Which is a main component of the Check Point security management architecture?
A. Identity Collector
B. Endpoint VPN client
C. SmartConsole
D. Proxy Server
Correct Answer: C
A main component of the Check Point security management architecture is SmartConsole. SmartConsole is a unified graphical user interface that allows administrators to manage multiple security functions such as firewall, VPN, IPS, application control, URL filtering, identity awareness, and more. SmartConsole connects to the Security Management Server and interacts with other Check Point components such as Security Gateways and Endpoint Security Servers. References: Check Point R81 Security Management Administration Guide
Question 362:
Access roles allow the firewall administrator to configure network access according to:
A. remote access clients.
B. a combination of computer or computer groups and networks.
C. users and user groups.
D. All of the above.
Correct Answer: D
Access roles allow the firewall administrator to configure network access according to remote access clients, a combination of computer or computer groups and networks, and users and user groups. Therefore, the correct answer is D.
Question 363:
Which command shows the installed licenses?
A. cplic print
B. print cplic
C. fwlic print
D. show licenses
Correct Answer: A
The command that shows the installed licenses is cplic print. This command displays the license information on a Check Point server or Security Gateway. It shows the license type, expiration date, attached blades, etc. The other options are incorrect. print cplic is not a valid command. fwlic print is not a valid command. show licenses is not a valid command. References: [How to check license status on SecurePlatform / Gaia from CLI]
Question 364:
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?
A. Firewall
B. Application Control
C. Anti-spam and Email Security
D. Anti-Virus
Correct Answer: D
Anti-Virus is the Check Point software blade that prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud. Anti-Virus scans files and email attachments for viruses, worms, trojans, and other types of malware. It also uses ThreatCloud, a collaborative network that delivers real- time dynamic security intelligence, to detect unknown malware based on their behavior. Firewall is a software blade that enforces security policy by inspecting and controlling network traffic. Application Control is a software blade that enables administrators to control access to web applications. Anti-spam and Email Security is a software blade that protects email infrastructure from spam, phishing, and malware attacks.
Question 365:
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file and takes more than 3 minutes to complete
B. Threat Extraction always delivers a file and takes less than a second to complete
C. Threat Emulation never delivers a file that takes less than a second to complete
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete
Correct Answer: B
The correct answer is B because Threat Extraction always delivers a file and takes less than a second to complete. Threat Extraction removes exploitable content from files and delivers a clean and safe file to the user. Threat Emulation analyzes files in a sandbox environment and delivers a verdict of malicious or benign. Threat Emulation can take more than 3 minutes to complete depending on the file size and complexity. References: Check Point R81 Threat Prevention Administration Guide
Question 366:
Check Point ClusterXL Active/Active deployment is used when:
A. Only when there is Multicast solution set up
B. There is Load Sharing solution set up
C. Only when there is Unicast solution set up
D. There is High Availability solution set up
Correct Answer: B
Check Point ClusterXL Active/Active deployment is used when there is Load Sharing solution set up. Load Sharing enables multiple Security Gateways to share traffic and provide high availability. References: Check Point R81, Check Point R81 ClusterXL Administration Guide
Question 367:
When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?
A. Stateful Inspection offers unlimited connections because of virtual memory usage.
B. Stateful Inspection offers no benefits over Packet Filtering.
C. Stateful Inspection does not use memory to record the protocol used by the connection.
D. Only one rule is required for each connection.
Correct Answer: D
Stateful Inspection is a firewall technology that inspects both the header and the payload of each packet and keeps track of the state and context of each connection. Packet Filtering is a firewall technology that inspects only the header of each packet and does not keep track of the state or context of each connection. A benefit that Stateful Inspection offers over Packet Filtering is that only one rule is required for each connection, whereas Packet Filtering requires two rules for each connection (one for each direction). Stateful Inspection also offers other benefits over Packet Filtering, such as enhanced security, performance, and flexibility. Stateful Inspection does not offer unlimited connections because of virtual memory usage, nor does it avoid using memory to record the protocol used by the connection.References: [Stateful Inspection], [Packet Filtering], [Firewall Technologies]
Question 368:
Which one of the following is TRUE?
A. Ordered policy is a sub-policy within another policy
B. One policy can be either inline or ordered, but not both
C. Inline layer can be defined as a rule action
D. Pre-R80 Gateways do not support ordered layers
Correct Answer: C
The answer is C because inline layer can be defined as a rule action in a policy layer. Inline layer is a sub-policy that contains additional rules that are applied only if the parent rule matches. Ordered layer is a policy layer that contains rules that are applied in order, from top to bottom. One policy can be either inline or ordered, but not both. Pre-R80 Gateways do support ordered layers, but not inline layers
References: Check Point R81 Policy Layers and Sub-Policies, [Check Point R81 Security Gateway Administration Guide]
Question 369:
What is a reason for manual creation of a NAT rule?
A. In R80 all Network Address Translation is done automatically and there is no need for manually defined NAT-rules.
B. Network Address Translation of RFC1918-compliant networks is needed to access the Internet.
C. Network Address Translation is desired for some services, but not for others.
D. The public IP-address is different from the gateway's external IP
Correct Answer: D
A reason for manual creation of a NAT rule is when the public IP-address is different from the gateway's external IP. This can happen when the gateway is behind another NAT device or firewall . References: Check Point R81 Security Gateway Administration Guide,
Question 370:
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
A. NAT
B. Firewall
C. Global Properties
D. Object Explorer
Correct Answer: C
The position of an implied rule is manipulated in the Global Properties window. Implied rules are predefined rules that are not displayed in the rule base. They allow or block traffic for essential services such as communication with Check Point servers, logging, and VPN traffic. The position of an implied rule can be changed in the Global Properties > Firewall > Implied Rules section. References: How to view Implied Rules in R80.x / R81.x SmartConsole, Implied Rules
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.