be either inline or ordered, but not both. Pre-R80 Gateways do support ordered layers, but not inline layers

  References: Check Point R81 Policy Layers and Sub-Policies, [Check Point R81 Security Gateway Administration Guide]

• Question 195:

  Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?

  A. Windows Management Instrumentation (WMI)
  B. Hypertext Transfer Protocol Secure (HTTPS)
  C. Lightweight Directory Access Protocol (LDAP)
  D. Remote Desktop Protocol (RDP)
  C. Lightweight Directory Access Protocol (LDAP)

  ---

  Explanation/Reference:

  Using AD Query, the security gateway connections to the Active Directory Domain Controllers using LDAP (Lightweight Directory Access Protocol). The other protocols are not used for this purpose. References: : [Check Point R81 Identity Awareness Administration Guide], page 14.

• Question 196:

  Fill in the blank: Back up and restores can be accomplished through_________.

  A. SmartConsole, WebUI, or CLI
  B. WebUI, CLI, or SmartUpdate
  C. CLI, SmartUpdate, or SmartBackup
  D. SmartUpdate, SmartBackup, or SmartConsole
  A. SmartConsole, WebUI, or CLI

  ---

  Explanation/Reference:

  Back up and restores can be accomplished through SmartConsole, WebUI, or CLI. These are the methods to perform system backup and restore, which save and restore the Gaia OS configuration and the Security Management Server database. WebUI, CLI, or SmartUpdate are not valid methods, as SmartUpdate is used to install software packages and patches, not to back up or restore the system. CLI, SmartUpdate, or SmartBackup are not valid methods, as SmartBackup is a feature of SmartProvisioning that allows backing up and restoring the configuration of Security Gateways and VSX clusters4. SmartUpdate, SmartBackup, or SmartConsole are not valid methods, as SmartConsole is used to configure and manage the Security Policy, not to back up or restore the system. References: System Backup and Restore feature in Gaia, Check Point R81.10, INSTALLATION AND UPGRADE GUIDE R81.10, SmartProvisioning R81.10 Administration Guide, QUANTUM SECURITY MANAGEMENT R81

• Question 197:

  Access roles allow the firewall administrator to configure network access according to:

  A. remote access clients.
  B. a combination of computer or computer groups and networks.
  C. users and user groups.
  D. All of the above.
  D. All of the above.

  ---

  Explanation/Reference:

  Access roles allow the firewall administrator to configure network access according to remote access clients, a combination of computer or computer groups and networks, and users and user groups. Therefore, the correct answer is D.

• Question 198:

  To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data?

  A. Cache the data to speed up its own function.
  B. Share the data to the ThreatCloud for use by other Threat Prevention blades.
  C. Log the traffic for Administrator viewing.
  D. Delete the data to ensure an analysis of the data is done each time.
  B. Share the data to the ThreatCloud for use by other Threat Prevention blades.

  ---

  Explanation/Reference:

  To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does share the data to the ThreatCloud for use by other Threat Prevention blades. The ThreatCloud is a collaborative network and cloud- driven knowledge base that delivers real-time dynamic security intelligence to security gateways. The Threat Prevention gateway can send and receive updates from the ThreatCloud about new threats and malicious data signatures. References: [Check Point R81 Threat Prevention Administration Guide]

• Question 199:

  True or False: In R80, more than one administrator can login to the Security Management Server with write permission at the same time.

  A. False, this feature has to be enabled in the Global Properties.
  B. True, every administrator works in a session that is independent of the other administrators.
  C. True, every administrator works on a different database that is independent of the other administrators.
  D. False, only one administrator can login with write permission.
  B. True, every administrator works in a session that is independent of the other administrators.

  ---

  Explanation/Reference:

  The answer is B because in R80 and above, more than one administrator can login to the Security Management Server with write permission at the same time. Every administrator works in a session that is independent of the other administrators. This is called concurrent administration and it allows multiple administrators to work on the same policy package simultaneously

  References: Check Point R80.10 Concurrent Administration, Check Point R80.40 Security Management Administration Guide

• Question 200:

  When a gateway requires user information for authentication, what order does it query servers for user information?

  A. First - Internal user database, then LDAP servers in order of priority, finally the generic external user profile
  B. First the Internal user database, then generic external user profile, finally LDAP servers in order of priority.
  C. First the highest priority LDAP server, then the internal user database, then lower priority LDAP servers, finally the generic external profile
  D. The external generic profile, then the internal user database finally the LDAP servers in order of priority.
  B. First the Internal user database, then generic external user profile, finally LDAP servers in order of priority.

  ---

  Explanation/Reference:

  When a gateway requires user information for authentication, it queries servers for user information in the following order: first the internal user database, then the generic external user profile, and finally LDAP servers in order of priority. The internal user database is a local database that stores user information on the Security Gateway or Security Management Server. The generic external user profile is a predefined profile that allows users to authenticate with any external server that supports RADIUS or TACACS protocols. LDAP servers are external servers that use the Lightweight Directory Access Protocol to store and retrieve user information. The gateway queries LDAP servers according to the priority that is defined in the LDAP Account Unit object properties.