CheckPoint Check Point Certified Security Expert - R81.20 156-315.81 Exam Questions

Page: 1 / 14
Total 628 questions
Question 1

Which process is used mainly for backward compatibility of gateways in R81.X? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.



Answer : D

The process that is used mainly for backward compatibility of gateways in R81.X is fwm. The fwm daemon handles communication with GUI-client, database manipulation, policy compilation and Management HA synchronization for legacy gateways that do not support the cpm daemon. The cpm daemon is the new Check Point Management Server daemon that handles these tasks for R80 and higher gateways. The cpd daemon is the Check Point Management daemon that handles communication between SmartConsole applications and Security Management Servers.The fwd daemon is the Firewall Daemon that handles communication between Security Gateways and Security Management Servers2. Reference:2: Check Point Software, Getting Started, Processes.


Question 2

If a ''ping''-packet is dropped by FW1 Policy --on how many inspection Points do you see this packet in ''fw monitor''?



Answer : C

If a ''ping''-packet is dropped by FW1 Policy, you will see this packet in ''fw monitor'' on one inspection point only: ''i''. The ''i'' inspection point represents the inbound traffic before any rule processing. Since the packet is dropped by FW1 Policy, it will not pass through any other inspection points, such as ''l'' (after rule processing), ''o'' (outbound before rule processing), or ''O'' (outbound after rule processing). Reference: : Check Point Software, Getting Started, fw monitor.


Question 3

Which software blade does NOT accompany the Threat Prevention policy?



Answer : D

Which software blade does NOT accompany the Threat Prevention policy? Application Control and URL Filtering software blade does not accompany the Threat Prevention policy. The Threat Prevention policy is a unified policy that includes Anti-virus, IPS, Anti-bot, and Threat Emulation software blades. Application Control and URL Filtering software blade is part of the Access Control policy, which is a separate policy that controls network access based on users, applications, content, and other criteria. Reference:R81 Security Management Administration Guide, page 29.


Question 4

You have enabled ''Full Log'' as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?



Answer : B

The most likely reason why you are not seeing any data type information in your logs even though you have enabled Full Log as a tracking option to a security rule is that Data Awareness is not enabled on your Security Gateway. Data Awareness is a feature that allows you to monitor and control data types that are transferred over HTTP, HTTPS, FTP, SMTP, POP3, or IMAP protocols. Data Awareness can identify over 700 data types, such as credit card numbers, social security numbers, bank account numbers, medical records, etc., and provide visibility into the data usage patterns of your users. Data Awareness can also enforce data loss prevention (DLP) policies to prevent sensitive data from leaving your network or entering your network from untrusted sources. To enable Data Awareness on your Security Gateway, you need to activate the Data Awareness Software Blade in SmartConsole and install the policy on the Security Gateway.


Question 5

What is the most ideal Synchronization Status for Security Management Server High Availability deployment?



Answer : B

The most ideal Synchronization Status for Security Management Server High Availability deployment isSynchronized. Security Management Server High Availability deployment is a feature that allows two or more Security Management Servers to provide redundancy and load balancing for managing security policies and logs. Synchronization Status is a parameter that indicates how up-to-date the databases of the Security Management Servers are with each other. Synchronization Status can have one of the following values: Synchronized, Lagging, Never been synchronized, or Collision. Synchronized means that the databases of all Security Management Servers are identical and have no conflicts. This is the most ideal status as it ensures consistency and reliability of security management. Lagging means that one or more Security Management Servers have not received all the updates from other Security Management Servers, and their databases are outdated. Never been synchronized means that one or more Security Management Servers have never synchronized their databases with other Security Management Servers, and their databases are independent.Collision means that one or more Security Management Servers have received conflicting updates from other Security Management Servers, and their databases have discrepancies.


Question 6

Which one of the following is true about Capsule Connect?



Answer : A

Capsule Connect is a full layer 3 VPN client that provides secure and seamless remote access to corporate networks from iOS and Android devices. It supports all VPN authentication methods, such as certificates, passwords, tokens, and challenge-response. It also supports split tunneling and seamless roaming. Reference:Capsule Connect Datasheet,Capsule Connect Administration Guide


Question 7

Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?



Answer : D

The least ideal Synchronization Status for Security Management Server High Availability deployment is Collision. This status indicates that both members have modified the same object independently, resulting in a conflict that needs to be resolved manually. The other statuses are either normal or indicate a temporary delay in synchronization.Reference:High Availability Administration Guide


Page:    1 / 14   
Total 628 questions