By default, how often does Threat Emulation update the engine on the Security Gateway?
A. Once per day
B. Once an hour
C. Once a week
D. Twice per day
Correct Answer: A
By default, Threat Emulation updates the engine on the Security Gateway once per day. This is the recommended frequency for optimal performance and security. However, the admin can change the update frequency to a different value, such as once an hour, once a week, or twice per day, depending on the network needs and resources. The admin can also manually update the engine at any time using the SmartConsole or the command line interface. References: Threat Emulation Engine Release Updates - Check Point Software, Check Point R81.20 Gaia Fresh Install and upgrade
Question 542:
IF the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is sent back through the kernel?
A. Nothing
B. TCP FIN
C. TCP RST
D. ICMP unreachable
Correct Answer: A
If the first packet of a UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), nothing is sent back through the kernel. This is because UDP is a connectionless protocol that does not require an acknowledgement from the receiver. Therefore, if a UDP packet is dropped by the Firewall, the sender will not receive any feedback or notification. References: UDP Protocol
Question 543:
Gaia has two default user accounts that cannot be deleted. What are those user accounts?
A. Admin and Default
B. Expert and Clish
C. Control and Monitor
D. Admin and Monitor
Correct Answer: D
Gaia has two default user accounts that cannot be deleted: Admin and Monitor. Admin is a superuser account that has full access to all Gaia features and commands. Monitor is a read-only account that can view Gaia configuration and status but cannot make any changes. Both accounts have predefined passwords that can be changed by the Admin user. References: [Check Point R81 Gaia Administration Guide], page 29 SRC: GAIA R81.20 Administration Guide User
Management -> Users These users are created by default and cannot be deleted: admin and monitor
Question 544:
Using fw monitor you see the following inspection point notion E and i what does that mean?
A. E shows the packet before the VPN encryption, i after the inbound firewall VM
B. E shows the packet reaching the external interface, i leaving the internal interface
C. E shows the packet after the VPN encryption, i before the inbound firewall VM
D. E shows the packet leaving the external interface, i reaching the internal interface
Correct Answer: C
Using fw monitor, the inspection point notation E and i means that E shows the packet after the VPN encryption, and i shows the packet before the inbound firewall VM. E (for example, eth4:E) is the Post-Outbound inspection point, which captures packets after they are encrypted by VPN Outbound. i (for example, eth4:i) is the Pre-Inbound inspection point, which captures packets before they are inspected by the in-bound FireWall VM2. References: Check Point R81 CLI Reference Guide
Question 545:
What is false regarding a Management HA environment?
A. Only one Management Server should be active, while any others be in standby mode
B. It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior.
C. SmartConsole can connect to any management server in Readonly mode.
D. Synchronization will occur automatically with each Publish event if the Standby servers are available.
Correct Answer: B
It is false that it is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior. In fact, SIC is required between the primary and
secondary management server for Management HA to work properly. SIC ensures secure communication between the management servers and allows the standby server to receive updates from the active server. Without SIC, the standby
server will not be able to synchronize with the active server and will not be ready to take over in case of a failover.
References:
Solved: Management HA - Check Point CheckMates, section "Synchronizing Active and Standby Servers"
CheckPoint Management Server R81 HA Configuration | Udemy, section "How to set it up in the PNET lab environment"
Check Point R81, section "Management High Availability"
Question 546:
After having saved the Clish Configuration with the "save configuration config.txt" command, where can you find the config.txt file?
A. You will find it in the home directory of your user account (e.g. /home/admin/)
B. You can locate the file via SmartConsole > Command Line.
C. You have to launch the WebUI and go to "Config" -> "Export Config File" and specifiy the destination directory of your local file system.
