Which two Identity Awareness daemons are used to support identity sharing?
A. Policy Activation Point (PAP) and Policy Decision Point (PDP)
B. Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
C. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
D. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
Correct Answer: D
The two Identity Awareness daemons that are used to support identity sharing are Policy Decision Point (PDP) and Policy Enforcement Point (PEP). PDP is a daemon that runs on Security Gateways that acquire identities from various sources, such as AD Query, Identity Agent, Captive Portal, etc. PEP is a daemon that runs on Security Gateways that enforce the security policy based on identities received from PDPs. Identity sharing is a feature that allows PDPs to share identities with other PDPs or PEPs in different gateways or domains. References: [Check Point R81 Identity Awareness Administration Guide]
Question 392:
You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
A. Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.
B. Data Awareness is not enabled.
C. Identity Awareness is not enabled.
D. Logs are arriving from Pre-R81 gateways.
Correct Answer: B
The most likely reason why you are not seeing any data type information in your logs even though you have enabled Full Log as a tracking option to a security rule is that Data Awareness is not enabled on your Security Gateway. Data Awareness is a feature that allows you to monitor and control data types that are transferred over HTTP, HTTPS, FTP, SMTP, POP3, or IMAP protocols. Data Awareness can identify over 700 data types, such as credit card numbers, social security numbers, bank account numbers, medical records, etc., and provide visibility into the data usage patterns of your users. Data Awareness can also enforce data loss prevention (DLP) policies to prevent sensitive data from leaving your network or entering your network from untrusted sources. To enable Data Awareness on your Security Gateway, you need to activate the Data Awareness Software Blade in SmartConsole and install the policy on the Security Gateway.
Question 393:
When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions:
A. Syslog
B. SNMPTrap
C. Block Source
D. Mail
Correct Answer: B
Question 394:
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .
A. The license is attached to the wrong Security Gateway.
B. The existing license expires.
C. The license is upgraded.
D. The IP address of the Security Management or Security Gateway has changed.
Correct Answer: D
A new license should be generated and installed in all of the following situations except when the IP address of the Security Management or Security Gateway has changed. This is because Check Point licenses are not bound to IP addresses, but to other parameters such as MAC addresses, CPU IDs, or hostnames. Therefore, changing the IP address of a licensed machine does not affect the validity of the license. However, changing other parameters, such as replacing a network card or renaming a machine, may require a new license. Additionally, when the existing license expires or the license is upgraded to a higher level or a different package, a new license is needed.
Question 395:
Bob has finished io setup provisioning a secondary security management server. Now he wants to check if the provisioning has been correct. Which of the following Check Point command can be used to check if the security management server has been installed as a primary or a secondary security management server?
A. cpprod_util MgmtlsPrimary
B. cpprod_util FwlsSecondary
C. cpprod_util MgmtlsSecondary
D. cpprod_util FwlsPrimary
Correct Answer: A
The cpprod_util command is a utility that provides information about the installed Check Point products and their versions. The cpprod_util MgmtIsPrimary option checks if the Security Management Server is installed as a primary or a secondary server in a High Availability cluster2. If the server is primary, the command returns "yes". If the server is secondary, the command returns "no". Therefore, Bob can use this command to verify the provisioning of the secondary Security Management Server. References: 2: cpprod_util
Question 396:
What destination versions are supported for a Multi-Version Cluster Upgrade?
A. R77.30 and later
B. R80.10 and Later
C. R70 and Later
D. R76 and later
Correct Answer: B
The correct answer is B. R80.10 and later. According to the Check Point documentation1, the Multi-Version Cluster Upgrade (MVC) is a new feature in R80.40 and higher that replaces the Connectivity Upgrade (CU) method. MVC allows you to upgrade a cluster to a newer version without a loss in connectivity and test the new version on some of the cluster members before you decide to upgrade the rest of the cluster members. The MVC feature supports the following destination versions2: R80.10 R80.20 R80.30 R80.40 R81 R81.20 The other options are incorrect because they are either not supported by MVC or they are older than the source version (R80.40). References: Multi-Version Cluster (MVC) replaces Connectivity Upgrade (CU) in R80.401 ClusterXL upgrade methods and paths2
Question 397:
Which of the following processes pulls the application monitoring status from gateways?
A. cpd
B. cpwd
C. cpm
D. fwm
Correct Answer: A
The process that pulls the application monitoring status from gateways is cpd1. The cpd process is responsible for the communication between the Security Management Server and the Security Gateway2. It handles tasks such as policy installation, status reporting, logging, and synchronization2. The cpd process also monitors the application status of the Security Gateway, such as CPU, memory, disk space, and processes3. The cpd process sends this information to the Security Management Server, which displays it in SmartConsole and SmartView Monitor3. References: How to troubleshoot issues with Check Point Application Control and URL Filtering blades - Check Point Software, Processes and Daemons in Gaia OS - Check Point Software, Monitoring Device Status - Check Point Software
Question 398:
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?
A. Security Gateway is not part of the Domain
B. SmartConsole machine is not part of the domain
C. Identity Awareness is not enabled on Global properties
D. Security Management Server is not part of the domain
Correct Answer: B
The verified answer is B. SmartConsole machine is not part of the domain. The Identity Awareness wizard uses the SmartConsole machine to detect the windows domain by querying the Active Directory server using DCOM protocol1. If the
SmartConsole machine is not part of the domain, the query will fail and the wizard will not automatically detect the domain. The user will have to manually enter the domain name and credentials to proceed with the configuration. The Security
Gateway, the Security Management Server, and the Identity Awareness global properties do not affect the domain detection by the wizard. However, they are required for other aspects of the Identity Awareness blade, such as AD Query,
Identity Collector, and Browser-Based Authentication2.
What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?
A. Use Multi-Domain Management Server.
B. Choose different setting for log storage and SmartEvent db
C. Install Management and SmartEvent on different machines.
D. it is not possible.
Correct Answer: C
The recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days is to install Management and SmartEvent on different machines. This is because SmartLog and SmartEvent use different databases and storage methods, and having them on separate machines allows for better performance and scalability. References: [SmartLog Administration Guide]
Question 400:
What is "Accelerated Policy Installation"?
A. Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly
B. Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly
C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly
D. Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly
Correct Answer: C
Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly. According to the Check Point R81 Security Management Administration Guide1, Accelerated Install Policy is
a new feature in R81 that optimizes common use-cases and drastically speeds up the installation with up to 90% improvement. Policy installation is accelerated depending on the changes that were made to the Access Control policy since the
last installation. When the policy installation is accelerated, the icon will appear under the "Install Policy Acceleration" column in the Install Policy window.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.