How are the backups stored in Check Point appliances?
A. Saved as*.tar under /var/log/CPbackup/backups
B. Saved as*tgz under /var/CPbackup
C. Saved as*tar under /var/CPbackup
D. Saved as*tgz under /var/log/CPbackup/backups
Correct Answer: B
The backups are stored in Check Point appliances as *.tgz files under /var/CPbackup. This is the default location for backup files created by the backup command. Therefore, the correct answer is B. Saved as *.tgz under /var/CPbackup
Question 32:
When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, what does that indicate?
A. The gateway is not powered on.
B. Incorrect routing to reach the gateway.
C. The Admin would need to login to Read-Only mode
D. Another Admin has made an edit to that object and has yet to publish the change.
Correct Answer: D
When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, it indicates that another Admin has made an edit to that object and has yet to publish the change. SmartConsole supports concurrent administration, which means that multiple Admins can work on the same security policy at the same time. However, when one Admin edits an object, such as a gateway, a rule, or a network, that object is locked for other Admins until the change is published or discarded. The lock icon shows which objects are being edited by other Admins and prevents conflicts or overwrites. The gateway being powered off, incorrect routing to reach the gateway, or logging in to Read-Only mode do not cause the lock icon to appear.References: [Concurrent Administration], [SmartConsole Overview]
Question 33:
In which deployment is the security management server and Security Gateway installed on the same appliance?
A. Standalone
B. Remote
C. Distributed
D. Bridge Mode
Correct Answer: A
A standalone deployment is when the security management server and Security Gateway are installed on the same appliance. This is suitable for small or branch office environments
Question 34:
Fill in the blank: By default, the SIC certificates issued by R80 Management Server are based on the ____________ algorithm.
A. SHA-256
B. SHA-200
C. MD5
D. SHA-128
Correct Answer: A
By default, the SIC certificates issued by R80 Management Server are based on the SHA- 256 algorithm. SHA-256 is a secure hash algorithm that produces a 256-bit digest. SHA-200, MD5, and SHA-128 are not valid algorithms for SIC certificates. References: SHA-1 and SHA-256 certificates in Check Point Internal CA (ICA)
Question 35:
Choose what BEST describes the reason why querying logs now are very fast.
A. The amount of logs being stored is less than previous versions.
B. New Smart-1 appliances double the physical memory install.
C. Indexing Engine indexes logs for faster search results.
D. SmartConsole now queries results directly from the Security Gateway.
Correct Answer: C
The reason why querying logs now are very fast is that Indexing Engine indexes logs for faster search results. Indexing Engine is a component of R81 Management that creates and maintains an index of log data, which enables quick and
efficient log searches4. The other options are not related to the speed of log querying. The amount of logs being stored may vary depending on the log retention settings. New Smart-1 appliances may have improved hardware specifications,
but they do not affect the log querying process directly. SmartConsole queries results from the Security Management Server, not from the Security Gateway.
References:
1: HTTPS Inspection
2: Browser-Based Authentication
3: URL Filtering
4: Indexing Engine
Question 36:
You had setup the VPN Community NPN-Stores' with 3 gateways. There are some issues with one remote gateway(l .1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways?
A. action:"Key Install" AND 1.1.1.1 AND Quick Mode
B. Blade:"VPN"AND VPN-Stores AND Main Mode
C. action:"Key Install" AND 1.1.1.1 AND Main Mode
D. Blade:"VPN"AND VPN-Stores AND Quick Mode
Correct Answer: A
Question 37:
Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?
A. Formal
B. Central
C. Corporate
D. Local
Correct Answer: D
Check Point licenses are divided into two types: central and local. Central licenses are managed by a Security Management Server and can be attached to any Security Gateway managed by that server. Local licenses are tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address. Formal and corporate are not types of Check Point licenses. References: [Check Point R81 Licensing and Contract Administration Guide]
Question 38:
DLP and Geo Policy are examples of what type of Policy?
A. Inspection Policies
B. Shared Policies
C. Unified Policies
D. Standard Policies
Correct Answer: B
DLP and Geo Policy are examples of Shared Policies. Shared Policies are policies that can be shared with other policy packages to save time and effort when managing multiple gateways with similar security requirements. Shared Policies
can be applied to Access Control, Threat Prevention, and HTTPS Inspection layers. Other types of policies include Inspection Policies, Unified Policies, and Standard Policies. References:
[Check Point R81 Security Management Administration Guide], [Check Point R81 SmartConsole R81 Resolved Issues]
Question 39:
Using ClusterXL, what statement is true about the Sticky Decision Function?
A. Can only be changed for Load Sharing implementations
B. All connections are processed and synchronized by the pivot
C. Is configured using cpconfig
D. Is only relevant when using SecureXL
Correct Answer: A
The Sticky Decision Function (SDF) can only be changed for Load Sharing implementations, not for High Availability implementations. References: Check Point ClusterXL R81 Administration Guide
Question 40:
When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service?
A. The URL and server certificate are sent to the Check Point Online Web Service
B. The full URL, including page data, is sent to the Check Point Online Web Service
C. The host part of the URL is sent to the Check Point Online Web Service
D. The URL and IP address are sent to the Check Point Online Web Service
Correct Answer: C
When URL Filtering is set, only the host part of the URL is sent to the Check Point Online Web Service for analysis. The host part is the part of the URL that identifies the web server, such as www.example.com. The Check Point Online Web Service uses this information to categorize the URL and return the appropriate action to the Security Gateway. The other options are not sent to the Check Point Online Web Service for analysis, as they may contain sensitive or irrelevant data. References:
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.