CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 271:

  Which tool allows you to monitor the top bandwidth on smart console?

  A. Logs and Monitoring
  B. Smart Event
  C. Gateways and Severs Tab
  D. SmartView Monitor
  D. SmartView Monitor

  ---

  Explanation/Reference:

  SmartView Monitor is the tool that allows you to monitor the top bandwidth on SmartConsole. SmartView Monitor is a graphical tool that displays real-time network and security performance data, such as traffic, throughput, connections, CPU usage, memory usage, etc. You can use SmartView Monitor to identify the top bandwidth consumers and optimize your network performance.References: [SmartView Monitor], [Monitoring Network Traffic]

• Question 272:

  Which Threat Prevention profile uses sanitization technology?

  A. Cloud/data Center
  B. perimeter
  C. Sandbox
  D. Guest Network
  B. perimeter

  ---

  Explanation/Reference:

  Threat Prevention is a comprehensive solution that protects networks from malicious attacks by using multiple security blades, such as Anti-Bot, Anti-Virus, IPS, Threat Emulation, and Threat Extraction. A Threat Prevention profile defines the actions and settings for each blade and can be applied to different network segments or scenarios. The Perimeter profile is one of the predefined profiles that uses sanitization technology to protect users from malicious files and links. Sanitization technology includes Threat Emulation and Threat Extraction blades, which can detect and remove malware from files and web content. References: [Check Point R81 Threat Prevention Administration Guide]

• Question 273:

  A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?

  A. The zone is based on the network topology and determined according to where the interface leads to.
  B. Security Zones are not supported by Check Point firewalls.
  C. The firewall rule can be configured to include one or more subnets in a zone.
  D. The local directly connected subnet defined by the subnet IP and subnet mask.
  A. The zone is based on the network topology and determined according to where the interface leads to.

  ---

  Explanation/Reference:

  A security zone is a group of one or more network interfaces from different centrally managed gateways that have the same security requirements. The zone is based on the network topology and determined according to where the interface leads to. For example, a zone can be defined as internal, external, DMZ, VPN, etc. Security zones are supported by Check Point firewalls and can be used to simplify security policies and network segmentation. The firewall rule can be configured to include one or more zones as source or destination objects. The local directly connected subnet defined by the subnet IP and subnet mask is not considered part of the zone, but rather a property of the interface.References: [Security Zones], [Security Zones Best Practices]

• Question 274:

  In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?

  A. Different computers or appliances.
  B. The same computer or appliance.
  C. Both on virtual machines or both on appliances but not mixed.
  D. In Azure and AWS cloud environments.
  A. Different computers or appliances.

  ---

  Explanation/Reference:

  In a Distributed deployment, the Security Gateway and the Security Management software are installed on different computers or appliances. This allows for better scalability and performance. References: Check Point Security Management Administration Guide R81

• Question 275:

  Which key is created during Phase 2 of a site-to-site VPN?

  A. Pre-shared secret
  B. Diffie-Hellman Public Key
  C. Symmetrical IPSec key
  D. Diffie-Hellman Private Key
  C. Symmetrical IPSec key

  ---

  Explanation/Reference:

  The key that is created during Phase 2 of a site-to-site VPN is a symmetrical IPSec key. This key is used to encrypt and decrypt the data that is exchanged between the VPN peers. The symmetrical IPSec key is derived from the shared secret and the Diffie-Hellman public keys that are exchanged during Phase 13. References: Site to Site VPN in R80.x - Tutorial for Beginners

• Question 276:

  Which of the following commands is used to monitor cluster members?

  A. cphaprob state
  B. cphaprob status
  C. cphaprob
  D. cluster state
  A. cphaprob state

• Question 277:

  What key is used to save the current CPView page in a filename format cpview_"cpview process ID". cap"number of captures"?

  A. S
  B. W
  C. C
  D. Space bar
  C. C

• Question 278:

  When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, what does that indicate?

  A. The gateway is not powered on.
  B. Incorrect routing to reach the gateway.
  C. The Admin would need to login to Read-Only mode
  D. Another Admin has made an edit to that object and has yet to publish the change.
  D. Another Admin has made an edit to that object and has yet to publish the change.

  ---

  Explanation/Reference:

  When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, it indicates that another Admin has made an edit to that object and has yet to publish the change. SmartConsole supports concurrent administration, which means that multiple Admins can work on the same security policy at the same time. However, when one Admin edits an object, such as a gateway, a rule, or a network, that object is locked for other Admins until the change is published or discarded. The lock icon shows which objects are being edited by other Admins and prevents conflicts or overwrites. The gateway being powered off, incorrect routing to reach the gateway, or logging in to Read-Only mode do not cause the lock icon to appear.References: [Concurrent Administration], [SmartConsole Overview]

• Question 279:

  Which software blade does NOT accompany the Threat Prevention policy?

  A. IPS
  B. Application Control and URL Filtering
  C. Threat Emulation
  D. Anti-virus
  B. Application Control and URL Filtering

  ---

  Explanation/Reference:

  The Threat Prevention policy is a unified policy that manages three software blades: IPS, Anti-Virus, and Threat Emulation. The Threat Prevention policy enables you to configure settings and actions for detecting and preventing various types of threats, such as malware, exploits, botnets, etc. Application Control and URL Filtering are not part of the Threat Prevention policy, but they are part of a separate policy that controls access to applications and websites based on categories, users, groups, and machines

• Question 280:

  Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

  A. UDP port 265
  B. TCP port 265
  C. UDP port 256
  D. TCP port 256
  B. TCP port 265

  ---

  Explanation/Reference:

  The port used for full synchronization between cluster members is TCP port 265. This port is used by the Firewall Kernel to send and receive synchronization data, such as connection tables, NAT tables, and VPN keys. UDP port 8116 is used by the Cluster Control Protocol (CCP) for internal communications between cluster members. References: How does the Cluster Control Protocol function in working and failure scenarios for gateway clusters?