Vendor: Check Point Exam Code: 156-915.80 Exam Name: Check Point Certified Security Expert Update -
R80 Version: 18.061
Important Notice Product Our Product Manager keeps an eye for Exam updates by Vendors. Free update is available within One year after your purchase. You can login member center and download the latest product anytime. (Product downloaded from member center is always the latest.) PS: Ensure you can pass the exam, please p lease check the latest product in 2-3 d ays before the exam again.
Feedback We devote to promote the product quality and the grade of service to ensure customers interest. If you have any questions about our pr oduct, please provide Exam Number, Version, Page Number, Question Number, and your Login Account to us, please contact us at
[email protected] and our technical experts will provide support in 24 hours.
Copyright The product of each order has its own encryption code, so you should use it independently. If anyone who share the file we will disable the free update and account access. Any unauthorized changes will be inflicted legal p unishment. We will reserve the right of fina l explanation for this statement. **************** **************** ****************
QUESTION 1
Which of the following statements accurately describes the command snapshot? A. snapshot creates a full OS-level backup, including network-interface network-interface data, Check Point Point product information, and configuration settings during an upgrade of a GAiA Security Gateway. B. snapshot creates a Security Management Management Server full system-level system-level backup on any any OS. C. snapshot stores only the system-configuration system-configuration settings on the Gateway. Gateway. D. A Gateway snapshot includes includes configuration settings settings and Check Point Point product information information from the remote Security Management Server. Answer: A
QUESTION 2
Which file defines the fields for each object used in the file objects.C (color, num/string, default value...)? A. B. C. D.
$FWDIR/conf/classes.C $FWDIR/conf/classes.C $FWDIR/conf/scheam.C $FWDIR/conf/fields.C $FWDIR/conf/table.C
Answer: A
QUESTION 3
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used: A. B. C. D.
It is not necessary to to add a static route to the Gateway's routing routing table. It is necessary necessary to add a static route to the Gateway's Gateway's routing table. table. The Security Gateway's ARP ARP file must be modified. modified. VLAN tagging cannot be defined for any hosts protected by the Gateway.
Answer: A
QUESTION 4
Which is a suitable command to check whether Drop Templates are activated or not? A. B. C. D.
fw ctl get int activate _drop_ templates templates fwaccel stat fwaccel stats fw ctl templates -d
Answer: B
QUESTION 5
Which of the following statements accurately describes the command upgrade_export? A. upgrade_export stores network-configuration network-configuration data, objects, objects, global properties, properties, and the database revisions prior to upgrading the Security Management Server.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
2
B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version. C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting. D. This command is no longer supported in GAiA. Answer: B
QUESTION 6
Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?
A. B. C. D.
The configuration file $FWDIR/conf/fwauthd.conf is incorrect. The Security Policy is not correct. You can't use any port other than the standard port 900 for Client Authentication via HTTP. The service FW_clntauth_http configuration is incorrect.
Answer: A
QUESTION 7
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
3
external partner. Which of the following activities should you do first? A. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA). B. Create a new logical-server object to represent your partner's CA. C. Manually import your partner's Access Control List. D. Manually import your partner's Certificate Revocation List. Answer: A
QUESTION 8
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server? A. B. C. D.
Automatic ARP must be unchecked in the Global Properties. Nothing else must be configured. A static route must be added on the Security Gateway to the internal host. A static route for the NAT IP must be added to the Gateway's upstream router.
Answer: C
QUESTION 9
MultiCorp has bought company OmniCorp and now has two active AD domains. How would you deploy Identity Awareness in this environment? A. B. C. D.
You must run an ADquery for every domain. Identity Awareness can only manage one AD domain. Only one ADquery is necessary to ask for all domains. Only Captive Portal can be used.
Answer: A
QUESTION 10
MultiCorp is running Smartcenter R71 on an IPSO platform and wants to upgrade to a new Appliance with R80. Which migration tool is recommended? A. B. C. D.
Download Migration Tool R80 for IPSO and Splat/Linux from Check Point website. Use already installed Migration Tool. Use Migration Tool from CD/ISO Fetch Migration Tool R71 for IPSO and Migration Tool R80 for Splat/Linux from CheckPoint website
Answer: A
QUESTION 11
Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all of the following except?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
4
A. B. C. D.
Create new dashboards to manage 3rd party task Create products that use and enhance 3rd party solutions. Execute automated scripts to perform common tasks. Create products that use and enhance the Check Point Solution.
Answer: A Explanation:
Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to: Use an automated script to perform common tasks Integrate Check Point products with 3rd party solutions Create products that use and enhance the Check Point solution. QUESTION 12
Can you implement a complete IPv6 deployment without IPv4 addresses? A. B. C. D.
