2023年最新の更新のCheck Point Certified Security Expertが有効な156-315.81問題集を無料提供しています
最新のJPNTest 156-315.81PDF問題集をダウンロードしちゃおう:https://www.jpntest.com/shiken/156-315.81-mondaishu(582問題と解答)
質問 # 12
What are the Threat Prevention software components available on the Check Point Security Gateway?
- A. IPS, Threat Emulation and Threat Extraction
- B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
- C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
- D. IDS, Forensics, Anti-Virus, Sandboxing
正解:C
解説:
Explanation
The Threat Prevention software components available on the Check Point Security Gateway are IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction. These components provide comprehensive protection against various types of cyber threats, such as network attacks, malware, ransomware, phishing, zero-day exploits, data leakage, and more. IPS is a network security component that detects and prevents malicious traffic based on signatures, behavioral patterns, and anomaly detection. Anti-Bot is a network security component that detects and blocks botnet communications and command-and-control servers.
Anti-Virus is a network security component that scans files for known viruses, worms, and trojans. Threat Emulation is a network security component that emulates files in a sandbox environment to detect unknown malware and prevent zero-day attacks. Threat Extraction is a network security component that removes malicious content from files and delivers clean files to users. References: [Check Point R81 Threat Prevention Administration Guide], page 9-10
質問 # 13
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
- A. Accounting/Extended
- B. Accounting/Suppression
- C. Accounting
- D. Suppression
正解:B
質問 # 14
In R81, how do you manage your Mobile Access Policy?
- A. From SmartDashboard
- B. From the Dedicated Mobility Tab
- C. Through the Mobile Console
- D. Through the Unified Policy
正解:D
解説:
Explanation
In R81, you can manage your Mobile Access Policy through the Unified Policy. The Unified Policy is a single policy that combines access control, threat prevention, data protection, and identity awareness. You can create rules for mobile access in the Unified Policy rulebase and apply them to mobile devices, users, and applications. You can also use the Mobile Access blade to configure additional settings for mobile access, such as authentication methods, VPN settings, and application portal.
質問 # 15
What API command below creates a new host object with the name "My Host" and IP address of "192 168 0
10"?
- A. set host name "My Host" ip-address "192.168.0.10"
- B. create host name "My Host" ip-address "192.168 0.10"
- C. new host name "My Host" ip-address "192 168.0.10"
- D. mgmt.cli -m <mgmt ip> add host name "My Host" ip-address "192.168.0 10"
正解:A
質問 # 16
Which two Identity Awareness daemons are used to support identity sharing?
- A. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
- B. Policy Activation Point (PAP) and Policy Decision Point (PDP)
- C. Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
- D. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
正解:A
解説:
Explanation
The two Identity Awareness daemons that are used to support identity sharing are Policy Decision Point (PDP) and Policy Enforcement Point (PEP). PDP is a daemon that runs on Security Gateways that acquire identities from various sources, such as AD Query, Identity Agent, Captive Portal, etc. PEP is a daemon that runs on Security Gateways that enforce the security policy based on identities received from PDPs. Identity sharing is a feature that allows PDPs to share identities with other PDPs or PEPs in different gateways or domains.
References: [Check Point R81 Identity Awareness Administration Guide]
質問 # 17
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
- A. Captive Portal and Transparent Kerberos Authentication
- B. User Directory
- C. UserCheck
- D. Captive Portal
正解:A
質問 # 18
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
- A. fw ctl Dynamic_Priority_Queue enable
- B. fw ctl Dynamic_Priority_Queue on
- C. fw ctl multik set_mode 1
- D. fw ctl multik set_mode 9
正解:D
解説:
Explanation
Dynamic Dispatcher is a feature that optimizes the performance of Security Gateways with multiple CPU cores by dynamically allocating traffic to different cores based on their load and priority. Firewall Priority Queues is a feature that prioritizes traffic based on its type and importance by assigning it to different queues with different weights and limits. To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, you need to run the following command in Expert mode then reboot:
This command sets the multi-core mode to 9, which means that Dynamic Dispatcher is enabled with Firewall Priority Queues. The other commands are not valid or do not enable both features. References: R81 Performance Tuning Administration Guide
質問 # 19
Which packet info is ignored with Session Rate Acceleration?
