Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Checkpoint 156-315.81 Check Point Certified Security Expert R81 Exam Practice Test

Page: 1 / 54
Total 537 questions

Check Point Certified Security Expert R81 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$36  $119.99

PDF Study Guide

  • Product Type: PDF Study Guide
$31.5  $104.99
Question 1

After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

Options:

A.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

B.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

C.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

D.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

Question 2

What is not a purpose of the deployment of Check Point API?

Options:

A.

Execute an automated script to perform common tasks

B.

Create a customized GUI Client for manipulating the objects database

C.

Create products that use and enhance the Check Point solution

D.

Integrate Check Point products with 3rd party solution

Question 3

Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.

What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?

Options:

A.

Missing an installed R77.20 Add-on on Security Management Server

B.

Unsupported firmware on UTM-1 Edge-W appliance

C.

Unsupported version on UTM-1 570 series appliance

D.

Unsupported appliances on remote locations

Question 4

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:

Options:

A.

Create new dashboards to manage 3rd party task

B.

Create products that use and enhance 3rd party solutions

C.

Execute automated scripts to perform common tasks

D.

Create products that use and enhance the Check Point Solution

Question 5

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Options:

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Question 6

Check Point security components are divided into the following components:

Options:

A.

GUI Client, Security Gateway, WebUI Interface

B.

GUI Client, Security Management, Security Gateway

C.

Security Gateway, WebUI Interface, Consolidated Security Logs

D.

Security Management, Security Gateway, Consolidate Security Logs

Question 7

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?

Options:

A.

20 minutes

B.

15 minutes

C.

Admin account cannot be unlocked automatically

D.

30 minutes at least

Question 8

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.

What is the most likely reason that the traffic is not accelerated?

Options:

A.

There is a virus found. Traffic is still allowed but not accelerated.

B.

The connection required a Security server.

C.

Acceleration is not enabled.

D.

The traffic is originating from the gateway itself.

Question 9

Which Check Point feature enables application scanning and the detection?

Options:

A.

Application Dictionary

B.

AppWiki

C.

Application Library

D.

CPApp

Question 10

On what port does the CPM process run?

Options:

A.

TCP 857

B.

TCP 18192

C.

TCP 900

D.

TCP 19009

Question 11

How many layers make up the TCP/IP model?

Options:

A.

2

B.

7

C.

6

D.

4

Question 12

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?

Options:

A.

fw ctl set int fwha vmac global param enabled

B.

fw ctl get int vmac global param enabled; result of command should return value 1

C.

cphaprob-a if

D.

fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Question 13

What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?

Options:

A.

S

B.

W

C.

C

D.

Space bar

Question 14

Which of the following commands shows the status of processes?

Options:

A.

cpwd_admin -l

B.

cpwd -l

C.

cpwd admin_list

D.

cpwd_admin list

Question 15

You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.

How many cores can be used in a Cluster for Firewall-kernel on the new device?

Options:

A.

3

B.

2

C.

1

D.

4

Question 16

Which process handles connection from SmartConsole R81?

Options:

A.

fwm

B.

cpmd

C.

cpm

D.

cpd

Question 17

What statement best describes the Proxy ARP feature for Manual NAT in R81.10?

Options:

A.

Automatic proxy ARP configuration can be enabled

B.

Translate Destination on Client Side should be configured

C.

fw ctl proxy should be configured

D.

local.arp file must always be configured

Question 18

Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

Options:

A.

AV issues

B.

VPN errors

C.

Network traffic issues

D.

Authentication issues

Question 19

You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.

What must you do to get SIC to work?

Options:

A.

Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.

B.

Create a rule at the top in the Sydney firewall to allow control traffic from your network

C.

Nothing - Check Point control connections function regardless of Geo-Protection policy

D.

Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Question 20

What must you do first if “fwm sic_reset” could not be completed?

Options:

A.

Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

B.

Reinitialize SIC on the security gateway then run “fw unloadlocal”

C.

