2024年最新の保証された成功できる156-315.81問題集でCheckPointのPDF問題
格別な練習Check Point Certified Security Expert R81問題集で最速合格させます
質問 # 232
What destination versions are supported for a Multi-Version Cluster Upgrade?
- A. R81.10 and Later
- B. R70 and Later
- C. R76 and later
- D. R81.40 and later
正解:A
解説:
Explanation
The destination versions that are supported for a Multi-Version Cluster Upgrade are R81.10 and later. This means that the cluster members can be upgraded from any supported version to R81.10 or higher using the Multi-Version Cluster mode. R81.40, R76, and R70 are not supported destination versions for a Multi-Version Cluster Upgrade. References: : Check Point Software, Getting Started, Supported Upgrade Paths
質問 # 233
In R81, how do you manage your Mobile Access Policy?
- A. From SmartDashboard
- B. Through the Unified Policy
- C. From the Dedicated Mobility Tab
- D. Through the Mobile Console
正解:B
質問 # 234
Which blades and or features are not supported in R81?
- A. SmartConsole Toolbars
- B. SmartEvent
- C. Identity Awareness
- D. SmartEvent Maps
正解:D
解説:
Explanation
According to the Check Point website, SmartEvent Maps is a feature that was supported in previous versions of SmartEvent, but is not supported in R81. SmartEvent Maps displayed a graphical representation of security events on a world map. The other options are either supported or not valid features in R81. References:
SmartEvent Maps
質問 # 235
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
- A. Account Unit Query
- B. Active Directory Query
- C. User Directory Query
- D. UserCheck
正解:B
質問 # 236
To fully enable Dynamic Dispatcher on a Security Gateway:
- A. run fw multik set_mode 1 in Expert mode and then reboot.
- B. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
- C. run fw ctl multik set_mode 9 in Expert mode and then Reboot.
- D. Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu.
正解:C
解説:
To fully enable Dynamic Dispatcher on a Security Gateway, you need to run the following command in Expert mode then reboot:
This command sets the multi-core mode to 9, which means that Dynamic Dispatcher is enabled without Firewall Priority Queues. Dynamic Dispatcher is a feature that optimizes the performance of Security Gateways with multiple CPU cores by dynamically allocating traffic to different cores based on their load and priority. Dynamic Dispatcher can improve the throughput and scalability of the Security Gateway, especially for traffic that is not accelerated by SecureXL. The other commands are not valid or do not enable Dynamic Dispatcher. Reference: R81 Performance Tuning Administration Guide
質問 # 237
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?
- A. In the Captive Portal screen of Global Properties, check 'Enable Identity Captive Portal'.
- B. On the firewall object, Legacy Authentication screen, check 'Enable Identity Captive Portal'.
- C. On the Security Management Server object, check the box 'Identity Logging'.
- D. Right click Accept in the rule, select "More", and then check 'Enable Identity Captive Portal'.
正解:D
質問 # 238
Which command can you use to verify the number of active concurrent connections?
- A. show all connections
- B. fw conn all
- C. fw ctl pstat
- D. show connections
正解:C
質問 # 239
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
- A. cphaprob-a if
- B. fw ctl set int fwha vmac global param enabled
- C. fw ctl get int vmac global param enabled; result of command should return value 1
- D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
正解:D
解説:
Explanation
To ensure that VMAC mode is enabled, the CLI command that should be run on all cluster members is fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1. VMAC mode is a feature that allows ClusterXL to use virtual MAC addresses for cluster interfaces, instead of physical MAC addresses.
This improves the failover performance and compatibility of ClusterXL with switches and routers. To check if VMAC mode is enabled, the command fw ctl get int fwha_vmac_global_param_enabled can be used, which returns 1 if VMAC mode is enabled, and 0 if VMAC mode is disabled.
質問 # 240
What are possible Automatic Reactions in SmartEvent?
