156-215.81 Check Point Certified Security Administrator R81.20 Dumps
If you are looking for free 156-215.81 dumps than here we have some sample question answers available. You can prepare from our CheckPoint 156-215.81 exam questions notes and prepare exam with this practice test. Check below our updated 156-215.81 exam dumps.
DumpsGroup are top class study material providers and our inclusive range of 156-215.81 Real exam questions would be your key to success in CheckPoint CCSA R81 Certification Exam in just first attempt. We have an excellent material covering almost all the topics of CheckPoint 156-215.81 exam. You can get this material in CheckPoint 156-215.81 PDF and 156-215.81 practice test engine formats designed similar to the Real Exam Questions. Free 156-215.81 questions answers and free CheckPoint 156-215.81 study material is available here to get an idea about the quality and accuracy of our study material.
Sample Question 4
When changes are made to a Rule base, it is important to _______________ to enforce
changes.
A. Publish database B. Activate policy C. Install policy D. Save changes
Answer: C
Sample Question 5
When a SAM rule is required on Security Gateway to quickly block suspicious connections
which are not restricted by the Security Policy, what actions does the administrator need to
take?
A. SmartView Monitor should be opened and then the SAM rule/s can be applied
immediately. Installing policy is not required. B. The policy type SAM must be added to the Policy Package and a new SAM rule must be
applied. Simply Publishing the changes applies the SAM rule on the firewall. C. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and
the command 'sam block' must be used with the right parameters. D. The administrator should open the LOGS & MONITOR view and find the relevant log.
Right clicking on the log entry will show the Create New SAM rule option.
Answer: A
Explanation:
A Security GatewayClosed with SAM enabled has Firewall rules to block suspicious
connections that are not restricted by the security policyClosed. These rules are applied
immediately (policy installation is not required).
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMo
nitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm
Sample Question 6
Identity Awareness allows the Security Administrator to configure network access based on
which of the following?
A. Name of the application, identity of the user, and identity of the machine B. Identity of the machine, username, and certificate C. Network location, identity of a user, and identity of a machine D. Browser-Based Authentication, identity of a user, and network location
Answer: C
Sample Question 7
Which command shows the installed licenses?
A. cplic print B. print cplic C. fwlic print D. show licenses
Answer: A
Sample Question 8
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming B. Internal C. External D. Outgoing
Answer: D
Sample Question 9
Fill in the blank: When a policy package is installed, ________ are also distributed to the
target installation Security Gateways.
A. User and objects databases B. Network databases C. SmartConsole databases D. User databases
Answer: A
Sample Question 10
What is the most recommended installation method for Check Point appliances?
A. SmartUpdate installation B. DVD media created with Check Point ISOMorphic C. USB media created with Check Point ISOMorphic D. Cloud based installation
Answer: C
Sample Question 11
The Network Operations Center administrator needs access to Check Point Security
devices mostly for troubleshooting purposes. You do not want to give her access to the
expert mode, but she still should be able to run tcpdump. How can you achieve this
requirement?
A. Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to
the role.Create new user with any UID and assign role to the user. B. Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to
the role.Create new user with UID 0 and assign role to the user. C. Create a new access role.Add expert-mode access to the role.Create new user with UID
0 and assign role to the user. D. Create a new access role.Add expert-mode access to the role.Create new user with any
UID and assign role to the user.
Answer: A
Sample Question 12
When dealing with rule base layers, what two layer types can be utilized?
A. Ordered Layers and Inline Layers B. Inbound Layers and Outbound Layers C. R81.10 does not support Layers D. Structured Layers and Overlap Layers
Which of the following is NOT a tracking option? (Select three)
A. Partial log B. Log C. Network log D. Full log
Answer: A,C,D
Sample Question 14
Fill in the blank: In Security Gateways R75 and above, SIC uses ______________ for
encryption.
A. AES-128 B. AES-256 C. DES D. 3DES
Answer: A
Sample Question 15
Which two of these Check Point Protocols are used by ?
A. ELA and CPD B. FWD and LEA C. FWD and CPLOG D. ELA and CPLOG
Answer: B
Sample Question 16
Which of the following describes how Threat Extraction functions?
A. Detect threats and provides a detailed report of discovered threats B. Proactively detects threats C. Delivers file with original content D. Delivers PDF versions of original files with active content removed
Answer: B
Sample Question 17
A Check Point Software license consists of two components, the Software Blade and the
Software Container. There are ______ types of Software Containers: ________.
