CheckPoint Checkpoint Certifications 156-215.81 Questions & Answers

• Question 311:

  Which of the following is NOT a method used by Identity Awareness for acquiring identity?

  A. Remote Access

  B. Cloud IdP (Identity Provider)

  C. Active Directory Query

  D. RADIUS

  Correct Answer: B

  Identity Awareness uses several methods for acquiring identity, such as Active Directory Query, Identity Agent, Browser-Based Authentication, Terminal Servers, Captive Portal, and RADIUS. Cloud IdP (Identity Provider) is not a method used by Identity Awareness. Therefore, the correct answer is B. Cloud IdP (Identity Provider).

• Question 312:

  Which of the following is NOT supported by Bridge Mode Check Point Security Gateway

  A. Antivirus

  B. Data Loss Prevention

  C. NAT

  D. Application Control

  Correct Answer: C

  Bridge Mode Check Point Security Gateway does not support NAT. Bridge Mode is a deployment option that allows the Security Gateway to inspect traffic without being a routing hop. In Bridge Mode, the Security Gateway does not have an IP address and cannot perform NAT. Therefore, the correct answer is C. NAT.

• Question 313:

  Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?

  A. Application Control

  B. Data Awareness

  C. Identity Awareness

  D. Threat Emulation

  Correct Answer: A

  Application Control is the software blade that enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine. Application Control allows you to define granular rules for applications, web sites, web categories, web content types, and users. You can also use Application Control to monitor and block risky applications and web usage. References: [Application Control Administration Guide R80.40]

• Question 314:

  What is the main objective when using Application Control?

  A. To filter out specific content.

  B. To assist the firewall blade with handling traffic.

  C. To see what users are doing.

  D. Ensure security and privacy of information.

  Correct Answer: D

  The main objective when using Application Control is to ensure security and privacy of information. Application Control enables administrators to control access to web applications and web sites based on risk level, user identity, and other criteria. It also provides visibility into web usage and application activity. References: Check Point R81 Application Control Administration Guide

• Question 315:

  Which tool is used to enable ClusterXL?

  A. SmartUpdate

  B. cpconfig

  C. SmartConsole

  D. sysconfig

  Correct Answer: B

  The tool that is used to enable ClusterXL is cpconfig. ClusterXL is a software-based Load Sharing and High Availability solution that distributes network traffic between clusters of redundant Security Gateways. To enable ClusterXL, you need to run the cpconfig command on each cluster member and select Enable Cluster membership for this gateway. Therefore, the correct answer is B. cpconfig.

• Question 316:

  To view statistics on detected threats, which Threat Tool would an administrator use?

  A. Protections

  B. IPS Protections

  C. Profiles

  D. ThreatWiki

  Correct Answer: D

  ThreatWiki is a web-based tool that provides statistics on detected threats, such as attack types, sources, destinations, and severity. It also allows the administrator to search for specific threats and view their details and mitigation methods. The other options are not tools for viewing statistics on detected threats. References: [ThreatWiki], [ThreatWiki - Threat Emulation]

• Question 317:

  Which is a suitable command to check whether Drop Templates are activated or not?

  A. fw ctl get int activate_drop_templates

  B. fwaccel stat

  C. fwaccel stats

  D. fw ctl templates -d

  Correct Answer: B

  The command fwaccel stat shows the status of SecureXL, including whether Drop Templates are enabled or not. References: Check Point SecureXL R81 Administration Guide

• Question 318:

  CPU-level of your Security gateway is peaking to 100% causing problems with traffic. You suspect that the problem might be the Threat Prevention settings. The following Threat Prevention Profile has been created.

  

  How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

  A. Set High Confidence to Low and Low Confidence to Inactive.

  B. Set the Performance Impact to Medium or lower.

  C. The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.

  D. Set the Performance Impact to Very Low Confidence to Prevent.

  Correct Answer: B

  The BEST way to tune the profile in order to lower the CPU load still maintaining security at good level is to set the Performance Impact to Medium or lower. This will reduce the number of packets that are inspected by the Threat Prevention blades, while still providing a high level of protection . Setting High Confidence to Low and Low Confidence to Inactive will lower the security level, as it will allow more traffic that may be malicious. The problem is likely with the Threat Prevention Profile, as it can have a significant impact on the CPU utilization of the Security Gateway. Adding more memory to the appliance will not solve the problem, as memory is not the bottleneck in this case. Setting the Performance Impact to Very Low Confidence to Prevent will increase the CPU load, as it will inspect more packets and block more traffic that may be false positives. References: Threat Prevention Administration Guide, Check Point R81.10

• Question 319:

  What is a role of Publishing?

  A. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public

  B. The Security Management Server installs the updated policy and the entire database on Security Gateways

  C. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways

  D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base

  Correct Answer: A

  The Publish operation sends the modifications made via SmartConsole in the private session and makes them public is the correct answer. This is because publishing is the process of saving your changes to the database and making them

  available to other administrators. Publishing also allows you to install policies on Security Gateways.

  References: [Publishing Changes]

• Question 320:

  Your internal networks 10.1.1.0/24, 10.2.2.0/24 and 192.168.0.0/16 are behind the Internet Security Gateway. Considering that Layer 2 and Layer 3 setup is correct, what are the steps you will need to do in SmartConsole in order to get the connection working?

  A. 1. Define an accept rule in Security Policy.2. Define Security Gateway to hide all internal networks behind the gateway's external IP.3. Publish and install the policy.

  B. 1. Define an accept rule in Security Policy.2. Define automatic NAT for each network to NAT the networks behind a public IP.3. Publish the policy.

  C. 1. Define an accept rule in Security Policy.2. Define automatic NAT for each network to NAT the networks behind a public IP.3. Publish and install the policy.

  D. 1. Define an accept rule in Security Policy.2. Define Security Gateway to hide all internal networks behind the gateway's external IP.3. Publish the policy.

  Correct Answer: C

  The steps you will need to do in SmartConsole in order to get the connection working behind the Internet Security Gateway are: Define an accept rule in Security Policy. This rule allows the traffic from your internal networks to pass through the Security Gateway. Define automatic NAT for each network to NAT the networks behind a public IP. This option translates the private IP addresses of your internal networks to a public IP address assigned by your ISP router. This way, your internal networks can communicate with the Internet using a valid IP address. Publish and install the policy. This step applies the changes you made to the Security Gateway and activates the security and NAT rules. References: Check Point R81 Quantum Security Gateway Guide