[Q100-Q120] 156-215.81認証試験の問題集解答を提供しています [2024年05月]

Share

156-215.81認証試験の問題集解答を提供しています [2024年05月]

更新された156-215.81試験練習テスト問題

質問 # 100
Which of the following is used to initially create trust between a Gateway and Security Management Server?

  • A. One-time Password
  • B. Internal Certificate Authority
  • C. Token
  • D. Certificate

正解:A

解説:
To establish the initial trust, a gateway and a Security Management Server use a one-time password. After the initial trust is established, further communication is based on security certificates.


質問 # 101
What is the mechanism behind Threat Extraction?

  • A. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast
  • B. This is a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender
  • C. This is a new mechanism to identify the IP address of the sender of malicious codes and to put it into the SAM database (Suspicious Activity Monitoring).
  • D. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient

正解:A


質問 # 102
Aggressive Mode in IKEv1 uses how many packages for negotiation?

  • A. 0
  • B. depends on the make of the peer gateway
  • C. 1
  • D. 2

正解:D

解説:
Explanation
Aggressive Mode in IKEv1 uses three packets for negotiation, with all data required for the SA passed by the initiator1. The responder sends the proposal, key material, and ID, and authenticates the session in the next packet. The initiator replies and authenticates the session1.
The other answers are not correct because they either refer to the Main Mode in IKEv1, which uses six packets for negotiation2, or they are irrelevant to the number of packets used in Aggressive Mode.
* Understand IPsec IKEv1 Protocol - Cisco
* Negotiation modes for phase 1 - IBM
* FAQ-What are the differences between IKEv1 and IKEv2- Huawei


質問 # 103
Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?

  • A. The Rule Base
  • B. NAT Rules
  • C. The firewall topologies
  • D. The VPN Domains

正解:A


質問 # 104
Which repositories are installed on the Security Management Server by SmartUpdate?

  • A. Package Repository and Licenses
  • B. License and Update
  • C. Update and License & Contract
  • D. License & Contract and Package Repository

正解:D


質問 # 105
What is Consolidation Policy?

  • A. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
  • B. The collective name of the logs generated by SmartReporter.
  • C. The collective name of the Security Policy, Address Translation, and IPS Policies.
  • D. A global Policy used to share a common enforcement policy for multiple Security Gateways.

正解:A


質問 # 106
What command would show the API server status?

  • A. api status
  • B. cpm status
  • C. api restart
  • D. show api status

正解:D

解説:
Explanation
The command api status shows the API server status, including whether it is enabled or not, the port number, and the API version1. References: Check Point R81 API Reference Guide


質問 # 107
View the rule below. What does the pen-symbol in the left column mean?

  • A. Those rules have been published in the current session.
  • B. The configuration lock is present. Click the pen symbol in order to gain the lock.
  • C. Rules have been edited by the logged in administrator, but the policy has not been published yet.
  • D. Another user has currently locked the rules for editing.

正解:C

解説:
Explanation
The pen-symbol in the left column means that the rules have been edited by the logged in administrator, but the policy has not been published yet. It indicates that the changes are not yet effective and can be discarded.References: Policy Editor, Publishing Changes


質問 # 108
Which of the following is NOT a valid deployment option for R80?

  • A. Distributed
  • B. Bridge Mode
  • C. All-in-one (stand-alone)
  • D. CloudGuard

正解:D

解説:
Explanation
CloudGuard is not a valid deployment option for R80. CloudGuard is a product name for Check Point's cloud security solutions, not a deployment mode. The valid deployment options for R80 are all-in-one (stand-alone), distributed, and bridge mode. In an all-in-one deployment, the Security Management Server and Security Gateway are installed on the same machine. In a distributed deployment, the Security Management Server and Security Gateway are installed on separate machines. In a bridge mode deployment, the Security Gateway acts as a transparent bridge between two network segments and does not have an IP address of its own3References: CloudGuard, [Part 4 - Installing Security Gateway], [Deployment Options]


質問 # 109
You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?

  • A. import backup
  • B. migrate import
  • C. restore_backup
  • D. cp_merge

正解:C

解説:
Explanation
The command to restore a backup of Check Point configurations without the OS information is restore_backup4. This command restores the Gaia OS configuration and the firewall database from a compressed file. The other commands are not valid for this purpose. import backup is not a valid command. cp_merge is a command to merge policies or objects from different databases. migrate import is a command to import a previously exported database using migrate export. References: System Backup and Restore feature in Gaia, [cp_merge], [migrate import]


質問 # 110
True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway

  • A. True, Central License can be installed with CPLIC command on a Security Gateway
  • B. False, Central License are installed via Gaia on Security Gateways
  • C. True, CLI is the prefer method for Licensing
  • D. False, Central License are handled via Security Management Server

正解:A


質問 # 111
What Check Point technologies deny or permit network traffic?

  • A. IPS, Mobile Threat Protection
  • B. Packet Filtering, Stateful Inspection, Application Layer Firewall.
  • C. ACL, SandBlast, MPT
  • D. Application Control, DLP

正解:B


質問 # 112
While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps.
What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker.
2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.

  • A. 3, 2, 5, 4
  • B. 3, 5, 2, 4
  • C. 1, 2, 5, 4
  • D. 1, 5, 2, 4

正解:D


質問 # 113
An administrator wishes to enable Identity Awareness on the Check Point firewalls. However they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?

  • A. AD Query
  • B. Browser-Based Authentication
  • C. Terminal Servers Agent
  • D. Identity Agents

正解:B


質問 # 114
What type of NAT is a one-to-one relationship where each host is translated to a unique address?

  • A. Static
  • B. Hide
  • C. Destination
  • D. Source

正解:A


質問 # 115
Look at the following screenshot and select the BEST answer.

  • A. Internal clients can upload and download any-files to FTP_Ext-server using FTP.
  • B. Internal clients can upload and download archive-files to FTP_Ext server using FTP.
  • C. Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP.
  • D. Clients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP.

正解:C


質問 # 116
Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?

  • A. snapshot
  • B. All options stop Check Point processes
  • C. migrate export
  • D. backup

正解:A


質問 # 117
How many layers make up the TCP/IP model?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:C

解説:
Explanation
The TCP/IP model is made up of four layers: Application, Transport, Internet, and Network Interface1, p. 10.
The TCP/IP model is a simplified version of the OSI model, which has seven layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical. References: Check Point CCSA - R81: Practice Test & Explanation, [TCP/IP Model Explained]


質問 # 118
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:

  • A. edit the home directory of the user.
  • B. add users to your Gaia system.
  • C. assign user rights to their home directory in the Security Management Server
  • D. assign privileges to users.

正解:C


質問 # 119
Security Zones do no work with what type of defined rule?

  • A. Application Control rule
  • B. Manual NAT rule
  • C. IPS bypass rule
  • D. Firewall rule

正解:B

解説:
https://community.checkpoint.com/t5/Management/Workaround-for-manual-NAT-when-security-zones-are-used/td-p/9915


質問 # 120
......

検証済みの156-215.81問題集と解答を使って100%一発合格保証で更新された問題集:https://drive.google.com/open?id=1X87hY-6bT2EN9OHJlEKHhDVvYfxeiJwK

合格させるCheckpoint Certified Security Administrator 156-215.81試験には402問があります:https://jp.fast2test.com/156-215.81-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어