No. SmartCenter cannot be accessed from everywhere on the Internet. Yes. Only one TCP stack (IPv6 or IPv4) can be used at the same time. Yes, There is no requirement for managing IPv4 addresses. No. IPv4 addresses are required for management.
Answer: C
QUESTION 13
Paul has just joined the MegaCorp security administration team. Natalie, the administrator, creates a new administrator account for Paul in SmartDashboard and installs the policy. When Paul tries to login it fails. How can Natalie verify whether Paul's IP address is predefined on the security management server? A. Login to Smart Dashboard, access Properties of the SMS, and verify whether Paul's IP address is listed. B. Type cpconfig on the Management Server and select the option "GUI client List" to see if Paul's IP address is listed. C. Login in to Smart Dashboard, access Global Properties, and select Security Management, to verify whether Paul's IP address is listed. D. Access the WEBUI on the Security Gateway, and verify whether Paul's IP address is listed as a GUI client. Answer: B
QUESTION 14
MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R80 installation. You must propose a plan that meets the following required and desired objectives: Required: Security Policy repository must be backed up no less frequently than every 24 hours. Desired: Back up R80 components enforcing the Security Policies at least once a week. Desired: Back up R80 logs at least once a week. You develop a disaster recovery plan proposing the following:
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
5
* Use the utility cron to run the command upgrade_export each night on the Security Management Servers. * Configure the organization's routine backup software to back up files created by the command upgrade_export. * Configure GAiA back up utility to back up Security Gateways every Saturday night. * Use the utility cron to run the command upgrade_export each Saturday night on the log servers. * Configure an automatic, nightly logswitch. * Configure the organization's routine back up software to back up the switched logs every night. The corporate IT change review committee decides your plan: A. B. C. D.
meets the required objective and only one desired objective. meets the required objective and both desired objectives. meets the rquired objective but does not meet either deisred objective. does not meet the required objective.
Answer: B
QUESTION 15
Where is it necessary to configure historical records in SmartView Monitor to generate Express reports in SmartReporter? A. B. C. D.
In SmartDashboard, the SmartView Monitor page in the R80 Security Gateway object In SmartReporter, under Express > Network Activity In SmartReporter, under Standard > Custom In SmartView Monitor, under Global Properties > Log and Masters
Answer: A
QUESTION 16
Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
6
Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5. The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements? A. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5. B. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3. C. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3. D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source - group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service original. Answer: B
QUESTION 17
Where does the security administrator activate Identity Awareness within SmartDashboard? A. B. C. D.
Gateway Object > General Properties Security Management Server > Identity Awareness Policy > Global Properties > Identity Awareness LDAP Server Object > General Properties
Answer: A
QUESTION 18
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue? A. B. C. D.
The packet has been sent out through a VPN tunnel unencrypted. An IPSO ACL has blocked the packet's outbound passage. A SmartDefense module has blocked the packet. It is due to NAT.
Answer: D
QUESTION 19
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
7
A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service. B. Configure Automatic Static NAT on network 10.10.20.0/24. C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24. D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule. Answer: C
QUESTION 20
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role? A. B. C. D.
Source Track User Action
Answer: A
QUESTION 21
For best practices, what is the recommended time for automatic unlocking of locked admin accounts? A. B. C. D.
20 minutes 15 minutes Admin account cannot be unlocked automatically 30 minutes at least
Answer: D
QUESTION 22
In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group.
What happens when Eric tries to connect to a server on the Internet?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
8
A. B. C. D.
None of these things will happen. Eric will be authenticated and get access to the requested server. Eric will be blocked because LDAP is not allowed in the Rule Base. Eric will be dropped by the Stealth Rule.
Answer: D
QUESTION 23
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses? A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface. B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers. C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers. D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ's interface. Answer: B
QUESTION 24
You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer. A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule. B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
9
(bidirectional NAT). C. Yes, there are always as many active NAT rules as there are connections. D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT). Answer: D
QUESTION 25
What happens if the identity of a user is known? A. B. C. D.
If the user credentials do not match an Access Role, the system displays the Captive Portal. If the user credentials do not match an Access Role, the system displays a sandbox. If the user credentials do not match an Access Role, the traffic is automatically dropped. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.
Answer: D
QUESTION 26
MicroCorp experienced a security appliance failure. (LEDs of all NICs are off.) The age of the unit required that the RMA-unit be a different model. Will a revert to an existing snapshot bring the new unit up and running? A. B. C. D.
There is no dynamic update at reboot. No. The revert will most probably not match to hard disk. Yes. Everything is dynamically updated at reboot. No. At installation the necessary hardware support is selected. The snapshot saves this state.
Answer: D
QUESTION 27
Which is the lowest Gateway version manageable by SmartCenter R80? A. B. C. D.
