CheckPoint 156-315.81 Dumps - Check Point Certified Security Expert R81.20 PDF Sample Questions

discount banner
Exam Code:
156-315.81
Exam Name:
Check Point Certified Security Expert R81.20
617 Questions
Last Update Date : 29 March, 2024
PDF + Test Engine
$60 $78
Test Engine Only
$50 $65
PDF Only Demo
$35 $45.5

CheckPoint 156-315.81 This Week Result

0

They can't be wrong

0

Score in Real Exam at Testing Centre

0

Questions came word by word from this dumps

Best CheckPoint 156-315.81 Dumps - pass your exam In First Attempt

Our 156-315.81 dumps are better than all other cheap 156-315.81 study material.

Only best way to pass your CheckPoint 156-315.81 is that if you will get reliable exam study materials. We ensure you that realexamdumps is one of the most authentic website for CheckPoint CCSE | CCSE R81 exam question answers. Pass your 156-315.81 Check Point Certified Security Expert R81.20 with full confidence. You can get free Check Point Certified Security Expert R81.20 demo from realexamdumps. We ensure 100% your success in 156-315.81 Exam with the help of CheckPoint Dumps. you will feel proud to become a part of realexamdumps family.

Our success rate from past 5 year very impressive. Our customers are able to build their carrier in IT field.

Owl
Search

45000+ Exams

Buy

Desire Exam

Download

Exam

and pass your exam...

Related Exam

Realexamdumps Providing most updated CCSE | CCSE R81 Question Answers. Here are a few exams:


Sample Questions

Realexamdumps Providing most updated CCSE | CCSE R81 Question Answers. Here are a few sample questions:

CheckPoint 156-315.81 Sample Question 1

What is the least amount of CPU cores required to enable CoreXL?


Options:

A. 2
B. 1
C. 4
D. 6

Answer: B Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 2

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?


Options:

A. Check Point Remote User
B. Check Point Capsule Workspace
C. Check Point Mobile Web Portal
D. Check Point Capsule Remote

Answer: C Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 3

The SmartEvent R81 Web application for real-time event monitoring is called:


Options:

A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView

Answer: C

CheckPoint 156-315.81 Sample Question 4

Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?


Options:

A. The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type
D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type

Answer: B Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 5

What is the SandBlast Agent designed to do?


Options:

A. Performs OS-level sandboxing for SandBlast Cloud architecture
B. Ensure the Check Point SandBlast services is running on the end user’s system
C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
D. Clean up email sent with malicious attachments

Answer: C Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 6

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?


Options:

A. 4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.
B. 3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.
C. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.
D. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.

Answer: B Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 7

In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?


Options:

A. Big l
B. Little o
C. Little i
D. Big O

Answer: B

CheckPoint 156-315.81 Sample Question 8

Which command will allow you to see the interface status?


Options:

A. cphaprob interface
B. cphaprob –I interface
C. cphaprob –a if
D. cphaprob stat

Answer: C Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 9

Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?


Options:

A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Answer: D Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 10

One of major features in R81 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?


Options:

A. A lock icon shows that a rule or an object is locked and will be available.
B. AdminA and AdminB are editing the same rule at the same time.
C. A lock icon next to a rule informs that any Administrator is working on this particular rule.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.

Answer: C Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 11

What is the Implicit Clean-up Rule?


Options:

A. A setting is defined in the Global Properties for all policies.
B. A setting that is configured per Policy Layer.
C. Another name for the Clean-up Rule.
D. Automatically created when the Clean-up Rule is defined.

Answer: D

CheckPoint 156-315.81 Sample Question 12

What is the order of NAT priorities?


Options:

A. Static NAT, IP pool NAT, hide NAT
B. IP pool NAT, static NAT, hide NAT
C. Static NAT, automatic NAT, hide NAT
D. Static NAT, hide NAT, IP pool NAT

Answer: A Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 13

Connections to the Check Point R81 Web API use what protocol?


Options:

A. HTTPS
B. RPC
C. VPN
D. SIC

Answer: B

CheckPoint 156-315.81 Sample Question 14

Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?


