Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n)_____________ Server.
A. SecurID
B. NT domain
C. LDAP
D. SMTP
Correct Answer: C
The User Directory Software Blade allows you to create user definitions on an LDAP server, such as Active Directory, and use them in your security policy. You can also integrate with other user authentication methods, such as SecurID,
RADIUS, or TACACS+, but you cannot create user definitions on those servers.
The references are:
Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 13 Check Point R81 Quantum Security Gateway Guide, page 139 Check Point R81 Identity Awareness Administration Guide, page 9
Question 572:
Which software blade does NOT accompany the Threat Prevention policy?
A. Anti-virus
B. IPS
C. Threat Emulation
D. Application Control and URL Filtering
Correct Answer: D
Which software blade does NOT accompany the Threat Prevention policy? Application Control and URL Filtering software blade does not accompany the Threat Prevention policy. The Threat Prevention policy is a unified policy that includes Anti-virus, IPS, Anti- bot, and Threat Emulation software blades. Application Control and URL Filtering software blade is part of the Access Control policy, which is a separate policy that controls network access based on users, applications, content, and other criteria. References: R81 Security Management Administration Guide, page 29.
Question 573:
Why is a Central License the preferred and recommended method of licensing?
A. Central Licensing actually not supported with Gaia.
B. Central Licensing is the only option when deploying Gala.
C. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.
D. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.
Correct Answer: D
Central Licensing is the preferred and recommended method of licensing because it simplifies the license management process and reduces the risk of license issues. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes. This means that you can easily add, remove, or replace gateways without affecting your license status. Central Licensing also allows you to view and manage all your licenses from one central location using SmartConsole or SmartUpdate. Central Licensing is supported with Gaia and is not the only option when deploying Gaia. Central Licensing does not tie to the IP address of a gateway and cannot be changed to any gateway if needed. References: Check Point R81 Licensing and Contract Administration Guide, page 7
Question 574:
Is it possible to establish a VPN before the user login to the Endpoint Client?
A. yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway
B. no, the user must login first.
C. yes. you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway
D. yes, you had to enable Machine Authentication in the Gateway object of the Smart Console
Correct Answer: D
You can establish a VPN before the user login to the Endpoint Client by enabling Machine Authentication in the Gateway object of the Smart Console1. Machine Authentication is a feature that allows you to authenticate with a machine
certificate and establish a VPN tunnel before the Windows Logon2. This feature provides the following benefits2:
It enhances the security of the VPN connection by verifying the identity of the machine before allowing access to the network. It simplifies the user experience by eliminating the need to enter credentials twice (once for the VPN and once for
the Windows Logon). It enables seamless connectivity to the network resources and domain services, such as Group Policy, login scripts, and mapped drives. Machine Authentication is supported on Check Point Endpoint Security Client for
Windows with E80.71 and higher versions2. It requires a hotfix on top of R77.30 jumbo 286 on the Security Gateway2. To configure Machine Authentication, you need to do the following steps2:
Generate and distribute machine certificates to the Endpoint machines using a trusted Certificate Authority (CA).
Enable Machine Authentication in the Gateway object of the Smart Console and select the CA that issued the machine certificates. Install policy on the Security Gateway and reboot it. Enable Machine Authentication in the Endpoint Security
Client and select the machine certificate to use.
Question 575:
DLP and Geo Policy are examples of what type of Policy?
A. Standard Policies
B. Shared Policies
C. Inspection Policies
D. Unified Policies
Correct Answer: B
DLP and Geo Policy are examples of Shared Policies. Shared Policies are policies that can be applied to multiple gateways or clusters, regardless of their Access Control policy. Shared Policies allow administrators to manage common security settings across different gateways or clusters, such as Data Loss Prevention, Geo Protection, Threat Prevention, HTTPS Inspection, etc. References: R81 Security Management Administration Guide, page 31.
Question 576:
What are the Threat Prevention software components available on the Check Point Security Gateway?
A. IPS, Threat Emulation and Threat Extraction
B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
D. IDS, Forensics, Anti-Virus, Sandboxing
Correct Answer: C
The Threat Prevention software components available on the Check Point Security Gateway are IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction. These components provide comprehensive protection against various types of cyber threats, such as network attacks, malware, ransomware, phishing, zero-day exploits, data leakage, and more. IPS is a network security component that detects and prevents malicious traffic based on signatures, behavioral patterns, and anomaly detection. Anti-Bot is a network security component that detects and blocks botnet communications and command-and- control servers. Anti-Virus is a network security component that scans files for known viruses, worms, and trojans. Threat Emulation is a network security component that emulates files in a sandbox environment to detect unknown malware and prevent zero-day attacks. Threat Extraction is a network security component that removes malicious content from files and delivers clean files to users. References: [Check Point R81 Threat Prevention Administration Guide], page 9-10
Question 577:
What does the Log "Views" tab show when SmartEvent is Correlating events?
A. A list of common reports
B. Reports for customization
C. Top events with charts and graphs
D. Details of a selected logs
Correct Answer: D
The Log "Views" tab shows the details of a selected log when SmartEvent is correlating events. You can select a log from the Logs tab and click on the Views tab to see more information about the log, such as source, destination, service, action, blade, rule number, etc. You can also customize the columns and filters in the Views tab to display only the relevant fields for your analysis. References: [SmartEvent User Guide]
Question 578:
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor. Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
A. IPS AND Application Control
B. IPS, anti-virus and anti-bot
C. IPS, anti-virus and e-mail security
D. SandBlast
Correct Answer: D
SandBlast is the best Check Point product to protect against malware and zero-day attacks while ensuring quick delivery of safe content to your users. SandBlast is an advanced network threat prevention solution that uses a combination of technologies to detect and block known and unknown threats before they reach your network. SandBlast uses Threat Emulation, which is a sandboxing technology that inspects files for malicious behavior in a virtual environment; Threat Extraction, which removes potentially malicious elements from files and delivers clean and safe content to your users; Anti-Bot, which identifies and blocks botnet communications and prevents data exfiltration; Anti-Virus, which scans files for known malware signatures; and IPS, which monitors network traffic for malicious or anomalous patterns. SandBlast also provides comprehensive reports and forensic analysis on the detected threats and their origin and behavior.
Question 579:
If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available or other administrators? (Choose the BEST answer.)
A. Publish or discard the session.
B. Revert the session.
C. Save and install the Policy.
D. Delete older versions of database.
Correct Answer: A
The only way to make objects locked for editing available for other administrators is to publish or discard the session that contains the changes. Publishing the session will save and share the changes with other administrators, while discarding the session will undo and discard the changes. Saving the session will only save the changes locally, but not share them with others or release the locks. Reverting the session will restore a previous version of the session, but not affect the locks. Saving and installing the policy will only install the policy on the gateways, but not share or discard the changes in SmartConsole. Deleting older versions of database will only free up disk space, but not affect the locks.
Question 580:
What command is used to manually failover a Multi-Version Cluster during the upgrade?
A. clusterXL_admin down in Expert Mode
B. clusterXL_admin down in Clish
C. set cluster member state down in Clish
D. set cluster down in Expert Mode
Correct Answer: B
The command used to manually failover a Multi-Version Cluster during the upgrade is clusterXL_admin down in Clish. This command causes the cluster member to stop passing traffic and switch to the Down state. This triggers a failover to another cluster member that is in the Active or Ready state. This command can be used during a Multi- Version Cluster upgrade to manually control which cluster member handles the traffic. The other options are not valid commands for manually failing over a Multi-Version Cluster. References: : Check Point Software, Getting Started, Manually Failing Over a Cluster Member.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-315.81 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.