Free 156-215.81 Sample Questions — Check Point Certified Security Administrator R81

How do logs change when the "Accounting" tracking option is enabled on a traffic rule?

• A. Involved traffic logs will be forwarded to a log server
• B. Provides log details view email to the Administrator
• C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection
• D. Provides additional information to the connected user

Where is the “Hit Count” feature enabled or disabled in SmartConsole?

• A. On the Policy layer
• B. On each Security Gateway
• C. In Global Properties
• D. On the Policy Package

Which policy type is used to enforce bandwidth and traffic control rules?

• A. Access Control
• B. Threat Emulation
• C. Threat Prevention
• D. QoS

Check Point licenses come in two forms. What are those forms?

• A. Central and Local
• B. Access Control and Threat Prevention
• C. On-premise and Public Cloud
• D. Security Gateway and Security Management

In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?

• A. Display policies and logs on the administrator’s workstation
• B. Processing and sending alerts such as SNMP traps and email notifications
• C. Verify and compile Security Policies
• D. Store firewall logs to hard drive storage

When should you generate new licenses?

• A. When the existing license expires, the license is upgraded, or the IP address associated with the license changes
• B. After a device upgrade
• C. Before installing contract files
• D. Only when the license is upgraded

What is the user ID of a user that have all the privileges of a root user?

• A. User ID 1
• B. User ID 2
• C. User ID 0
• D. User ID 99

Which command shows the installed licenses in Expert mode?

• A. print cplic
• B. show licenses
• C. fwlic print
• D. cplic print

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do?

• A. The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers
• B. Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server
• C. The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server
• D. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server

Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a _______ license is automatically attached to a Security Gateway.

• A. Formal; corporate
• B. Local; central
• C. Local; formal
• D. Central; local

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?

• A. Both License (.lic) and Contract (.xml) files
• B. cp.macro
• C. Contract file (.xml)
• D. license File (.lie)

Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?

• A. Threat Emulation
• B. Monitoring
• C. Logging and Status
• D. Application Control

What is a role of Publishing?

• A. The Security Management Server Installs the updated policy and the entire database on Security Gateways
• B. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public
• C. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways
• D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base

If there is an Accept Implied Policy set to “First", what is the reason Jorge cannot see any logs?

• A. Log Implied Rule was not set correctly on the track column on the rules base
• B. Track log column is set to Log instead of Full Log
• C. Track log column is set to none
• D. Log Implied Rule was not selected on Global Properties

In SmartEvent, a correlation unit (CU) is used to do what?

• A. Collect security gateway logs, Index the logs and then compress the logs
• B. Receive firewall and other software blade logs in a region and forward them to the primary log server
• C. Analyze log entries and identify events
• D. Send SAM block rules to the firewalls during a DOS attack

For Automatic Hide NAT rules created by the administrator what is a TRUE statement?

• A. Source Port Address Translation (PAT) is enabled by default
• B. Automatic NAT rules are supported for Network objects only
• C. Automatic NAT rules are supported for Host objects only
• D. Source Port Address Translation (PAT) is disabled by default

When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?

• A. Stateful Inspection offers unlimited connections because of virtual memory usage
• B. Stateful Inspection offers no benefits over Packet Filtering
• C. Stateful Inspection does not use memory to record the protocol used by the connection
• D. Only one rule is required for each connection

What is NOT an advantage of Packet Filtering?

• A. Low Security and No Screening above Network Layer
• B. Application Independence
• C. High Performance
• D. Scalability

In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?

• A. Different computers or appliances
• B. The same computer or appliance
• C. Both on virtual machines or both on appliances but not mixed
• D. In Azure and AWS cloud environments

What is the order of NAT priorities?

• A. IP pool NAT, static NAT, hide NAT
• B. Static NAT, hide NAT, IP pool NAT
• C. Static NAT, IP pool NAT, hide NAT
• D. Static NAT, automatic NAT, hide NAT