CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 211:

  Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.

  

  What is the possible explanation for this?

  A. DNS Rule is using one of the new feature of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important.
  B. Another administrator is logged into the Management and currently editing the DNS Rule.
  C. DNS Rule is a placeholder rule for a rule that existed in the past but was deleted.
  D. This is normal behavior in R80 when there are duplicate rules in the Rule Base.
  B. Another administrator is logged into the Management and currently editing the DNS Rule.

  ---

  Explanation/Reference:

  The padlock sign next to the DNS rule in the Rule Base indicates that another administrator is logged into the Management and currently editing the DNS Rule. This is a feature of R80 that allows multiple administrators to work on the same policy simultaneously. The padlock sign prevents other administrators from modifying the same rule until the editing administrator publishes or discards the changes. The other options are not valid explanations for the padlock sign. References: 156-215.80:Check Point Certified Security Administrator (CCSA R80) : Part 19, Multi-User Policy Editing

• Question 212:

  What are the three main components of Check Point security management architecture?

  A. SmartConsole, Security Management, and Security Gateway
  B. Smart Console, Standalone, and Security Management
  C. SmartConsole, Security policy, and Logs and Monitoring
  D. GUI-Client, Security Management, and Security Gateway
  A. SmartConsole, Security Management, and Security Gateway

  ---

  Explanation/Reference:

  The three main components of Check Point security management architecture are SmartConsole, Security Management, and Security Gateway. SmartConsole is the graphical user interface that allows administrators to manage and monitor Check Point products. Security Management is the server that stores the security policy and configuration data. Security Gateway is the device that enforces the security policy on the network traffic. References: Check Point R81 Security Management Administration Guide

• Question 213:

  What SmartEvent component creates events?

  A. Consolidation Policy
  B. Correlation Unit
  C. SmartEvent Policy
  D. SmartEvent GUI
  B. Correlation Unit

  ---

  Explanation/Reference:

  Correlation Unit is the SmartEvent component that creates events. It analyzes logs received from Security Gateways and Servers, and generates security events according to the definitions in the Consolidation Policy. References: [SmartEvent R80.40 Administration Guide], [Correlation Unit]

• Question 214:

  What is the SOLR database for?

  A. Used for full text search and enables powerful matching capabilities
  B. Writes data to the database and full text search
  C. Serves GUI responsible to transfer request to the DLE server
  D. Enables powerful matching capabilities and writes data to the database
  A. Used for full text search and enables powerful matching capabilities

  ---

  Explanation/Reference:

  The SOLR database is used for full text search and enables powerful matching capabilities . SOLR is an open source enterprise search platform that provides fast and scalable indexing and searching of data. It supports advanced features such as faceting, highlighting, spell checking, synonyms, etc. The SOLR database is used by Check Point products such as SmartLog and SmartEvent to store and query logs and events . The other options are incorrect. Option B is false, as SOLR does not write data to the database, but only reads data from it. Option C is false, as SOLR does not serve GUI, but only provides a RESTful API for queries. Option D is false, as SOLR does not enable powerful matching capabilities and write data to the database, but only enables powerful matching capabilities. References: SOLR - Check Point Software, [Apache Solr]

• Question 215:

  View the rule below. What does the pen-symbol in the left column mean?

  

  A. Those rules have been published in the current session.
  B. Rules have been edited by the logged in administrator, but the policy has not been published yet.
  C. Another user has currently locked the rules for editing.
  D. The configuration lock is present. Click the pen symbol in order to gain the lock.
  B. Rules have been edited by the logged in administrator, but the policy has not been published yet.

  ---

  Explanation/Reference:

  The pen-symbol in the left column means that the rules have been edited by the logged in administrator, but the policy has not been published yet. It indicates that the changes are not yet effective and can be discarded.References: Policy Editor, Publishing Changes

• Question 216:

  Which statement is TRUE of anti-spoofing?

