156-215.81 | Top Tips Of Up To The Minute 156-215.81 Exam Engine

NEW QUESTION 1
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer.

• A. fw ctl set int fwha vmac global param enabled
• B. fw ctl get int fwha vmac global param enabled; result of command should return value 1
• C. cphaprob –a if
• D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Answer: B

NEW QUESTION 2
Identity Awareness allows the Security Administrator to configure network access based on which of the following?

• A. Name of the application, identity of the user, and identity of the machine
• B. Identity of the machine, username, and certificate
• C. Network location, identity of a user, and identity of a machine
• D. Browser-Based Authentication, identity of a user, and network location

Answer: C

NEW QUESTION 3
You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?

• A. show unsaved
• B. show save-state
• C. show configuration diff
• D. show config-state

Answer: D

NEW QUESTION 4
When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:

• A. Security Management Server’s /home/.fgpt file and is available for future SmartConsole authentications.
• B. Windows registry is available for future Security Management Server authentications.
• C. There is no memory used for saving a fingerprint anyway.
• D. SmartConsole cache is available for future Security Management Server authentications.

Answer: D

NEW QUESTION 5
Which of the following is NOT a valid configuration screen of an Access Role Object?

• A. Users
• B. Networks
• C. Time
• D. Machines

Answer: C

NEW QUESTION 6
Which two Identity Awareness daemons are used to support identity sharing?

• A. Policy Activation Point (PAP) and Policy Decision Point (PDP)
• B. Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
• C. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
• D. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

Answer: D

Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=

NEW QUESTION 7
Which tool is used to enable cluster membership on a Gateway?

• A. SmartUpdate
• B. cpconfig
• C. SmartConsole
• D. sysconfig

Answer: B

Explanation:
References:

NEW QUESTION 8
Which of the following is used to enforce changes made to a Rule Base?

• A. Publish database
• B. Save changes
• C. Install policy
• D. Activate policy

Answer: A

NEW QUESTION 9
Which tool allows for the automatic updating of the Gaia OS and Check Point products installed on the Gaia OS?

• A. CPASE - Check Point Automatic Service Engine
• B. CPAUE - Check Point Automatic Update Engine
• C. CPDAS - Check Point Deployment Agent Service
• D. CPUSE - Check Point Upgrade Service Engine

Answer: D

Explanation:
Check Point Update Service Engine (CPUSE), also known as Deployment Agent [DA], is an advanced and intuitive mechanism for software deployment on Gaia OS, which supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=

NEW QUESTION 10
In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

• A. Publish changes
• B. Save changes
• C. Install policy
• D. Install database

Answer: C

NEW QUESTION 11
How many users can have read/write access in Gaia Operating System at one time?

• A. One
• B. Three
• C. Two
• D. Infinite

Answer: A

Explanation:
if another user has r/w access, you need to use "lock database override" or "unlock database" to claim r/w access. Ref: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_Gaia_AdminGuide/html

NEW QUESTION 12
Which of the following is NOT a valid application navigation tab in the R80 SmartConsole?

• A. Manage and Command Line
• B. Logs and Monitor
• C. Security Policies
• D. Gateway and Servers

Answer: A

Explanation:

NEW QUESTION 13
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?

• A. The rule base can be built of layers, each containing a set of the security rule
• B. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
• C. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
• D. Time object to a rule to make the rule active only during specified times.
• E. Sub Policies are sets of rules that can be created and attached to specific rule
• F. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Answer: D

NEW QUESTION 14
Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

• A. RADIUS
• B. Check Point password
• C. Security questions
• D. SecurID

Answer: C

NEW QUESTION 15
What needs to be configured if the NAT property ‘Translate destination on client side’ is not enabled in Global properties?

• A. A host route to route to the destination IP
• B. Use the file local.arp to add the ARP entries for NAT to work
• C. Nothing, the Gateway takes care of all details necessary
• D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly

Answer: C

NEW QUESTION 16
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

• A. Firewall
• B. Application Control
• C. Anti-spam and Email Security
• D. Anti-Virus

Answer: D

Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/To

NEW QUESTION 17
When changes are made to a Rule base, it is important to _______ to enforce changes.

• A. Publish database
• B. Activate policy
• C. Install policy
• D. Save changes

Answer: C

NEW QUESTION 18
......