AdminA and AdminB are both logged in on SmartConsole What does it mean if AdmmB sees a lock icon on a rule? Choose the BEST answer.
A. Rule is locked by AdminA and will be made available if the session is published
B. Rule is locked by AdminA because the rule is currently being edited
C. Rule is locked by AdminA and if the session is saved, the rule will be made available
D. Rule is locked by AdminA because the save button has not been pressed
Correct Answer: A
If AdminB sees a lock icon on a rule, it means that the rule is locked by AdminA and will be made available if the session is published. A session is a set of changes made by an administrator in SmartConsole. A session can be published to
save and share the changes with other administrators, or discarded to cancel the changes and unlock the objects.
References:
Check Point R81 Security Management Administration Guide, page 18.
Question 342:
You have discovered suspicious activity in your network. What is the BEST immediate action to take?
A. Create a policy rule to block the traffic.
B. Create a suspicious action rule to block that traffic.
C. Wait until traffic has been identified before making any changes.
D. Contact ISP to block the traffic.
Correct Answer: B
The BEST immediate action to take when you have discovered suspicious activity in your network is to create a suspicious action rule to block that traffic. A suspicious action rule is a special type of rule that is triggered when a predefined condition is met, such as a malicious file download, a ransomware attack, or a data exfiltration attempt. A suspicious action rule can block the traffic, quarantine the source, or send an alert to the administrator. Creating a policy rule to block the traffic may not be effective if the traffic does not match the rule criteria or if the policy installation is delayed. Waiting until traffic has been identified before making any changes may allow the threat to spread or cause more damage. Contacting ISP to block the traffic may not be feasible or timely, and may also affect legitimate traffic. References: Check Point R81 Security Gateway Technical Administration Guide
Question 343:
What is true about the IPS-Blade?
A. in R80, IPS is managed by the Threat Prevention Policy
B. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. in R80, IPS Exceptions cannot be attached to "all rules"
D. in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Correct Answer: A
In R80, IPS is managed by the Threat Prevention Policy. The Threat Prevention Policy defines how to protect the network from malicious traffic using IPS, Anti-Bot, Anti-Virus, and Threat Emulation software blades. The IPS layer in the Threat Prevention Policy allows configuring IPS protections and actions for different network segments. The other options are not true about the IPS-Blade. References: Check Point IPS Datasheet, Check Point IPS Software Blade, Quantum Intrusion Prevention System (IPS)
Question 344:
What Identity Agent allows packet tagging and computer authentication?
A. Endpoint Security Client
B. Full Agent
C. Light Agent
D. System Agent
Correct Answer: B
The Full Identity Agent allows packet tagging and computer authentication. Packet tagging is a feature that enables the Security Gateway to identify the source user and machine of each packet, regardless of NAT or routing. Computer authentication is a feature that enables the Security Gateway to authenticate machines that are not associated with any user, such as servers or unattended workstations. The other options are incorrect. Endpoint Security Client is not an Identity Agent, but a software that provides endpoint security features such as firewall, antivirus, VPN, etc. Light Agent is an Identity Agent that does not require installation and runs on a web browser, but it does not support packet tagging or computer authentication. System Agent is not an Identity Agent, but a software that provides system information and health monitoring for endpoints. References: Check Point Identity Agent for Microsoft Windows 10
Question 345:
True or False: In R80, more than one administrator can login to the Security Management Server with write permission at the same time.
A. False, this feature has to be enabled in the Global Properties.
B. True, every administrator works in a session that is independent of the other administrators.
C. True, every administrator works on a different database that is independent of the other administrators.
D. False, only one administrator can login with write permission.
Correct Answer: B
The answer is B because in R80 and above, more than one administrator can login to the Security Management Server with write permission at the same time. Every administrator works in a session that is independent of the other administrators. This is called concurrent administration and it allows multiple administrators to work on the same policy package simultaneously
References: Check Point R80.10 Concurrent Administration, Check Point R80.40 Security Management Administration Guide
Question 346:
What is the most complete definition of the difference between the Install Policy button on the SmartConsole's tab, and the Install Policy within a specific policy?
A. The Global one also saves and published the session before installation.
B. The Global one can install multiple selected policies at the same time.
C. The local one does not install the Anti-Malware policy along with the Network policy.
D. The second one pre-select the installation for only the current policy and for the applicable gateways.
Correct Answer: D
The difference between the Install Policy button on the SmartConsole's tab and the Install Policy within a specific policy is that the former installs all the policies that are selected in the Install Policy window, while the latter pre-selects the installation for only the current policy and for the applicable gateways . The other options are not accurate differences. References: Installing Policies, []
Question 347:
Core Protections are installed as part of what Policy?
A. Access Control Policy.
B. Desktop Firewall Policy
C. Mobile Access Policy.
D. Threat Prevention Policy.
Correct Answer: D
Core Protections are installed as part of the Threat Prevention Policy. Core Protections are a set of IPS protections that are essential for securing your network against malicious traffic. The other policies do not include Core Protections.
References:
1: Check Point CLI Reference Card
2: Anti-Spoofing
3: SmartView Tracker 4: Core Protections
Question 348:
Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?
A. Manual NAT can offer more flexibility than Automatic NAT.
B. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation.
C. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading.
D. Automatic NAT can offer more flexibility than Manual NAT.
Correct Answer: A
Manual NAT can offer more flexibility than Automatic NAT because it allows the administrator to define the NAT rules in any order and position. Automatic NAT creates the NAT rules automatically and places them at the top or bottom of the NAT Rule Base. References: Check Point R81 Firewall Administration Guide, Check Point R81 Security Management Administration Guide
Question 349:
URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?
A. WebCheck
B. UserCheck
C. Harmony Endpoint
D. URL categorization
Correct Answer: B
URL Filtering employs a technology called UserCheck, which educates users on web usage policy in real time. UserCheck is a feature that allows the firewall to interact with the users and inform them about the web usage policy and its violations. UserCheck can also allow users to request access to blocked websites or report false positives. UserCheck helps users understand and comply with the web usage policy and reduces the workload of the administrators.
Question 350:
Fill in the blank: Service blades must be attached to a ______________.
A. Security Gateway
B. Management container
C. Management server
D. Security Gateway container
Correct Answer: A
Service blades must be attached to a Security Gateway. A Security Gateway is a device that enforces security policies on traffic that passes through it. A service blade is a software module that provides a specific security function, such as firewall, VPN, IPS, etc. A Security Gateway can have one or more service blades attached to it, depending on the license and hardware capabilities. The other options are incorrect. A management container is a virtualized environment that hosts a Security Management Server or a Log Server. A management server is a device that manages security policies and distributes them to Security Gateways. A Security Gateway container is not a valid term in Check Point terminology. References: [Check Point R81 Security Management Administration Guide], [Check Point R81 CloudGuard Administration Guide]
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.