CheckPoint Checkpoint Certifications 156-215.81 Questions & Answers

• Question 101:

  The SmartEvent R80 Web application for real-time event monitoring is called:

  A. SmartView Monitor

  B. SmartEventWeb

  C. There is no Web application for SmartEvent

  D. SmartView

  Correct Answer: D

  SmartView is the web application for real-time event monitoring in SmartEvent R80 and above. It provides a unified view of security events across the network and allows for quick investigation and response. References: SmartEvent R80.40 Administration Guide, SmartView

• Question 102:

  Fill in the blank: Back up and restores can be accomplished through_________.

  A. SmartConsole, WebUI, or CLI

  B. WebUI, CLI, or SmartUpdate

  C. CLI, SmartUpdate, or SmartBackup

  D. SmartUpdate, SmartBackup, or SmartConsole

  Correct Answer: A

  Back up and restores can be accomplished through SmartConsole, WebUI, or CLI. These are the methods to perform system backup and restore, which save and restore the Gaia OS configuration and the Security Management Server database. WebUI, CLI, or SmartUpdate are not valid methods, as SmartUpdate is used to install software packages and patches, not to back up or restore the system. CLI, SmartUpdate, or SmartBackup are not valid methods, as SmartBackup is a feature of SmartProvisioning that allows backing up and restoring the configuration of Security Gateways and VSX clusters4. SmartUpdate, SmartBackup, or SmartConsole are not valid methods, as SmartConsole is used to configure and manage the Security Policy, not to back up or restore the system. References: System Backup and Restore feature in Gaia, Check Point R81.10, INSTALLATION AND UPGRADE GUIDE R81.10, SmartProvisioning R81.10 Administration Guide, QUANTUM SECURITY MANAGEMENT R81

• Question 103:

  When changes are made to a Rule base, it is important to _______________ to enforce changes.

  A. Publish database

  B. Activate policy

  C. Install policy

  D. Save changes

  Correct Answer: A

  When changes are made to a Rule base, it is important to Publish database to enforce changes. Publishing database saves the changes to the database and makes them available to other administrators. Installing policy applies the changes to the Security Gateways. References: Check Point R81 Security Management Administration Guide, [Check Point R81 SmartConsole R81 Resolved Issues], [Check Point R81 Firewall Administration Guide]

• Question 104:

  What is the BEST method to deploy Identity Awareness for roaming users?

  A. Use Office Mode

  B. Use identity agents

  C. Share user identities between gateways

  D. Use captive portal

  Correct Answer: B

  The BEST method to deploy Identity Awareness for roaming users is to use identity agents, which are software components installed on endpoints that provide user and machine identity information to the Security Gateway. Identity agents are more secure and reliable than other methods, as they do not require network changes or user interaction. Office Mode, sharing user identities between gateways, and using captive portal are not methods to deploy Identity Awareness, but rather features or options that can be used with Identity Awareness. References: Identity Awareness Reference Architecture and Best Practices, Identity Awareness PDP Broker, Identity Awareness Datasheet

• Question 105:

  Using R80 Smart Console, what does a "pencil icon" in a rule mean?

  A. I have changed this rule

  B. Someone else has changed this rule

  C. This rule is managed by check point's SOC

  D. This rule can't be changed as it's an implied rule

  Correct Answer: A

  The correct answer is A because a pencil icon in a rule means that you have changed this rule. The pencil icon indicates that the rule has been modified but not published yet. You can hover over the pencil icon to see who made the change and when. The other options are not related to the pencil icon. References: Check Point Learning and Training Frequently Asked Questions (FAQs)

• Question 106:

  When connected to the Check Point R80 Management Server using the SmartConsole the first administrator to connect has a lock on:

  A. Only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.

  B. The entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.

  C. The entire Management Database and all sessions and other administrators can connect only as Read-only.

  D. Only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.

  Correct Answer: D

  The answer is D because in R80 and above, the first administrator to connect to the Management Server using SmartConsole gets a lock on only the objects being modified in his session of the Management Database. Other administrators can connect to make changes using different sessions, but they cannot modify the same objects as the first administrator until he publishes his changes. This is called concurrent administration and it allows multiple administrators to work on the same policy package simultaneously References: Check Point R80.10 Concurrent Administration, Check Point R80.40 Security Management Administration Guide

• Question 107:

  Choose what BEST describes users on Gaia Platform.

  A. There are two default users and neither can be deleted.

  B. There are two default users and one cannot be deleted.

  C. There is one default user that can be deleted.

  D. There is one default user that cannot be deleted.

  Correct Answer: A

  There are two default users on Gaia Platform and neither can be deleted. The two default users are admin and monitor. The admin user has full access to the Gaia configuration and management tools, such as CLI and WebUI. The monitor user has read- only access to the Gaia configuration and management tools, and can only view the system status and settings. These two users cannot be deleted, but their passwords can be changed.References: [Gaia Administration Guide], [Gaia Overview]

• Question 108:

  What object type would you use to grant network access to an LDAP user group?

  A. Access Role

  B. User Group

  C. SmartDirectory Group

  D. Group Template

  Correct Answer: B

  The Access Role object type is used to grant network access to an LDAP user group. It defines a set of users and machines that can access a specific network resource References: Access Role, LDAP User Group

• Question 109:

  To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data?

  A. Cache the data to speed up its own function.

  B. Share the data to the ThreatCloud for use by other Threat Prevention blades.

  C. Log the traffic for Administrator viewing.

  D. Delete the data to ensure an analysis of the data is done each time.

  Correct Answer: B

  To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does share the data to the ThreatCloud for use by other Threat Prevention blades. The ThreatCloud is a collaborative network and cloud- driven knowledge base that delivers real-time dynamic security intelligence to security gateways. The Threat Prevention gateway can send and receive updates from the ThreatCloud about new threats and malicious data signatures. References: [Check Point R81 Threat Prevention Administration Guide]

• Question 110:

  How would you determine the software version from the CLI?

  A. fw ver

  B. fw stat

  C. fw monitor

  D. cpinfo

  Correct Answer: A

  The command that can be used to determine the software version from the CLI is fw ver. This command displays the version of the firewall module and the build number . fw stat, fw monitor, and cpinfo are not commands for software version identification. References: Check Point R81 Command Line Interface