CheckPoint Checkpoint Certifications 156-215.81 Questions & Answers

• Question 391:

  What are the three components for Check Point Capsule?

  A. Capsule Docs, Capsule Cloud, Capsule Connect

  B. Capsule Workspace, Capsule Cloud, Capsule Connect

  C. Capsule Workspace, Capsule Docs, Capsule Connect

  D. Capsule Workspace, Capsule Docs, Capsule Cloud

  Correct Answer: D

  The three components for Check Point Capsule are Capsule Workspace, Capsule Docs, and Capsule Cloud. Capsule Workspace provides a secure container on the mobile device that isolates business data and applications from personal data and applications2. Capsule Docs protects business documents everywhere they go with encryption and access control. Capsule Cloud provides cloud-based security services to protect mobile users from threats. References: Check Point Capsule, Check Point Capsule Workspace, Mobile Secure Workspace with Capsule

• Question 392:

  R80.10 management server can manage gateways with which versions installed?

  A. Versions R77 and higher

  B. Versions R76 and higher

  C. Versions R75.20 and higher

  D. Version R75 and higher

  Correct Answer: B

  The R80.10 management server can manage gateways with versions R76 and higher. Versions lower than R76 are not supported by the R80.10 management server. References: Check Point R80.10 Release Notes, Free Check Point CCSA Sample Questions and Study Guide

• Question 393:

  In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?

  A. Logging and Monitoring

  B. None - the data is available by default

  C. Monitoring Blade

  D. SNMP

  Correct Answer: C

  In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, the Monitoring Blade feature needs to be enabled on the Security Gateway. The Monitoring Blade is a software blade that collects and

  displays network and security performance data from the Security Gateway, such as traffic, throughput, connections, CPU usage, memory usage, etc. The Monitoring Blade can be enabled or disabled on each Security Gateway from the

  SmartConsole.

  References:[Monitoring Blade], [SmartView Monitor]

• Question 394:

  Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.

  

  What is the possible explanation for this?

  A. DNS Rule is using one of the new feature of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important.

  B. Another administrator is logged into the Management and currently editing the DNS Rule.

  C. DNS Rule is a placeholder rule for a rule that existed in the past but was deleted.

  D. This is normal behavior in R80 when there are duplicate rules in the Rule Base.

  Correct Answer: B

  The padlock sign next to the DNS rule in the Rule Base indicates that another administrator is logged into the Management and currently editing the DNS Rule. This is a feature of R80 that allows multiple administrators to work on the same policy simultaneously. The padlock sign prevents other administrators from modifying the same rule until the editing administrator publishes or discards the changes. The other options are not valid explanations for the padlock sign. References: 156-215.80:Check Point Certified Security Administrator (CCSA R80) : Part 19, Multi-User Policy Editing

• Question 395:

  What is the purpose of the Stealth Rule?

  A. To prevent users from directly connecting to a Security Gateway.

  B. To reduce the number of rules in the database.

  C. To reduce the amount of logs for performance issues.

  D. To hide the gateway from the Internet.

  Correct Answer: A

  The Stealth Rule is used to prevent users from directly connecting to a Security Gateway. It is usually placed at the top of the rule base, before any other rule that allows traffic to the Security Gateway, p. 32

• Question 396:

  What is the purpose of a Stealth Rule?

  A. A rule used to hide a server's IP address from the outside world.

  B. A rule that allows administrators to access SmartDashboard from any device.

  C. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.

  D. A rule at the end of your policy to drop any traffic that is not explicitly allowed.

  Correct Answer: C

  The purpose of a Stealth Rule is to drop any traffic destined for the firewall that is not otherwise explicitly allowed p. 32. A Stealth Rule is usually placed at the top of the rule base, before any other rule that allows traffic to the Security Gateway, p. 13. A Stealth Rule is not used to hide a server's IP address, to allow administrators to access SmartDashboard, or to drop any traffic that is not explicitly allowed. 156-315.81 Checkpoint Exam Info and Free Practice Test

• Question 397:

  What are the steps to configure the HTTPS Inspection Policy?

  A. Go to ManageandSettings > Blades > HTTPS Inspection > Configure in SmartDashboard

  B. Go to Applicationandurl filtering blade > Advanced > Https Inspection > Policy

  C. Go to ManageandSettings > Blades > HTTPS Inspection > Policy

  D. Go to Applicationandurl filtering blade > Https Inspection > Policy

  Correct Answer: C

  The steps to configure the HTTPS Inspection Policy are as follows:

  Go to Manage and Settings > Blades > HTTPS Inspection > Policy. Click on New HTTPS Inspection Rule or select an existing rule and click on Edit Rule.

  Define the Source, Destination, and Action for the rule. The action can be either Inspect, Bypass, or Ask.

  Click on OK and then on Install Policy to apply the changes

• Question 398:

  Which of the following describes how Threat Extraction functions?

  A. Detect threats and provides a detailed report of discovered threats

  B. Proactively detects threats

  C. Delivers file with original content

  D. Delivers PDF versions of original files with active content removed

  Correct Answer: D

  Threat Extraction delivers PDF versions of original files with active content removed, such as macros, embedded objects, and scripts. This ensures that users receive clean and safe files in seconds. References: Check Point SandBlast Zero-Day Protection, Check Point Threat Extraction

• Question 399:

  What is the best sync method in the ClusterXL deployment?

  A. Use 1 cluster + 1st sync

  B. Use 1 dedicated sync interface

  C. Use 3 clusters + 1st sync + 2nd sync + 3rd sync

  D. Use 2 clusters + 1st sync + 2nd sync

  Correct Answer: B

  The best sync method in the ClusterXL deployment is to use one dedicated sync interface. This method provides optimal performance and reliability for synchronization traffic. Using multiple sync interfaces is not recommended as it increases CPU load and does not provide 100% sync redundancy. Using multiple clusters is not a sync method, but a cluster topology. References: Sync Redundancy in ClusterXL, Best Practice for HA sync interface

• Question 400:

  Aggressive Mode in IKEv1 uses how many packages for negotiation?

  A. 6

  B. 3

  C. depends on the make of the peer gateway

  D. 5

  Correct Answer: B

  Aggressive Mode in IKEv1 uses three packets for negotiation, with all data required for the SA passed by the initiator. The responder sends the proposal, key material, and ID, and authenticates the session in the next packet. The initiator

  replies and authenticates the session.

  The other answers are not correct because they either refer to the Main Mode in IKEv1, which uses six packets for negotiation, or they are irrelevant to the number of packets used in Aggressive Mode.

  Understand IPsec IKEv1 Protocol - Cisco

  Negotiation modes for phase 1 - IBM

  FAQ-What are the differences between IKEv1 and IKEv2- Huawei