CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-215.81

Free 156-215.81 Exam Braindumps

SmartEvent does NOT use which of the following procedures to identity events:

  1. Matching a log against each event definition
  2. Create an event candidate
  3. Matching a log against local exclusions
  4. Matching a log against global exclusions

Answer(s): C

Explanation:

The procedure that SmartEvent does not use to identify events is matching a log against local exclusions. Local exclusions are used to filter out logs that are not relevant for SmartLog, not SmartEvent12. SmartEvent uses the other procedures to identify events based on event definitions, event candidates, and global exclusions3 .


Reference:

SmartLog R81 Administration Guide, Check Point CCSA - R81: Practice Test & Explanation, SmartEvent R81 Administration Guide, [Free Check

Point CCSA Sample Questions and Study Guide]



John is using Management H

  1. Which Smartcenter should be connected to for making changes?
  2. secondary Smartcenter
  3. active Smartcenter
  4. connect virtual IP of Smartcenter HA
  5. primary Smartcenter

Answer(s): B

Explanation:

The SmartCenter that should be connected to for making changes is the active SmartCenter. The active SmartCenter is the one that is currently synchronizing its configuration with the secondary SmartCenter and handling the communication with the gateways . The primary SmartCenter is the one that was initially configured as the main server, but it may become inactive if a failover occurs. The virtual IP of SmartCenter HA is used to access the SmartConsole, not to make changes.


Reference:

[Security Management Server High Availability (HA) R81 Administration Guide], [Check Point CCSA - R81: Practice Test & Explanation], [How to configure ClusterXL High Availability on Security Management Server]



Which path below is available only when CoreXL is enabled?

  1. Slow path
  2. Firewall path
  3. Medium path
  4. Accelerated path

Answer(s): C

Explanation:

The path that is available only when CoreXL is enabled is the medium path. The medium path is used to handle packets that require deeper inspection by the Firewall and IPS blades, but do not need to go through the slow path . The slow path is used to handle packets that require stateful or out-of- state inspection by other blades, such as Application Control or VPN . The firewall path and the accelerated path are available regardless of CoreXL status .


Reference:

[CoreXL R81 Administration Guide], [Check Point CCSA - R81: Practice Test & Explanation], [Check Point Security Gateway Architecture and Packet Flow], [Free Check Point CCSA Sample Questions and Study Guide]



Which of the following describes how Threat Extraction functions?

  1. Detect threats and provides a detailed report of discovered threats
  2. Proactively detects threats
  3. Delivers file with original content
  4. Delivers PDF versions of original files with active content removed

Answer(s): D

Explanation:

Threat Extraction delivers PDF versions of original files with active content removed, such as macros, embedded objects, and scripts. This ensures that users receive clean and safe files in seconds12.


Reference:

Check Point SandBlast Zero-Day Protection, Check Point Threat Extraction






Post your Comments and Discuss Checkpoint 156-215.81 exam with other Community members:

Pooja commented on September 08, 2024
Nice info ok I will do the same
Anonymous
upvote

IPR commented on October 05, 2023
q:124 is wrong - the correct answer is b but the syntax is: ip-address
Anonymous
upvote

IPR commented on October 05, 2023
Q:124 is wrong - the correct answer is B but the syntax is: ip-address
Anonymous
upvote