Options:

A. Severity
B. Automatic reactions
C. Policy
D. Threshold

Answer: C Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 15

What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?


Options:

A. S
B. W
C. C
D. Space bar

Answer: D

CheckPoint 156-315.81 Sample Question 16

The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.


Options:

A. Next Generation Threat Prevention
B. Next Generation Threat Emulation
C. Next Generation Threat Extraction
D. Next Generation Firewall

Answer: C

CheckPoint 156-315.81 Sample Question 17

What is UserCheck?


Options:

A. Messaging tool used to verify a user’s credentials.
B. Communication tool used to inform a user about a website or application they are trying to access.
C. Administrator tool used to monitor users on their network.
D. Communication tool used to notify an administrator when a new user is created.

Answer: C

CheckPoint 156-315.81 Sample Question 18

Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .


Options:

A. Sent to the Internal Certificate Authority.
B. Sent to the Security Administrator.
C. Stored on the Security Management Server.
D. Stored on the Certificate Revocation List.

Answer: E

CheckPoint 156-315.81 Sample Question 19

Please choose the path to monitor the compliance status of the Check Point R81.10 based management.


Options:

A. Gateways & Servers --> Compliance View
B. Compliance blade not available under R81.10
C. Logs & Monitor --> New Tab --> Open compliance View
D. Security & Policies --> New Tab --> Compliance View

Answer: D

CheckPoint 156-315.81 Sample Question 20

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:


Options:

A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

Answer: D

CheckPoint 156-315.81 Sample Question 21

Which application should you use to install a contract file?


Options:

A. SmartView Monitor
B. WebUI
C. SmartUpdate
D. SmartProvisioning

Answer: D

CheckPoint 156-315.81 Sample Question 22

Fill in the blanks. There are ________ types of software containers: ___________.


Options:

A. Three; security management, Security Gateway, and endpoint security
B. Three; Security Gateway, endpoint security, and gateway management
C. Two; security management and endpoint security
D. Two; endpoint security and Security Gateway

Answer: A Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 23

Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.

Which command should he use in CLI? (Choose the correct answer.)


Options:

A. remove database lock
B. The database feature has one command lock database override.
C. override database lock
D. The database feature has two commands lock database override and unlock database. Both will work.

Answer: D Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 24

What are the methods of SandBlast Threat Emulation deployment?


Options:

A. Cloud, Appliance and Private
B. Cloud, Appliance and Hybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and Vmware

Answer: B

CheckPoint 156-315.81 Sample Question 25

You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.

What must you do to get SIC to work?


Options:

A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
C. Nothing - Check Point control connections function regardless of Geo-Protection policy
D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Answer: C Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 26

Which CLI command will reset the IPS pattern matcher statistics?


Options:

A. ips reset pmstat
B. ips pstats reset
C. ips pmstats refresh
D. ips pmstats reset

Answer: D Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 27

Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.


Options:

A. Block Port Overflow
B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention

Answer: C Explanation: Explanation: Suspicious Activity Rules SolutionSuspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation.References:

CheckPoint 156-315.81 Sample Question 28

Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.


Options:

A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo

Answer: D

CheckPoint 156-315.81 Sample Question 29

Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?


Options:

A. Dynamic ID
B. RADIUS
C. Username and Password
D. Certificate

Answer: A Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 30

If you needed the Multicast MAC address of a cluster, what command would you run?


Options:

A. cphaprob –a if
B. cphaconf ccp multicast
C. cphaconf debug data
D. cphaprob igmp

Answer: E

CheckPoint 156-315.81 Sample Question 31

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:


Options:

A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR

Answer: B Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 32

What is the correct command to observe the Sync traffic in a VRRP environment?


Options:

A. fw monitor –e “accept[12:4,b]=224.0.0.18;”
B. fw monitor –e “accept port(6118;”
C. fw monitor –e “accept proto=mcVRRP;”
D. fw monitor –e “accept dst=224.0.0.18;”

Answer: E

CheckPoint 156-315.81 Sample Question 33

Which TCP-port does CPM process listen to?