A. Two; Security Management and Endpoint Security B. Two; Endpoint Security and Security Gateway C. Three; Security Management, Security Gateway, and Endpoint Security D. Three; Security Gateway, Endpoint Security, and Gateway Management
Answer: C
Sample Question 18
Your internal networks 10.1.1.0/24, 10.2.2.0/24 and 192.168.0.0/16 are behind the Internet
Security Gateway. Considering that Layer 2 and Layer 3 setup is correct, what are the
steps you will need to do in SmartConsole in order to get the connection working?
A. 1. Define an accept rule in Security Policy.2. Define Security Gateway to hide all internal networks behind the gateway’s external IP.3. Publish and install the policy. B. 1. Define an accept rule in Security Policy.2. Define automatic NAT for each network to NAT the networks behind a public IP.3. Publish the policy.
C. 1. Define an accept rule in Security Policy.2. Define automatic NAT for each network to NAT the networks behind a public IP.3. Publish and install the policy.
D. 1. Define an accept rule in Security Policy.2. Define Security Gateway to hide all internal
networks behind the gateway’s external IP.3. Publish the policy.
Answer: C
Sample Question 19
Which of the following is an authentication method used for Identity Awareness?
A. SSL B. Captive Portal C. PKI D. RSA
Answer: B
Sample Question 20
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster
members? Choose the best answer.
A. fw ctl set int fwha vmac global param enabled B. fw ctl get int fwha vmac global param enabled; result of command should return value 1 C. cphaprob –a if D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value
1
Answer: B
Sample Question 21
When URL Filtering is set, what identifying data gets sent to the Check Point Online Web
Service?
A. The URL and server certificate are sent to the Check Point Online Web Service B. The full URL, including page data, is sent to the Check Point Online Web Service C. The host part of the URL is sent to the Check Point Online Web Service D. The URL and IP address are sent to the Check Point Online Web Service
Answer: C
Sample Question 22
When should you generate new licenses?
A. Before installing contract files. B. After a device upgrade. C. When the existing license expires, license is upgraded or the IP-address associated with
the license changes. D. Only when the license is upgraded.
Answer: C
Sample Question 23
You are the Check Point administrator for Alpha Corp. You received a call that one of the
users is unable to browse the Internet on their new tablet which is connected to the
company wireless, which goes through a Check Point Gateway. How would you review the
logs to see what is blocking this traffic?
A. Open SmartLog and connect remotely to the wireless controller B. Open SmartEvent to see why they are being blocked C. Open SmartDashboard and review the logs tab D. From SmartConsole, go to the Log & Monitor and filter for the IP address of the tablet.
Answer: D
Sample Question 24
Which policy type is used to enforce bandwidth and traffic control rules?
A. Access Control B. Threat Emulation C. Threat Prevention D. QoS
Which of the following is NOT an identity source used for Identity Awareness?
A. Remote Access B. UserCheck C. AD Query D. RADIUS
Answer: B
Sample Question 26
What are the three deployment considerations for a secure network?
A. Distributed, Bridge Mode, and Remote B. Bridge Mode, Remote, and Standalone C. Remote, Standalone, and Distributed D. Standalone, Distributed, and Bridge Mode
Answer: A
Sample Question 27
Which of the following is NOT a component of a Distinguished Name?
A. Common Name B. Country C. User container D. Organizational Unit
Answer: C
Sample Question 28
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log.
Which of the following options can you add to each Log, Detailed Log and Extended Log?
A. Accounting B. Suppression C. Accounting/Suppression D. Accounting/Extended
Answer: C
Sample Question 29
Which Check Point software blade provides Application Security and identity control?
A. Identity Awareness B. Data Loss Prevention C. URL Filtering D. Application Control
Answer: D
Explanation:
Check Point Application Control provides the industry’s strongest application security and
identity control to organizations of all sizes.
Sample Question 30
Fill in the blanks: In _____ NAT, Only the ________ is translated.
A. Static; source B. Simple; source C. Hide; destination D. Hide; source
Answer: D
Sample Question 31
Which tool allows for the automatic updating of the Gaia OS and Check Point products
installed on the Gaia OS?
