CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 51:

  Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enable which path is handling the traffic?

  A. Slow Path
  B. Medium Path
  C. Fast Path
  D. Accelerated Path
  A. Slow Path

  ---

  Explanation/Reference:

  The correct answer is A because the traffic from source 192.168.1.1 to www.google.com is handled by the Slow Path if the Application Control Blade on the gateway is inspecting the traffic. The Slow Path is used when traffic requires inspection by one or more Software Blades. The other paths are used for different scenarios. References: Check Point R81 Performance Tuning Administration Guide

• Question 52:

  In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?

  A. Logging and Monitoring
  B. None - the data is available by default
  C. Monitoring Blade
  D. SNMP
  C. Monitoring Blade

  ---

  Explanation/Reference:

  In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, the Monitoring Blade feature needs to be enabled on the Security Gateway. The Monitoring Blade is a software blade that collects and

  displays network and security performance data from the Security Gateway, such as traffic, throughput, connections, CPU usage, memory usage, etc. The Monitoring Blade can be enabled or disabled on each Security Gateway from the

  SmartConsole.

  References:[Monitoring Blade], [SmartView Monitor]

• Question 53:

  Under which file is the proxy arp configuration stored?

  A. $FWDIR/state/proxy_arp.conf on the management server
  B. $FWDIR/conf/local.arp on the management server
  C. $FWDIR/state/_tmp/proxy.arp on the security gateway
  D. $FWDIR/conf/local.arp on the gateway
  D. $FWDIR/conf/local.arp on the gateway

  ---

  Explanation/Reference:

  The file that stores the proxy arp configuration is $FWDIR/conf/local.arp on the gateway . The other files are not related to proxy arp configuration. References: How to configure Proxy ARP for Manual NAT on Security Gateway, []

• Question 54:

  What is the purpose of the Stealth Rule?

  A. To prevent users from directly connecting to a Security Gateway.
  B. To reduce the number of rules in the database.
  C. To reduce the amount of logs for performance issues.
  D. To hide the gateway from the Internet.
  A. To prevent users from directly connecting to a Security Gateway.

  ---

  Explanation/Reference:

  The Stealth Rule is used to prevent users from directly connecting to a Security Gateway. It is usually placed at the top of the rule base, before any other rule that allows traffic to the Security Gateway, p. 32

• Question 55:

  Which of the following is an authentication method used for Identity Awareness?

  A. SSL
  B. Captive Portal
  C. PKI
  D. RSA
  B. Captive Portal

  ---

  Explanation/Reference:

  Captive Portal is an authentication method used for Identity Awareness. Captive Portal is a web-based authentication method that redirects users to a browser- based login page when they try to access the network. Users must provide their credentials to access the network resources. Captive Portal can be used for guest users or users who are not identified by other methods. SSL, PKI, and RSA are not authentication methods used for Identity Awareness, but rather encryption or certificate technologies. References: Identity Awareness Reference Architecture and Best Practices

• Question 56:

  What is the purpose of the Clean-up Rule?

  A. To log all traffic that is not explicitly allowed or denied in the Rule Base
  B. To clean up policies found inconsistent with the compliance blade reports
  C. To remove all rules that could have a conflict with other rules in the database
  D. To eliminate duplicate log entries in the Security Gateway
  A. To log all traffic that is not explicitly allowed or denied in the Rule Base

  ---

  Explanation/Reference:

  The purpose of the Clean-up Rule is to log all traffic that is not explicitly allowed or denied in the Rule Base. The Clean-up Rule is the last rule in the rulebase and is used to drop and log explicitly unmatched traffic. To improve the rulebase performance, noise traffic that is logged in the Clean-up rule should be included in the Noise rule so it is matched and dropped higher up in the rulebase. The other options are not valid purposes of the Clean- up Rule. References: Using Intune device cleanup rules, Security policy fundamentals, Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

• Question 57:

  Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?

  A. AD Query
  B. Terminal Servers Endpoint Identity Agent
  C. Endpoint Identity Agent and Browser-Based Authentication
  D. RADIUS and Account Logon
  C. Endpoint Identity Agent and Browser-Based Authentication

  ---

  Explanation/Reference:

  Endpoint Identity Agent and Browser-Based Authentication are the identity sources that provide the highest level of security for sensitive servers, as they require user authentication and can enforce granular access rules based on user identity. AD Query, Terminal Servers Endpoint Identity Agent, and RADIUS and Account Logon are less secure, as they rely on passive methods of identity acquisition or do not support identity- based access control. References: Identity Awareness R81.10 Administration Guide, Identity Awareness AD Query

• Question 58:

  To enforce the Security Policy correctly, a Security Gateway requires:

  A. a routing table
  B. awareness of the network topology
  C. a Demilitarized Zone
  D. a Security Policy install
  B. awareness of the network topology

  ---

  Explanation/Reference:

  To enforce the Security Policy correctly, a Security Gateway requires awareness of the network topology. This means that the gateway knows which networks and interfaces are internal and external, and how to route packets between them . References: [Check Point R81 Security Gateway Technical Administration Guide],

• Question 59:

  Which command is used to add users to or from existing roles?

  A. add rba user roles
  B. add user
  C. add rba user
  D. add user roles
  A. add rba user roles

  ---

  Explanation/Reference:

  The command add rba user roles is used to add users to or from existing roles. RBA stands for Role-Based Administration, which is a feature that allows administrators to assign different permissions and access levels to

  users based on their roles.

  References:Check Point R81 Security Management Administration Guide, page 20.

• Question 60:

  Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?

  A. Application Control
  B. Threat Emulation
  C. Logging and Status
  D. Monitoring
  D. Monitoring

  ---

  Explanation/Reference:

  The Check Point software blade that monitors Check Point devices and provides a picture of network and security performance is Monitoring. The Monitoring Software Blade presents a complete picture of network and security performance, enabling fast responses to changes in traffic patterns or security events. It centrally monitors Check Point devices and alerts security administrators to changes to gateways, endpoints, tunnels, remote users and security activities. References: Monitoring Software Blade, Check Point Integrated Security Architecture, Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services