CheckPoint Checkpoint Certifications 156-215.81 Questions & Answers

• Question 241:

  Which of these is NOT a feature or benefit of Application Control?

  A. Eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk.

  B. Identify and control which applications are in your IT environment and which to add to the IT environment.

  C. Scans the content of files being downloaded by users in order to make policy decisions.

  D. Automatically identify trusted software that has authorization to run

  Correct Answer: C

  Application Control is a blade that enables administrators to control access to applications and web sites by users, groups, machines, and time. Application Control can eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk, identify and control which applications are in your IT environment and which to add to the IT environment, and automatically identify trusted software that has authorization to run. However, Application Control cannot scan the content of files being downloaded by users in order to make policy decisions. That is the function of another blade called Content Awareness, which can inspect files based on their type, size, name, and data.

  References: Check Point R81 Application Control Administration Guide, Check Point R81 Content Awareness Administration Guide

• Question 242:

  Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?

  A. AD Query

  B. Terminal Servers Endpoint Identity Agent

  C. Endpoint Identity Agent and Browser-Based Authentication

  D. RADIUS and Account Logon

  Correct Answer: C

  Endpoint Identity Agent and Browser-Based Authentication are the identity sources that provide the highest level of security for sensitive servers, as they require user authentication and can enforce granular access rules based on user identity. AD Query, Terminal Servers Endpoint Identity Agent, and RADIUS and Account Logon are less secure, as they rely on passive methods of identity acquisition or do not support identity- based access control. References: Identity Awareness R81.10 Administration Guide, Identity Awareness AD Query

• Question 243:

  A stateful inspection firewall works by registering connection data and compiling this information. Where is the information stored?

  A. In the system SMEM memory pool.

  B. In State tables.

  C. In the Sessions table.

  D. In a CSV file on the firewall hard drive located in $FWDIR/conf/.

  Correct Answer: B

  A stateful inspection firewall works by registering connection data and compiling this information in state tables. State tables are data structures that store information about the state and context of each connection, such as source, destination, service, protocol, sequence number, flags, etc. State tables enable the firewall to inspect both the header and the payload of each packet and apply security policies accordingly.References: [Stateful Inspection], [State Tables]

• Question 244:

  What Check Point tool is used to automatically update Check Point products for the Gaia OS?

  A. Check Point INSPECT Engine

  B. Check Point Upgrade Service Engine

  C. Check Point Update Engine

  D. Check Point Upgrade Installation Service

  Correct Answer: B

  The Check Point Upgrade Service Engine (CPUSE) is a tool that automates the process of upgrading and installing Check Point products on Gaia OS. It can also be used to update the Gaia OS itself. The other options are not valid tools for this purpose. References: Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent, Check Point R81 Gaia Installation and Upgrade Guide

• Question 245:

  Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.

  A. SecurID

  B. LDAP

  C. NT domain

  D. SMTP

  Correct Answer: B

  With the User Directory Software Blade, you can create user definitions on a(n) LDAP Server. LDAP stands for Lightweight Directory Access Protocol and is a protocol for accessing and managing user information stored in a directory service. The User Directory Software Blade enables integration with LDAP servers such as Microsoft Active Directory, Novell eDirectory, and OpenLDAP. References: Check Point R81 Identity Awareness Administration Guide

• Question 246:

  In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

  A. Publish changes

  B. Save changes

  C. Install policy

  D. Install database

  Correct Answer: C

  In order for changes made to policy to be enforced by a Security Gateway, an administrator must perform Install Policy3. This action transfers the policy package from the Security Management Server to the Security Gateway and activates it. References: Check Point R81 Security Management Administration Guide

• Question 247:

  SmartEvent does NOT use which of the following procedures to identity events:

  A. Matching a log against each event definition

  B. Create an event candidate

  C. Matching a log against local exclusions

  D. Matching a log against global exclusions

  Correct Answer: C

  The procedure that SmartEvent does not use to identify events is matching a log against local exclusions. Local exclusions are used to filter out logs that are not relevant for SmartLog, not SmartEvent. SmartEvent uses the other procedures to identify events based on event definitions, event candidates, and global exclusions . References: SmartLog R81 Administration Guide, , SmartEvent R81 Administration Guide, [Free Check Point CCSA Sample Questions and Study Guide]

• Question 248:

  Which SmartConsole application shows correlated logs and aggregated data to provide an overview of potential threats and attack patterns?

  A. SmartEvent

  B. SmartView Tracker

  C. SmartLog

  D. SmartView Monitor

  Correct Answer: A

  SmartEvent is a unified security management solution that provides real-time visibility into security events across the network. SmartEvent shows correlated logs and aggregated data to provide an overview of potential threats and attack patterns, as well as generate reports and alerts based on predefined or customized indicators. SmartView Tracker, SmartLog, and SmartView Monitor are other SmartConsole applications that can show logs, search queries, and network statistics respectively, but they do not provide the same level of correlation and analysis as SmartEvent. References: [Check Point R81 SmartEvent Administration Guide]

• Question 249:

  Fill in the blanks: Gaia can be configured using _______ the ________.

  A. Command line interface; WebUI

  B. Gaia Interface; GaiaUI

  C. WebUI; Gaia Interface

  D. GaiaUI; command line interface

  Correct Answer: A

  Gaia can be configured using the command line interface (CLI) or the WebUI. The CLI is a text-based interface that allows you to configure and manage Gaia settings using commands and scripts. The WebUI is a graphical interface that allows you to configure and manage Gaia settings using a web browser. Gaia Interface and GaiaUI are not valid terms for Gaia configuration tools.References: [Gaia Administration Guide], [Gaia Overview]

• Question 250:

  The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands?

  A. Execute the command 'enable' in the cli.sh shell

  B. Execute the 'conf t' command in the cli.sh shell

  C. Execute the command 'expert' in the cli.sh shell

  D. Execute the 'exit' command in the cli.sh shell

  Correct Answer: C

  The default shell of the Gaia CLI is cli.sh, which provides a limited set of commands for basic configuration and troubleshooting. To change from the cli.sh shell to the advanced shell (also known as expert mode) to run Linux commands, the administrator needs to execute the command `expert' in the cli.sh shell