A. CPASE - Check Point Automatic Service Engine B. CPAUE - Check Point Automatic Update Engine C. CPDAS - Check Point Deployment Agent Service D. CPUSE - Check Point Upgrade Service Engine
Answer: D
Explanation: Check Point Update Service Engine (CPUSE), also known as Deployment
Agent [DA], is an advanced and intuitive mechanism for software deployment on Gaia OS,
which supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and
Which of the following technologies extracts detailed information from packets and stores
that information in state tables?
A. INSPECT Engine B. Next-Generation Firewall C. Packet Filtering D. Application Layer Firewall
Answer: A
Explanation: Check Point FireWall-1’s Stateful Inspection overcomes the limitations of the
previous two approaches by providing full application-layer awareness without breaking the
client/server model. With Stateful Inspection, the packet is intercepted at the network layer,
but then the INSPECT Engine takes over. It extracts state-related information required for
the security decision from all application layers and maintains this information in dynamic
state tables for evaluating subsequent connection attempts. This provides a solution which
is highly secure and offers maximum performance, scalability, and extensibility.
Sample Question 33
Which key is created during Phase 2 of a site-to-site VPN?
A. Pre-shared secret B. Diffie-Hellman Public Key C. Symmetrical IPSec key D. Diffie-Hellman Private Key
Answer: C
Sample Question 34
What is true about the IPS-Blade?
A. in R80, IPS is managed by the Threat Prevention Policy B. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict C. in R80, IPS Exceptions cannot be attached to “all rules” D. in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Answer: A
Sample Question 35
Fill in the blanks: The Application Layer Firewalls inspect traffic through the ______ layer(s)
of the TCP/IP model and up to and including the ______ layer.
A. Upper; Application B. First two; Internet C. Lower; Application D. First two; Transport
Answer: C
Sample Question 36
Which statement describes what Identity Sharing is in Identity Awareness?
A. Management servers can acquire and share identities with Security Gateways B. Users can share identities with other users C. Security Gateways can acquire and share identities with other Security Gateways D. Administrators can share identifies with other administrators
Answer: C
Explanation:
Identity Sharing
Best Practice - In environments that use many Security Gateways and AD Query, we
recommend that you set only one Security Gateway to acquire identities from a given
Active Directory domain controller for each physical site. If more than one Security
Gateway gets identities from the same AD server, the AD server can become overloaded
with WMI queries.
Set these options on the Identity Awareness > Identity Sharing page of the Security
Gateway object:
Sample Question 37
Application Control/URL filtering database library is known as:
A. Application database B. AppWiki C. Application-Forensic Database D. Application Library
Answer: B
Sample Question 38
In R80 Management, apart from using SmartConsole, objects or rules can also be modified
using:
A. 3rd Party integration of CLI and API for Gateways prior to R80. B. A complete CLI and API interface using SSH and custom CPCode integration. C. 3rd Party integration of CLI and API for Management prior to R80. D. A complete CLI and API interface for Management with 3rd Party integration.
Answer: B
Sample Question 39
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid B. Accept-Charset C. Proxy-Authorization D. Application
Answer: C
Sample Question 40
To quickly review when Threat Prevention signatures were last updated, which Threat Tool
would an administrator use?
A. Protections B. IPS Protections C. Profiles D. ThreatWiki
Answer: B
Sample Question 41
Which SmartConsole tab is used to monitor network and security performance?
A. Manage & Settings B. Security Policies C. Gateway & Servers D. Logs & Monitor
Answer: D
Sample Question 42
Which backup utility captures the most information and tends to create the largest
archives?
A. backup B. snapshot C. Database Revision D. migrate export
Answer: B
Sample Question 43
Which application is used for the central management and deployment of licenses and packages?
A. SmartProvisioning B. SmartLicense C. SmartUpdate D. Deployment Agent
When defining group-based access in an LDAP environment with Identity Awareness, what
is the BEST object type to represent an LDAP group in a Security Policy?
A. Access Role B. User Group C. SmartDirectory Group D. Group Template
Answer: A
Sample Question 45
Fill in the blank: An LDAP server holds one or more ______________.
A. Server Units B. Administrator Units C. Account Units D. Account Servers
Answer: C
Sample Question 46
SandBlast offers flexibility in implementation based on their individual business needs.
What is an option for deployment of Check Point SandBlast Zero-Day Protection?
A. Smart Cloud Services B. Load Sharing Mode Services C. Threat Agent Solution D. Public Cloud Services
Answer: A
Sample Question 47
Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitordisplays _____________ for the given VPN tunnel.
