CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-215.81

Free 156-215.81 Exam Braindumps (page: 29)

Page 29 of 102
PDF with 401 Questions

Identify the ports to which the Client Authentication daemon listens on by default?

  1. 259, 900
  2. 256, 257
  3. 8080, 529
  4. 80, 256

Answer(s): A

Explanation:

The ports to which the Client Authentication daemon listens on by default are 259 and 900. Client Authentication is a method that allows users to authenticate with the Security Gateway before they are allowed access to protected resources. The Client Authentication daemon (fwauthd) runs on the Security Gateway and listens for authentication requests on TCP ports 259 and 900 .


Reference:

[Check Point R81 Remote Access VPN Administration Guide], [Check Point R81 Quantum Security Gateway Guide]



What is the purpose of the CPCA process?

  1. Monitoring the status of processes
  2. Sending and receiving logs
  3. Communication between GUI clients and the SmartCenter server
  4. Generating and modifying certificates

Answer(s): D

Explanation:

The purpose of the CPCA process is generating and modifying certificates. CPCA stands for Check Point Certificate Authority and it is a process that runs on the Security Management Server or Log Server. It is responsible for creating and managing certificates for internal communication between Check Point components, such as SIC .


Reference:

[Check Point R81 Quantum Security Management Administration Guide], [Check Point R81 Quantum Security Gateway Guide]



The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?

  1. Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with any UID and assign role to the user.
  2. Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with UID 0 and assign role to the user.
  3. Create a new access role.Add expert-mode access to the role.Create new user with UID 0 and assign role to the user.
  4. Create a new access role.Add expert-mode access to the role.Create new user with any UID and assign role to the user.

Answer(s): A

Explanation:

To achieve the requirement of giving the Network Operations Center administrator access to Check Point Security devices mostly for troubleshooting purposes, but not to the expert mode, and still allowing her to run tcpdump, you need to:
Add tcpdump to CLISH using add command. This command adds a new command to the Command Line Interface Shell (CLISH) that allows running tcpdump without entering the expert mode . Create a new access role. This option defines a set of permissions and commands that can be assigned to a user or a group of users.
Add tcpdump to the role. This option grants the permission to run tcpdump to the role. Create new user with any UID and assign role to the user. This option creates a new user account with any User ID (UID) and assigns the role that has tcpdump permission to the user.


Reference:

[How to add a new command to CLISH], [Check Point R81 Gaia Administration Guide], [Check Point R81 Identity Awareness Administration Guide]



After the initial installation on Check Point appliance, you notice that the Management interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

  1. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config
  2. add interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0.0.0.0.0 gw 192.168.80.1 onsave config
  3. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0.0.0.0.0 gw 192.168.80.1 onsave config
  4. add interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

Answer(s): A

Explanation:

The commands you could use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1 after the initial installation on Check Point appliance are:
set interface Mgmt ipv4-address 192.168.80.200 mask-length 24. This command sets the IPv4

address and subnet mask of the Management interface.
set static-route default nexthop gateway address 192.168.80.1 on. This command sets the default gateway for IPv4 routing.
save config. This command saves the configuration changes.


Reference:

[Check Point R81 Gaia CLI Reference Guide], [Check Point R81 Gaia Administration Guide]



Page 29 of 102



Post your Comments and Discuss Checkpoint 156-215.81 exam with other Community members:

Pooja commented on September 08, 2024
Nice info ok I will do the same
Anonymous
upvote

IPR commented on October 05, 2023
q:124 is wrong - the correct answer is b but the syntax is: ip-address
Anonymous
upvote

IPR commented on October 05, 2023
Q:124 is wrong - the correct answer is B but the syntax is: ip-address
Anonymous
upvote