156-315.81 Exam - Check Point Certified Security Expert R81

NEW QUESTION 1

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

• A. Accept Template
• B. Deny Template
• C. Drop Template
• D. NAT Template

Answer: B

NEW QUESTION 2

You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

• A. Right click Accept in the rule, select “More”, and then check ‘Enable Identity Captive Portal’.
• B. On the firewall object, Legacy Authentication screen, check ‘Enable Identity Captive Portal’.
• C. In the Captive Portal screen of Global Properties, check ‘Enable Identity Captive Portal’.
• D. On the Security Management Server object, check the box ‘Identity Logging’.

Answer: A

NEW QUESTION 3

When Configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure individual policies for each application?

• A. Basic Approach
• B. Strong Approach
• C. Very Advanced Approach
• D. Medium Approach

Answer: C

NEW QUESTION 4

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?

• A. 20 minutes
• B. 15 minutes
• C. Admin account cannot be unlocked automatically
• D. 30 minutes at least

Answer: D

NEW QUESTION 5

CoreXL is NOT supported when one of the following features is enabled: (Choose three)

• A. Route-based VPN
• B. IPS
• C. IPv6
• D. Overlapping NAT

Answer: ACD

Explanation:
CoreXL does not support Check Point Suite with these features:
Check Point QoS (Quality of Service)
Route-based VPN
IPv6 on IPSO
Overlapping NAT
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm

NEW QUESTION 6

Fill in the blank: Authentication rules are defined for ______ .

• A. User groups
• B. Users using UserCheck
• C. Individual users
• D. All users in the database

Answer: A

NEW QUESTION 7

View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)

• A. The current administrator has read-only permissions to Threat Prevention Policy.
• B. Another user has locked the rule for editing.
• C. Configuration lock is presen
• D. Click the lock symbol to gain read-write access.
• E. The current administrator is logged in as read-only because someone else is editing the policy.

Answer: B

Explanation:
https://sc1.checkpoint.com/documents/R81/CP_R81_SecMGMT/html_frameset.htm?topic=documents/R81/CP_

NEW QUESTION 8

What are the three components for Check Point Capsule?

• A. Capsule Docs, Capsule Cloud, Capsule Connect
• B. Capsule Workspace, Capsule Cloud, Capsule Connect
• C. Capsule Workspace, Capsule Docs, Capsule Connect
• D. Capsule Workspace, Capsule Docs, Capsule Cloud

Answer: D

NEW QUESTION 9

You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

• A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
• B. Create a separate Security Policy package for each remote Security Gateway.
• C. Create network objects that restricts all applicable rules to only certain networks.
• D. Run separate SmartConsole instances to login and configure each Security Gateway directly.

Answer: B

NEW QUESTION 10

What is the recommended way to have a redundant Sync connection between the cluster nodes?

• A. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per nod
• B. Connect both Sync interfaces without using a switch.
• C. Use a group of bonded interface
• D. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define a Virtual IP for the Sync interface.
• E. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per nod
• F. Use two different Switches to connect both Sync interfaces.
• G. Use a group of bonded interfaces connected to different switche
• H. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management.

Answer: C

NEW QUESTION 11

Which utility allows you to configure the DHCP service on Gaia from the command line?

• A. ifconfig
• B. dhcp_ofg
• C. sysconfig
• D. cpconfig

Answer: C

NEW QUESTION 12

John is using Management HA. Which Security Management Server should he use for making changes?

• A. secondary Smartcenter
• B. active SmartConsole
• C. connect virtual IP of Smartcenter HA
• D. primary Log Server

Answer: B

NEW QUESTION 13

What are the correct sleps upgrading a HA cluster (Ml is active. M2 is passive) using Multi-Version Cluster(MVC) Upgrade?

• A. 1) Enable the MVC mechanism on both cluster members «cphaprob mvc on2) Upgrade the passive node M2 to R81.103) In SmartConsol
• B. change the version of the cluster object4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails5) After examine the cluster states upgrade node M1 to R81.106) On each Cluster Member, disable the MVC mechanism
• C. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on2) Upgrade the passive node M2 to R81.103) In SmartConsol
• D. change the version of the cluster object4) Install the Access Control Policy5) After examine the cluster states upgrade node M1 to R81.106) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy
• E. 1) In SmartConsol
• F. change the version of the cluster object2) Upgrade the passive node M2 to R81.103) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 Wcphaconf mvc on4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails5) After examine the cluster states upgrade node M1 to R81.106) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsol
• G. change the version of the cluster object
• H. 1) Upgrade the passive node M2 to R81.102) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 ttcphaconf mvc on3) In SmartConsole, change the version of the cluster object 4} Install the Access Control Policy5) After examine the cluster states upgrade node M1 to R81.106) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.10

Answer: D

NEW QUESTION 14

You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?

• A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
• B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
• C. Nothing - Check Point control connections function regardless of Geo-Protection policy
• D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Answer: C

NEW QUESTION 15

What is the limitation of employing Sticky Decision Function?

• A. With SDF enabled, the involved VPN Gateways only supports IKEv1
• B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
• C. With SDF enabled, only ClusterXL in legacy mode is supported
• D. With SDF enabled, you can only have three Sync interfaces at most

Answer: B

NEW QUESTION 16

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

• A. Go to clash-Run cpstop | Run cpstart
• B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway
• C. Administrator does not need to perform any tas
• D. Check Point will make use of the newly installed CPU and Cores
• E. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy

Answer: B

NEW QUESTION 17

In R81 spoofing is defined as a method of:

• A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
• B. Hiding your firewall from unauthorized users.
• C. Detecting people using false or wrong authentication logins
• D. Making packets appear as if they come from an authorized IP address.

Answer: D

Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.

NEW QUESTION 18
......