What needs to be configured if the NAT property `Translate destination on client side' is not enabled in Global properties?
A. A host route to route to the destination IP
B. Use the file local.arp to add the ARP entries for NAT to work
C. Nothing, the Gateway takes care of all details necessary
D. Enabling `Allow bi-directional NAT' for NAT to work correctly
Correct Answer: C
If the NAT property `Translate destination on client side' is not enabled in Global properties, nothing needs to be configured on the client side, because the Gateway takes care of all details necessary. The Gateway translates the destination IP address before sending the packet to the client, so the client does not need to know about the NAT rule or add any host route or ARP entry. References: Check Point Security Engineering Study Guide, p. 136-137
Question 22:
In which scenario is it a valid option to transfer a license from one hardware device to another?
A. From a 4400 Appliance to a 2200 Appliance
B. From a 4400 Appliance to an HP Open Server
C. From an IBM Open Server to an HP Open Server
D. From an IBM Open Server to a 2200 Appliance
Correct Answer: A
The scenario where it is a valid option to transfer a license from one hardware device to another is from a 4400 Appliance to a 2200 Appliance. This is because both appliances are Check Point products and have the same license type (Central License). You can transfer a license from one hardware device to another if they have the same license type and vendor. Therefore, the correct answer is A. From a 4400 Appliance to a 2200 Appliance.
Question 23:
Which application is used for the central management and deployment of licenses and packages?
A. SmartProvisioning
B. SmartLicense
C. SmartUpdate
D. Deployment Agent
Correct Answer: C
SmartUpdate is the application that is used for the central management and deployment of licenses and packages. SmartUpdate allows administrators to manage licenses, software updates, and hotfixes for multiple Security Gateways and cluster members from one central location. SmartProvisioning is an application that enables centralized management of network devices. SmartLicense is a feature that simplifies license management by using a cloud-based portal. Deployment Agent is a component that enables automatic deployment of software packages.
Question 24:
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ___________.
A. Captive Portal and Transparent Kerberos Authentication
B. UserCheck
C. User Directory
D. Captive Portal
Correct Answer: A
Browser-based Authentication sends users to a web page to acquire identities using Captive Portal and Transparent Kerberos Authentication. Captive Portal is a web page that prompts users to enter their credentials. Transparent Kerberos Authentication is a method that automatically authenticates users who have a valid Kerberos ticket from the Active Directory domain controller. UserCheck is a feature that allows users to interact with the security policy, not a method of authentication. User Directory is a component that integrates with external user databases, not a web page for authentication. Captive Portal alone is not enough to fill in the blank, as it is only one of the methods used by Browser-based Authentication.
Question 25:
Fill in the blanks: A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.
A. Formal; corporate
B. Local; formal
C. Local; central
D. Central; local
Correct Answer: D
A central license is automatically attached to a Security Gateway when it is installed. A local license requires an administrator to designate a gateway for attachment, p. 8.
Question 26:
What two ordered layers make up the Access Control Policy Layer?
A. URL Filtering and Network
B. Network and Threat Prevention
C. Application Control and URL Filtering
D. Network and Application Control
Correct Answer: B
The two ordered layers that make up the Access Control Policy Layer are Network and Threat Prevention. Network layer contains rules that define how traffic is inspected and handled by the Security Gateway. Threat Prevention layer contains rules that define how traffic is inspected by the Threat Prevention Software Blades References: Check Point R81 Security Management Administration Guide
Question 27:
Which Check Point software blade provides Application Security and identity control?
A. Identity Awareness
B. Data Loss Prevention
C. URL Filtering
D. Application Control
Correct Answer: D
The Check Point software blade that provides Application Security and identity control is Application Control . Application Control enables network administrators to identify, allow, block, or limit usage of thousands of applications and millions of websites. Therefore, the correct answer is D. Application Control
Question 28:
There are four policy types available for each policy package. What are those policy types?
A. Access Control, Threat Prevention, Mobile Access and HTTPS Inspection
B. Access Control, Custom Threat Prevention, Autonomous Threat Prevention and HTTPS Inspection
C. There are only three policy types: Access Control, Threat Prevention and NAT.
D. Access Control, Threat Prevention, NAT and HTTPS Inspection
Correct Answer: D
The four policy types available for each policy package are Access Control, Threat Prevention, NAT, and HTTPS Inspection. Access Control is the policy type that defines the basic firewall rules. Threat Prevention is the policy type that enables the protection against various types of attacks, such as IPS, Anti-Virus, Anti-Bot, etc. NAT is the policy type that defines the network address translation rules. HTTPS Inspection is the policy type that allows the inspection of encrypted traffic. The other options are not valid policy types for each policy package.
Question 29:
Fill in the blanks: Default port numbers for an LDAP server is ______ for standard connections and _______ SSL connections.
A. 675, 389
B. 389, 636
C. 636, 290
D. 290, 675
Correct Answer: B
The default port numbers for an LDAP server are 389 for standard connections and 636 for SSL connections. LDAP (Lightweight Directory Access Protocol) is a protocol that allows access to directory services over TCP/IP. Therefore, the correct answer is B. 389, 636.
Question 30:
Which Check Point supported authentication scheme typically requires a user to possess a token?
A. RADIUS
B. Check Point password
C. TACACS
D. SecurlD
Correct Answer: D
SecurID is a Check Point supported authentication scheme that typically requires a user to possess a token. A token is a physical device that generates a one-time password that changes periodically. The user must enter the password along with their username to authenticate. References: Remote Access VPN R81.20 Administration Guide, page 30.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.