D. You cannot locate the file in the file system since Clish does not have any access to the bash file system
Correct Answer: A
You will find the config.txt file in the home directory of your user account (e.g. /home/admin/)1. The save configuration config.txt command is a Clish command that saves the current Gaia configuration to a text file2. The file is stored in the home directory of the user who executed the command, and it can be accessed by using the cat or less commands in expert mode1. The file can also be transferred to another machine by using the scp or sftp commands1. The config.txt file contains the Clish commands that are needed to restore the Gaia configuration to the same state as when the file was saved2. The file can be used for backup, migration, or troubleshooting purposes2. References: How to backup and restore Gaia configuration - Check Point Software, Gaia R81.20 Administration Guide - Check Point Software
Question 547:
In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?
A. Limit
B. Resource
C. Custom Application / Site
D. Network Object
Correct Answer: B
Resource is not an objects category in SmartConsole. Objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories, such as Network Object, Host, Gateway, Service, Time Object, Custom Application / Site, Limit, and Group. A resource is a type of object that represents an application or content that is accessible through HTTP or HTTPS protocols. A resource can be used to define access rules for users who connect through Identity Awareness or Mobile Access blades.
Question 548:
Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?
A. Application Control
B. Firewall
C. Identity Awareness
D. URL Filtering
Correct Answer: C
The verified answer is C. Identity Awareness. Identity Awareness is the Check Point software blade that provides detailed visibility of users, groups, and machines, while also providing application and access control through the creation of accurate, identity-based policies1. Identity Awareness allows you to easily configure network access and auditing based on three items: network location, the identity of a user and the identity of a machine1. Identity Awareness integrates with multiple identity sources, such as Microsoft Active Directory, Cisco Identity Services Engine, and RADIUS Accounting23. Application Control is the Check Point software blade that enables network administrators to identify and control thousands of applications and widgets, and millions of websites, based on categories, risk, and characteristics. Firewall is the Check Point software blade that provides stateful inspection and enforcement of network traffic, and protects against network and application-level attacks. URL Filtering is the Check Point software blade that enables secure web access by blocking access to malicious and inappropriate websites, and enforcing compliance with corporate policies. References: Identity Awareness - Check Point Software1 Check Point Integrated Security Architecture - Check Point Software2 Cisco Identity Services Engine and Check Point Integration3 Application Control - Check Point Software Firewall - Check Point Software URL Filtering - Check Point Software
Question 549:
Which Check Point software blade provides protection from zero-day and undiscovered threats?
A. Firewall
B. Threat Emulation
C. Application Control
D. Threat Extraction
Correct Answer: B
The Check Point software blade that provides protection from zero-day and undiscovered threats is Threat Emulation. Threat Emulation is a sandboxing technology that inspects files for malicious behavior in a virtual environment before they reach the end user. Threat Emulation can detect and block malware that tries to evade traditional signature-based solutions by using unknown or obfuscated techniques. Threat Emulation can also generate forensic reports and provide actionable intelligence on the malware origin and behavior.
Question 550:
What does the "unknown" SIC status shown on SmartConsole mean?
A. SIC activation key requires a reset
B. Administrator input the wrong SIC key
C. The management can contact the Security Gateway but cannot establish Secure Internal Communication
D. There is no connection between the Security Gateway and Security Management Server
Correct Answer: D
The "unknown" SIC status shown on SmartConsole means that there is no connection between the Security Gateway and Security Management Server. SIC stands for Secure Internal Communication, which is a mechanism that ensures secure communication between Check Point components using certificates and encryption. SIC status can be one of the following: Trust established, Trust expired, Uninitialized, or Unknown. Trust established means that SIC is working properly and the components can communicate securely. Trust expired means that the SIC certificate has expired and needs to be renewed. Uninitialized means that SIC has not been configured yet and needs to be initialized with an activation key. Unknown means that the Security Management Server cannot reach the Security Gateway or vice versa, and therefore cannot verify the SIC status. This could be due to network issues, firewall rules, routing problems, or other causes that prevent connectivity between the components. References: Check Point R81 Security Management Administration Guide, page 32-33
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.