CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-215.81

Free 156-215.81 Exam Braindumps (page: 44)

Page 44 of 102
PDF with 401 Questions

When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security Policy?

  1. Access Role
  2. User Group
  3. SmartDirectory Group
  4. Group Template

Answer(s): A

Explanation:

The BEST object type to represent an LDAP group in a Security Policy is an Access Role. An Access Role object defines a set of users, machines, or networks that can access a resource or service1, p.
27. An Access Role object can include LDAP groups as one of its components2, p. 10.


Reference:

Check Point CCSA - R81: Practice Test & Explanation, Check Point Identity Awareness Administration Guide R81



The ______ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

  1. Next Generation Threat Prevention
  2. Next Generation Threat Emulation
  3. Next Generation Threat Extraction
  4. Next Generation Firewall

Answer(s): B

Explanation:

The Next Generation Threat Emulation software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware1, p. 41. It emulates files in a virtual environment and inspects their behavior for malicious activity3.


Reference:

Check Point CCSA - R81: Practice Test & Explanation, Check Point Threat Emulation Administration Guide R81



Fill in the blank: Once a certificate is revoked from the Security GateWay by the Security Management Server, the certificate information is _______.

  1. Sent to the Internal Certificate Authority.
  2. Sent to the Security Administrator.
  3. Stored on the Security Management Server.
  4. Stored on the Certificate Revocation List.

Answer(s): D

Explanation:

Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is stored on the Certificate Revocation List (CRL)1, p. 47. The CRL is a list of certificates that have been revoked before their expiration date4.


Reference:

Check Point CCSA - R81:
Practice Test & Explanation, Free Check Point CCSA Sample Questions and Study Guide



Which type of attack can a firewall NOT prevent?

  1. Network Bandwidth Saturation
  2. Buffer Overflow
  3. SYN Flood
  4. SQL Injection

Answer(s): A

Explanation:

A firewall can NOT prevent a network bandwidth saturation attack, which is a type of denial-of- service (DoS) attack that aims to consume all the available bandwidth of a target network or device1,

p. 9. A firewall can prevent other types of attacks, such as buffer overflow, SYN flood, and SQL injection, by inspecting packets and applying security rules2, p. 11-12.


Reference:

Check Point CCSA - R81: Practice Test & Explanation, 156-315.81 Checkpoint Exam Info and Free Practice Test



Page 44 of 102



Post your Comments and Discuss Checkpoint 156-215.81 exam with other Community members:

Pooja commented on September 08, 2024
Nice info ok I will do the same
Anonymous
upvote

IPR commented on October 05, 2023
q:124 is wrong - the correct answer is b but the syntax is: ip-address
Anonymous
upvote

IPR commented on October 05, 2023
Q:124 is wrong - the correct answer is B but the syntax is: ip-address
Anonymous
upvote