Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
A. Kerberos Ticket Renewed
B. Kerberos Ticket Requested
C. Account Logon D. Kerberos Ticket Timed Out
Correct Answer: D
Identity Awareness maps usernames to IP addresses by collecting Windows Security Events from Active Directory Domain Controllers. These events include Account Logon, Kerberos Ticket Requested, and Kerberos Ticket Renewed. These
events indicate that a user has successfully authenticated to the domain and obtained a Kerberos ticket for accessing network resources. Identity Awareness can use these events to associate the username with the source IP address of the
authentication request. However, Kerberos Ticket Timed Out is not a Windows Security Event that Identity Awareness can use to map usernames to IP addresses. This event indicates that a user's Kerberos ticket has expired and needs to be
renewed. This event does not contain the source IP address of the user, only the username and the ticket information. Therefore, Identity Awareness cannot use this event to map a username to an IP address.
References:
1, Training and Certification | Check Point Software, section "Security Expert R81.20 (CCSE) Core Training"
In which formats can Threat Emulation forensics reports be viewed in?
A. TXT, XML and CSV
B. PDF and TXT
C. PDF, HTML, and XML
D. PDF and HTML
Correct Answer: C
The formats in which Threat Emulation forensics reports can be viewed in are PDF, HTML, and XML. Threat Emulation is a feature that detects and prevents zero-day attacks by emulating files in a sandbox environment and analyzing their behavior. Threat Emulation generates forensics reports that provide detailed information about the emulated files, such as verdict, severity, activity summary, screenshots, network activity, registry activity, file activity, and process activity. These reports can be viewed in PDF, HTML, or XML formats from SmartConsole or SmartView.
Question 223:
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
A. 4 Interfaces ?an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.
B. 3 Interfaces ?an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.
C. 1 Interface ?an interface leading to the organization and the Internet, and configure for synchronization.
D. 2 Interfaces ?a data interface leading to the organization and the Internet, a second interface for synchronization.
Correct Answer: B
According to the Check Point R81 Mobile Access Administration Guide, the recommended number of physical network interfaces in a Mobile Access cluster deployment is three. One interface should be connected to the organization network, one interface should be connected to the Internet, and one interface should be used for synchronization between cluster members. This configuration provides optimal performance and security for Mobile Access traffic.
Question 224:
Which statement is most correct regarding about "CoreXL Dynamic Dispatcher"?
A. The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type
D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP `Protocol' type
Correct Answer: B
The statement that is most correct regarding about "CoreXL Dynamic Dispatcher" is: The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores. CoreXL Dynamic Dispatcher is a feature that allows the Security Gateway to dynamically assign connections to the most available CoreXL FW instance, based on the CPU core utilization. This improves the performance and load balancing of the Security Gateway, especially when handling connections with different processing requirements. The other statements are either incorrect or describe the CoreXL Static Dispatcher mechanism, which assigns connections based on a hash function of the Source IP, Destination IP, and IP Protocol type.
Question 225:
Which Check Point software blade provides Application Security and identity control?
A. Identity Awareness
B. Data Loss Prevention
C. URL Filtering
D. Application Control
Correct Answer: D
Application Control is the software blade that provides Application Security and identity control. It allows administrators to define granular policies based on users or groups to identify, block or limit the usage of web applications and widgets. Application Control also integrates with Identity Awareness to provide user-level visibility and control. References: Training and Certification | Check Point Software, Check Point Resource Library
Question 226:
Which SmartConsole tab is used to monitor network and security performance?
A. Manage Setting
B. Security Policies
C. Gateway and Servers
D. Logs and Monitor
Correct Answer: D
The Logs and Monitor tab is used to monitor network and security performance in SmartConsole. The Logs and Monitor tab lets you view and analyze logs, events, reports, and alerts from various sources, such as Security Gateways, Security Management Servers, Endpoint Security Servers, and SmartEvent Servers. You can also use the Logs and Monitor tab to create custom views, filters, queries, and charts to display the data that is relevant to your needs12. References: 1: Check Point R81 Security Administration Guide - Check Point Software, page 23 2: Check Point R81 SmartConsole User Guide - Check Point Software, page 9
Question 227:
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
A. SmartMonitor
B. SmartView Web Application
C. SmartReporter
D. SmartTracker
Correct Answer: B
The R81 SmartConsole, SmartEvent GUI client, and SmartView Web Application consolidate billions of logs and show them as prioritized security events. The SmartView Web Application is a web-based interface that allows you to access the SmartEvent Server from any browser. You can use the SmartView Web Application to view and analyze security events, generate reports, and configure SmartEvent settings12. References: 1: Check Point R81 SmartConsole User Guide Check Point Software, page 10 2: Check Point R81 SmartEvent Administration Guide - Check Point Software, page 9
Question 228:
Which path below is available only when CoreXL is enabled?
A. Slow path
B. Firewall path
C. Medium path
D. Accelerated path
Correct Answer: C
According to the Check Point R81 training course, the medium path is available only when CoreXL is enabled. CoreXL is a performance-enhancing technology that allows multiple CPU cores to process traffic simultaneously. The medium path handles packets that require deeper inspection or content awareness, such as IPS, Anti-Virus, or URL Filtering. The other paths are either available regardless of CoreXL or not valid terms. References: Certified Security Expert (CCSE) R81.20 Course Overview
Question 229:
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. Which of the following statements correctly identify each product's capabilities?
A. Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating system and Android only
B. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement.
C. For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support.
D. Workspace can support any application, whereas Connect has a limited number of application types which it will support.
Correct Answer: C
According to the Check Point website, Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One- Time Password and certain SSO login support. The other statements are either false or partially true. References: Capsule Connect and Capsule Workspace
Question 230:
The SmartEvent R81 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
Correct Answer: B
The SmartEvent R81 Web application for real-time event monitoring is called SmartEventWeb. SmartEventWeb is a web-based interface that allows administrators to view and analyze security events from various sources, such as logs, reports, incidents, and indicators. SmartEventWeb provides dashboards, widgets, filters, and drill-down options to help administrators gain insights into their security posture. The other options are either incorrect or refer to different applications.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.