One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
A. A lock icon shows that a rule or an object is locked and will be available.
B. AdminA and AdminB are editing the same rule at the same time.
C. A lock icon next to a rule informs that any Administrator is working on this particular rule.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Correct Answer: B
One of the major features in R81 SmartConsole is concurrent administration. This feature allows multiple administrators to work on the same Security Policy simultaneously, without blocking each other or creating conflicts. Concurrent administration improves the efficiency and productivity of security management operations1. However, not all of the options given are possible considering that AdminA, AdminB and AdminC are editing the same Security Policy. The correct answer is B. AdminA and AdminB are editing the same rule at the same time. This is not possible because concurrent administration uses a locking mechanism to prevent multiple administrators from modifying the same rule or object at the same time. When an administrator clicks on a rule or an object, it becomes locked and a lock icon appears next to it. The lock icon shows the name of the administrator who is working on that rule or object, and prevents other administrators from editing it until it is unlocked12. Therefore, the other options are possible considering that AdminA, AdminB and AdminC are editing the same Security Policy. Option A is possible because a lock icon shows that a rule or an object is locked and will be available when the administrator who locked it finishes working on it or logs out of SmartConsole12. Option C is possible because a lock icon next to a rule informs that any administrator is working on this particular rule, and hovering over the lock icon will show the name of that administrator12. Option D is possible because AdminA, AdminB and AdminC are editing three different rules at the same time, which does not create any conflicts or blockages12.
Question 252:
Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
A. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
C. Tom's changes will be lost since he lost connectivity and he will have to start again.
D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.
Correct Answer: A
Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.
This is because SmartConsole has a feature called Concurrent Administration, which allows multiple administrators to work on the same Security Policy simultaneously, without blocking each other or creating conflicts. Concurrent
Administration uses a locking mechanism to prevent multiple administrators from modifying the same rule or object at the same time. When an administrator clicks on a rule or an object, it becomes locked and a lock icon appears next to it.
The lock icon shows the name of the administrator who is working on that rule or object, and prevents other administrators from editing it until it is unlocked12. Concurrent Administration also has a feature called Session Persistence, which
preserves the changes made by an administrator in case of a network failure or a SmartConsole crash. When an administrator reconnects to the Management Server after a network failure or a SmartConsole crash, they can resume their
work from where they left off, without losing any changes. The changes are stored locally on the administrator's machine until they are published to the Management Server13.
Therefore, if Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity, his changes will not be lost. They will be stored
locally on his machine and he can resume his work when he reconnects to the Management Server.
Question 253:
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
A. Accounting
B. Suppression
C. Accounting/Suppression
D. Accounting/Extended
Correct Answer: C
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. The option that can be added to each Log, Detailed Log and Extended Log is Accounting/Suppression. Accounting/Suppression is a feature that allows administrators to control how often logs are generated for certain rules or connections. Accounting means that logs are generated periodically based on a specified interval or volume. Suppression means that logs are generated only for the first and last packet of a connection or session. Accounting/Suppression can be added to any tracking option to reduce the number of logs and save disk space.
Question 254:
Which process handles connection from SmartConsole R81?
A. fwm
B. cpmd
C. cpm
D. cpd
Correct Answer: C
The process that handles connection from SmartConsole R81 is cpm. Cpm stands for Check Point Management, and it is the main process that runs on the Security Management Server and interacts with SmartConsole clients. Cpm is responsible for managing policies, objects, logs, tasks, and other management functions. The other processes are either obsolete or irrelevant for SmartConsole connection.
