CheckPoint 156-315.81 Check Point Certified Security Expert - R81.20 Exam Practice Test

Page: 1 / 14
Total 628 questions
Question 1

How many policy layers do Access Control policy support?



Answer : A

The Access Control policy supports two policy layers. These are the Network layer and the Application & URL Filtering layer. The Network layer contains rules that control the network traffic based on the source, destination, service, and action.The Application & URL Filtering layer contains rules that control the application and web access based on the application, site category, and user identity12.

The Access Control policy can also use inline layers, which are sub-policies that are embedded within a rule.Inline layers allow more granular control over specific traffic or scenarios, such as VPN, Mobile Access, or different user groups13.However, inline layers are not considered as separate policy layers, but rather as extensions of the parent rule4.

Therefore, the correct answer is A. The Access Control policy supports two policy layers.


1, Policy Layers in R80.x - Check Point CheckMates

2, Access Control policies, layers, and rules | Check Point Firewall ...

3, Chapter 8: Introduction to Policies, Layers, and Rules - Check Point ...

4, Creating an Access Control Policy - Check Point Software

Question 2

You can access the ThreatCloud Repository from:



Answer : D

According to the Check Point R81 release notes, you can access the ThreatCloud Repository from R81.20 SmartConsole and Threat Prevention. The ThreatCloud Repository is a cloud-based service that provides real-time threat intelligence and updates to Check Point products. The other options are either outdated or nonexistent. Reference:Check Point R81


Question 3

Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?



Answer : B

The command that may impact performance briefly and should not be used during heavy traffic times of day is fw tab -t connections. This command displays all the entries in the connections table, which can be very large and consume a lot of CPU resources. The other commands are less intensive and can be used safely. The command fw tab -t connections -s displays only the statistics of the connections table, such as number of entries, peak size, etc. The command fw tab -t connections -c clears all the entries in the connections table. The command fw tab -t connections -f displays only the entries that match a filter expression. Reference: [fw tab Command]


Question 4

Which of the following is an authentication method used for Identity Awareness?



Answer : C

Captive Portal is one of the authentication methods used for Identity Awareness, which is a feature of Check Point that enables you to identify users and apply security policy rules based on their identity. Captive Portal redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity.

The references are:

Machine Authentication & Identity Awareness - Check Point CheckMates

Check Point Certified Security Expert R81.20, slide 13

Check Point R81 Identity Awareness Administration Guide, page 9


Question 5

How can SmartView application accessed?



Answer : C

SmartView is a web-based application that allows you to view and analyze logs, reports, and events from multiple Check Point products. You can access SmartView by using the following URL:

You need to use HTTPS protocol and the default port 443. You also need to enter the IP address of the Security Management Server that hosts the SmartView application. You cannot use the host name of the Security Management Server or a different port number. Reference:SmartView R81 Administration Guide


Question 6

What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?



Answer : D

The 'Network Access VPN Domain' feature allows remote-access VPN users to access resources across a site-to-site VPN tunnel. This feature allows remote users to securely access internal network resources as if they were physically connected to the network. This is achieved by adding the remote-access VPN users to a 'VPN Domain' that has access to the internal network resources via a site-to-site VPN tunnel. This VPN Domain is also referred to as a 'Network Access VPN Domain'.


Question 7

Which of the following is a task of the CPD process?



Answer : B

The task of the CPD process that is listed among the options is transferring messages between Firewall processes. The CPD process is responsible for inter-process communication between various Check Point daemons, such as FWM, FWD, CPD, CPM, etc. It also handles licensing and status report requests from other processes. The other tasks are performed by different processes. The task of invoking and monitoring critical processes and attempting to restart them if they fail is performed by the WatchDog process. The task of log forwarding is performed by the FWD process. The task of processing most traffic on a security gateway is performed by the Firewall kernel module. Reference: [Check Point Processes and Daemons]


Page:    1 / 14   
Total 628 questions