A. It authenticates users, allowing them access to the Gaia OS
B. It authenticates users, allowing them access to the Internet and corporate resources
C. It provides remote access to SmartConsole
D. It manages user permission in SmartConsole
Correct Answer: B
Captive Portal is a feature of Identity Awareness Software Blade that enables you to identify users who are not authenticated by other methods, such as Active Directory or VPN. Captive Portal redirects users to a web page where they can
enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity.
The references are:
Check Point R81 Identity Awareness Administration Guide, page 9 Configuring Browser-Based Authentication in SmartConsole
Question 372:
What is the correct order of the default "fw monitor" inspection points?
The default order of the "fw monitor" inspection points is:
i (input): this is the first inspection point, where packets enter the firewall. l (local): this is the second inspection point, where packets are processed locally by the firewall, before being forwarded to the next hop. o (output): this is the third
inspection point, where packets are sent out to their final destination.
O (offload): this is the fourth inspection point, where packets are offloaded to hardware acceleration for faster processing.
Question 373:
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
A. test_connectivity_ad
B. test_ldap_connectivity
C. test_ad_connectivity
D. ad_connectivity_test
Correct Answer: C
The CLI utility that runs connectivity tests from a Security Gateway to an AD domain controller is test_ad_connectivity -d . This command tests the connectivity between the gateway and the domain controller using LDAP, Kerberos, and WMI protocols. It also verifies the identity awareness configuration and shows the relevant logs3. The other options are not valid commands for testing AD connectivity. References: 3: Check Point Software, Getting Started, Testing Active Directory Connectivity.
Question 374:
Alice and Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS):
A. set mdps split brain on
B. set mdps split plane on
C. set mdps mgmt plane on
D. set mdps data plane off
Correct Answer: C
The correct command for enabling the management data plane separation (MDPS) is set mdps mgmt plane on. This command enables routing separation between management and data planes on a security gateway. This means that management traffic will use a different routing table than data traffic, which can improve security and performance. References: [Check Point Security Expert R81 Administration Guide], page 76.
Question 375:
Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.
A. Accept; redirect
B. Accept; drop
C. Redirect; drop
D. Drop; accept
Correct Answer: D
In the Network policy layer, the default action for the Implied last rule is drop all traffic. However, in the Application Control policy layer, the default action is accept all traffic. The Implied last rule is a rule that is automatically added at the end of each policy layer and defines what to do with traffic that does not match any of the user-defined rules. The default actions for each policy layer can be changed in the Global Properties or in the layer properties. References: R81 Security Management Administration Guide, page 30.
Question 376:
What are the two types of tests when using the Compliance blade?
A. Policy-based tests and Global properties
B. Global tests and Object-based tests
C. Access Control policy analysis and Threat Prevention policy analysis
D. Tests conducted based on the loC XMfcfile and analysis of SOLR documents
Correct Answer: B
The Check Point Compliance Blade has a library of Check Point-defined tests to use as a baseline for good gateway and policy configuration. A Best Practice test is related to specified regulations in different regulatory standards. It describes compliance status and recommends corrective steps. Global Tests - Examine all applicable configuration settings in the organization. Object-based Tests - Examine the configuration settings for specified objects (gateways, profiles and other objects) https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolution details=andsolutionid=sk120256
Question 377:
Which is the correct order of a log flow processed by SmartEvent components?
A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
B. Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct Answer: D
The correct order of a log flow processed by SmartEvent components is:
Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client. The Firewall generates logs for traffic and security events. The Log Server receives and stores the logs from the Firewall. The Correlation Unit
analyzes the logs and generates SmartEvent events based on predefined or custom rules. The SmartEvent Server Database stores the events generated by the Correlation Unit. The SmartEvent Client displays the events and reports from
the SmartEvent Server Database. References: :
Check Point Resource Library, Certified Security Expert (CCSE) R81.20 Course Overview, page 12; : Check Point Software, Training and Certification, SmartEvent Introduction.
Question 378:
What destination versions are supported for a Multi-Version Cluster Upgrade?
A. R81.40 and later
B. R76 and later
C. R70 and Later
D. R81.20 and Later
Correct Answer: D
The destination versions that are supported for a Multi-Version Cluster Upgrade are R81.20 and later. This means that the cluster members can be upgraded from any supported version to R81.20 or higher using the Multi-Version Cluster mode. R81.40, R76, and R70 are not supported destination versions for a Multi-Version Cluster Upgrade. References: : Check Point Software, Getting Started, Supported Upgrade Paths
Question 379:
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?
A. After upgrading the hardware, increase the number of kernel instances using cpconfig
B. Hyperthreading must be enabled in the bios to use CoreXL
C. Run cprestart from dish
D. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores.
Correct Answer: A
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Perform anceTuning_AdminGuide/Content/Topics-PTG/CoreXL-Configuring-IPv4-and-IPv6- CoreXL-FW- instances.htm?Highlight=Configuring%20the% 20Number%20of%20IPv4%20CoreXL%20Fi rewall%20Instances R81 https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_PerformanceT uning_AdminGuide/Topics-PTG/CoreXL-Configuring-IPv4-and-IPv6-CoreXL-FW- instances.htm cpconfig -> Enter the number of the Check Point CoreXL option. ( Enter 1 to select Change the number of firewall instances. OR Enter 2 for the option Change the number of IPv6 firewall instances.) -> Enter the total number of IPv4 (IPv6) CoreXL Firewall instances you wish the Security Gateway to run. Follow the instructions on the screen. -> Exit from the cpconfig menu. - Reboot the Security Gateway.
Question 380:
Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade?
A. The Standby Member
B. The Active Member
C. The Primary Member
D. The Secondary Member
Correct Answer: A
In a Zero downtime upgrade, you should upgrade the Standby Member first. This is because the Standby Member does not process traffic and can be upgraded without affecting the cluster availability. After upgrading the Standby Member, you can perform a failover and make it the Active Member. Then you can upgrade the original Active Member, which becomes the Standby Member after the failover. References: Getting Started - Check Point Software, section "Upgrading Cluster Members with Zero Downtime"
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.