Check Point Certified Security Expert R81.20
Last Update Dec 2, 2024
Total Questions : 628
We are offering FREE 156-315.81 Checkpoint exam questions. All you do is to just go and sign up. Give your details, prepare 156-315.81 free exam questions and then go for complete pool of Check Point Certified Security Expert R81.20 test questions that will help you more.
The SmartEvent R81 Web application for real-time event monitoring is called:
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
What kind of information would you expect to see using the sim affinity command?
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
What is the command to check the status of the SmartEvent Correlation Unit?
Which of the following is NOT an option to calculate the traffic direction?
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
Which command would you use to set the network interfaces’ affinity in Manual mode?
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
You need to see which hotfixes are installed on your gateway, which command would you use?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
SmartEvent does NOT use which of the following procedures to identify events:
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
For Management High Availability, which of the following is NOT a valid synchronization status?
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?
Can multiple administrators connect to a Security Management Server at the same time?
What is the main difference between Threat Extraction and Threat Emulation?
John is using Management HA. Which Smartcenter should be connected to for making changes?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
Both ClusterXL and VRRP are fully supported by Gaia R81.20 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?
Using ClusterXL, what statement is true about the Sticky Decision Function?
Which method below is NOT one of the ways to communicate using the Management API’s?
Session unique identifiers are passed to the web api using which http header option?
The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .
Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.
Which of the SecureXL templates are enabled by default on Security Gateway?
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
Where you can see and search records of action done by R81 SmartConsole administrators?
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.
Which phase of the VPN negotiations has failed?
You want to verify if your management server is ready to upgrade to R81.20. What tool could you use in this process?
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
You want to store the GAIA configuration in a file for later reference. What command should you use?
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
NO: 180
What command can you use to have cpinfo display all installed hotfixes?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?
Alice & Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true?
After verifying that API Server is not running, how can you start the API Server?
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?
Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?
Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?
Choose the correct syntax to add a new host named “emailserver1” with IP address 10.50.23.90 using GAiA Management CLI?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
D18912E1457D5D1DDCBD40AB3BF70D5D
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule based and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?
IF the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is sent back through the kernel?
Is it possible to establish a VPN before the user login to the Endpoint Client?
While using the Gaia CLI. what is the correct command to publish changes to the management server?
Which utility allows you to configure the DHCP service on Gaia from the command line?
Which component is NOT required to communicate with the Web Services API?
Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily (asks the API services from Check Point fof the Management API. Firstly she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:
Kurt is planning to upgrade his Security Management Server to R81.X. What is the lowest supported version of the Security Management he can upgrade from?
Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.
Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the
inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire
mode configuration, chain modules marked with _______ will not apply.
Besides fw monitor, what is another command that can be used to capture packets?
What could NOT be a reason for synchronization issues in a Management HA environment?
What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)?
In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
What is a possible command to delete all of the SSH connections of a gateway?
In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom Which of the following statements is correct?
In R81.20 a new feature dynamic log distribution was added. What is this for?
Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?
Which upgrade method you should use upgrading from R80.40 to R81.20 to avoid any downtime?
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?
Check Point security components are divided into the following components:
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.
Which of the following statements correctly identify each product's capabilities?
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
Which file gives you a list of all security servers in use, including port number?
Which command shows the current connections distributed by CoreXL FW instances?
What are the different command sources that allow you to communicate with the API server?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
Which of the following authentication methods ARE NOT used for Mobile Access?
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
Which command can you use to verify the number of active concurrent connections?