Reset SIC from Smart Dashboard

D.

Change internal CA via cpconfig

Question 21

Which encryption algorithm is the least secured?

Options:

A.

AES-128

B.

AES-256

C.

DES

D.

3DES

Question 22

Can multiple administrators connect to a Security Management Server at the same time?

Options:

A.

No, only one can be connected

B.

Yes, all administrators can modify a network object at the same time

C.

Yes, every administrator has their own username, and works in a session that is independent of other administrators.

D.

Yes, but only one has the right to write.

Question 23

What scenario indicates that SecureXL is enabled?

Options:

A.

Dynamic objects are available in the Object Explorer

B.

SecureXL can be disabled in cpconfig

C.

fwaccel commands can be used in clish

D.

Only one packet in a stream is seen in a fw monitor packet capture

Question 24

Which command gives us a perspective of the number of kernel tables?

Options:

A.

fw tab -t

B.

fw tab -s

C.

fw tab -n

D.

fw tab -k

Question 25

From SecureXL perspective, what are the tree paths of traffic flow:

Options:

A.

Initial Path; Medium Path; Accelerated Path

B.

Layer Path; Blade Path; Rule Path

C.

Firewall Path; Accept Path; Drop Path

D.

Firewall Path; Accelerated Path; Medium Path

Question 26

Which of these is an implicit MEP option?

Options:

A.

Primary-backup

B.

Source address based

C.

Round robin

D.

Load Sharing

Question 27

Customer’s R81 management server needs to be upgraded to R81.10. What is the best upgrade method when the management server is not connected to the Internet?

Options:

A.

Export R81 configuration, clean install R81.10 and import the configuration

B.

CPUSE offline upgrade

C.

CPUSE online upgrade

D.

SmartUpdate upgrade

Question 28

What is the purpose of a SmartEvent Correlation Unit?

Options:

A.

The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.

B.

The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.

C.

The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.

D.

The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

Question 29

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.

Options:

A.

ffff

B.

1

C.

2

D.

3

Question 30

SmartEvent does NOT use which of the following procedures to identify events:

Options:

A.

Matching a log against each event definition

B.

Create an event candidate

C.

Matching a log against local exclusions

D.

Matching a log against global exclusions

Question 31

When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

Options:

A.

Includes the registry

B.

Gets information about the specified Virtual System

C.

Does not resolve network addresses

D.

Output excludes connection table

Question 32

John is using Management HA. Which Smartcenter should be connected to for making changes?

Options:

A.

secondary Smartcenter

B.

active Smartenter

C.

connect virtual IP of Smartcenter HA

D.

primary Smartcenter

Question 33

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

Options:

A.

cphaprob set int fwha_vmac_global_param_enabled 1

B.

clusterXL set int fwha_vmac_global_param_enabled 1

C.

fw ctl set int fwha_vmac_global_param_enabled 1

D.

cphaconf set int fwha_vmac_global_param_enabled 1

Question 34

When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

Options:

A.

cphaprob –d STOP unregister

B.

cphaprob STOP unregister

C.

cphaprob unregister STOP

D.

cphaprob –d unregister STOP

Question 35

Which command shows the current connections distributed by CoreXL FW instances?

Options:

A.

fw ctl multik stat

B.

fw ctl affinity -l

C.

fw ctl instances -v

D.

fw ctl iflist

Question 36

Using ClusterXL, what statement is true about the Sticky Decision Function?

Options:

A.

Can only be changed for Load Sharing implementations

B.

All connections are processed and synchronized by the pivot

C.

Is configured using cpconfig

D.

Is only relevant when using SecureXL

Question 37

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

Options:

A.

$FWDIR/database/fwauthd.conf

B.

$FWDIR/conf/fwauth.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/state/fwauthd.conf

Question 38

Automation and Orchestration differ in that:

Options:

A.

Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

B.

Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.

C.

Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.

D.

Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

Question 39

SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:

Options:

A.