  A. Anti-spoofing is not needed when IPS software blade is enabled
  B. It is more secure to create anti-spoofing groups manually
  C. It is BEST Practice to have anti-spoofing groups in sync with the routing table
  D. With dynamic routing enabled, anti-spoofing groups are updated automatically whenever there is a routing change
  C. It is BEST Practice to have anti-spoofing groups in sync with the routing table

  ---

  Explanation/Reference:

  The statement that is TRUE of anti-spoofing is that it is BEST Practice to have anti- spoofing groups in sync with the routing table. Anti-spoofing prevents attackers from sending packets with a false source IP address. Anti-spoofing groups define which IP addresses are expected on each interface of the Security Gateway. If the routing table changes, the anti-spoofing groups should be updated accordingly. References: Check Point R81 ClusterXL Administration Guide, Network Defined by Routes: Anti-Spoofing

• Question 217:

  Customer's R80 management server needs to be upgraded to R80.10.

  What is the best upgrade method when the management server is not connected to the Internet?

  A. Export R80 configuration, clean install R80.10 and import the configuration
  B. CPUSE online upgrade
  C. CPUSE offline upgrade
  D. SmartUpdate upgrade
  C. CPUSE offline upgrade

  ---

  Explanation/Reference:

  The best upgrade method when the management server is not connected to the Internet is CPUSE offline upgrade . This method allows you to download the upgrade package from another source and install it manually on the management server. The other methods require Internet connection or are not supported for R80.10. References: [R80.10 Upgrade Verification and FAQ], []

• Question 218:

  When should you generate new licenses?

  A. Before installing contract files.
  B. After a device upgrade.
  C. When the existing license expires, license is upgraded or the IP-address associated with the license changes.
  D. Only when the license is upgraded.
  C. When the existing license expires, license is upgraded or the IP-address associated with the license changes.

  ---

  Explanation/Reference:

  You should generate new licenses when the existing license expires, the license is upgraded, or the IP address associated with the license changes. These situations invalidate the current license and require a new one to be obtained from the Check Point User Center and installed on the Security Management Server or Security Gateway. Installing contract files or upgrading devices do not affect the validity of the license References: Check Point R81, Managing and Installing license via SmartUpdate

• Question 219:

  Which SmartConsole tab shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

  A. Gateway and Servers
  B. Logs and Monitor
  C. Manage Seeting
  D. Security Policies
  B. Logs and Monitor

  ---

  Explanation/Reference:

  The SmartConsole tab that shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices, is Logs and Monitor, p. 24. The Logs and Monitor tab allows administrators to view logs

  from various sources, such as Security Gateways, SmartEvent servers, and SmartReporter servers. Gateway and Servers, Manage Setting, and Security Policies are other tabs in SmartConsole that have different functions.

  References: Check Point CCSA - R81:Practice Test and Explanation, [Check Point SmartConsole R81 Help]

• Question 220:

  To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer.

  A. fw ctl set int fwha vmac global param enabled
  B. fw ctl get int fwha vmac global param enabled; result of command should return value 1
  C. cphaprob -a if
  D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value
  B. fw ctl get int fwha vmac global param enabled; result of command should return value 1

  ---

  Explanation/Reference:

  To ensure that VMAC mode is enabled, you should run the command fw ctl get int fwha_vmac_global_param_enabled on all cluster members and check that the result of the command returns the value 11. This command shows the current value of the global kernel parameter fwha_vmac_global_param_enabled, which controls whether VMAC mode is enabled or disabled. VMAC mode is a feature that associates a Virtual MAC address with each Virtual IP address of the cluster, which reduces the need for Gratuitous ARP packets and improves failover performance. The other options are incorrect. Option A is not a valid command. Option C is a command to show the status of cluster interfaces, not VMAC mode. Option D is a command to show the value of a different global kernel parameter, fwha_vmac_global_param_enabled, which controls whether VMAC mode is enabled for all interfaces or only for non-VLAN interfaces.