A. Down B. No Response C. Inactive D. Failed
Answer: A
Sample Question 48
When configuring Spoof Tracking, which tracking actions can an administrator select to be
done when spoofed packets are detected?
A. Log, send snmp trap, email B. Drop packet, alert, none C. Log, alert, none D. Log, allow packets, email
Answer: C
Sample Question 49
Name the pre-defined Roles included in Gaia OS.
A. AdminRole, and MonitorRole B. ReadWriteRole, and ReadyOnly Role C. AdminRole, cloningAdminRole, and Monitor Role D. AdminRole
Answer: A
Sample Question 50
Identity Awareness allows easy configuration for network access and auditing based on
what three items?
A. Client machine IP address. B. Network location, the identity of a user and the identity of a machine. C. Log server IP address. D. Gateway proxy IP address.
Answer: B
Sample Question 51
After the initial installation on Check Point appliance, you notice that the Management interface and default gateway are incorrect. Which commands could you use to set the IP
to 192.168.80.200/24 and default gateway to 192.168.80.1.
A. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default
nexthop gateway address 192.168.80.1 onsave config B. add interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route
0.0.0.0.0.0.0.0 gw 192.168.80.1 onsave config C. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route
0.0.0.0.0.0.0.0 gw 192.168.80.1 onsave config D. add interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default
nexthop gateway address 192.168.80.1 onsave config
Answer: A
Sample Question 52
What command would show the API server status?
A. cpm status B. api restart C. api status D. show api status
Answer: D
Sample Question 53
Which of the following is NOT a valid deployment option for R80?
A. All-in-one (stand-alone) B. Log server C. SmartEvent D. Multi-domain management server
Answer: D
Sample Question 54
Which of the following is NOT a component of Check Point Capsule?
A. Capsule Docs B. Capsule Cloud C. Capsule Enterprise D. Capsule Workspace
Answer: C
Sample Question 55
What is NOT an advantage of Stateful Inspection?
A. High Performance B. Good Security C. No Screening above Network layer D. Transparency
Answer: A
Sample Question 56
A stateful inspection firewall works by registering connection data and compiling this
information. Where is the information stored?
A. In the system SMEM memory pool. B. In State tables. C. In the Sessions table. D. In a CSV file on the firewall hard drive located in $FWDIR/conf/.
Answer: B
Sample Question 57
Which back up method uses the command line to create an image of the OS?
A. System backup B. Save Configuration C. Migrate D. snapshot
Answer: D
Sample Question 58
Which one of the following is a way that the objects can be manipulated using the new API
integration in R80 Management?
A. Microsoft Publisher B. JSON C. Microsoft Word D. RC4 Encryption
Answer: B
Sample Question 59
Security Gateway software blades must be attached to what?
A. Security Gateway B. Security Gateway container C. Management server D. Management container
Answer: B
Explanation:
Security Management and Security Gateway Software Blades must be attached to a
Which product correlates logs and detects security threats, providing a centralized display
of potential attack patterns from all network devices?
A. SmartDashboard B. SmartEvent C. SmartView Monitor D. SmartUpdate
Answer: B
Sample Question 61
When should you generate new licenses?
A. Before installing contract files. B. After an RMA procedure when the MAC address or serial number of the appliancechanges. C. When the existing license expires, license is upgraded or the IP-address where thelicense is tied changes. D. Only when the license is upgraded.
Answer: C
Sample Question 62
When an Admin logs into SmartConsole and sees a lock icon on a gateway object and
cannot edit that object, what does that indicate?
A. The gateway is not powered on. B. Incorrect routing to reach the gateway. C. The Admin would need to login to Read-Only mode D. Another Admin has made an edit to that object and has yet to publish the change.
Answer: D
Sample Question 63
A security zone is a group of one or more network interfaces from different centrally
managed gateways. What is considered part of the zone?
A. The zone is based on the network topology and determined according to where theinterface leads to. B. Security Zones are not supported by Check Point firewalls. C. The firewall rule can be configured to include one or more subnets in a zone. D. The local directly connected subnet defined by the subnet IP and subnet mask.
Answer: A
Explanation: The Interface window opens. The Topology area of the General pane shows
the Security Zone to which the interface is already bound. By default, the Security Zone is
calculated according to where the interface Leads To.