19090,22

B.

19190,22

C.

18190,80

D.

19009,443

Question 40

: 131

Which command is used to display status information for various components?

Options:

A.

show all systems

B.

show system messages

C.

sysmess all

D.

show sysenv all

Question 41

The log server sends what to the Correlation Unit?

Options:

A.

Authentication requests

B.

CPMI dbsync

C.

Logs

D.

Event Policy

Question 42

In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a

response before the peer host is declared ‘down’, you would set the_________?

Options:

A.

life sign polling interval

B.

life sign timeout

C.

life_sign_polling_interval

D.

life_sign_timeout

Question 43

What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?

Options:

A.

test_connectivity_ad –d

B.

test_ldap_connectivity –d

C.

test_ad_connectivity –d

D.

ad_connectivity_test –d

Question 44

When synchronizing clusters, which of the following statements is FALSE?

Options:

A.

The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.

B.

Only cluster members running on the same OS platform can be synchronized.

C.

In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.

D.

Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

Question 45

If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available or other administrators? (Choose the BEST answer.)

Options:

A.

Publish or discard the session.

B.

Revert the session.

C.

Save and install the Policy.

D.

Delete older versions of database.

Question 46

In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

Options:

A.

Basic, Optimized, Strict

B.

Basic, Optimized, Severe

C.

General, Escalation, Severe

D.

General, purposed, Strict

Question 47

Which VPN routing option uses VPN routing for every connection a satellite gateway handles?

Options:

A.

To satellites through center only

B.

To center only

C.

To center and to other satellites through center

D.

To center, or through the center to other satellites, to Internet and other VPN targets

Question 48

What is the valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration?

Options:

A.

1-254

B.

1-255

C.

0-254

D.

0 – 255

Question 49

GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:

Options:

A.

Check Point Update Service Engine

B.

Check Point Software Update Agent

C.

Check Point Remote Installation Daemon (CPRID)

D.

Check Point Software Update Daemon

Question 50

When performing a minimal effort upgrade, what will happen to the network traffic?

Options:

A.

All connections that were initiated before the upgrade will be dropped, causing network downtime

B.

All connections that were initiated before the upgrade will be handled normally

C.

All connections that were initiated before the upgrade will be handled by the standby gateway

D.

All connections that were initiated before the upgrade will be handled by the active gateway

Question 51

How can you see historical data with cpview?

Options:

A.

cpview -f

B.

cpview -e

C.

cpview -t

D.

cpview -d

Question 52

What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?

Options:

A.

Use Multi-Domain Management Server.

B.

Choose different setting for log storage and SmartEvent db

C.

Install Management and SmartEvent on different machines.

D.

it is not possible.

Question 53

What is required for a certificate-based VPN tunnel between two gateways with separate management systems?

Options:

A.

Mutually Trusted Certificate Authorities

B.

Shared User Certificates

C.

Shared Secret Passwords

D.

Unique Passwords

Question 54

What can we infer about the recent changes made to the Rule Base?

Options:

A.

Rule 7 was created by the ‘admin’ administrator in the current session

B.

8 changes have been made by administrators since the last policy installation

C.

The rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator

D.

Rule 1 and object webserver are locked by another administrator

Question 55

Which firewall daemon is responsible for the FW CLI commands?

Options:

A.

fwd

B.

fwm

C.

cpm

D.

cpd

Question 56

By default, which port does the WebUI listen on?

Options:

A.

80

B.

4434

C.

443

D.

8080

Question 57

According to out of the box SmartEvent policy, which blade will automatically be correlated into events?

Options:

A.

Firewall

B.

VPN

C.

IPS

D.

HTTPS

Question 58

In the Check Point Security Management Architecture, which component(s) can store logs?

Options:

A.

SmartConsole

B.

Security Management Server and Security Gateway

C.

Security Management Server

D.

SmartConsole and Security Management Server

Question 59

Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .

Options:

A.

