CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 221:

  How many users can have read/write access in Gaia Operating System at one time?

  A. One
  B. Three
  C. Two
  D. Infinite
  A. One

  ---

  Explanation/Reference:

  Only one user can have read/write access in Gaia Operating System at one time. This is to prevent conflicts and errors when multiple users try to modify the same configuration settings. References: Check Point Gaia Administration Guide

• Question 222:

  What is the BEST method to deploy Identity Awareness for roaming users?

  A. Use Office Mode
  B. Use identity agents
  C. Share user identities between gateways
  D. Use captive portal
  B. Use identity agents

  ---

  Explanation/Reference:

  The BEST method to deploy Identity Awareness for roaming users is to use identity agents, which are software components installed on endpoints that provide user and machine identity information to the Security Gateway. Identity agents are more secure and reliable than other methods, as they do not require network changes or user interaction. Office Mode, sharing user identities between gateways, and using captive portal are not methods to deploy Identity Awareness, but rather features or options that can be used with Identity Awareness. References: Identity Awareness Reference Architecture and Best Practices, Identity Awareness PDP Broker, Identity Awareness Datasheet

• Question 223:

  Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?

  A. The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine.
  B. Licensed Check Point products for the Gala operating system and the Gaia operating system itself.
  C. The CPUSE engine and the Gaia operating system.
  D. The Gaia operating system only.
  B. Licensed Check Point products for the Gala operating system and the Gaia operating system itself.

  ---

  Explanation/Reference:

  Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for licensed Check Point products for the Gaia operating system and the Gaia operating system itself. CPUSE is an advanced tool that automates software updates and upgrades on Gaia platforms. It can download and install packages such as hotfixes, Jumbo Hotfix Accumulators, minor versions, major versions, and OS updates.References: [CPUSE - Gaia Software Updates (including Gaia Software Updates Agent)], [Check Point R81]

• Question 224:

  Fill in the blanks: In _____ NAT, Only the ________ is translated.

  A. Static; source
  B. Simple; source
  C. Hide; destination
  D. Hide; source
  D. Hide; source

  ---

  Explanation/Reference:

  In Hide NAT, only the source IP address is translated to a different IP address. This is used to hide a group of hosts behind a single IP address, usually the external interface of the Security Gateway. References: Check Point R81 Firewall Administration Guide

• Question 225:

  Log query results can be exported to what file format?

  A. Word Document (docx)
  B. Comma Separated Value (csv)
  C. Portable Document Format (pdf)
  D. Text (txt)
  B. Comma Separated Value (csv)

  ---

  Explanation/Reference:

  Log query results can be exported to Comma Separated Value (csv) file format. CSV is a file format that stores tabular data in plain text. It is compatible with various applications, such as Excel, Google Sheets, etc. The other options are not

  valid file formats for exporting log query results.

  References:

  1: Gaia Roles

  2: Gaia Default Users

  3: Anti-Virus : [Exporting Logs]

• Question 226:

  Which option will match a connection regardless of its association with a VPN community?

  A. All Site-to-Site VPN Communities
  B. Accept all encrypted traffic
  C. All Connections (Clear or Encrypted)
  D. Specific VPN Communities
  B. Accept all encrypted traffic

  ---

  Explanation/Reference:

  Accept all encrypted traffic is the option that will match a connection regardless of its association with a VPN community. This option allows encrypted traffic from any VPN peer, even if it is not defined in a VPN community.

  References: Site to Site VPN in R80.x - Tutorial for Beginners

• Question 227:

  How would you determine the software version from the CLI?

  A. fw ver
  B. fw stat
  C. fw monitor
  D. cpinfo
  A. fw ver

  ---

  Explanation/Reference:

  The command that can be used to determine the software version from the CLI is fw ver. This command displays the version of the firewall module and the build number . fw stat, fw monitor, and cpinfo are not commands for software version identification. References: Check Point R81 Command Line Interface

• Question 228:

  Which of the following is a valid deployment option?

  A. CloudSec deployment
  B. Disliked deployment
  C. Router only deployment
  D. Standalone deployment
  D. Standalone deployment

  ---

  Explanation/Reference:

  This answer is correct because a standalone deployment is a valid option for installing a Check Point Security Gateway and a Security Management Server on the same machine. This option is suitable for small or medium-sized networks that do not require high availability or load balancing.

  The other answers are not correct because they are either invalid or irrelevant options for deployment. CloudSec deployment is not a valid option, but it might be confused with CloudGuard, which is a Check Point solution for securing cloud environments. Disliked deployment is not a valid option, but it might be a typo for Distributed deployment, which is a valid option for installing a Check Point Security Gateway and a Security Management Server on separate machines. Router only deployment is not a valid option, but it might be confused with Router mode, which is a configuration option for a Check Point Security Gateway that enables it to act as a router and forward packets between interfaces.

  Gaia R81.20 Administration Guide CloudGuard Network Security Configuring Router Mode in Gaia Clish

• Question 229:

  Core Protections are installed as part of what Policy?

  A. Access Control Policy.
  B. Desktop Firewall Policy
  C. Mobile Access Policy.
  D. Threat Prevention Policy.
  D. Threat Prevention Policy.

  ---

  Explanation/Reference:

  Core Protections are installed as part of the Threat Prevention Policy. Core Protections are a set of IPS protections that are essential for securing your network against malicious traffic. The other policies do not include Core Protections.

  References:

  1: Check Point CLI Reference Card

  2: Anti-Spoofing

  3: SmartView Tracker 4: Core Protections

• Question 230:

  You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?

  A. restore_backup
  B. import backup
  C. cp_merge
  D. migrate import
  A. restore_backup

  ---

  Explanation/Reference:

  The command to restore a backup of Check Point configurations without the OS information is restore_backup4. This command restores the Gaia OS configuration and the firewall database from a compressed file. The other commands are not valid for this purpose. import backup is not a valid command. cp_merge is a command to merge policies or objects from different databases. migrate import is a command to import a previously exported database using migrate export. References: System Backup and Restore feature in Gaia, [cp_merge], [migrate import]