CheckPoint 156-215.81 Exam Questions Instant Access

Question 1

Which is a main component of the Check Point security management architecture?

AIdentity Collector

BEndpoint VPN client

CSmartConsole

DProxy Server

Answer : C

A main component of the Check Point security management architecture isSmartConsole2. SmartConsole is a unified graphical user interface that allows administrators to manage multiple security functions such as firewall, VPN, IPS, application control, URL filtering, identity awareness, and more. SmartConsole connects to the Security Management Server and interacts with other Check Point components such as Security Gateways and Endpoint Security Servers. Reference:Check Point R81 Security Management Administration Guide

Question 2

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

A. Route-based--- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTls. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

B. Domain-based--- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

C. Domain-based--- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

D. Domain-based--- VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

Answer :

Domain-based--- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

This statement isnot truebecause a VPN domain isnota service or user, but ahost or networkthat can send or receive VPN traffic through a VPN Gateway1.This is the definition given in the Site to Site VPN R81 Administration Guide1.The other statements are true according to the same guide1.

Remote Access VPN R81.20 Administration Guide

Site to Site VPN R81 Administration Guide

DeepDive Webinar - R81.20 Seamless VPN Connection to Public Cloud

Question 3

What is required for a certificate-based VPN tunnel between two gateways with separate management systems?

AShared Secret Passwords

BUnique Passwords

CShared User Certificates

DMutually Trusted Certificate Authorities

Answer : D

This answer is correct because for a certificate-based VPN tunnel, both gateways need to have a certificate issued by a certificate authority (CA) that they trust1.A CA is a trusted entity that verifies the identity of the gateways and signs their certificates2.The gateways can either use the same CA or different CAs, as long as they trust each other's CA3. This way, the gateways can authenticate each other using their certificates and establish a secure VPN tunnel.

The other answers are not correct because they are either irrelevant or incompatible with certificate-based VPN tunnel.Shared secret passwords and unique passwords are used for pre-shared key (PSK) authentication, which is a different method than certificate authentication4. PSK authentication is less secure and more vulnerable to brute force attacks than certificate authentication. Shared user certificates are not used for gateway authentication, but for user authentication, which is a different level of authentication than gateway authentication. User authentication is optional and can be used in addition to gateway authentication to provide more granular access control.

Configure server settings for P2S VPN Gateway connections - certificate authentication

VPN certificates and how they work

Create Certificate Based Site to Site VPN between 2 Check Point Gateways

HowTo Set Up Certificate Based VPNs with Check Point Appliances

Question 4

When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security Policy?

AAccess Role

BUser Group

CSmartDirectory Group

DGroup Template

Answer : A

The BEST object type to represent an LDAP group in a Security Policy is an Access Role.An Access Role object defines a set of users, machines, or networks that can access a resource or service1, p. 27.An Access Role object can include LDAP groups as one of its components2, p. 10. Reference:Check Point CCSA - R81: Practice Test & Explanation,Check Point Identity Awareness Administration Guide R81

Question 5

Which of the following is used to enforce changes made to a Rule Base?

APublish database

BSave changes

CInstall policy

DActivate policy

Answer : C

The option that is used to enforce changes made to a Rule Base is Install policy.Installing policy is the process of sending the security policy and the network objects from the Security Management Server to the Security Gateway1, p. 22.Publishing database and saving changes are options that are used to save changes made to a Rule Base, but they do not enforce them on the Security Gateway2. Activating policy is not a valid option in SmartConsole. Reference:Check Point CCSA - R81: Practice Test & Explanation,Check Point SmartConsole R81 Help

Question 6

You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have received a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway. How do you review the logs to see what the problem may be?

AOpen SmartLog and connect remotely to the IP of the wireless controller

BOpen SmartView Tracker and filter the logs for the IP address of the tablet

COpen SmartView Tracker and check all the IP logs for the tablet

DOpen SmartLog and query for the IP address of the Manager's tablet

Answer : D

SmartLog is a unified log viewer that provides fast and easy access to logs from all Check Point components3.It allows the administrator to query for any log field, such as the IP address of the tablet, and filter the results by time, severity, blade, action, and more4. SmartView Tracker is a legacy tool that displays network activity logs from Security Gateways and other Check Point devices. It does not support remote connection to the wireless controller or querying for specific IP addresses. Reference:SmartLog,SmartLog Queries, [SmartView Tracker]

Question 7

What is the best sync method in the ClusterXL deployment?

AUse 1 cluster + 1st sync

BUse 1 dedicated sync interface

CUse 3 clusters + 1st sync + 2nd sync + 3rd sync

DUse 2 clusters + 1st sync + 2nd sync

Answer : B

The best sync method in the ClusterXL deployment is to use one dedicated sync interface56. This method provides optimal performance and reliability for synchronization traffic.Using multiple sync interfaces is not recommended as it increases CPU load and does not provide 100% sync redundancy5. Using multiple clusters is not a sync method, but a cluster topology. Reference:Sync Redundancy in ClusterXL,Best Practice for HA sync interface

CheckPoint Check Point Certified Security Administrator R81.20 156-215.81 Exam Questions