- A. Web Mail. Block Destination, SNMP Trap. SmartTask
- B. Web Mail, Block Service. SNMP Trap. SmartTask, Geo Protection
- C. Mail. SNMP Trap, Block Source. Block Event Activity, External Script
- D. Web Mail, Forward to SandBlast Appliance, SNMP Trap, External Script
正解:C
解説:
Explanation
The possible Automatic Reactions in SmartEvent are Mail, SNMP Trap, Block Source, Block Event Activity, and External Script1. Automatic Reactions are actions that SmartEvent can perform automatically when a specific event occurs2. They can help you respond quickly and efficiently to security incidents and threats2. The Automatic Reactions are1:
Mail: This reaction sends an email notification to a specified recipient with the details of the event. You can customize the subject and the body of the email, and use variables to include relevant information.
SNMP Trap: This reaction sends an SNMP trap to a specified SNMP server with the details of the event. You can customize the OID and the community string of the trap, and use variables to include relevant information.
Block Source: This reaction blocks the source IP address of the event from accessing your network for a specified duration. You can choose to block the source on all gateways or on specific gateways. You can also choose to block the source on a specific port or service.
Block Event Activity: This reaction blocks the specific activity that triggered the event from occurring again for a specified duration. You can choose to block the activity on all gateways or on specific gateways. You can also choose to block the activity on a specific port or service.
External Script: This reaction runs an external script on a specified server with the details of the event as arguments. You can use any script that can be executed by the operating system of the server, such as bash, perl, python, etc. You can use variables to include relevant information in the script arguments.
References: SmartEvent R81.10 Administration Guide - Check Point Software, SmartEvent - Check Point Software
質問 # 241
How do Capsule Connect and Capsule Workspace differ?
- A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.
- B. Capsule Connect does not require an installed application at client.
- C. Capsule Connect provides Business data isolation.
- D. Capsule Workspace can provide access to any application.
正解:A
質問 # 242
What is the Implicit Clean-up Rule?
- A. A setting that is configured per Policy Layer.
- B. Another name for the Clean-up Rule.
- C. A setting is defined in the Global Properties for all policies.
- D. Automatically created when the Clean-up Rule is defined.
正解:B
質問 # 243
What statement best describes the Proxy ARP feature for Manual NAT in R81.10?
- A. Automatic proxy ARP configuration can be enabled
- B. fw ctl proxy should be configured
- C. Translate Destination on Client Side should be configured
- D. local.arp file must always be configured
正解:D
解説:
Explanation
According to the Check Point R81 training course, the Proxy ARP feature for Manual NAT in R81.10 requires the configuration of the local.arp file on the Security Gateway. This file contains the mapping of IP addresses to MAC addresses for NATed hosts. The other options are either incorrect or irrelevant. References: Certified Security Expert (CCSE) R81.20 Course Overview
質問 # 244
Which packet info is ignored with Session Rate Acceleration?
- A. same info from Packet Acceleration is used
- B. source port ranges
- C. source port
- D. source ip
正解:C
解説:
Identifies connections by five attributes
- source address
- destination address
- source port
- destination port
- protocol
質問 # 245
What will be the effect of running the following command on the Security Management Server?
- A. Remove the installed Security Policy.
- B. No effect.
- C. Remove the local ACL lists.
- D. Reset SIC on all gateways.
正解:A
解説:
Explanation
Running the command fw unloadlocal on the Security Management Server will remove the installed Security Policy from the local firewall module. This command is useful for troubleshooting purposes when there is a problem with the policy installation or enforcement. However, it will also expose the Security Management Server to potential attacks, so it should be used with caution. References: Training & Certification | Check Point Software, R81 CCSA & CCSE exams released featuring Promo for... - Check Point ...
質問 # 246
How do Capsule Connect and Capsule Workspace differ?
- A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.
- B. Capsule Connect does not require an installed application at client.
- C. Capsule Connect provides Business data isolation.
- D. Capsule Workspace can provide access to any application.
正解:A
解説:
Explanation
Capsule Connect and Capsule Workspace are both components of Check Point's remote access solution, but they serve different purposes and have distinct features:
A: Capsule Connect provides a Layer 3 VPN, which allows remote users to connect securely to their corporate network. It typically provides network-level access, allowing users to access resources on the corporate network. On the other hand, Capsule Workspace provides a secure workspace environment, including a virtual desktop with usable applications. It is more focused on providing application-level access to users in a secure manner.
B: This statement is partially true. Capsule Workspace is designed to provide secure access to a wide range of applications and resources, not limited to specific applications.
