CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 231:

  When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take?

  A. SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.
  B. The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall.
  C. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command 'sam block' must be used with the right parameters.
  D. The administrator should open the LOGS and MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.
  A. SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.

  ---

  Explanation/Reference:

  When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, the administrator needs to take the following action: SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required. SAM stands for Suspicious Activity Monitoring and is a feature that allows administrators to block or limit connections from specific sources or destinations without modifying the security policy. SAM rules can be created from SmartView Monitor or SmartEvent based on real-time network activity or security events. References: [Check Point R81 SmartView Monitor Administration Guide]

• Question 232:

  When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?

  A. Log, send snmp trap, email
  B. Drop packet, alert, none
  C. Log, alert, none
  D. Log, allow packets, email
  C. Log, alert, none

  ---

  Explanation/Reference:

  The tracking actions that can be selected when configuring Spoof Tracking are Log, alert, none. Spoof Tracking is a feature that detects packets with spoofed source IP addresses and logs them in SmartView Tracker. The administrator can

  choose to log only, log and alert, or do nothing when spoofed packets are detected. The other options are not valid tracking actions for Spoof Tracking, as they are either not available or not relevant for this feature.

  References: [Spoof Tracking], [Firewall Administration Guide]

• Question 233:

  Which is a main component of the Check Point security management architecture?

  A. Identity Collector
  B. Endpoint VPN client
  C. SmartConsole
  D. Proxy Server
  C. SmartConsole

  ---

  Explanation/Reference:

  A main component of the Check Point security management architecture is SmartConsole. SmartConsole is a unified graphical user interface that allows administrators to manage multiple security functions such as firewall, VPN, IPS, application control, URL filtering, identity awareness, and more. SmartConsole connects to the Security Management Server and interacts with other Check Point components such as Security Gateways and Endpoint Security Servers. References: Check Point R81 Security Management Administration Guide

• Question 234:

  To quickly review when Threat Prevention signatures were last updated, which Threat Tool would an administrator use?

  A. Protections
  B. IPS Protections
  C. Profiles
  D. ThreatWiki
  B. IPS Protections

  ---

  Explanation/Reference:

  According to the Learn More About Threat Signatures, to quickly review when Threat Prevention signatures were last updated, you can use the IPS Protections tool. This tool shows you the date and time of the last update, as well as the number of signatures and their categories. References: Learn More About Threat Signatures

• Question 235:

  For Automatic Hide NAT rules created by the administrator what is a TRUE statement?

  A. Source Port Address Translation (PAT) is enabled by default
  B. Automate NAT rules are supported for Network objects only.
  C. Automatic NAT rules are supported for Host objects only.
  D. Source Port Address Translation (PAT) is disabled by default
  A. Source Port Address Translation (PAT) is enabled by default

  ---

  Explanation/Reference:

  Automatic Hide NAT rules are created by the administrator when they configure NAT for network objects or groups in the object properties. Automatic Hide NAT rules allow multiple private IP addresses to share a single public IP address when accessing external networks. Source Port Address Translation (PAT) is enabled by default for Automatic Hide NAT rules, which means that the Security Gateway assigns a unique source port number for each connection from the same source IP address. This allows the Security Gateway to keep track of the connections and translate the reply packets correctly.

• Question 236:

  Which command shows the installed licenses in Expert mode?

  A. print cplic
  B. show licenses
  C. fwlic print
  D. cplic print
  D. cplic print

  ---

  Explanation/Reference:

  The command that shows the installed licenses in Expert mode is cplic print. This command displays information about the licenses that are installed on the local machine or a remote machine. The other commands are not valid for showing licenses in Expert mode.

• Question 237:

  You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have received a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway. How do you review the logs to see what the problem may be?

  A. Open SmartLog and connect remotely to the IP of the wireless controller
  B. Open SmartView Tracker and filter the logs for the IP address of the tablet
  C. Open SmartView Tracker and check all the IP logs for the tablet
  D. Open SmartLog and query for the IP address of the Manager's tablet
  D. Open SmartLog and query for the IP address of the Manager's tablet

  ---

  Explanation/Reference:

  SmartLog is a unified log viewer that provides fast and easy access to logs from all Check Point components3. It allows the administrator to query for any log field, such as the IP address of the tablet, and filter the results by time, severity, blade, action, and more4. SmartView Tracker is a legacy tool that displays network activity logs from Security Gateways and other Check Point devices. It does not support remote connection to the wireless controller or querying for specific IP addresses. References: SmartLog, SmartLog Queries, [SmartView Tracker]

• Question 238:

  Fill in the blank: ____________ is the Gaia command that turns the server off.

  A. sysdown
  B. exit
  C. halt
  D. shut-down
  C. halt

  ---

  Explanation/Reference:

  halt is the Gaia command that turns the server off. This command shuts down the operating system and powers off the machine. Other commands that can be used to shut down the server are shutdown and poweroff. References: [Gaia Administration Guide R80.40]

• Question 239:

  Which tool is used to enable cluster membership on a Gateway?

  A. SmartUpdate
  B. cpconfig
  C. SmartConsole
  D. sysconfig
  B. cpconfig

  ---

  Explanation/Reference:

  The tool used to enable cluster membership on a Gateway is cpconfig. This tool allows you to configure basic settings of Check Point products, such as cluster membership, administrator name and password, GUI clients, and Secure Internal Communication (SIC)2. References: Next Generation Security Gateway Guide R80

• Question 240:

  What Check Point technologies deny or permit network traffic?

  A. Application Control, DLP
  B. Packet Filtering, Stateful Inspection, Application Layer Firewall.
  C. ACL, SandBlast, MPT
  D. IPS, Mobile Threat Protection
  B. Packet Filtering, Stateful Inspection, Application Layer Firewall.

  ---

  Explanation/Reference:

  Check Point technologies that deny or permit network traffic are packet filtering, stateful inspection, and application layer firewall, p. 15-16. Packet filtering is a basic firewall technique that examines packets based on their source and destination addresses and ports, p. 13. Stateful inspection is an advanced firewall technique that tracks the state and context of network connections and inspects packets based on their content and sequence p. 13. Application layer firewall is a firewall technique that operates at the application layer of the OSI model and inspects packets based on their application protocols and data, p. 14. , 156-315.81 Checkpoint Exam Info and Free Practice Test