Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities?
A. IPS
B. Anti-Virus
C. Anti-Spam
D. Anti-bot
Correct Answer: A
The IPS (Intrusion Prevention System) Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities. The other options are not related to this function. References: [Check Point R81 Threat Prevention Administration Guide], page 9.
Question 302:
Fill in the blank: When a policy package is installed, ________ are also distributed to the target installation Security Gateways.
A. User and objects databases
B. Network databases
C. SmartConsole databases
D. User databases
Correct Answer: A
When a policy package is installed, user and objects databases are also distributed to the target installation Security Gateways. The user and objects databases contain information about network objects, users, groups, services, VPN domains, and more. Therefore, the correct answer is A. User and objects databases.
Question 303:
Is it possible to have more than one administrator connected to a Security Management Server at once?
A. Yes, but only if all connected administrators connect with read-only permissions.
B. Yes, but objects edited by one administrator will be locked for editing by others until the session is published.
C. No, only one administrator at a time can connect to a Security Management Server
D. Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.
Correct Answer: B
It is possible to have more than one administrator connected to a Security Management Server at once, but objects edited by one administrator will be locked for editing by others until the session is published. This feature is called concurrent administration and it allows multiple administrators to work on the same security policy at the same time. However, when one administrator edits an object, such as a gateway, a rule, or a network, that object is locked for other administrators until the change is published or discarded. The lock icon shows which objects are being edited by other administrators and prevents conflicts or overwrites.References: [Concurrent Administration], [SmartConsole Overview]
Question 304:
What Check Point technologies deny or permit network traffic?
A. Application Control, DLP
B. Packet Filtering, Stateful Inspection, Application Layer Firewall.
C. ACL, SandBlast, MPT
D. IPS, Mobile Threat Protection
Correct Answer: B
Check Point technologies that deny or permit network traffic are packet filtering, stateful inspection, and application layer firewall, p. 15-16. Packet filtering is a basic firewall technique that examines packets based on their source and destination addresses and ports, p. 13. Stateful inspection is an advanced firewall technique that tracks the state and context of network connections and inspects packets based on their content and sequence p. 13. Application layer firewall is a firewall technique that operates at the application layer of the OSI model and inspects packets based on their application protocols and data, p. 14. , 156-315.81 Checkpoint Exam Info and Free Practice Test
Question 305:
The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?
A. Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with any UID and assign role to the user.
B. Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with UID 0 and assign role to the user.
C. Create a new access role.Add expert-mode access to the role.Create new user with UID 0 and assign role to the user.
D. Create a new access role.Add expert-mode access to the role.Create new user with any UID and assign role to the user.
Correct Answer: A
To achieve the requirement of giving the Network Operations Center administrator access to Check Point Security devices mostly for troubleshooting purposes, but not to the expert mode, and still allowing her to run tcpdump, you need to: Add tcpdump to CLISH using add command. This command adds a new command to the Command Line Interface Shell (CLISH) that allows running tcpdump without entering the expert mode . Create a new access role. This option defines a set of permissions and commands that can be assigned to a user or a group of users. Add tcpdump to the role. This option grants the permission to run tcpdump to the role. Create new user with any UID and assign role to the user. This option creates a new user account with any User ID (UID) and assigns the role that has tcpdump permission to the user. References: [How to add a new command to CLISH], [Check Point R81 Gaia Administration Guide], [Check Point R81 Identity Awareness Administration Guide]
Question 306:
Which of the following is NOT an identity source used for Identity Awareness?
A. Remote Access
B. UserCheck
C. AD Query
D. RADIUS
Correct Answer: B
UserCheck is not an identity source used for Identity Awareness. UserCheck is a feature that allows you to interact with users when they trigger Data Loss Prevention or Threat Prevention incidents. Identity Awareness uses different methods to acquire identities, such as AD Query, Identity Agent, Browser-Based Authentication, Terminal Servers, Captive Portal, and RADIUS3 . Therefore, the correct answer is B. UserCheck.
Question 307:
What type of NAT is a one-to-one relationship where each host is translated to a unique address?
A. Source
B. Static
C. Hide
D. Destination
Correct Answer: B
The type of NAT that is a one-to-one relationship where each host is translated to a unique address is Static NAT. Static NAT maps an unregistered IP address to a registered IP address on a one-to-one basis. This means that for each internal host, there is a corresponding external address that represents it. Therefore, the correct answer is B
Question 308:
Fill in the blanks: A Check Point software license consists of a__________ and _______.
A. Software blade; software container
B. Software package: signature
C. Signature; software blade
D. Software container software package
Correct Answer: A
A Check Point software license consists of a Software blade and a Software container. A Software blade is a modular security feature that delivers security functionality to the gateway or management server. A Software container is a set of
Software blades that can be purchased as a bundle.
One of major features in R80.x SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the same Security Policy?
A. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
B. AdminA and AdminB are editing the same rule at the same time.
C. AdminB sees a pencil icon next the rule that AdminB is currently editing.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Correct Answer: B
One of the major features in R80.x SmartConsole is concurrent administration, which allows multiple administrators to work on the same Security Policy at the same time. However, only one administrator can edit a rule at a time. If AdminA and AdminB are editing the same rule at the same time, it will cause a conflict and prevent them from saving their changes. Therefore, the correct answer is B. AdminA and AdminB are editing the same rule at the same time.
Question 310:
Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitor displays _____________ for the given VPN tunnel.
A. Down
B. No Response
C. Inactive
D. Failed
Correct Answer: A
When tunnel test packets no longer invoke a response, SmartView Monitor displays Down for the given VPN tunnel. This means that the VPN tunnel is not operational and there is no IKE or IPsec traffic passing through it. No Response, Inactive, and Failed are not valid statuses for VPN tunnels in SmartView Monitor. References: Smart View Monitor displays status for all S2S VPN tunnels - Phase UP
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.