• Home
  • Articles
  • Updated Aug-2024 156-215.81.20 Exam Practice Test Questions [Q35-Q56]

Updated Aug-2024 156-215.81.20 Exam Practice Test Questions [Q35-Q56]

Share

Updated Aug-2024 156-215.81.20 Exam Practice Test Questions

Verified 156-215.81.20 dumps Q&As 100% Pass in First Attempt Guaranteed Updated Dump

NEW QUESTION # 35
You want to set up a VPN tunnel to a external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.

  • A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDlR/cont/user.def.FW1 file subnet_for_range_and_peer = { <peerGW_lP,first_IP_in_range1,last_lP_in_the_range1;subnet_mask> };
  • B. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FWI file subnet_for_range_and_peer = { <peerGW_IP,first_IP_in_range1,last_IP_in_the_range1; subnet_mask> );
  • C. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to 'User defined' and put in the local network.
  • D. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies / Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column.

Answer: C


NEW QUESTION # 36
You had setup the VPN Community NPN-Stores' with 3 gateways. There are some issues with one remote gateway(l .1.1.1) and an your local gateway.
What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways.

  • A. Blade:"VPN"AND VPN-Stores AND Main Mode
  • B. Blade:"VPN"AND VPN-Stores AND Quick Mode
  • C. action:"Key Install" AND 1.1.1.1 AND Quick Mode
  • D. action:"Key Install" AND 1.1.1.1 AND Main Mode

Answer: C


NEW QUESTION # 37
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret.
Why does it not allow him to specify the pre-shared secret?

  • A. The Gateway is an SMB device
  • B. The checkbox "Use only Shared Secret for all external members" is not checked
  • C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
  • D. Pre-shared secret is already configured in Global Properties

Answer: C


NEW QUESTION # 38
What is the purpose of a Clean-up Rule?

  • A. Clean-up Rules do not server any purpose.
  • B. Provide a metric for determining unnecessary rules.
  • C. Used to better optimize a policy.
  • D. To drop any traffic that is not explicitly allowed.

Answer: D


NEW QUESTION # 39
Which of the following is NOT a role of the SmartCenter:

  • A. Status monitoring
  • B. Policy configuration
  • C. Address translation
  • D. Certificate authority

Answer: C


NEW QUESTION # 40
You have discovered suspicious activity in your network.
What is the BEST immediate action to take?

  • A. Create a policy rule to block the traffic.
  • B. Wait until traffic has been identified before making any changes.
  • C. Contact ISP to block the traffic.
  • D. Create a suspicious action rule to block that traffic.

Answer: D


NEW QUESTION # 41
You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have received a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway.
How do you review the logs to see what the problem may be?

  • A. Open SmartLog and query for the IP address of the Manager's tablet
  • B. Open SmartLog and connect remotely to the IP of the wireless controller
  • C. Open SmartView Tracker and check all the IP logs for the tablet
  • D. Open SmartView Tracker and filter the logs for the IP address of the tablet

Answer: A


NEW QUESTION # 42
Which of the following is used to enforce changes made to a Rule Base?

  • A. Activate policy
  • B. Publish database
  • C. Install policy
  • D. Save changes

Answer: C


NEW QUESTION # 43
Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.

  • A. Main
  • B. Authentication
  • C. Quick
  • D. High Alert

Answer: A


NEW QUESTION # 44
In which scenario will an administrator need to manually define Proxy ARP?

  • A. When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
  • B. When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall's interfaces.
  • C. When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
  • D. When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.

Answer: C


NEW QUESTION # 45
Which icon in the WebUI indicates that read/write access is enabled?

  • A. Eyeglasses
  • B. Book
  • C. Pencil
  • D. Padlock

Answer: C


NEW QUESTION # 46
Which of the following is NOT supported by Bridge Mode Check Point Security Gateway

  • A. Data Loss Prevention
  • B. Antivirus
  • C. Application Control
  • D. NAT

Answer: D


NEW QUESTION # 47
Which of the following is NOT a tracking option? (Select three)

  • A. Full log
  • B. Partial log
  • C. Network log
  • D. Log

Answer: A,B,C


NEW QUESTION # 48
Fill in the blank When LDAP is integrated with Check Point Security Management it is then referred to as_____

  • A. User Directory
  • B. User Center
  • C. User Administration
  • D. UserCheck

Answer: A


NEW QUESTION # 49
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?

  • A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
  • B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
  • C. Time object to a rule to make the rule active only during specified times.
  • D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Answer: D


NEW QUESTION # 50
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.

  • A. NAT
  • B. Global Properties
  • C. Object Explorer
  • D. Firewall

Answer: B


NEW QUESTION # 51
Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.

  • A. On specific tunnels for specific gateways
  • B. On specific satellite gateway to central gateway tunnels
  • C. On all satellite gateway to satellite gateway tunnels
  • D. On specific tunnels in the community

Answer: D


NEW QUESTION # 52
Which is a main component of the Check Point security management architecture?

  • A. Proxy Server
  • B. Identity Collector
  • C. Endpoint VPN client
  • D. SmartConsole

Answer: D


NEW QUESTION # 53
Fill in the blank: When a policy package is installed, ________ are also distributed to the target installation Security Gateways.

  • A. SmartConsole databases
  • B. User databases
  • C. Network databases
  • D. User and objects databases

Answer: D


NEW QUESTION # 54
Application Control/URL filtering database library is known as:

  • A. Application Library
  • B. Application-Forensic Database
  • C. AppWiki
  • D. Application database

Answer: C


NEW QUESTION # 55
Aggressive Mode in IKEv1 uses how many packages for negotiation?

  • A. 0
  • B. 1
  • C. depends on the make of the peer gateway
  • D. 2

Answer: D


NEW QUESTION # 56
......

Ultimate Guide to Prepare Free 156-215.81.20 Exam Questions and Answer: https://drive.google.com/open?id=1xXEDGT9Lxc588fx6mzJDJ3vDPB5ZigAU

Pass CCSA 156-215.81.20 Exam With 400 Questions: https://www.actualvce.com/CheckPoint/156-215.81.20-valid-vce-dumps.html

Related Articles

more
CheckPoint 156-215.81.20 Certification Practice Exam