Which of the following is NOT a valid deployment option for R80?
A. All-in-one (stand-alone)
B. CloudGuard
C. Distributed
D. Bridge Mode
Correct Answer: B
CloudGuard is not a valid deployment option for R80. CloudGuard is a product name for Check Point's cloud security solutions, not a deployment mode. The valid deployment options for R80 are all-in-one (stand-alone), distributed, and bridge mode. In an all-in-one deployment, the Security Management Server and Security Gateway are installed on the same machine. In a distributed deployment, the Security Management Server and Security Gateway are installed on separate machines. In a bridge mode deployment, the Security Gateway acts as a transparent bridge between two network segments and does not have an IP address of its own
Log query results can be exported to what file format?
A. Word Document (docx)
B. Comma Separated Value (csv)
C. Portable Document Format (pdf)
D. Text (txt)
Correct Answer: B
Log query results can be exported to Comma Separated Value (csv) file format. CSV is a file format that stores tabular data in plain text. It is compatible with various applications, such as Excel, Google Sheets, etc. The other options are not
valid file formats for exporting log query results.
References:
1: Gaia Roles
2: Gaia Default Users
3: Anti-Virus : [Exporting Logs]
Question 333:
When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take?
A. SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.
B. The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall.
C. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command 'sam block' must be used with the right parameters.
D. The administrator should open the LOGS and MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.
Correct Answer: A
When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, the administrator needs to take the following action: SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required. SAM stands for Suspicious Activity Monitoring and is a feature that allows administrators to block or limit connections from specific sources or destinations without modifying the security policy. SAM rules can be created from SmartView Monitor or SmartEvent based on real-time network activity or security events. References: [Check Point R81 SmartView Monitor Administration Guide]
Question 334:
Which option in a firewall rule would only match and allow traffic to VPN gateways for one Community in common?
A. All Connections (Clear or Encrypted)
B. Accept all encrypted traffic
C. Specific VPN Communities
D. All Site-to-Site VPN Communities
Correct Answer: C
Specific VPN Communities is the option that would only match and allow traffic to VPN gateways for one Community in common. This option allows you to define a specific VPN community that includes the VPN gateways that are allowed to communicate with each other. The other options are either too broad or too narrow for this scenario. References: [Site to Site VPN in R80.x - Tutorial for Beginners]
Question 335:
Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?
A. Data Loss Prevention
B. Antivirus
C. Application Control D. NAT
Correct Answer: D
Bridge Mode is a deployment option for Check Point Security Gateway that allows it to act as a transparent bridge between two network segments, without changing the IP addressing scheme. Bridge Mode supports most of the security features, such as Data Loss Prevention, Antivirus, Application Control, etc. However, Bridge Mode does not support NAT, because NAT requires modifying the IP addresses or ports of the packets, which contradicts the transparent nature of Bridge Mode.
References: Check Point R81 Security Gateway Technical Administration Guide
Question 336:
In SmartEvent, a correlation unit (CU) is used to do what?
A. Collect security gateway logs, Index the logs and then compress the logs.
B. Receive firewall and other software blade logs in a region and forward them to the primary log server.
C. Analyze log entries and identify events.
D. Send SAM block rules to the firewalls during a DOS attack.
Correct Answer: C
A correlation unit (CU) is a component of SmartEvent that analyzes log entries on log servers and identifies events based on predefined or custom rules. A CU receives logs from one or more log servers and forwards them to the SmartEvent server, where they are stored in the events database
Question 337:
Which of the following commands is used to monitor cluster members?
A. cphaprob state
B. cphaprob status
C. cphaprob
D. cluster state
Correct Answer: A
Question 338:
With URL Filtering, what portion of the traffic is sent to the Check Point Online Web Service for analysis?
A. The complete communication is sent for inspection.
B. The IP address of the source machine.
C. The end user credentials.
D. The host portion of the URL.
Correct Answer: D
With URL Filtering, only the host portion of the URL is sent to the Check Point Online Web Service for analysis. The host portion is the part of the URL that identifies the web server, such as www.example.com. The Check Point Online Web Service uses this information to categorize the URL and return the appropriate action to the Security Gateway. The other options are not sent to the Check Point Online Web Service for analysis, as they may contain sensitive or irrelevant data.
Question 339:
Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1?
A. src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop
B. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop
C. 192.168.1.1 AND 172.26.1.1 AND drop
D. 192.168.1.1 OR 172.26.1.1 AND action:Drop
Correct Answer: B
src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop is the correct log query to show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1. The AND operator means that all conditions must be true for the query to match. The OR operator means that any condition can be true for the query to match. The other queries will either show packets that are not dropped or packets that have different source or destination addresses.
Question 340:
A SAM rule Is implemented to provide what function or benefit?
A. Allow security audits.
B. Handle traffic as defined in the policy.
C. Monitor sequence activity.
D. Block suspicious activity.
Correct Answer: D
A SAM (Suspicious Activity Monitoring) rule is implemented to provide the function or benefit of blocking suspicious activity. A SAM rule is a rule that defines an action to be taken by the firewall when it detects a suspicious activity, such as an
attack, a scan, or a policy violation. The action can be blocking, dropping, rejecting, or logging the traffic that triggered the suspicious activity. A SAM rule can be created manually or automatically by other security features, such as IPS, Anti-
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.