On all satellite gateway to satellite gateway tunnels

B.

On specific tunnels for specific gateways

C.

On specific tunnels in the community

D.

On specific satellite gateway to central gateway tunnels

Question 60

Which command will reset the kernel debug options to default settings?

Options:

A.

fw ctl dbg -a 0

B.

fw ctl dbg resetall

C.

fw ctl debug 0

D.

fw ctl debug set 0

Question 61

On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

Options:

A.

18210

B.

18184

C.

257

D.

18191

Question 62

Which TCP-port does CPM process listen to?

Options:

A.

18191

B.

18190

C.

8983

D.

19009

Question 63

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

Options:

A.

Inspect/Bypass

B.

Inspect/Prevent

C.

Prevent/Bypass

D.

Detect/Bypass

Question 64

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

Options:

A.

UDP port 265

B.

TCP port 265

C.

UDP port 256

D.

TCP port 256

Question 65

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

Options:

A.

50%

B.

75%

C.

80%

D.

15%

Question 66

What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

Options:

A.

Source address, Destination address, Source port, Destination port, Protocol

B.

Source MAC address, Destination MAC address, Source port, Destination port, Protocol

C.

Source address, Destination address, Source port, Destination port

D.

Source address, Destination address, Destination port, Protocol

Question 67

NAT rules are prioritized in which order?

1. Automatic Static NAT

2. Automatic Hide NAT

3. Manual/Pre-Automatic NAT

4. Post-Automatic/Manual NAT rules

Options:

A.

1, 2, 3, 4

B.

1, 4, 2, 3

C.

3, 1, 2, 4

D.

4, 3, 1, 2

Question 68

Identify the API that is not supported by Check Point currently.

Options:

A.

R81 Management API-

B.

Identity Awareness Web Services API

C.

Open REST API

D.

OPSEC SDK

Question 69

What happen when IPS profile is set in Detect Only Mode for troubleshooting?

Options:

A.

It will generate Geo-Protection traffic

B.

Automatically uploads debugging logs to Check Point Support Center

C.

It will not block malicious traffic

D.

Bypass licenses requirement for Geo-Protection control

Question 70

Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?

Options:

A.

Severity

B.

Automatic reactions

C.

Policy

D.

Threshold

Question 71

If you needed the Multicast MAC address of a cluster, what command would you run?

Options:

A.

cphaprob –a if

B.

cphaconf ccp multicast

C.

cphaconf debug data

D.

cphaprob igmp

Question 72

Which of the following process pulls application monitoring status?

Options:

A.

fwd

B.

fwm

C.

cpwd

D.

cpd

Question 73

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Options:

A.

Stateful Mode

B.

VPN Routing Mode

C.

Wire Mode

D.

Stateless Mode

Question 74

The Event List within the Event tab contains:

Options:

A.

a list of options available for running a query.

B.

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

C.

events generated by a query.

D.

the details of a selected event.

Question 75

In R81, how do you manage your Mobile Access Policy?

Options:

A.

Through the Unified Policy

B.

Through the Mobile Console

C.

From SmartDashboard

D.

From the Dedicated Mobility Tab

Question 76

Which statement is correct about the Sticky Decision Function?

Options:

A.

It is not supported with either the Performance pack of a hardware based accelerator card

B.

Does not support SPI’s when configured for Load Sharing

C.

It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

D.

It is not required L2TP traffic

Question 77

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

Options:

A.

MySQL

B.

Postgres SQL

C.

MarisDB

D.

SOLR

Question 78

In R81 spoofing is defined as a method of:

Options:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Question 79

Which features are only supported with R81.10 Gateways but not R77.x?

Options:

A.

Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.

B.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

D.

Time object to a rule to make the rule active only during specified times.

Question 80

What are the different command sources that allow you to communicate with the API server?

Options:

A.

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B.

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

C.

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

D.

API_cli Tool, Gaia CLI, Web Services

Page: 1 / 54
Total 537 questions