- A. source port
- B. source ip
- C. same info from Packet Acceleration is used
- D. source port ranges
正解:A
解説:
Explanation
Identifies connections by five attributes
- source address
- destination address
- source port
- destination port
- protocol
質問 # 20
Please choose correct command to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI?
- A. add host name emailserver1 ip-address 10.50.23.90
- B. mgmt: add host name emailserver1 ip-address 10.50.23.90
- C. host name myHost12 ip-address 10.50.23.90
- D. mgmt: add host name ip-address 10.50.23.90
正解:B
質問 # 21
According to out of the box SmartEvent policy, which blade will automatically be correlated into events?
- A. VPN
- B. HTTPS
- C. Firewall
- D. IPS
正解:D
解説:
Explanation
According to out of the box SmartEvent policy, the blade that will automatically be correlated into events is IPS. IPS (Intrusion Prevention System) is a blade that detects and prevents network attacks by inspecting traffic and applying signatures and protections. SmartEvent correlates IPS logs into events based on predefined event definitions, such as IPS Attack, IPS Attack High Confidence, IPS Attack Critical Confidence, etc. The other blades are not automatically correlated into events by default, but they can be added to the SmartEvent policy manually. References: [SmartEvent Policy]
質問 # 22
With SecureXL enabled, accelerated packets will pass through the following:
- A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
- B. Network Interface Card, OSI Network Layer, and the Acceleration Device
- C. Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device
- D. Network Interface Card and the Acceleration Device
正解:D
解説:
Explanation
With SecureXL enabled, accelerated packets will pass through the following: Network Interface Card and the Acceleration Device. SecureXL is a technology that accelerates network traffic processing by offloading intensive operations from the Firewall kernel to a dedicated SecureXL device. Accelerated packets are packets that match certain criteria and can be handled by SecureXL without involving the Firewall kernel. These packets bypass the OSI Network Layer, OS IP Stack, and Check Point Firewall Kernel, and are processed directly by the Network Interface Card and the Acceleration Device. The other options are either incorrect or describe non-accelerated packets.
質問 # 23
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
- A. TCP Port 18209
- B. TCP port 19009
- C. TCP Port 18190
- D. TCP Port 18191
正解:B
質問 # 24
DLP and Geo Policy are examples of what type of Policy?
- A. Inspection Policies
- B. Standard Policies
- C. Shared Policies
- D. Unified Policies
正解:C
解説:
Explanation
DLP and Geo Policy are examples of Shared Policies. Shared Policies are policies that can be applied to multiple gateways or clusters, regardless of their Access Control policy. Shared Policies allow administrators to manage common security settings across different gateways or clusters, such as Data Loss Prevention, Geo Protection, Threat Prevention, HTTPS Inspection, etc. References: R81 Security Management Administration Guide, page 31.
質問 # 25
What are the two high availability modes?
- A. Active and Standby
- B. Traditional and New
- C. Load Sharing and Legacy
- D. New and Legacy
正解:D
解説:
Explanation
ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages.
質問 # 26
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
- A. Postgres SQL
- B. SOLR
- C. MarisDB
- D. MySQL
正解:A
解説:
Explanation
CPM process stores objects, policies, users, administrators, licenses and management data in a Postgres SQL database. This database is located in $FWDIR/conf and can be accessed using the pg_client command2. The other options are not the correct database type for CPM. References: Check Point R81 Security Management Administration Guide
質問 # 27
What is the best method to upgrade a Security Management Server to R81.x when it is not connected to the Internet?
