CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 261:

  What is NOT an advantage of Stateful Inspection?

  A. High Performance
  B. Good Security
  C. No Screening above Network layer
  D. Transparency
  C. No Screening above Network layer

  ---

  Explanation/Reference:

  The option that is NOT an advantage of Stateful Inspection is No Screening above Network layer. Stateful Inspection is a firewall technology that inspects packets at all layers of the OSI model, from layer 3 (Network) to layer 7 (Application). Stateful Inspection provides screening above Network layer, such as checking TCP flags, sequence numbers, ports, and application protocols . The other options are advantages of Stateful Inspection, as it provides high performance, good security, and transparency for legitimate traffic. References: Stateful Inspection Technology, Firewall Administration Guide

• Question 262:

  How are the backups stored in Check Point appliances?

  A. Saved as*.tar under /var/log/CPbackup/backups
  B. Saved as*tgz under /var/CPbackup
  C. Saved as*tar under /var/CPbackup
  D. Saved as*tgz under /var/log/CPbackup/backups
  B. Saved as*tgz under /var/CPbackup

  ---

  Explanation/Reference:

  The backups are stored in Check Point appliances as *.tgz files under /var/CPbackup. This is the default location for backup files created by the backup command. Therefore, the correct answer is B. Saved as *.tgz under /var/CPbackup

• Question 263:

  What default layers are included when creating a new policy layer?

  A. Application Control, URL Filtering and Threat Prevention
  B. Access Control, Threat Prevention and HTTPS Inspection
  C. Firewall, Application Control and IPSec VPN
  D. Firewall, Application Control and IPS
  B. Access Control, Threat Prevention and HTTPS Inspection

  ---

  Explanation/Reference:

  The default layers that are included when creating a new policy layer are Access Control, Threat Prevention, and HTTPS Inspection. Access Control is the layer that defines the basic firewall rules. Threat Prevention is the layer that enables the protection against various types of attacks, such as IPS, Anti-Virus, Anti-Bot, etc. HTTPS Inspection is the layer that allows the inspection of encrypted traffic. The other options are not the default layers that are included when creating a new policy layer.

• Question 264:

  Which Check Point software blade provides Application Security and identity control?

  A. Identity Awareness
  B. Data Loss Prevention
  C. URL Filtering
  D. Application Control
  D. Application Control

  ---

  Explanation/Reference:

  The Check Point software blade that provides Application Security and identity control is Application Control . Application Control enables network administrators to identify, allow, block, or limit usage of thousands of applications and millions of websites. Therefore, the correct answer is D. Application Control

• Question 265:

  You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?

  A. Open SmartLog and connect remotely to the wireless controller
  B. Open SmartEvent to see why they are being blocked
  C. Open SmartDashboard and review the logs tab
  D. From SmartConsole, go to the Log and Monitor and filter for the IP address of the tablet.
  D. From SmartConsole, go to the Log and Monitor and filter for the IP address of the tablet.

  ---

  Explanation/Reference:

  From SmartConsole, go to the Log and Monitor and filter for the IP address of the tablet is the correct answer. This is because the Log and Monitor view in SmartConsole allows you to view and analyze logs and events from various sources, such as Security Gateways, Security Management Servers, and SmartEvent Servers. You can use filters to search for specific logs and events based on different criteria, such as source IP, destination IP, action, time, etc. References: [Logging and Monitoring Administration Guide R80.20]

• Question 266:

  Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?

  A. Manual NAT can offer more flexibility than Automatic NAT.
  B. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation.
  C. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading.
  D. Automatic NAT can offer more flexibility than Manual NAT.
  A. Manual NAT can offer more flexibility than Automatic NAT.

  ---

  Explanation/Reference:

  Manual NAT can offer more flexibility than Automatic NAT because it allows the administrator to define the NAT rules in any order and position. Automatic NAT creates the NAT rules automatically and places them at the top or bottom of the NAT Rule Base. References: Check Point R81 Firewall Administration Guide, Check Point R81 Security Management Administration Guide

• Question 267:

  What is required for a certificate-based VPN tunnel between two gateways with separate management systems?

  A. Shared Secret Passwords
  B. Unique Passwords
  C. Shared User Certificates
  D. Mutually Trusted Certificate Authorities
  D. Mutually Trusted Certificate Authorities

  ---

  Explanation/Reference:

  This answer is correct because for a certificate-based VPN tunnel, both gateways need to have a certificate issued by a certificate authority (CA) that they trust. A CA is a trusted entity that verifies the identity of the gateways and signs their certificates. The gateways can either use the same CA or different CAs, as long as they trust each other's CA. This way, the gateways can authenticate each other using their certificates and establish a secure VPN tunnel. The other answers are not correct because they are either irrelevant or incompatible with certificate-based VPN tunnel. Shared secret passwords and unique passwords are used for pre-shared key (PSK) authentication, which is a different method than certificate authentication. PSK authentication is less secure and more vulnerable to brute force attacks than certificate authentication. Shared user certificates are not used for gateway authentication, but for user authentication, which is a different level of authentication than gateway authentication. User authentication is optional and can be used in addition to gateway authentication to provide more granular access control. Configure server settings for P2S VPN Gateway connections - certificate authentication VPN certificates and how they work Create Certificate Based Site to Site VPN between 2 Check Point Gateways HowTo Set Up Certificate Based VPNs with Check Point Appliances

• Question 268:

  John is the administrator of a R80 Security Management server managing R77.30 Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John's changes available to other administrators, and to save the database before installing a policy, what must John do?

  A. Logout of the session
  B. File > Save
  C. Install database
  D. Publish the session
  D. Publish the session

  ---

  Explanation/Reference:

  To make John's changes available to other administrators, and to save the database before installing a policy, John must publish the session. Publishing the session saves the changes to the database and makes them visible to other administrators. The other options do not achieve this goal. References: Publishing a Session

• Question 269:

  The SIC Status "Unknown" means

  A. There is connection between the gateway and Security Management Server but it is not trusted.
  B. The secure communication is established.
  C. There is no connection between the gateway and Security Management Server.
  D. The Security Management Server can contact the gateway, but cannot establish SIC.
  C. There is no connection between the gateway and Security Management Server.

  ---

  Explanation/Reference:

  The SIC Status "Unknown" means that there is no connection between the gateway and Security Management Server. This can happen if the gateway is down, unreachable, or has not been initialized yet. References: Check Point R81 Security Management Administration Guide, Free Check Point CCSA Sample Questions and Study Guide

• Question 270:

  What are two basic rules Check Point recommending for building an effective security policy?

  A. Accept Rule and Drop Rule
  B. Cleanup Rule and Stealth Rule
  C. Explicit Rule and Implied Rule
  D. NAT Rule and Reject Rule
  B. Cleanup Rule and Stealth Rule

  ---

  Explanation/Reference:

  Two basic rules that Check Point recommends for building an effective security policy are Cleanup Rule and Stealth Rule. A Cleanup Rule is a rule that is placed at the end of the rule base and drops or logs any traffic that does not match any of the previous rules. A Stealth Rule is a rule that is placed at the top of the rule base and protects the Security Gateway from direct access by unauthorized users. The other options are not basic rules for building a security policy, but rather types or categories of rules.