Which of the following is NOT a component of Check Point Capsule?
A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace
Correct Answer: C
The components of Check Point Capsule are Capsule Docs, Capsule Cloud, and Capsule Workspace. There is no Capsule Enterprise component. Capsule Docs protects business documents everywhere they go. Capsule Cloud protects mobile users outside the enterprise security perimeter. Capsule Workspace creates a secure business environment on mobile devices. References: Check Point Capsule Datasheet, Check Point Capsule Workspace Datasheet, Mobile Secure Workspace with Capsule
Question 352:
When should you generate new licenses?
A. Before installing contract files.
B. After a device upgrade.
C. When the existing license expires, license is upgraded or the IP-address associated with the license changes.
D. Only when the license is upgraded.
Correct Answer: C
You should generate new licenses when the existing license expires, the license is upgraded, or the IP address associated with the license changes. These situations invalidate the current license and require a new one to be obtained from the Check Point User Center and installed on the Security Management Server or Security Gateway. Installing contract files or upgrading devices do not affect the validity of the license References: Check Point R81, Managing and Installing license via SmartUpdate
Question 353:
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself.
B. SmartConsole
C. SecureClient
D. SmartEvent
Correct Answer: A
When doing a Stand-Alone Installation, you would install the Security Management Server with none of the other Check Point architecture components. A Stand- Alone Installation is a type of installation that combines the Security Management Server and the Security Gateway on one computer or appliance, p. 14. SmartConsole, SecureClient, and SmartEvent are not Check Point architecture components, but software applications that can be installed separately.
Question 354:
Which of the following is NOT a valid configuration screen of an Access Role Object?
A. Users
B. Networks
C. Time
D. Machines
Correct Answer: C
An Access Role Object has four configuration screens: Users, Machines, Networks, and Identity Tags, p. 27. Time is not a valid configuration screen of an Access Role Object.
Question 355:
Which of the following statements about Site-to-Site VPN Domain-based is NOT true?
A. Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.
B. Domain-based-- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.
C. Domain-based-- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.
D. Domain-based-- VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.
Correct Answer: B
Domain-based-- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway. This statement is not true because a VPN domain is not a service or user, but a host or network that can send or receive VPN traffic through a VPN Gateway. This is the definition given in the Site to Site VPN R81 Administration Guide. The other statements are true according to the same guide. Remote Access VPN R81.20 Administration Guide Site to Site VPN R81 Administration Guide DeepDive Webinar - R81.20 Seamless VPN Connection to Public Cloud
Question 356:
In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule?
A. "Inspect", "Bypass"
B. "Inspect", "Bypass", "Categorize"
C. "Inspect", "Bypass", "Block"
D. "Detect", "Bypass"
Correct Answer: A
The actions available in the "Actions" column of a rule in HTTPS Inspection policy are "Inspect" and "Bypass". "Inspect" means that the HTTPS traffic will be decrypted and inspected according to the Access Control policy. "Bypass" means that the HTTPS traffic will not be decrypted and will be allowed without inspection. The other options are not valid actions for HTTPS Inspection policy.
Question 357:
Which of the following are types of VPN communities?
A. Pentagon, star, and combination
B. Star, octagon, and combination
C. Combined and star
D. Meshed, star, and combination
Correct Answer: D
The types of VPN communities are Meshed, Star, and Combination. A Meshed community is a group of Security Gateways that have VPN connections between every pair of members. A Star community has one Security Gateway as the
center and other Security Gateways or hosts as satellites. A Combination community is a group of Meshed and Star communities.
References: [Check Point R81 Site-to-Site VPN Administration Guide]
Question 358:
How many users can have read/write access in Gaia Operating System at one time?
A. One
B. Three
C. Two
D. Infinite
Correct Answer: A
Only one user can have read/write access in Gaia Operating System at one time. This is to prevent conflicts and errors when multiple users try to modify the same configuration settings. References: Check Point Gaia Administration Guide
Question 359:
Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?
A. Kerberos Ticket Renewed
B. Kerberos Ticket Requested
C. Account Logon
D. Kerberos Ticket Timed Out
Correct Answer: D
The Windows Security Event that will NOT map a username to an IP address in Identity Awareness is Kerberos Ticket Timed Out. This event occurs when a Kerberos ticket expires and is not renewed, which means that the user is no longer
active on the network. Identity Awareness does not use this event to map a username to an IP address, as it does not indicate a valid user session. The other events are used by Identity Awareness to map a username to an IP address, as
they indicate a successful user authentication or activity on the network.
References: [Kerberos Ticket Expiration and Renewal], [Identity Awareness AD Query]
Question 360:
When using Monitored circuit VRRP, what is a priority delta?
A. When an interface fails the priority changes to the priority delta
B. When an interface fails the delta claims the priority
C. When an interface fails the priority delta is subtracted from the priority
D. When an interface fails the priority delta decides if the other interfaces takes over
Correct Answer: C
When using Monitored circuit VRRP, the priority delta is the value that is subtracted from the priority of a cluster member when one of its monitored interfaces fails. For example, if the priority of a cluster member is 100 and the priority delta is 10, then when one of its monitored interfaces fails, its priority becomes 90. References: Check Point R81 ClusterXL Administration Guide
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.