When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?
A. Toni? AND 10.0.4.210 NOT 10.0.4.76
B. To** AND 10.0.4.210 NOT 10.0.4.76
C. Ton* AND 10.0.4.210 NOT 10.0.4.75
D. "Toni" AND 10.0.4.210 NOT 10.0.4.76
Correct Answer: D
When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, you would use the following query syntax:
"Toni" AND 10.0.4.210 NOT 10.0.4.76
This query will match logs that contain the exact phrase "Toni" and the IP address 10.0.4.210, but not the IP address 10.0.4.76. The quotation marks around "Toni" ensure that only logs with that exact word are matched, not variations like
Toni? or To**. The AND operator combines two conditions that must both be true, while the NOT operator excludes logs that match a certain condition. References: [SmartLog User Guide]
Question 302:
You had setup the VPN Community VPN-Stores'with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways
A. action:"Key Install" AND 1.1.1.1 AND Main Mode
B. action:"Key Install- AND 1.1.1.1 ANDQuick Mode
C. Blade:"VPN" AND VPN-Stores AND Main Mode
D. Blade:"VPN" AND VPN-Stores AND Quick Mode
Correct Answer: B
The best log filter to see only the IKE Phase 2 agreed networks for both gateways is B. action:"Key Install" AND 1.1.1.1 AND Quick Mode1. This filter will show you the logs that indicate the successful establishment of IKE Phase 2, which is also known as Quick Mode2. In this phase, the Security Gateway and the remote gateway negotiate the IPSec Security Associations (SAs) and exchange the encryption keys for the VPN tunnel2. The action:"Key Install" field shows that the SAs were installed successfully3. The 1.1.1.1 field shows that the logs are related to the remote gateway with that IP address3. The Quick Mode field shows that the logs are related to IKE Phase 2, as opposed to Main Mode, which is IKE Phase 13. To use this filter, you need to go to SmartConsole, open SmartLog, and enter the filter expression in the search box3. References: How to troubleshoot VPN issues with IKEVIEW tool - Check Point Software, IPsec and IKE - Check Point Software, SmartLog R81.20 Administration Guide - Check Point Software
Question 303:
Which 3 types of tracking are available for Threat Prevention Policy?
A. SMS Alert, Log, SNMP alert
B. Syslog, None, User-defined scripts
C. None, Log, Syslog
D. Alert, SNMP trap, Mail
Correct Answer: D
The three types of tracking available for Threat Prevention Policy are Alert, SNMP trap, and Mail. These tracking options can be configured in the Threat Prevention tab of the SmartConsole, under the Policy section. The tracking options determine how the system notifies the administrator of events that match the policy rules. References: Configuring Threat Prevention Policy
Question 304:
The Check Point installation history feature in provides the following:
A. View install changes and install specific version
B. Policy Installation Date only
C. Policy Installation Date, view install changes and install specific version
D. View install changes
Correct Answer: C
The Check Point installation history feature provides the following:
Policy Installation Date: The date and time when the policy was installed on the Security Gateway.
View install changes: The ability to view the differences between two policy versions that were installed on the Security Gateway. Install specific version: The ability to install a specific policy version from the installation history on the Security
Gateway3. References: Check Point R81 SmartConsole Guide
Question 305:
Which command is used to add users to or from existing roles?
A. Add rba user roles
B. Add rba user
C. Add user roles
D. Add user
Correct Answer: A
The command to add users to or from existing roles is add rba user roles . This command allows you to assign one or more roles to a user in the Gaia database. Roles are collections of permissions that define what actions a user can perform on the system. You can use predefined roles or create your own custom roles. To remove a role from a user, you can use the command delete rba user roles .
Question 306:
In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?
A. Publish changes
B. Save changes
C. Install policy
D. Install database
Correct Answer: C
In order for changes made to policy to be enforced by a Security Gateway, an administrator must perform the action of installing policy. Installing policy is the process of transferring the policy package from the Security Management Server to the Security Gateway. Publishing changes is the process of saving changes to the database and making them available to other administrators. Saving changes is the process of saving changes to a session without publishing them2. References: Check Point R81 Security Management Guide
Question 307:
The customer has about 150 remote access user with a Windows laptops. Not more than 50 Clients will be connected at the same time. The customer want to use multiple VPN Gateways as entry point and a personal firewall. What will be the best license for him?
A. He will need Capsule Connect using MEP (multiple entry points).
B. Because the customer uses only Windows clients SecuRemote will be sufficient and no additional license is needed
C. He will need Harmony Endpoint because of the personal firewall.
D. Mobile Access license because he needs only a 50 user license, license count is per concurrent user.
Correct Answer: C
Harmony Endpoint is a solution that provides comprehensive protection for endpoint devices against cyber threats. Harmony Endpoint includes a personal firewall that controls the network traffic to and from the endpoint device, based on predefined rules and policies. Harmony Endpoint also integrates with Check Point's VPN solutions to provide secure remote access to corporate resources1. Therefore, the customer will need Harmony Endpoint because of the personal firewall requirement. References: 1: Harmony Endpoint Administration Guide
Question 308:
Alice wants to upgrade the current security management machine from R80.40 to R81.20 and she wants to check the Deployment Agent status over the GAIA CLISH. Which of the following GAIACLISH command is true?
A. show agent status
B. show uninstaller status
C. show installer packages
D. show installer status
Correct Answer: D
The correct command for checking the Deployment Agent status over the GAIA CLISH is "show installer status". This command displays information about the Deployment Agent such as its version, status, last update time, and last operation result. The other commands are either invalid or irrelevant for this purpose. References: [Check Point Security Expert R81 Installation and Upgrade Guide], page 23.
Question 309:
You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?
A. Open SmartView Monitor and select the SmartEvent Window from the main menu.
B. In the SmartConsole / Logs and Monitor --> open the Logs View and use type:Correlated as query filter.
C. In the SmartConsole / Logs and Monitor -> open a new Tab and select External Apps / SmartEvent.
D. Select the Events tab in the SmartEvent GUI or use the Events tab in the SmartView web interface.
Correct Answer: C
The best way to display the correlated events generated by SmartEvent policies is to open a new tab in the SmartConsole / Logs and Monitor and select External Apps / SmartEvent. This will launch the SmartEvent GUI, which provides a comprehensive view of the network security events, including charts, reports, and timelines. The SmartEvent GUI can also be accessed from a web browser using the SmartView web interface1. References: Check Point R81 SmartEvent Administration Guide
Question 310:
Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig'' to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary and Secondary" Which configuration option does she need to look for:
A. Certificate's Fingerprint
B. Random Pool
C. CA Authority
D. Certificate Authority
Correct Answer: D
Certificate Authority (CA) is a service that issues and manages digital certificates for secure communication between Check Point components. CA can be installed on a Security Management Server or on a dedicated server. CA can be configured as primary or secondary in a High Availability cluster. The cpconfig command is used to run the Check Point Configuration Tool on Gaia OS, which allows users to configure various settings for Check Point products. One of the configuration options is Certificate Authority, which shows if CA is installed on the server and if it is primary or secondary5. Therefore, Alice needs to look for this option to check the CA status. References: 5: cpconfig
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.