[2026年03月]更新のCheckPoint 156-315.81.20公式認定ガイドPDF [Q43-Q63]

Share

[2026年03月]更新のCheckPoint 156-315.81.20公式認定ガイドPDF

試験156-315.81.20 Check Point Certified Security Expert - R81.20

質問 # 43
What is Dynamic Balancing?

  • A. It is a ClusterXL feature that switches an HA cluster into an LS cluster if required to maximize throughput
  • B. It is a CoreXL feature that assigns the SND to network interfaces to balance the RX Cache of the interfaces
  • C. It is a new feature that is capable of dynamically reserve the amount of Hash kernel memory to reflect the resource usage necessary for maximizing the session rate.
  • D. It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load

正解:D


質問 # 44
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications.
Mobile Access encrypts all traffic using:

  • A. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
  • B. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.
  • C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.
  • D. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.

正解:B


質問 # 45
Which Mobile Access Solution is clientless?

  • A. Checkpoint Mobile
  • B. SecuRemote
  • C. Mobile Access Portal
  • D. Endpoint Security Suite

正解:C


質問 # 46
Which packet info is ignored with Session Rate Acceleration?

  • A. same info from Packet Acceleration is used
  • B. source ip
  • C. source port
  • D. source port ranges

正解:C


質問 # 47
What key is used to save the current CPView page in a filename format cpview_"cpview process ID".cap"number of captures"?

  • A. W
  • B. C
  • C. Space bar
  • D. S

正解:B


質問 # 48
Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig'' to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary & Secondary"
Which configuration option does she need to look for:

  • A. CA Authority
  • B. Certificate Authority
  • C. Random Pool
  • D. Certificate's Fingerprint

正解:B


質問 # 49
Fill in the blank: The "fw monitor" tool can be best used to troubleshoot ____________________.

  • A. VPN errors
  • B. AV issues
  • C. Network traffic issues
  • D. Authentication issues

正解:C


質問 # 50
The "Hit count" feature allows tracking the number of connections that each rule matches.
Will the Hit count feature work independently from logging and Track the hits if the Track option is set to "None"?

  • A. No, it will not work independently because hit count requires all rules to be logged.
  • B. Yes it will work independently as long as "analyze all rules" tick box is enabled on the Security Gateway.
  • C. Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.
  • D. No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert.

正解:C


質問 # 51
Fill in the blank: The IPS policy for pre-R81 gateways is installed during the _______ .

  • A. Firewall policy install
  • B. Access Control policy install
  • C. Threat Prevention policy install
  • D. Anti-bot policy install

正解:D


質問 # 52
How long may verification of one file take for Sandblast Threat Emulation?

  • A. up to 5 minutes
  • B. up to 3 minutes
  • C. up to 1 minutes
  • D. within seconds cleaned file will be provided

正解:B


質問 # 53
What needs to be configured if the NAT property 'Translate destination or client side' is not enabled in Global Properties?

  • A. A host route to route to the destination IP.
  • B. Nothing, the Gateway takes care of all details necessary.
  • C. Use the file local.arp to add the ARP entries for NAT to work.
  • D. Enabling 'Allow bi-directional NAT' for NAT to work correctly.

正解:B


質問 # 54
When attempting to start a VPN tunnel, in the logs the error "no proposal chosen" is seen numerous times. No other VPN-related entries are present.
Which phase of the VPN negotiations has failed?

  • A. IKE Phase 1
  • B. IPSEC Phase 2
  • C. IPSEC Phase 1
  • D. IKE Phase 2

正解:A


質問 # 55
Which of the following authentication methods ARE NOT used for Mobile Access?

  • A. TACACS+
  • B. RADIUS server
  • C. Username and password (internal, LDAP)
  • D. SecurID

正解:A


質問 # 56
In ClusterXL Load Sharing Multicast Mode:

  • A. packets sent to the cluster IP address are distributed equally between all members of the cluster
  • B. every member of the cluster received all of the packets sent to the cluster IP address
  • C. only the secondary member receives packets sent to the cluster IP address
  • D. only the primary member received packets sent to the cluster IP address

正解:B


質問 # 57
Which process is used mainly for backward compatibility of gateways in R81.X? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.

  • A. fwm
  • B. cpd
  • C. cpm
  • D. fwd

正解:A


質問 # 58
What is the main difference between Threat Extraction and Threat Emulation?

  • A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
  • B. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
  • C. Threat Extraction always delivers a file and takes less than a second to complete.
  • D. Threat Emulation never delivers a file that takes less than a second to complete.

正解:C


質問 # 59
What is the default shell for the command line interface?

  • A. Admin
  • B. Clish
  • C. Normal
  • D. Expert

正解:B


質問 # 60
What will SmartEvent automatically define as events?

  • A. IPS
  • B. VPN
  • C. HTTPS
  • D. Firewall

正解:A


質問 # 61
How can you switch the active log file?

  • A. Run fwm logswitch on the gateway
  • B. Run fw logswitch on the Management Server
  • C. Run fwm logswitch on the Management Server
  • D. Run fw logswitch on the gateway

正解:B


質問 # 62
What is the mechanism behind Threat Extraction?

  • A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
  • B. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.
  • C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
  • D. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

正解:B


質問 # 63
......

無料156-315.81.20試験問題集試験点数を伸ばそう:https://www.goshiken.com/CheckPoint/156-315.81.20-mondaishu.html

2026年最新の実際に出る156-315.81.20問題集には試験のコツがあるPDF試験材料:https://drive.google.com/open?id=165AaVWaBJxYPaZQ_srNP4YeYNwd8qWls