R65 S71 R55 R60A
Answer: A
QUESTION 28
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation? A. Anti-Bot is the only countermeasure against unknown malware B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers C. Anti-Bot is the only signature-based method of malware protection D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
10
Command & Control Center Answer: D
QUESTION 29
How can you check whether IP forwarding is enabled on an IP Security Appliance? A. B. C. D.
clish -c show routing routing active enable cat /proc/sys/net/ipv4/ip_forward /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward /proc/sys/net/ipv4/ip_forward ipsofwd list
Answer: D
QUESTION 30
Where can you find the Check Point's SNMP MIB file? A. B. C. D.
$CPDIR/lib/snmp/chkpt.mib $CPDIR/lib/snmp/chkpt.mib $FWDIR/conf/snmp.mib It is obtained obtained only by request from the the TAC. There is no specific MIB file for Check Point products.
Answer: A
QUESTION 31
When deploying multiple clustered firewalls on the same subnet, what does the firewall administrator need to configure to prevent CCP broadcasts being sent to the wrong cluster? A. B. C. D.
Set the fwha_mac_magic_forward fwha_mac_magic_forward parameter in the $CPDIR/boot/modules/ha_boot.conf $CPDIR/boot/modules/ha_boot.conf Set the fwha_mac_magic fwha_mac_magic parameter parameter in the $FWDIR/boot/fwkern.conf $FWDIR/boot/fwkern.conf file file Set the cluster global global ID using the command command "cphaconf cluster_id set
" Set the cluster global global ID using the command command "fw ctt set cluster_id " "
Answer: C
QUESTION 32
Review the rules.
Assume domain UDP UDP is enabled in the impled rules. What happens when a user from the internal network tries to browse to the internet using HTTP? The user: A. can connect to the Internet Internet successfully after being authenticated.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
11
B. is prompted three three times before before connecting to to the Internet successfully. C. can go to the Internet after Telnetting to to the client authentication authentication daemon port 259. D. can go to the the Internet, without without being prompted prompted for authentication. authentication. Answer: D
QUESTION 33
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule? A. B. C. D.
internal_clear > All_communities All_communities Internal_clear > External_Clear Communities > Communities internal_clear > All_GwToGw
Answer: A
QUESTION 34
Which command will only show the number of entries in the connection table? A. B. C. D.
fw tab -t connections connections -s fw tab -t connections -u fw tab -t connections fw tab
Answer: A
QUESTION 35
Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module? A. B. C. D.
cpstat fwd fw ver fw stat fw ctl pstat
Answer: C
QUESTION 36
Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a: A. B. C. D.
Client Authentication Authentication rule using the manual manual sign-on method, using using HTTP on port port 900 Client Authentication Authentication rule, rule, using partially automatic automatic sign on Client Authentication Authentication for for fully automatic sign sign on Session Authentication rule
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
12
Answer: A
QUESTION 37
What is Check Point's CoreXL? A. B. C. D.
A way to synchronize connections across cluster members TCP-18190 Multiple core interfaces on the the device to accelerate traffic traffic Multi Core Core support for Firewall Firewall Inspection Inspection
Answer: D
QUESTION 38
Which Security Gateway R80 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The: A. Time properties, adjusted on the user objects objects for each user, in the Client Authentication Authentication rule Source. B. IPS > Application Application Intelligence > Client Authentication Authentication > Refresh User Timeout option option enabled. C. Refreshable Timeout setting, in Client Client Authentication Authentication Action Properties > Limits. D. Global Properties > Authentication parameters, parameters, adjusted to to allow for Regular Client Refreshment. Refreshment. Answer: C
QUESTION 39
Which command displays the installed Security Gateway version? A. B. C. D.
fw printver fw ver fw stat cpstat -gw
Answer: B
QUESTION 40
Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________. A. B. C. D.
Identity Awareness Agent Agent Full Endpoint Client ICA Certificate SecureClient
Answer: A
QUESTION 41
The CDT utility supports which of the following?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
13
A. B. C. D.
Major version upgrades to R77.30 Only Jumbo HFA's and hotfixes Only major version upgrades to R80.10 All upgrades
Answer: D Explanation:
The Central Deployment Tool (CDT) is a utility that runs on an R77 / R77.X / R80 / R80.10 Security Management Server / Multi-Domain Security Management Server (running Gaia OS). It allows the administrator to automatically install CPUSE Offline packages (Hotfixes, Jumbo Hotfix Accumulators (Bundles), Upgrade to a Minor Version, Upgrade to a Major Version) on multiple managed Security Gateways and Cluster Members at the same time. Reference: https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands QUESTION 42
Which of these options is an implicit MEP option? A. B. C. D.