C: Capsule Connect does provide business data isolation by creating a secure VPN tunnel for remote users, ensuring that their network traffic is isolated from the public internet.
D: Capsule Connect usually requires an installed application or VPN client on the client device to establish a secure connection to the corporate network. This statement is not entirely accurate because an installed application or client is typically required.
Therefore, option A is the correct answer as it accurately distinguishes between Capsule Connect and Capsule Workspace based on their primary functionalities.
References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.
質問 # 247
What are the two ClusterXL Deployment options?
- A. Distributed and Standalone
- B. Unicast and Multicast Mode
- C. Distributed and Full High Availability
- D. Broadcast and Multicast Mode
正解:C
解説:
The two ClusterXL Deployment options are Distributed and Full High Availability. Distributed deployment means that each cluster member has its own Security Management Server and synchronizes with other members. Full High Availability deployment means that one cluster member is active and handles all traffic, while the other members are in standby mode and ready to take over in case of a failure. The other options are not valid ClusterXL Deployment options, but rather ClusterXL Modes or ClusterXL Load Sharing Methods. Reference: [Check Point Security Expert R81 ClusterXL Administration Guide], page 6.
質問 # 248
How many images are included with Check Point TE appliance in Recommended Mode?
- A. as many as licensed for
- B. 2(OS) images
- C. the most new image
- D. images are chosen by administrator during installation
正解:B
質問 # 249
How many users can have read/write access in Gaia at one time?
- A. Infinite
- B. Two
- C. One
- D. Three
正解:C
質問 # 250
To fully enable Dynamic Dispatcher on a Security Gateway:
- A. run fw multik set_mode 1 in Expert mode and then reboot.
- B. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
- C. run fw ctl multik set_mode 9 in Expert mode and then Reboot.
- D. Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu.
正解:C
質問 # 251
Which of these is an implicit MEP option?
- A. Source address based
- B. Load Sharing
- C. Primary-backup
- D. Round robin
正解:C
解説:
Explanation
Implicit MEP (Multicast Ethernet Point) options refer to the way multicast traffic is handled within a network.
In this case, the question is asking about an implicit MEP option, and the correct answer is:
A: Primary-backup: This is an implicit MEP option where one switch (primary) forwards multicast traffic while the other switch (backup) does not forward the traffic. It is used to ensure redundancy in case the primary switch fails.
B: Source address-based, C. Round-robin, and D. Load Sharing are not implicit MEP options; they are different methods of handling multicast traffic and do not describe the concept of primary-backup.
Therefore, option A is the correct answer as it represents an implicit MEP option.
References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.
質問 # 252 
You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.
What does this mean?
- A. This rule No. 6 has been marked for deletion in another Management session.
- B. This rule No. 6 has been marked for deletion in your Management session.
- C. This rule No. 6 has been marked for editing in another Management session.
- D. This rule No. 6 has been marked for editing in your Management session.
正解:D
解説:
Explanation
You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.
This means that rule No.6 has been marked for editing in your Management session. In R81, every administrator works in a session that is independent of other administrators. Changes made by one administrator are not visible to others until they are published. When you edit a rule, it is marked with a pencil icon to indicate that it has been modified in your session. You can also lock a rule to prevent other administrators from editing it until you unlock it or publish your session. References: R81 Security Management Administration Guide, page 43.
質問 # 253
The log server sends what to the Correlation Unit?
- A. CPMI dbsync
- B. Event Policy
- C. Authentication requests
- D. Logs
正解:D
質問 # 254
SmartEvent does NOT use which of the following procedures to identify events:
- A. Matching a log against local exclusions
- B. Matching a log against global exclusions
- C. Create an event candidate
- D. Matching a log against each event definition
正解:A
解説:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
* Matching a Log Against Global Exclusions
* Matching a Log Against Each Event Definition
* Creating an Event Candidate
* When a Candidate Becomes an Event
質問 # 255
......
156-315.81試験問題集と保証された成功率:https://jp.fast2test.com/156-315.81-premium-file.html
最高品質のCheckPoint 156-315.81試験問題:https://drive.google.com/open?id=1uYm-ntUu0zxrm9YIC3U6cWnXWeXpHbsb