In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT ________.
A. Upgrade the software version
B. Open WebUI
C. Open SSH
D. Open service request with Check Point Technical Support
Correct Answer: C
The function that can NOT be performed in the Unified SmartConsole Gateways and Servers tab is Open SSH. SSH is a secure shell protocol that allows remote access to a device via command line interface. The Unified SmartConsole does
not provide an option to open SSH from the Gateways and Servers tab, as it is not a graphical user interface. The other functions can be performed in the Unified SmartConsole Gateways and Servers tab, such as upgrading the software
version, opening WebUI, or opening service request with Check Point Technical Support.
What is the RFC number that act as a best practice guide for NAT?
A. RFC 1939
B. RFC 1950
C. RFC 1918
D. RFC 793
Correct Answer: C
The RFC number that acts as a best practice guide for NAT is RFC 1918. RFC 1918 defines a range of private IP addresses that are not globally routable and can be used for internal networks. NAT is a technique that maps these private IP
addresses to public IP addresses that can communicate with the Internet. RFC 1918 provides guidelines and recommendations for using NAT in different scenarios and environments.
SmartConsole provides a consolidated solution for everything that is necessary for the security of an organization, such as the following
A. Security Policy Management and Log Analysis
B. Security Policy Management. Log Analysis. System Health Monitoring. Multi-Domain Security Management.
C. Security Policy Management Log Analysis and System Health Monitoring
D. Security Policy Management. Threat Prevention rules. System Health Monitoring and Multi-Domain Security Management.
Correct Answer: A
SmartConsole provides a consolidated solution for everything that is necessary for the security of an organization, such as Security Policy Management and Log Analysis. Security Policy Management is the process of defining and enforcing rules that control the access and protection of network resources. Log Analysis is the process of collecting, analyzing, and reporting on log data that is generated by network devices and applications. SmartConsole is a unified graphical user interface that allows administrators to manage multiple security functions from a single console. The other options are not part of SmartConsole, but rather separate software blades or features that can be integrated with SmartConsole.
Question 54:
Which firewall daemon is responsible for the FW CLI commands?
A. fwd
B. fwm
C. cpm
D. cpd
Correct Answer: A
The correct answer is A because the fwd daemon is responsible for the FW CLI commands. The fwm daemon handles the communication between the Security Management server and the GUI clients. The cpm daemon handles the communication between the Security Management server and SmartConsole. The cpd daemon monitors the status of critical processes on the Security Gateway. References: Check Point Firewall Processes and Daemons
Question 55:
Fill in the blanks: In _____ NAT, Only the ________ is translated.
A. Static; source
B. Simple; source
C. Hide; destination
D. Hide; source
Correct Answer: D
In Hide NAT, only the source IP address is translated to a different IP address. This is used to hide a group of hosts behind a single IP address, usually the external interface of the Security Gateway. References: Check Point R81 Firewall Administration Guide
Question 56:
Fill in the blank: An identity server uses a ___________ for user authentication.
A. Shared secret
B. Certificate
C. One-time password
D. Token
Correct Answer: A
The answer is A because an identity server uses a shared secret for user authentication. A shared secret is a passphrase that is known by both the identity server and the user. The identity server sends a challenge to the user, who encrypts it with the shared secret and sends it back. The identity server then verifies the response and authenticates the user References: Check Point R81 Identity Awareness Administration Guide, Check Point R81 Identity Server
Question 57:
Most Check Point deployments use Gaia but which product deployment utilizes special Check Point code (with unification in R81.10)?
A. Enterprise Network Security Appliances
B. Rugged Appliances
C. Scalable Platforms
D. Small Business and Branch Office Appliances
Correct Answer: C
Most Check Point deployments use Gaia, which is a unified operating system for all Check Point appliances, open servers, and virtualized gateways. However, some product deployments utilize special Check Point code, such as Scalable Platforms (formerly known as Maestro), which are high-performance security gateways that can scale up to 1.5 Tbps of firewall throughput. Scalable Platforms use a special version of Gaia OS called Gaia Embedded, which is planned to be unified with Gaia OS in R81.102. References: Check Point R81 Release Notes
Question 58:
You want to set up a VPN tunnel to a external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.
A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FWI file subnet_for_range_and_peer = { );
B. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to 'User defined' and put in the local network.
C. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDlR/cont/user.def.FW1 file subnet_for_range_and_peer = { };
D. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies / Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column.
Correct Answer: B
This answer is correct because this is the recommended way to configure a VPN tunnel between two subnets and not all subnets defined in the default VPN domain of your gateway. By creating a dedicated VPN Community, you can specify the VPN peers and the encryption settings for the VPN tunnel. By selecting the local gateway in the Community, you can set the VPN Domain to `User defined' and put in the local network that you want to include in the VPN tunnel. This way, you can limit the VPN traffic to the subnets that you want and avoid unnecessary encryption and decryption of other traffic. The other answers are not correct because they are either outdated or incorrect ways to configure a VPN tunnel between two subnets. Answer A and C are outdated methods that involve editing the user.def file, which is not recommended and can cause problems with the VPN configuration. Answer D is incorrect because creating an in-line layer rule with source and destination containing the two networks used for the IKE SA will not affect the VPN tunnel establishment, but only the access control policy. The VPN column in the rule is used to specify the VPN direction, not the VPN Community name.
How to configure a Site-to-Site VPN with a universal tunnel Site to Site VPN R81 Administration Guide - Check Point Software How to configure a Site-to-Site VPN with a 3rd-party remote gateway Access Control Policy R81 Administration Guide - Check Point Software
Question 59:
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
A. Application Control
B. Threat Emulation
C. Anti-Virus
D. Advanced Networking Blade
Correct Answer: D
The Advanced Networking Blade is NOT subscription-based and therefore does not have to be renewed on a regular basis. The Advanced Networking Blade provides advanced routing capabilities such as BGP, OSPF, VRRP, and multicast routing. The other blades are subscription-based and require annual renewal to receive updates and support from Check Point. References: Check Point License Guide, IPS Software Blade contracts, Product Catalog
Question 60:
To quickly review when Threat Prevention signatures were last updated, which Threat Tool would an administrator use?
A. Protections
B. IPS Protections
C. Profiles
D. ThreatWiki
Correct Answer: B
According to the Learn More About Threat Signatures, to quickly review when Threat Prevention signatures were last updated, you can use the IPS Protections tool. This tool shows you the date and time of the last update, as well as the number of signatures and their categories. References: Learn More About Threat Signatures
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.