[2023年11月] 問題集簡単概要156-215.81試験問題GoShiken [Q124-Q141]

[2023年11月] 問題集簡単概要156-215.81試験問題GoShiken

156-215.81トレーニング認証最新版をゲットCheckpoint Certified Security Administrator

CheckPoint 156-215.81試験は、Check Point Certified Security Administrator R81試験としても知られており、Check Point Security GatewayおよびManagement Software Bladesシステムの管理と保守に関するスキルと知識を検証したいITプロフェッショナル向けの認定プログラムです。この試験では、Check Point Security GatewayおよびManagement Software Bladesの展開、セキュリティポリシーの設定、ユーザーアクセスの管理、一般的なネットワークの問題のトラブルシューティングなどのトピックがカバーされます。試験に合格することで、個人はCheck Point Security GatewayおよびManagement Software Bladesシステムを管理し、組織のネットワークとデータのセキュリティを確保するために必要なスキルと知識を持っていることを証明できます。

 

質問 # 124
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base.
Which of the following is the most likely cause?

• A. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.
• B. The POP3 rule is disabled.
• C. POP3 is accepted in Global Properties.
• D. The POP3 rule is hidden.

正解：D

質問 # 125
What Identity Agent allows packet tagging and computer authentication?

• A. Full Agent
• B. Light Agent
• C. System Agent
• D. Endpoint Security Client

正解：A

質問 # 126
A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?

• A. Anti-Bot protection
• B. Anti-Malware protection
• C. Policy-based routing
• D. Suspicious Activity Monitoring (SAM) rules

正解：D

解説：
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm

質問 # 127
The CDT utility supports which of the following?

• A. All upgrades
• B. Only major version upgrades to R80.10
• C. Only Jumbo HFA's and hotfixes
• D. Major version upgrades to R77.30

正解：A

質問 # 128
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

• A. On the firewall object, Legacy Authentication screen, check "Enable Identity Captive Portal"
• B. On the Security Management Server object, check the box "Identity Logging"
• C. Right click Accept in the rule, select "More", and then check "Enable Identity Captive Portal"
• D. In the Captive Portal screen of Global Properties, check "Enable Identity Captive Portal"

正解：C

解説：
Explanation
Identity Captive Portal is a Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication2. To enable Identity Captive Portal for a specific rule, you need to right click Accept in the rule, select "More", and then check "Enable Identity Captive Portal"3. References: Identity Awareness Administration Guide R80, Identity awareness with captive portal in Checkpoint R80

質問 # 129
Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?

• A. URL Filtering
• B. Application Control
• C. Identity Awareness
• D. Firewall

正解：C

質問 # 130
Which R77 GUI would you use to see number of packets accepted since the last policy install?

• A. SmartView Monitor
• B. SmartDashboard
• C. SmartView Tracker
• D. SmartView Status

正解：A

質問 # 131
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm's business partners. Which SmartConsole application should you use to confirm your suspicious?

• A. SmartView Tracker
• B. SmartDashboard
• C. SmartView Status
• D. SmartUpdate

正解：A

質問 # 132
In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

• A. Publish changes
• B. Install database
• C. Install policy
• D. Save changes

正解：C

解説：
Explanation
In order for changes made to policy to be enforced by a Security Gateway, an administrator must perform Install Policy3. This action transfers the policy package from the Security Management Server to the Security Gateway and activates it. References: Check Point R81 Security Management Administration Guide

質問 # 133
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

• A. The Security Management Server IP-address cannot be changed without re-establishing the trust
• B. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust
• C. Security Gateway IP-address cannot be changed without re-establishing the trust
• D. The Security Gateway name cannot be changed in command line without re-establishing trust

正解：C

解説：
Explanation
The answer is A because changing the Security Gateway IP-address requires re-establishing the trust with the Security Management Server by initializing the Secure Internal Communication (SIC). Changing the Security Gateway name in command line or changing the Security Management Server name or IP-address in SmartConsole does not require re-establishing the trust, but it may require updating the topology and pushing the policy.References: [Check Point R81 Security Management Administration Guide], [Check Point R81 Security Gateway Administration Guide]

質問 # 134
Access roles allow the firewall administrator to configure network access according to:

• A. a combination of computer or computer groups and networks.
• B. users and user groups.
• C. All of the above.
• D. remote access clients.

正解：C

解説：
To create an access role:
The Access Role window opens.
Your selection is shown in the Networks node in the Role Preview pane.
A window opens. You can search for Active Directory entries or select them from the list.
You can search for AD entries or select them from the list.
The access role is added to the Users and Administrators tree.
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Access-Roles.htm

質問 # 135
You want to store the GAiA configuration in a file for later reference.
What command should you use?

• A. show config -f <filename>
• B. save config -o <filename>
• C. save configuration <filename>
• D. write mem <filename>

正解：C

質問 # 136
Using R80 Smart Console, what does a "pencil icon" in a rule mean?

• A. This rule is managed by check point's SOC
• B. This rule can't be changed as it's an implied rule
• C. Someone else has changed this rule
• D. I have changed this rule

正解：D

解説：
Explanation
The correct answer is A because a pencil icon in a rule means that you have changed this rule3. The pencil icon indicates that the rule has been modified but not published yet. You can hover over the pencil icon to see who made the change and when3. The other options are not related to the pencil icon. References: Check Point Learning and Training Frequently Asked Questions (FAQs)

質問 # 137
Which one of the following is the preferred licensing model? Select the BEST answer

• A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
• B. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
• C. Central licensing because it ties the package license to the MAC-address of the Security Management Server's Mgmt-interface and has no dependency on the gateway.
• D. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.

正解：D

解説：
Explanation
Central licensing is the preferred licensing model because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway. This allows for easier management and distribution of licenses across multiple gateways1.
References: 1: Check Point R81 Security Management Administration Guide, page 14.

質問 # 138
Choose what BEST describes users on Gaia Platform.

• A. There is one default user that can be deleted.
• B. There are two default users and one cannot be deleted.
• C. There is one default user that cannot be deleted.
• D. There are two default users that cannot be deleted and one SmartConsole Administrator.

正解：B

質問 # 139
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database.
How can you do this?

• A. Restore the entire database, except the user database, and then create the new user and user group.
• B. Run fwm dbexport -1 filename. Restore the database. Then, run fwm dbimport -1 filename to import the users.
• C. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.
• D. Restore the entire database, except the user database.

正解：D

質問 # 140
Which GUI tool can be used to view and apply Check Point licenses?

• A. cpconfig
• B. SmartConsole
• C. SmartUpdate
• D. Management Command Line

正解：C

質問 # 141
......

認証トレーニング156-215.81試験問題集テストエンジン：https://www.goshiken.com/CheckPoint/156-215.81-mondaishu.html

Checkpoint Certified Security Administrator 156-215.81リアル試験問題と解答無料最新になります：https://drive.google.com/open?id=1o0OHE2iJVSItTy7IcglIu1UocYcA5p0K