- A. Advanced Upgrade only
- B. SmartUpdate offline upgrade
- C. Advanced upgrade or CPUSE offline upgrade
- D. CPUSE offline upgrade only
正解:C
質問 # 28
You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
- A. SecuRemote
- B. Check Point Capsule Cloud
- C. SmartEvent Client Info
- D. Sandblast Mobile Protect
正解:D
解説:
SandBlast Mobile Protect is a lightweight app for iOS and Android™ that gathers data and helps analyze threats to devices in your environment.
https://www.checkpoint.com/downloads/products/how-sandblast-mobile-works-solution-brief.pdf
質問 # 29
Fill in the blank: The "fw monitor" tool can be best used to troubleshoot ____________________.
- A. Authentication issues
- B. VPN errors
- C. AV issues
- D. Network traffic issues
正解:D
解説:
Explanation
The "fw monitor" tool can be best used to troubleshoot network traffic issues. Fw monitor is a tool that allows administrators to capture packets at different inspection points in the Firewall kernel, and apply filters and flags to analyze the traffic. Fw monitor can help troubleshoot network connectivity problems, packet drops, NAT issues, VPN issues, and more. The other options are either not related or less suitable for fw monitor.
質問 # 30
What is the best sync method in the ClusterXL deployment?
- A. Use 2 clusters +1st sync + 2nd sync
- B. Use 3 clusters + 1st sync + 2nd sync + 3rd sync
- C. Use 1 cluster + 1st sync
- D. Use 1 dedicated sync interface
正解:D
質問 # 31
What are the different command sources that allow you to communicate with the API server?
- A. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services
- B. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services
- C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
- D. API_cli Tool, Gaia CLI, Web Services
正解:A
解説:
Explanation
You can communicate with the API server using three command sources: SmartConsole GUI Console, mgmt_cli Tool, and Gaia CLI. Web Services are not a command source, but a way to access the API server using HTTP requests. References: Check Point Management APIs
質問 # 32
How can you switch the active log file?
- A. Run fw logswitch on the gateway
- B. Run fwm logswitch on the Management Server
- C. Run fwm logswitch on the gateway
- D. Run fw logswitch on the Management Server
正解:C
質問 # 33
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
- A. Prevent/Bypass
- B. Detect/Bypass
- C. Inspect/Prevent
- D. Inspect/Bypass
正解:D
質問 # 34
What is a best practice before starting to troubleshoot using the "fw monitor" tool?
- A. Run the command: fw monitor debug on
- B. Disable CoreXL
- C. Disable SecureXL
- D. Clear the connections table
正解:C
解説:
Explanation
A best practice before starting to troubleshoot using the fw monitor tool is to disable SecureXL. SecureXL is a performance acceleration solution that optimizes the packet flow through the Security Gateway. However, SecureXL can also bypass some inspection points and cause some packets to be invisible to fw monitor.
Therefore, disabling SecureXL can ensure that fw monitor captures all the relevant packets for troubleshooting purposes. References: Check Point Security Expert R81 Course, fw monitor, SecureXL
質問 # 35
......
CCSE R81認定資格は、保持者の高度な知識や技能をセキュリティ技術を証明するために、セキュリティ業界で高く評価されています。世界中の組織によって認められており、セキュリティプロフェッショナルのキャリアアップや新たなチャレンジに取り組むための重要な資産となります。また、Check Pointのセキュリティ技術を使用する企業にとっても貴重な資産となり、セキュリティプロフェッショナルがこれらの技術を効果的に管理および維持するための専門知識を持っていることを保証します。
Check Point Certified Security Expert R81認定は、Check Pointセキュリティソリューションを扱うITプロフェッショナルにとって貴重な資格です。この認定は世界的に認知され、業界で高く評価されています。ネットワークセキュリティとCheck Pointセキュリティソリューションの専門知識を証明するために、認定プロフェッショナルにとって競争力を持たせます。さらに、この認定は2年間有効であり、認定プロフェッショナルは継続教育単位を修得するか、再認定試験に合格する必要があります。
実験された試験材料は156-315.81:https://www.jpntest.com/shiken/156-315.81-mondaishu