Options:

A. 18191
B. 18190
C. 8983
D. 19009

Answer: D Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 34

Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?


Options:

A. UserCheck
B. Active Directory Query
C. Account Unit Query
D. User Directory Query

Answer: B Explanation: Explanation: Reference : https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htn

CheckPoint 156-315.81 Sample Question 35

What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?


Options:

A. A host route to route to the destination IP.
B. Use the file local.arp to add the ARP entries for NAT to work.
C. Nothing, the Gateway takes care of all details necessary.
D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.

Answer: D

CheckPoint 156-315.81 Sample Question 36

You have pushed policy to GW-3 and now cannot pass traffic through the gateway. As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3?


Options:

A. fw unloadlocal
B. fw unloadpolicy
C. fwm unload local
D. fwm unload policy

Answer: B

CheckPoint 156-315.81 Sample Question 37

What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?


Options:

A. Specific VPN Communities
B. Remote Access VPN Switch
C. Mobile Access VPN Domain
D. Network Access VPN Domain

Answer: C

CheckPoint 156-315.81 Sample Question 38

UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?


Options:

A. Ask
B. Drop
C. Inform
D. Reject

Answer: E

CheckPoint 156-315.81 Sample Question 39

Which component is NOT required to communicate with the Web Services API?


Options:

A. API key
B. session ID token
C. content-type
D. Request payload

Answer: B

CheckPoint 156-315.81 Sample Question 40

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.


Options:

A. False, this feature has to be enabled in the Global Properties.
B. True, every administrator works in a session that is independent of the other administrators.
C. True, every administrator works on a different database that is independent of the other administrators.
D. False, only one administrator can login with write permission.

Answer: C

CheckPoint 156-315.81 Sample Question 41

What is the default shell for the command line interface?


Options:

A. Expert
B. Clish
C. Admin
D. Normal

Answer: B Explanation: Explanation: The default shell of the CLI is called clishReferences:

CheckPoint 156-315.81 Sample Question 42

Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:


Options:

A. 224.0.0.18
B. 224 00 5
C. 224.0.0.102
D. 224.0.0.22

Answer: B

CheckPoint 156-315.81 Sample Question 43

When using the Mail Transfer Agent, where are the debug logs stored?


Options:

A. $FWDIR/bin/emaild.mta. elg
B. $FWDIR/log/mtad elg
C. /var/log/mail.mta elg
D. $CPDIR/log/emaild elg

Answer: B

CheckPoint 156-315.81 Sample Question 44

What command is used to manually failover a Multi-Version Cluster during the upgrade?


Options:

A. clusterXL_admin down in Expert Mode
B. clusterXL_admin down in Clish
C. set cluster member state down in Clish
D. set cluster down in Expert Mode

Answer: C

CheckPoint 156-315.81 Sample Question 45

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.

Why does it not allow him to specify the pre-shared secret?


Options:

A. IPsec VPN blade should be enabled on both Security Gateway.
B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
D. The Security Gateways are pre-R75.40.

Answer: D

CheckPoint 156-315.81 Sample Question 46

To optimize Rule Base efficiency, the most hit rules should be where?


Options:

A. Removed from the Rule Base.
B. Towards the middle of the Rule Base.
C. Towards the top of the Rule Base.
D. Towards the bottom of the Rule Base.

Answer: D

CheckPoint 156-315.81 Sample Question 47

When synchronizing clusters, which of the following statements is FALSE?


Options:

A. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.
B. Only cluster members running on the same OS platform can be synchronized.
C. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
D. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

Answer: E

CheckPoint 156-315.81 Sample Question 48

What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81?


Options:

A. 2 CPU cores, 4GB of RAM and 15GB of disk space
B. 8 CPU cores, 16GB of RAM and 500 GB of disk space
C. 4 CPU cores, 8GB of RAM and 500GB of disk space
D. 8 CPU cores, 32GB of RAM and 1 TB of disk space

Answer: D

CheckPoint 156-315.81 Sample Question 49

Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?


