CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 311:

  In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?

  A. Display policies and logs on the administrator's workstation.
  B. Processing and sending alerts such as SNMP traps and email notifications.
  C. Verify and compile Security Policies.
  D. Store firewall logs to hard drive storage.
  A. Display policies and logs on the administrator's workstation.

  ---

  Explanation/Reference:

  The Security Management Server does not display policies and logs on the administrator's workstation. That is the function of the SmartConsole, which is a separate component that connects to the Security Management Server. References: Certified Security Administrator (CCSA) R81.20 Course Overview, page 4.

• Question 312:

  Fill in the blank: An identity server uses a ___________ for user authentication.

  A. Shared secret
  B. Certificate
  C. One-time password
  D. Token
  A. Shared secret

  ---

  Explanation/Reference:

  The answer is A because an identity server uses a shared secret for user authentication. A shared secret is a passphrase that is known by both the identity server and the user. The identity server sends a challenge to the user, who encrypts it with the shared secret and sends it back. The identity server then verifies the response and authenticates the user References: Check Point R81 Identity Awareness Administration Guide, Check Point R81 Identity Server

• Question 313:

  Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?

  A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
  B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
  C. Time object to a rule to make the rule active only during specified times.
  D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.
  D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

  ---

  Explanation/Reference:

  Sub Policies are a new feature in R80.10 Gateway that allow creating and attaching sets of rules to specific rules in the main policy. Sub Policies are useful for delegating permissions, managing large rule bases, and applying different inspection profiles. The other options are not new features in R80.10 Gateway. References: Check Point R80.10 Security Management Administration Guide

• Question 314:

  What is the main difference between Threat Extraction and Threat Emulation?

  A. Threat Emulation never delivers a file and takes more than 3 minutes to complete
  B. Threat Extraction always delivers a file and takes less than a second to complete
  C. Threat Emulation never delivers a file that takes less than a second to complete
  D. Threat Extraction never delivers a file and takes more than 3 minutes to complete
  B. Threat Extraction always delivers a file and takes less than a second to complete

  ---

  Explanation/Reference:

  The correct answer is B because Threat Extraction always delivers a file and takes less than a second to complete. Threat Extraction removes exploitable content from files and delivers a clean and safe file to the user. Threat Emulation analyzes files in a sandbox environment and delivers a verdict of malicious or benign. Threat Emulation can take more than 3 minutes to complete depending on the file size and complexity. References: Check Point R81 Threat Prevention Administration Guide

• Question 315:

  Fill in the blanks: Gaia can be configured using _______ the ________.

  A. Command line interface; WebUI
  B. Gaia Interface; GaiaUI
  C. WebUI; Gaia Interface
  D. GaiaUI; command line interface
  A. Command line interface; WebUI

  ---

  Explanation/Reference:

  Gaia can be configured using the command line interface (CLI) or the WebUI. The CLI is a text-based interface that allows you to configure and manage Gaia settings using commands and scripts. The WebUI is a graphical interface that allows you to configure and manage Gaia settings using a web browser. Gaia Interface and GaiaUI are not valid terms for Gaia configuration tools.References: [Gaia Administration Guide], [Gaia Overview]

• Question 316:

  At what point is the Internal Certificate Authority (ICA) created?

  A. During the primary Security Management Server installation process.
  B. Upon creation of a certificate
  C. When an administrator decides to create one
  D. When an administrator initially logs into SmartConsole.
  A. During the primary Security Management Server installation process.

  ---

  Explanation/Reference:

  The Internal Certificate Authority (ICA) is created during the primary Security Management Server installation process. The ICA is a component that issues and manages certificates for Check Point products. The ICA is automatically installed and initialized when installing the Security Management Server. References: Check Point R81 Security Management Administration Guide, page 26.

• Question 317:

  Fill in the blank: Authentication rules are defined for ____________.

  A. User groups
  B. Users using UserCheck
  C. Individual users
  D. All users in the database
  A. User groups

  ---

  Explanation/Reference:

  Authentication rules are defined for user groups rather than individual users. To define authentication rules, you must first define users and groups. You can define users with the Check Point user database, or with an external server, such as LDAP. UserCheck is a feature that enables user interaction with security events. Individual users and all users in the database are not valid options for defining authentication rules. References: How to Configure Client Authentication, UserCheck

• Question 318:

  Name the pre-defined Roles included in Gaia OS.

  A. AdminRole, and MonitorRole
  B. ReadWriteRole, and ReadyOnly Role
  C. AdminRole, cloningAdminRole, and Monitor Role
  D. AdminRole
  A. AdminRole, and MonitorRole

  ---

  Explanation/Reference:

  The pre-defined Roles included in Gaia OS are AdminRole and MonitorRole. AdminRole is the role that has full access to all Gaia features and commands. MonitorRole is the role that has read-only access to Gaia features and commands. The other options are not valid pre-defined Roles in Gaia OS.

• Question 319:

  Which of the following is NOT a component of Check Point Capsule?

  A. Capsule Docs
  B. Capsule Cloud
  C. Capsule Enterprise
  D. Capsule Workspace
  C. Capsule Enterprise

  ---

  Explanation/Reference:

  The components of Check Point Capsule are Capsule Docs, Capsule Cloud, and Capsule Workspace. There is no Capsule Enterprise component. Capsule Docs protects business documents everywhere they go. Capsule Cloud protects mobile users outside the enterprise security perimeter. Capsule Workspace creates a secure business environment on mobile devices. References: Check Point Capsule Datasheet, Check Point Capsule Workspace Datasheet, Mobile Secure Workspace with Capsule

• Question 320:

  The SmartEvent R80 Web application for real-time event monitoring is called:

  A. SmartView Monitor
  B. SmartEventWeb
  C. There is no Web application for SmartEvent
  D. SmartView
  D. SmartView

  ---

  Explanation/Reference:

  SmartView is the web application for real-time event monitoring in SmartEvent R80 and above. It provides a unified view of security events across the network and allows for quick investigation and response. References: SmartEvent R80.40 Administration Guide, SmartView