Question 255:
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
A. Threat Cloud Intelligence
B. Threat Prevention Software Blade Package
C. Endpoint Total Protection
D. Traffic on port 25
Correct Answer: B
To enable MTA (Mail Transfer Agent) functionality in the Security Gateway, the Threat Prevention Software Blade Package is required. The Threat Prevention Software Blade Package includes the Anti-Virus, Anti-Bot, and Threat Emulation blades, which can scan and hold external email with potentially malicious attachments. The MTA functionality allows the Security Gateway to act as an SMTP relay between the mail server and the Internet, and apply Threat Prevention policies to the email traffic. The other options are either not related or not sufficient to enable MTA functionality. R
Question 256:
What must you do first if "fwm sic_reset" could not be completed?
A. Cpstop then find keyword "certificate" in objects_5_0.C and delete the section
B. Reinitialize SIC on the security gateway then run "fw unloadlocal"
C. Reset SIC from Smart Dashboard
D. Change internal CA via cpconfig
Correct Answer: D
The first thing that must be done if "fwm sic_reset" could not be completed is to change internal CA via cpconfig. Fwm sic_reset is a command that allows administrators to reset Secure Internal Communication (SIC) between Security Management Server and Security Gateways or other Check Point modules. SIC is a mechanism that ensures secure and authenticated communication between Check Point components by using certificates issued by an internal Certificate Authority (ICA). If fwm sic_reset fails, it means that there is a problem with the ICA or the certificates that prevents SIC from being reset. To resolve this problem, administrators need to change internal CA via cpconfig, which is a command that allows administrators to configure various settings on Security Gateways or Management Servers, including the ICA. Changing internal CA via cpconfig will create a new ICA with a new certificate, and allow SIC to be reset with the new certificate.
Question 257:
Which of the following commands shows the status of processes?
A. cpwd_admin -l
B. cpwd -l
C. cpwd admin_list
D. cpwd_admin list
Correct Answer: D
The command that shows the status of processes is cpwd_admin list. Cpwd_admin is a command that allows administrators to manage processes that are registered with the Check Point WatchDog (CPWD) daemon. CPWD is a daemon that monitors the health of critical processes on the Security Gateway or Management Server, and restarts them if they fail or stop responding. Cpwd_admin list shows the process name, PID, status, start time, monitor status, and number of restarts for each process registered with CPWD.
Question 258:
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
C. Nothing - Check Point control connections function regardless of Geo-Protection policy
D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection
Correct Answer: C
Nothing needs to be done to get SIC to work if there is a Geo-Protection policy blocking Australia and a network requires a Check Point Firewall to be installed in Sydney, Australia. SIC stands for Secure Internal Communication, and it is a mechanism that ensures secure and authenticated communication between Check Point components by using certificates issued by an internal Certificate Authority (ICA). SIC is not affected by Geo-Protection policy, which is a feature that allows administrators to block or allow traffic based on the geographic location of the source or destination IP address. Geo-Protection policy only applies to data traffic, not control traffic, and SIC uses control traffic to establish trust between Check Point components.
Question 259:
How many layers make up the TCP/IP model?
A. 2
B. 7
C. 6
D. 4
Correct Answer: D
The TCP/IP model is a four-layer model that describes how data is transmitted over a network. The four layers are: Application, Transport, Internet, and Network Access. The Application layer provides services and protocols for applications to communicate with each other. The Transport layer provides reliable or unreliable data delivery between hosts. The Internet layer provides routing and addressing of packets across networks. The Network Access layer provides physical and logical access to the network media. References: Training and Certification | Check Point Software, Check Point Resource Library
Question 260:
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
A. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.
B. Security Gateway failover as well as Security Management Server failover is a manual procedure.
C. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.
D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.
Correct Answer: A
The correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution is: Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure. Security Gateway failover is a feature that allows a cluster of Security Gateways to provide high availability and load balancing for network traffic. If one Security Gateway fails or becomes unreachable, another Security Gateway in the cluster automatically takes over its role and handles the traffic without interrupting the service. Security Management Server failover is a feature that allows a backup Security Management Server to take over the role of the primary Security Management Server in case of failure or disaster. However, this feature requires manual intervention to activate the backup server and restore the database from a backup file.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.