156-315.81 Exam - Check Point Certified Security Expert R81

NEW QUESTION 1

Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.10. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

• A. Pamela should check SecureXL status on DMZ Security gateway and if it’s turned O
• B. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.
• C. Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OF
• D. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.
• E. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.
• F. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

Answer: A

NEW QUESTION 2

After finishing installation admin John likes to use top command in expert mode. John has to set the
expert-password and was able to use top command. A week later John has to use the top command again, He detected that the expert password is no longer valid. What is the most probable reason for this behavior?

• A. “write memory” was not issued on clish
• B. changes are only possible via SmartConsole
• C. “save config” was not issued in expert mode
• D. “save config” was not issued on clish

Answer: D

NEW QUESTION 3

What is the purpose of a SmartEvent Correlation Unit?

• A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.
• B. The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.
• C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.
• D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

Answer: C

NEW QUESTION 4

SmartEvent uses it's event policy to identify events. How can this be customized?

• A. By modifying the firewall rulebase
• B. By creating event candidates
• C. By matching logs against exclusions
• D. By matching logs against event rules

Answer: D

NEW QUESTION 5

Which of the following is NOT an alert option?

• A. SNMP
• B. High alert
• C. Mail
• D. User defined alert

Answer: B

NEW QUESTION 6

SecureXL is able to accelerate the Connection Rate using templates. Which attnbutes are used in the template to identify the connection?

• A. Source address . Destination addres
• B. Source Port, Destination port
• C. Source address . Destination addres
• D. Destination port
• E. Source address . Destination addres
• F. Destination por
• G. Pro^col
• H. Source address . Destination addres
• I. Source Port, Destination por
• J. Protocol

Answer: D

NEW QUESTION 7

What are the main stages of a policy installations?

• A. Verification & Compilation, Transfer and Commit
• B. Verification & Compilation, Transfer and Installation
• C. Verification, Commit, Installation
• D. Verification, Compilation & Transfer, Installation

Answer: A

NEW QUESTION 8

In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

• A. fw ctl sdstat
• B. fw ctl affinity –l –a –r –v
• C. fw ctl multik stat
• D. cpinfo

Answer: B

NEW QUESTION 9

GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:

• A. Check Point Update Service Engine
• B. Check Point Software Update Agent
• C. Check Point Remote Installation Daemon (CPRID)
• D. Check Point Software Update Daemon

Answer: A

NEW QUESTION 10

Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

• A. All Connections (Clear or Encrypted)
• B. Accept all encrypted traffic
• C. Specific VPN Communities
• D. All Site-to-Site VPN Communities

Answer: B

NEW QUESTION 11

What is true about the IPS-Blade?

• A. In R81, IPS is managed by the Threat Prevention Policy
• B. In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
• C. In R81, IPS Exceptions cannot be attached to “all rules”
• D. In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

Answer: A

NEW QUESTION 12

Which of the following Central Deployment is NOT a limitation in R81.10 SmartConsole?

• A. Security Gateway Clusters in Load Sharing mode
• B. Dedicated Log Server
• C. Dedicated SmartEvent Server
• D. Security Gateways/Clusters in ClusterXL HA new mode

Answer: D

NEW QUESTION 13

What Is the difference between Updatable Objects and Dynamic Objects

• A. Dynamic Objects ate maintained automatically by the Threat Clou
• B. Updatable Objects are created and maintained locall
• C. In both cases there is no need to install policy for the changes to take effect.
• D. Updatable Objects is a Threat Cloud Servic
• E. The provided Objects are updated automaticall
• F. Dynamic Objects are created and maintained locally For Dynamic Objectsthere is no need to install policy for the changes to take effect.
• G. Updatable Objects is a Threat Cloud Servic
• H. The provided Objects are updated automaticall
• I. Dynamic Objects are created and maintained locally In both cases there is noneed to install policy for the changes to take effect.
• J. Dynamic Objects are maintained automatically by the Threat Clou
• K. For Dynamic Objects there rs no need to install policy for the changes to take effec
• L. Updatable Objects are created and maintained locally.

Answer: B

NEW QUESTION 14

What is "Accelerated Policy Installation"?

• A. Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly
• B. Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly
• C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly
• D. Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly

Answer: C

NEW QUESTION 15

Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)?

• A. Check Point Security Management HA (Secondary): set cluster member mvc on
• B. Check Point Security Gateway Only: set cluster member mvc on
• C. Check Point Security Management HA (Primary): set cluster member mvc on
• D. Check Point Security Gateway Cluster Member: set cluster member mvc on

Answer: D

NEW QUESTION 16

Which command shows the current Security Gateway Firewall chain?

• A. show current chain
• B. show firewall chain
• C. fw ctl chain
• D. fw ctl firewall-chain

Answer: C

NEW QUESTION 17

Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

• A. The rule base can be built of layers, each containing a set of the security rule
• B. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
• C. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
• D. Time object to a rule to make the rule active only during specified times.
• E. Sub Policies ae sets of rules that can be created and attached to specific rule
• F. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Answer: D

NEW QUESTION 18
......