Options:

A. fwm
B. cpd
C. cpwd
D. cpm

Answer: D

CheckPoint 156-315.81 Sample Question 50

SmartEvent Security Checkups can be run from the following Logs and Monitor activity:


Options:

A. Reports
B. Advanced
C. Checkups
D. Views

Answer: B

CheckPoint 156-315.81 Sample Question 51

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?


Options:

A. fwd
B. fwm
C. cpd
D. cpwd

Answer: C

CheckPoint 156-315.81 Sample Question 52

For Management High Availability, which of the following is NOT a valid synchronization status?


Options:

A. Collision
B. Down
C. Lagging
D. Never been synchronized

Answer: B Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 53

Using ClusterXL, what statement is true about the Sticky Decision Function?


Options:

A. Can only be changed for Load Sharing implementations
B. All connections are processed and synchronized by the pivot
C. Is configured using cpconfig
D. Is only relevant when using SecureXL

Answer: B

CheckPoint 156-315.81 Sample Question 54

When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?


Options:

A. cphaprob –d STOP unregister
B. cphaprob STOP unregister
C. cphaprob unregister STOP
D. cphaprob –d unregister STOP

Answer: A Explanation: Explanation: esting a failover in a controlled manner using following command;# cphaprob -d STOP -s problem -t 0 registerThis will register a problem state on the cluster member this was entered on; If you then run;# cphaprob listthis will show an entry named STOP.to remove this problematic register run following;# cphaprob -d STOP unregisterReferences:

CheckPoint 156-315.81 Sample Question 55

When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?


Options:

A. Includes the registry
B. Gets information about the specified Virtual System
C. Does not resolve network addresses
D. Output excludes connection table

Answer: B Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 56

Which one of the following is true about Threat Extraction?


Options:

A. Always delivers a file to user
B. Works on all MS Office, Executables, and PDF files
C. Can take up to 3 minutes to complete
D. Delivers file only if no threats found

Answer: B

CheckPoint 156-315.81 Sample Question 57

What is the purpose of a SmartEvent Correlation Unit?


Options:

A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.
B. The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.
C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.
D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

Answer: D

CheckPoint 156-315.81 Sample Question 58

What is the most recommended way to install patches and hotfixes?


Options:

A. CPUSE Check Point Update Service Engine
B. rpm -Uv
C. Software Update Service
D. UnixinstallScript

Answer: B

CheckPoint 156-315.81 Sample Question 59

Both ClusterXL and VRRP are fully supported by Gaia R81.10 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?


Options:

A. cphaprob stat
B. cphaprob –a if
C. cphaprob –l list
D. cphaprob all show stat

Answer: E

CheckPoint 156-315.81 Sample Question 60

Automation and Orchestration differ in that:


Options:

A. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.
B. Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.
C. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.
D. Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

Answer: B

CheckPoint 156-315.81 Sample Question 61

What is the main difference between Threat Extraction and Threat Emulation?


Options:

A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
B. Threat Extraction always delivers a file and takes less than a second to complete.
C. Threat Emulation never delivers a file that takes less than a second to complete.
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Answer: C

CheckPoint 156-315.81 Sample Question 62

What is the name of the secure application for Mail/Calendar for mobile devices?


Options:

A. Capsule Workspace
B. Capsule Mail
C. Capsule VPN
D. Secure Workspace

Answer: A Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 63

NO: 155

You need to see which hotfixes are installed on your gateway, which command would you use?


Options:

A. cpinfo –h all
B. cpinfo –o hotfix
C. cpinfo –l hotfix
D. cpinfo –y all

Answer: D Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 64

The following command is used to verify the CPUSE version:


Options:

A. HostName:0>show installer status build
B. [Expert@HostName:0]#show installer status
C. [Expert@HostName:0]#show installer status build
D. HostName:0>show installer build

Answer: A Explanation: Explanation: References:

CheckPoint 156-315.81 Sample Question 65

To add a file to the Threat Prevention Whitelist, what two items are needed?


Options:

A. File name and Gateway
B. Object Name and MD5 signature
C. MD5 signature and Gateway
D. IP address of Management Server and Gateway

Answer: B Explanation: Explanation: References:


and so much more...