Which command shows detailed information about VPN tunnels?
A. cat $FWDIR/conf/vpn.conf B. vpn tu tlist C. vpn tu D. cpview
B. vpn tu tlist
Explanation
The command vpn tu tlist shows detailed information about VPN tunnels, such as the peer IP address, encryption domain, IKE phase 1 and phase 2 status, encryption algorithm, and tunnel uptime. The command vpn tu is an interactive tool that allows users to list, delete, or reconnect VPN tunnels. The command cpview is a real-time performance monitoring tool that shows various statistics about the system and network.
References:
VPN Administration Guide, SK97638 - What is cpview Utility and How to Use it
Question 292:
Which command displays installed licenses?
A. cpstat license B. cplic print C. fw stat D. cpview
B. cplic print
Explanation
The cplic print command shows installed licenses on the system.
Question 293:
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn't check all requirements for migration to R81?
A. Missing an installed R77.20 Add-on on Security Management Server B. Unsupported firmware on UTM-1 Edge-W appliance C. Unsupported version on UTM-1 570 series appliance D. Unsupported appliances on remote locations
A. Missing an installed R77.20 Add-on on Security Management Server
Explanation
What can cause Vanessa unnecessary problems, if she didn't check all requirements for migration to R81, is missing an installed R77.20 Add-on on Security Management Server. R77.20 Add-on is a package that adds new features and enhancements to R77 Security Management Server, such as support for new appliances, Gaia OS features, VPN features, etc. One of the requirements for migrating to R81 from R77 Security Management Server is to have R77.20 Add-on installed on the server. If Vanessa did not check this requirement and tried to migrate without R77.20 Add-on, she would encounter errors and failures during the migration process. The other options are either not relevant or not problematic for migration to
R81.
Question 294:
You want to gather data and analyze threats to your mobile device. It has to be a lightweight app.
Which application would you use?
A. Check Point Capsule Cloud B. Sandblast Mobile Protect C. SecuRemote D. SmartEvent Client Info
B. Sandblast Mobile Protect
Explanation
SandBlast Mobile Protect is an application that provides comprehensive protection for mobile devices against cyber threats. SandBlast Mobile Protect is a lightweight app that does not affect the device performance or battery life. It monitors network traffic, device behavior, and installed apps to detect and prevent attacks such as phishing, malware, ransomware, botnets, and man-in-the-middle. SandBlast Mobile Protect also integrates with Check Point's ThreatCloud intelligence network to provide real-time threat information and updates. Therefore, the correct answer is B.
References:
[SandBlast Mobile Protect]
[SandBlast Mobile Administration Guide]
Question 295:
What are the main stages of a policy installation?
A. Initiation, Conversion and Save B. Initiation, Conversion and FWD REXEC C. Verification, Commit, Installation D. Verification, Compilation, Transfer and Commit
D. Verification, Compilation, Transfer and Commit
Question 296:
The admin is connected via ssh lo the management server. He wants to run a mgmt_dl command but got a Error 404 message. To check the listening ports on the management he runs netstat with the results shown below.
[Expert@SMS:0]# mgmt_cli show service-tcp name FTP
Username: admin - Password:
message: "Error 404. The Management API service is not available. Please check that the Management API server is up and running." code: "generic_error"
A. Wrong Management API Access setting^for Ihe client IP To correct it go to SmartConsole / Management & Settings / Blades / Management API and press "Advanced Settings..' and choose GUI clients or ALL IP's. B. The API didn't run on the default port check it with api status' and add '-port 4434' to the mgmt_clt command. C. The management permission in the user profile is mrssing. Go to SmartConsole / Management & Settings I Permissions & Administrators / Permission Profiles. Select the profile of the user and enable 'Management API Login' under Management Permissions D. The API is not running, the services shown by netstat are the gaia services. To start the API run 'api start'
D. The API is not running, the services shown by netstat are the gaia services. To start the API run 'api start'
Explanation
The error message "Error 404. The Management API server is not available. Please check that the Management API server is up and running." indicates that the API is not running on the Management Server. The netstat command shows that there is no process listening on port 4434, which is the default port for the API. To start the API, the command 'api start' should be used. The other options are not relevant to this issue.
References:
Check Point R81 Installation and Upgrade Guide, page 18.
Question 297:
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
A. test_connectivity_ad -d <domain> B. test_ldap_connectivity -d <domain> C. test_ad_connectivity -d <domain> D. ad_connectivity_test -d <domain>
C. test_ad_connectivity -d <domain>
Explanation
The CLI utility that runs connectivity tests from a Security Gateway to an AD domain controller is test_ad_connectivity -d <domain>. This command tests the connectivity between the gateway and the domain controller using LDAP, Kerberos, and WMI protocols. It also verifies the identity awareness configuration and shows the relevant logs. The other options are not valid commands for testing AD connectivity.
References:
Check Point Software, Getting Started, Testing Active Directory Connectivity.
Question 298:
When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system.
Which of the following statement is false and NOT part of possible automatic reactions:
A. Syslog B. SNMP Trap C. Mail D. Block Source
A. Syslog
Question 299:
Which feature removes active content from files before delivery?
A. Threat Emulation B. Threat Extraction C. Anti-Virus D. IPS
B. Threat Extraction
Explanation
Threat Extraction removes active content such as macros and scripts from files, ensuring safe delivery.
Question 300:
What two ordered layers make up the Access Control Policy Layer?
A. URL Filtering and Network B. Network and Threat Prevention C. Application Control and URL Filtering D. Network and Application Control
D. Network and Application Control
Explanation
What two ordered layers make up the Access Control Policy Layer? Network and Application Control are the two ordered layers that make up the Access Control Policy Layer. The Network layer controls network access based on source, destination, service, time, etc. The Application Control layer controls application access based on users, groups, applications, content categories, etc. The Network layer is always processed before the Application Control layer.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CheckPoint exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 156-315.81.20 exam preparations
and CheckPoint certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.