CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 201:

  Which of the following is NOT a valid deployment option for R80?

  A. All-in-one (stand-alone)
  B. Log server
  C. SmartEvent
  D. Multi-domain management server
  D. Multi-domain management server

  ---

  Explanation/Reference:

  Multi-domain management server is a valid deployment option for R81, not R80. R80 supports multi-domain security management, which is a centralized management solution for large-scale, distributed environments with many different domain networks. References: Multi-Domain Security Management Administration Guide R80

• Question 202:

  Which two of these Check Point Protocols are used by ?

  A. ELA and CPD
  B. FWD and LEA
  C. FWD and CPLOG
  D. ELA and CPLOG
  B. FWD and LEA

  ---

  Explanation/Reference:

  The two Check Point Protocols that are used by are FWD and LEA. FWD is the Firewall Daemon that handles communication between different Check Point components, such as Security Management Server, Security Gateway, SmartConsole, etc. LEA is the Log Export API that allows external applications to retrieve logs from the Security Gateway or Security Management Server. Therefore, the correct answer is B. FWD and LEA. References: Border Gateway Protocol - Check Point Software, Check Point IPS Datasheet, List of valid protocols for services? - Check Point CheckMates

• Question 203:

  Your internal networks 10.1.1.0/24, 10.2.2.0/24 and 192.168.0.0/16 are behind the Internet Security Gateway. Considering that Layer 2 and Layer 3 setup is correct, what are the steps you will need to do in SmartConsole in order to get the connection working?

  A. 1. Define an accept rule in Security Policy.2. Define Security Gateway to hide all internal networks behind the gateway's external IP.3. Publish and install the policy.
  B. 1. Define an accept rule in Security Policy.2. Define automatic NAT for each network to NAT the networks behind a public IP.3. Publish the policy.
  C. 1. Define an accept rule in Security Policy.2. Define automatic NAT for each network to NAT the networks behind a public IP.3. Publish and install the policy.
  D. 1. Define an accept rule in Security Policy.2. Define Security Gateway to hide all internal networks behind the gateway's external IP.3. Publish the policy.
  C. 1. Define an accept rule in Security Policy.2. Define automatic NAT for each network to NAT the networks behind a public IP.3. Publish and install the policy.

  ---

  Explanation/Reference:

  The steps you will need to do in SmartConsole in order to get the connection working behind the Internet Security Gateway are: Define an accept rule in Security Policy. This rule allows the traffic from your internal networks to pass through the Security Gateway. Define automatic NAT for each network to NAT the networks behind a public IP. This option translates the private IP addresses of your internal networks to a public IP address assigned by your ISP router. This way, your internal networks can communicate with the Internet using a valid IP address. Publish and install the policy. This step applies the changes you made to the Security Gateway and activates the security and NAT rules. References: Check Point R81 Quantum Security Gateway Guide

• Question 204:

  Which statement describes what Identity Sharing is in Identity Awareness?

  A. Management servers can acquire and share identities with Security Gateways
  B. Users can share identities with other users
  C. Security Gateways can acquire and share identities with other Security Gateways
  D. Administrators can share identifies with other administrators
  C. Security Gateways can acquire and share identities with other Security Gateways

  ---

  Explanation/Reference:

  Identity Sharing is a feature that allows Security Gateways to acquire and share identities with other Security Gateways, enabling identity-based access control across different network segments or domains. Management servers, users, and administrators do not share identities with Security Gateways. References: Identity Awareness R81.10 Administration Guide, Check Point R81.10

• Question 205:

  How is communication between different Check Point components secured in R80? As with all questions, select the best answer.

  A. By using IPSEC
  B. By using SIC
  C. By using ICA
  D. By using 3DES
  B. By using SIC

  ---

  Explanation/Reference:

  The communication between different Check Point components is secured in R80 by using SIC. SIC stands for Secure Internal Communication and it is a mechanism that ensures the authenticity and confidentiality of communication between Check Point components, such as Security Gateways, Security Management Servers, Log Servers, etc. SIC uses certificates issued by the Internal CA (ICA) and encryption algorithms such as AES-25634. References: Check Point R81 Quantum Security Gateway Guide, Check Point R81 Quantum Security Management Administration Guide

• Question 206:

  When you upload a package or license to the appropriate repository in SmartUpdate. where is the package or license stored?

  A. SmartConsole installed device
  B. Check Point user center
  C. Security Management Server
  D. Security Gateway
  C. Security Management Server

  ---

  Explanation/Reference:

  When you upload a package or license to the appropriate repository in SmartUpdate, the package or license is stored on the Security Management Server. SmartUpdate is a tool that allows you to centrally manage software updates and

  licenses for all Check Point products on your network.

  References: : Check Point R81 Security Management Administration Guide, page 16.

• Question 207:

  Which tool allows for the automatic updating of the Gaia OS and Check Point products installed on the Gaia OS?

  A. CPASE - Check Point Automatic Service Engine
  B. CPAUE - Check Point Automatic Update Engine
  C. CPDAS - Check Point Deployment Agent Service
  D. CPUSE - Check Point Upgrade Service Engine
  D. CPUSE - Check Point Upgrade Service Engine

  ---

  Explanation/Reference:

  CPUSE - Check Point Upgrade Service Engine is the tool that allows for the automatic updating of the Gaia OS and Check Point products installed on the Gaia OS. CPUSE is a web-based tool that simplifies the installation of software updates, hotfixes, and upgrade packages on Gaia OS. The other options are not valid tools for updating Gaia OS and Check Point products.

• Question 208:

  Which back up method uses the command line to create an image of the OS?

  A. System backup
  B. Save Configuration
  C. Migrate
  D. snapshot
  D. snapshot

  ---

  Explanation/Reference:

  According to the Hewlett Packard Enterprise Support Center, the snapshot command uses the command line to create an image of the OS. A snapshot is a point-in- time copy of a disk partition that can be used to restore the system in case of a failure or corruption. References: Hewlett Packard Enterprise Support Center

• Question 209:

  You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?

  A. show unsaved
  B. show save-state
  C. show configuration diff
  D. show config-state
  D. show config-state

  ---

  Explanation/Reference:

  The command show config-state can be used to verify if there are unsaved changes in GAiA that will be lost with a reboot . The other commands are not valid in GAiA. References: [Check Point GAiA Administration Guide], []

• Question 210:

  What is the difference between SSL VPN and IPSec VPN?

  A. IPSec VPN does not require installation of a resident VPN client
  B. SSL VPN requires installation of a resident VPN client
  C. SSL VPN and IPSec VPN are the same
  D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser
  D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser

  ---

  Explanation/Reference:

  The difference between SSL VPN and IPSec VPN is that IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed browser . IPSec VPN uses a pre-shared key or certificates to authenticate the endpoints and encrypts the data at the network layer. SSL VPN uses SSL/TLS protocols to authenticate the endpoints and encrypts the data at the application layer. References: Check Point Remote Access VPN Administration Guide R81, [Free Check Point CCSA Sample Questions and Study Guide]