Top Tips Of Latest 156-215.81 Free Download

NEW QUESTION 1
Consider the Global Properties following settings:

The selected option “Accept Domain Name over UDP (Queries)” means:

• A. UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule written by Administrator in a Security Policy.
• B. All UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy.
• C. No UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy.
• D. All UDP Queries will be accepted by the traffic allowed by first explicit rule written by Administrator in a Security Policy.

Answer: A

NEW QUESTION 2
When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security Policy?

• A. Access Role
• B. User Group
• C. SmartDirectory Group
• D. Group Template

Answer: A

NEW QUESTION 3
Which statement is NOT TRUE about Delta synchronization?

• A. Using UDP Multicast or Broadcast on port 8161
• B. Using UDP Multicast or Broadcast on port 8116
• C. Quicker than Full sync
• D. Transfers changes in the Kernel tables between cluster members

Answer: A

NEW QUESTION 4
Which of the following is NOT a valid deployment option for R80?

• A. All-in-one (stand-alone)
• B. CloudGuard
• C. Distributed
• D. Bridge Mode

Answer: B

NEW QUESTION 5
Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitor displays ________ for the given VPN tunnel.

• A. Down
• B. No Response
• C. Inactive
• D. Failed

Answer: A

NEW QUESTION 6
Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as ________.

• A. User Center
• B. User Administration
• C. User Directory
• D. UserCheck

Answer: C

Explanation:
User Directory lets you configure:
High Availability, to duplicate user data across multiple servers for backup. See Account Units and High
Availability.
Multiple Account Units, for distributed databases.
Define LDAP Account Units, for encrypted User Directory connections. See Modifying the LDAP Server. Profiles, to support multiple LDAP vendors. See User Directory Profiles. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide

NEW QUESTION 7
Which of the following technologies extracts detailed information from packets and stores that information in state tables?

• A. INSPECT Engine
• B. Next-Generation Firewall
• C. Packet Filtering
• D. Application Layer Firewall

Answer: A

Explanation:
Check Point FireWall-1’s Stateful Inspection overcomes the limitations of the previous two approaches by providing full application-layer awareness without breaking the client/server model. With Stateful Inspection, the packet is intercepted at the network layer, but then the INSPECT Engine takes over. It extracts state-related information required for the security decision from all application layers and maintains this information in dynamic state tables for evaluating subsequent connection attempts. This provides a solution which is highly secure and offers maximum performance, scalability, and extensibility.

NEW QUESTION 8
Fill in the blank: _______ is the Gaia command that turns the server off.

• A. sysdown
• B. exit
• C. halt
• D. shut-down

Answer: C

NEW QUESTION 9
What are the three main components of Check Point security management architecture?

• A. SmartConsole, Security Management, and Security Gateway
• B. Smart Console, Standalone, and Security Management
• C. SmartConsole, Security policy, and Logs & Monitoring
• D. GUI-Client, Security Management, and Security Gateway

Answer: A

NEW QUESTION 10
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

• A. SND is a feature to accelerate multiple SSL VPN connections
• B. SND is an alternative to IPSec Main Mode, using only 3 packets
• C. SND is used to distribute packets among Firewall instances
• D. SND is a feature of fw monitor to capture accelerated packets

Answer: C

NEW QUESTION 11
When configuring Anti-Spoofing, which tracking options can an Administrator select?

• A. Log, Alert, None
• B. Log, Allow Packets, Email
• C. Drop Packet, Alert, None
• D. Log, Send SNMP Trap, Email

Answer: A

Explanation:
Configure Spoof Tracking - select the tracking action that is done when spoofed packets are detected: Log - Create a log entry (default)
Alert - Show an alert None - Do not log or alert
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide

NEW QUESTION 12
Which of the following is NOT a role of the SmartCenter:

• A. Status monitoring
• B. Policy configuration
• C. Certificate authority
• D. Address translation

Answer: C

NEW QUESTION 13
What is the most recommended installation method for Check Point appliances?

• A. SmartUpdate installation
• B. DVD media created with Check Point ISOMorphic
• C. USB media created with Check Point ISOMorphic
• D. Cloud based installation

Answer: C

NEW QUESTION 14
Which single Security Blade can be turned on to block both malicious files from being downloaded as well as block websites known to host malware?

• A. Anti-Bot
• B. None - both Anti-Virus and Anti-Bot are required for this
• C. Anti-Virus
• D. None - both URL Filtering and Anti-Virus are required for this.

Answer: C

Explanation:
Prevent Access to Malicious Websites
The Antivirus Software Blade scans outbound URL requests and ensures users do not visit websites that are known to distribute malware.
Stop Incoming Malicious Files
Check Point Antivirus Software Blade prevents and stops threats such as malware, viruses, and Trojans from entering and infecting a network.
https://www.checkpoint.com/downloads/products/antivirus-datasheet.pdf

NEW QUESTION 15
How can the changes made by an administrator before publishing the session be seen by a superuser administrator?

• A. By impersonating the administrator with the ‘Login as…’ option
• B. They cannot be seen
• C. From the SmartView Tracker audit log
• D. From Manage and Settings > Sessions, right click on the session and click ‘View Changes…’

Answer: D

Explanation:
From the Smartconsole, you can possibly view the changes via Manage & setting, Sessions

NEW QUESTION 16
True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway

• A. True, CLI is the prefer method for Licensing
• B. False, Central License are handled via Security Management Server
• C. False, Central License are installed via Gaia on Security Gateways
• D. True, Central License can be installed with CPLIC command on a Security Gateway

Answer: D

NEW QUESTION 17
What are the steps to configure the HTTPS Inspection Policy?

• A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard
• B. Go to Application&url filtering blade > Advanced > Https Inspection > Policy
• C. Go to Manage&Settings > Blades > HTTPS Inspection > Policy
• D. Go to Application&url filtering blade > Https Inspection > Policy

Answer: C

NEW QUESTION 18
Which option will match a connection regardless of its association with a VPN community?

• A. All Site-to-Site VPN Communities
• B. Accept all encrypted traffic
• C. All Connections (Clear or Encrypted)
• D. Specific VPN Communities

Answer: B

NEW QUESTION 19
What is NOT an advantage of Stateful Inspection?

• A. High Performance
• B. Good Security
• C. No Screening above Network layer
• D. Transparency

Answer: A

NEW QUESTION 20
......