156-215.81.20 Online Practice Questions and Answers

What are valid authentication methods for mutual authenticating the VPN gateways?

A. Pre-shared Secret and PKI Certificates

B. PKI Certificates and Kerberos Tickets

C. Pre-Shared Secrets and Kerberos Ticket

D. PKI Certificates and DynamicID OTP

Fill in the blank: Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is _____.

A. Stored on the Security Management Server.

B. Stored on the Certificate Revocation List.

C. Sent to the Internal Certificate Authority.

D. Sent to the Security Administrator.

Which of the following is considered a “Subscription Blade”, requiring renewal every 1-3 years?

A. IPS blade

B. IPSEC VPN Blade

C. Firewall Blade

D. Identity Awareness Blade

You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.

A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };

B. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to ‘User defined’ and put in the local network.

C. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };

D. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies / Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column.

John is using Management HA. Which Smartcenter should be connected to for making changes?

A. secondary Smartcenter

B. active Smartcenter

C. connect virtual IP of Smartcenter HA

D. primary Smartcenter

To view statistics on detected threats, which Threat Tool would an administrator use?

A. Protections

B. IPS Protections

C. Profiles

D. ThreatWiki

Fill in the blanks: A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.

A. Formal; corporate

B. Local; formal

C. Local; central

D. Central; local

Which of these components does NOT require a Security Gateway R77 license?

A. Security Management Server

B. Check Point Gateway

C. SmartConsole

D. SmartUpdate upgrading/patching

Identify the API that is not supported by Check Point currently.

A. R80 Management API

B. Identity Awareness Web Services API

C. Open REST API

D. OPSEC SDK

Which firewall daemon is responsible for the FW CLI commands?

A. fwd

B. fwm

C. cpm

D. cpd

Which utility allows you to configure the DHCP service on GAIA from the command line?

A. ifconfig

B. dhcp_cfg

C. sysconfig

D. cpconfig

Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .

A. The license is attached to the wrong Security Gateway

B. The existing license expires

C. The license is upgraded

D. The IP address of the Security Management or Security Gateway has changed

Which application should you use to install a contract file?

A. SmartView Monitor

B. WebUI

C. SmartUpdate

D. SmartProvisioning

Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.

A. Block Port Overflow

B. Local Interface Spoofing

C. Suspicious Activity Monitoring

D. Adaptive Threat Prevention

After the initial installation the First Time Configuration Wizard should be run. Select the BEST answer.

A. First Time Configuration Wizard can be run from the Unified SmartConsole.

B. First Time Configuration Wizard can be run from the command line or from the WebUI.

C. First time Configuration Wizard can only be run from the WebUI.

D. Connection to the internet is required before running the First Time Configuration wizard.