Free 156-215.81 Exam Braindumps (page: 59)

Page 59 of 102

A security zone is a group of one or more network interfaces from different centrally managed gateways.
What is considered part of the zone?

  1. The zone is based on the network topology and determined according to where the interface leads to.
  2. Security Zones are not supported by Check Point firewalls.
  3. The firewall rule can be configured to include one or more subnets in a zone.
  4. The local directly connected subnet defined by the subnet IP and subnet mask.

Answer(s): A

Explanation:

A security zone is a group of one or more network interfaces from different centrally managed gateways that have the same security requirements. The zone is based on the network topology and determined according to where the interface leads to. For example, a zone can be defined as internal, external, DMZ, VPN, etc. Security zones are supported by Check Point firewalls and can be used to simplify security policies and network segmentation. The firewall rule can be configured to include one or more zones as source or destination objects. The local directly connected subnet defined by the subnet IP and subnet mask is not considered part of the zone, but rather a property of the interface.


Reference:

[Security Zones], [Security Zones Best Practices]



When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?

  1. Stateful Inspection offers unlimited connections because of virtual memory usage.
  2. Stateful Inspection offers no benefits over Packet Filtering.
  3. Stateful Inspection does not use memory to record the protocol used by the connection.
  4. Only one rule is required for each connection.

Answer(s): D

Explanation:

Stateful Inspection is a firewall technology that inspects both the header and the payload of each packet and keeps track of the state and context of each connection. Packet Filtering is a firewall technology that inspects only the header of each packet and does not keep track of the state or context of each connection. A benefit that Stateful Inspection offers over Packet Filtering is that only one rule is required for each connection, whereas Packet Filtering requires two rules for each connection (one for each direction). Stateful Inspection also offers other benefits over Packet Filtering, such as enhanced security, performance, and flexibility. Stateful Inspection does not offer unlimited connections because of virtual memory usage, nor does it avoid using memory to record the protocol used by the connection.


Reference:

[Stateful Inspection], [Packet Filtering], [Firewall Technologies]



Fill in the blanks: Gaia can be configured using _______ the ________.

  1. Command line interface; WebUI
  2. Gaia Interface; GaiaUI
  3. WebUI; Gaia Interface
  4. GaiaUI; command line interface

Answer(s): A

Explanation:

Gaia can be configured using the command line interface (CLI) or the WebUI. The CLI is a text-based interface that allows you to configure and manage Gaia settings using commands and scripts. The WebUI is a graphical interface that allows you to configure and manage Gaia settings using a web browser. Gaia Interface and GaiaUI are not valid terms for Gaia configuration tools.


Reference:

[Gaia Administration Guide], [Gaia Overview]



An administrator can use section titles to more easily navigate between large rule bases.
Which of these statements is FALSE?

  1. Section titles are not sent to the gateway side.
  2. These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement.
  3. A Sectional Title can be used to disable multiple rules by disabling only the sectional title.
  4. Sectional Titles do not need to be created in the SmartConsole.

Answer(s): C

Explanation:

The statement that a Sectional Title can be used to disable multiple rules by disabling only the sectional title is false. A Sectional Title is a visual divider that helps organize and navigate large rule bases. It does not affect the rule enforcement order or the rule functionality. Disabling a Sectional Title does not disable the rules under it. To disable multiple rules, you need to select them individually or use Shift+Click or Ctrl+Click to select them in bulk, and then right-click and choose Disable Rule(s). The other statements are true. Section titles are not sent to the gateway side, they are only displayed in SmartConsole. These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement. Sectional Titles do not need to be created in SmartConsole, they can also be created using SmartConsole CLI or API commands.


Reference:

[Sectional Titles], [SmartConsole CLI Guide], [SmartConsole API Reference Guide]



Page 59 of 102



Post your Comments and Discuss Checkpoint 156-215.81 exam with other Community members:

Pooja commented on September 08, 2024
Nice info ok I will do the same
Anonymous
upvote

IPR commented on October 05, 2023
q:124 is wrong - the correct answer is b but the syntax is: ip-address
Anonymous
upvote

IPR commented on October 05, 2023
Q:124 is wrong - the correct answer is B but the syntax is: ip-address
Anonymous
upvote