How Many Questions Of 156-215.81 Free Download

NEW QUESTION 1
Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.

• A. Main
• B. Authentication
• C. Quick
• D. High Alert

Answer: A

Explanation:
Phase I modes
Between Security Gateways, there are two modes for IKE phase I. These modes only apply to IKEv1:

NEW QUESTION 2
Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?

• A. Formal
• B. Central
• C. Corporate
• D. Local

Answer: D

Explanation:
Local licensing is associated with the IP address of the Security Gateway, to which the license will be applied.
Each time the IP address of the Security Gateway changes, a new license must be generated and installed. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=

NEW QUESTION 3
What type of NAT is a one-to-one relationship where each host is translated to a unique address?

• A. Source
• B. Static
• C. Hide
• D. Destination

Answer: B

NEW QUESTION 4
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?

• A. The Gateway is an SMB device
• B. The checkbox “Use only Shared Secret for all external members” is not checked
• C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
• D. Pre-shared secret is already configured in Global Properties

Answer: C

NEW QUESTION 5
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

• A. Symmetric routing
• B. Failovers
• C. Asymmetric routing
• D. Anti-Spoofing

Answer: B

NEW QUESTION 6
A Check Point Software license consists of two components, the Software Blade and the Software Container. There are _____ types of Software Containers: _________ .

• A. Two; Security Management and Endpoint Security
• B. Two; Endpoint Security and Security Gateway
• C. Three; Security Management, Security Gateway, and Endpoint Security
• D. Three; Security Gateway, Endpoint Security, and Gateway Management

Answer: C

Explanation:
There are three types of Software Containers: Security Management, Security Gateway, and Endpoint Security. Ref: https://downloads.checkpoint.com/dc/download.htm?ID=11608

NEW QUESTION 7
Identity Awareness allows the Security Administrator to configure network access based on which of the following?

• A. Name of the application, identity of the user, and identity of the machine
• B. Identity of the machine, username, and certificate
• C. Network location, identity of a user, and identity of a machine
• D. Browser-Based Authentication, identity of a user, and network location

Answer: C

NEW QUESTION 8
What are the two types of NAT supported by the Security Gateway?

• A. Destination and Hide
• B. Hide and Static
• C. Static and Source
• D. Source and Destination

Answer: B

Explanation:
A Security Gateway can use these procedures to translate IP addresses in your network:

NEW QUESTION 9
Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?

• A. AES-GCM-256
• B. AES-CBC-256
• C. AES-GCM-128

Answer: B

NEW QUESTION 10
What is the best sync method in the ClusterXL deployment?

• A. Use 1 cluster + 1st sync
• B. Use 1 dedicated sync interface
• C. Use 3 clusters + 1st sync + 2nd sync + 3rd sync
• D. Use 2 clusters + 1st sync + 2nd sync

Answer: B

NEW QUESTION 11
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

• A. ThreatWiki
• B. Whitelist Files
• C. AppWiki
• D. IPS Protections

Answer: A

NEW QUESTION 12
What SmartEvent component creates events?

• A. Consolidation Policy
• B. Correlation Unit
• C. SmartEvent Policy
• D. SmartEvent GUI

Answer: B

NEW QUESTION 13
When a Security Gateway sends its logs to an IP address other than its own, which deployment option is installed?

• A. Distributed
• B. Standalone
• C. Bridge Mode
• D. Targeted

Answer: A

NEW QUESTION 14
Which of the following is NOT a tracking option? (Select three)

• A. Partial log
• B. Log
• C. Network log
• D. Full log

Answer: ACD

NEW QUESTION 15
Which of the following is NOT a policy type available for each policy package?

• A. Threat Emulation
• B. Access Control
• C. Desktop Security
• D. Threat Prevention

Answer: A

Explanation:
References:

NEW QUESTION 16
To enforce the Security Policy correctly, a Security Gateway requires:

• A. a routing table
• B. awareness of the network topology
• C. a Demilitarized Zone
• D. a Security Policy install

Answer: B

Explanation:
The network topology represents the internal network (both the LAN and the DMZ) protected by the gateway. The gateway must be aware of the layout of the network topology to:

NEW QUESTION 17
Which of the following is NOT a method used by Identity Awareness for acquiring identity?

• A. Remote Access
• B. Cloud IdP (Identity Provider)
• C. Active Directory Query
• D. RADIUS

Answer: B

Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_IdentityAwareness_AdminGuide/T

NEW QUESTION 18
Identity Awareness allows easy configuration for network access and auditing based on what three items?

• A. Client machine IP address.
• B. Network location, the identity of a user and the identity of a machine.
• C. Log server IP address.
• D. Gateway proxy IP address.

Answer: B

NEW QUESTION 19
An administrator wishes to enable Identity Awareness on the Check Point firewalls. However they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?

• A. AD Query
• B. Browser-Based Authentication
• C. Identity Agents
• D. Terminal Servers Agent

Answer: B

NEW QUESTION 20
......