Which single Security Blade can be turned on to block both malicious files from being downloaded as well as block websites known to host malware?
A. Anti-Bot
B. None - both Anti-Virus and Anti-Bot are required for this
C. Anti-Virus
D. None - both URL Filtering and Anti-Virus are required for this.
Correct Answer: C
Anti-Virus is the single Security Blade that can be turned on to block both malicious files from being downloaded as well as block websites known to host malware. Anti-Virus scans files and email attachments for viruses, worms, trojans, and other types of malware. It also uses ThreatCloud, a collaborative network that delivers real-time dynamic security intelligence, to detect unknown malware based on their behavior. Anti-Bot is a Security Blade that detects and blocks botnet communications, but it does not scan files or block websites. URL Filtering is a Security Blade that enables administrators to control access to web applications, but it does not scan files or detect malware.
Question 192:
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
A. Accounting
B. Suppression
C. Accounting/Suppression
D. Accounting/Extended
Correct Answer: C
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. You can add Accounting and/or Suppression to each of these options. Accounting enables you to track the amount of data that is sent or received by a specific rule. Suppression enables you to reduce the number of logs that are generated by a specific rule. Therefore, the correct answer is C. Accounting/Suppression. References: Logging and Monitoring Administration Guide R80 - Check Point Software
Question 193:
In ____________ NAT, the ____________ is translated.
A. Hide; source
B. Static; source
C. Simple; source
D. Hide; destination
Correct Answer: A
In hide NAT, the source IP address is translated. Hide NAT is also known as many-to-one NAT or PAT (Port Address Translation). It maps multiple private IP addresses to one public IP address by using different port numbers. Hide NAT allows outbound connections from the private network to the public network, but not inbound connections from the public network to the private network. In static NAT, the source or destination IP address is translated depending on the direction of the traffic. Static NAT is also known as one-to-one NAT or bi-directional NAT. It maps one private IP address to one public IP address and allows both outbound and inbound connections. In simple NAT, there is no translation of IP addresses. Simple NAT is also known as routing mode or transparent mode. It allows traffic to pass through the NAT device without any modification. There is no hide NAT for destination IP address translation References: What Is Network Address Translation (NAT)?, Network address translation, Network Address Translation Definition, Network Address Translation (NAT)
Question 194:
What is the default tracking option of a rule?
A. Tracking
B. Log
C. None
D. Alert
Correct Answer: B
The default tracking option of a rule is Log. This means that the Security Gateway will generate a log entry for every connection that matches the rule. The log entry will contain information such as source, destination, service, action, and time. Other tracking options include None, Alert, Mail, SNMP Trap, User Alert, and Accounting. References: Check Point R81 Firewall Administration Guide
Question 195:
Which GUI tool can be used to view and apply Check Point licenses?
A. cpconfig
B. Management Command Line
C. SmartConsole
D. SmartUpdate
Correct Answer: D
The GUI tool that can be used to view and apply Check Point licenses is SmartUpdate. SmartUpdate is a centralized tool that allows you to manage licenses, software packages, and hotfixes for multiple gateways and clusters. cpconfig, Management Command Line, and SmartConsole are not tools for license management. References: Check Point R81 SmartUpdate Administration Guide, | Udemy
Question 196:
Which of the following licenses are considered temporary?
A. Plug-and-play (Trial) and Evaluation
B. Perpetual and Trial
C. Evaluation and Subscription
D. Subscription and Perpetual
Correct Answer: A
Plug-and-play (Trial) and Evaluation licenses are considered temporary because they expire after a certain period of time. Plug-and-play licenses are valid for 15 days, while Evaluation licenses are valid for 30 days. References: Check Point Licensing and Contract Operations User Guide
Question 197:
A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?
A. Anti-Bot protection
B. Anti-Malware protection
C. Policy-based routing
D. Suspicious Activity Monitoring (SAM) rules
Correct Answer: D
If a network administrator has identified a malicious host on the network and instructed you to block it, but you cannot make any firewall policy changes at this time, you can use Suspicious Activity Monitoring (SAM) rules to block this traffic. SAM rules are temporary rules that allow you to block or limit traffic from specific sources or destinations without modifying the security policy. SAM rules are created and managed by SmartView Monitor and are enforced by the security gateway for a specified duration. Anti-Bot protection, Anti-Malware protection, and Policy-based routing are not tools that can be used to block traffic without changing the firewall policy. References: [Check Point R81 SmartView Monitor Administration Guide]
Question 198:
Which SmartConsole tab shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
A. Gateway and Servers
B. Logs and Monitor
C. Manage Seeting
D. Security Policies
Correct Answer: B
The SmartConsole tab that shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices, is Logs and Monitor, p. 24. The Logs and Monitor tab allows administrators to view logs
from various sources, such as Security Gateways, SmartEvent servers, and SmartReporter servers. Gateway and Servers, Manage Setting, and Security Policies are other tabs in SmartConsole that have different functions.
References: Check Point CCSA - R81:Practice Test and Explanation, [Check Point SmartConsole R81 Help]
Question 199:
Which type of Check Point license ties the package license to the IP address of the Security Management Server?
A. Central
B. Corporate
C. Local
D. Formal
Correct Answer: A
The type of Check Point license that ties the package license to the IP address of the Security Management Server is Central license. A Central license is a license that is installed on the Security Management Server and applies to all the Security Gateways that are managed by it. The Central license is based on the IP address of the Security Management Server and cannot be transferred to another Security Management Server with a different IP address.References: [Check Point R81 Licensing Guide], [Managing and Installing license via SmartUpdate]
Question 200:
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
A. Active Directory Query
B. User Directory Query
C. Account Unit Query
D. UserCheck
Correct Answer: A
Active Directory Query is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers. Active Directory Query enables the Security Gateway to query the Active Directory Domain Controllers for user and computer information, such as IP addresses, group memberships, and login events. References: Check Point R81 Identity Awareness Administration Guide, page 14.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.