Primary-backup Source address based Round robin Load Sharing
Answer: A Explanation:
There are three methods to implement implicit MEP: First to Respond, in which the first Security Gateway to reply to the peer Security Gateway is chosen. An organization would choose this option if, for example, the organization has two Security Gateways in a MEP configuration - one in London, the other in New York. It makes sense for VPN-1 peers located in England to try the London Security Gateway first and the NY Security Gateway second. Being geographically closer to VPN peers in England, the London Security Gateway is the first to respond, and becomes the entry point to the internal network. See: First to Respond. Primary-Backup, in which one or multiple backup Security Gateways provide "high availability" for a primary Security Gateway. The remote peer is configured to work with the primary Security Gateway, but switches to the backup Security Gateway if the primary goes down. An organization might decide to use this configuration if it has two machines in a MEP environment, one of which is stronger than the other. It makes sense to configure the stronger machine as the primary. Or perhaps both machines are the same in terms of strength of performance, but one has a cheaper or faster connection to the Internet. In this case, the machine with the better Internet connection should be configured as the primary. See: Primary-Backup Security Gateways. Load Distribution, in which the remote VPN peer randomly selects a Security Gateway with which to open a connection. For each IP source/destination address pair, a new Security Gateway is randomly selected. An organization might have a number of machines with equal performance abilities. In this case, it makes sense to enable load distribution. The machines are used in a random and equal way. QUESTION 43
What command with appropriate switches would you use to test Identity Awareness connectivity? A. test_ldap
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
14
B. test_ad_connectivity C. test_ldap_connectivity D. test_ad Answer: B
QUESTION 44
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R80 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet? A. B. C. D.
Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway. Use automatic Static NAT for network 10.1.1.0/24. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
Answer: A
QUESTION 45
You have a diskless appliance platform. How do you keep swap file wear to a minimum? A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted. B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement. C. Use PRAM flash devices, eliminating the longevity. D. A RAM drive reduces the swap file thrashing which causes fast wear on the device. Answer: D
QUESTION 46
What is the syntax for uninstalling a package using newpkg? A. B. C. D.
-u -i -S newpkg CANNOT be used to uninstall a package
Answer: D
QUESTION 47
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ? A. B. C. D.
Dynamic Source Address Translation Hide Address Translation Port Address Translation Static Destination Address Translation
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
15
Answer: D
QUESTION 48
What scenario indicates that SecureXL is enabled? A. B. C. D.
Dynamic objects are available in the Object Explorer SecureXL can be disabled in cpconfig fwaccel commands can be used in clish Only one packet in a stream is seen in a fw monitor packet capture
Answer: C
QUESTION 49
Which command allows you to view the contents of an R80 table? A. B. C. D.
fw tab -a fw tab -t fw tab -s fw tab -x
Answer: B
QUESTION 50
Match the following commands to their correct function.
Each command has one function only listed. A. B. C. D.
C1>F6; C2>F4; C3>F2; C4>F5 C1>F2; C2>F1; C3>F6; C4>F4 C1>F2; C2>F4; C3>F1; C4>F5 C1>F4; C2>F6; C3>F3; C4>F2
Answer: A
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
16
QUESTION 51
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R80 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5? A. B. C. D.
o=outbound kernel, before the virtual machine I=inbound kernel, after the virtual machine O=outbound kernel, after the virtual machine i=inbound kernel, before the virtual machine
Answer: B
QUESTION 52
What are the three components for Check Point Capsule? A. B. C. D.
Capsule Docs, Capsule Cloud, Capsule Connect Capsule Workspace, Capsule Cloud, Capsule Connect Capsule Workspace, Capsule Docs, Capsule Connect Capsule Workspace, Capsule Docs, Capsule Cloud
Answer: D
QUESTION 53
Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period. A. B. C. D.
Block Port Overflow Local Interface Spoofing Suspicious Activity Monitoring Adaptive Threat Prevention
Answer: C
QUESTION 54
You are a Security Administrator who has installed Security Gateway R80 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following: 1) Created manual Static NAT rules for the Web server. 2) Cleared the following settings in the Global Properties > Network Address Translation screen: - Allow bi-directional NAT - Translate destination on client side Do the above settings limit the partner's access? A. Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet. Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
17
B. No. The first setting is not applicable. The second setting will reduce performance. C. Yes. Both of these settings are only applicable to automatic NAT rules. D. No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client. Answer: D
QUESTION 55
What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server? A. B. C. D.
WMI CIFS RCP LDAP
Answer: A
QUESTION 56
What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication? A. B. C. D.
Captive Portal is more secure than standard LDAP Nothing, LDAP query is required when configuring Captive Portal Captive Portal works with both configured users and guests Captive Portal is more transparent to the user
Answer: C
QUESTION 57
On R80.10 the IPS Blade is managed by: A. B. C. D.
Threat Protection policy Anti-Bot Blade Threat Prevention policy Layers on Firewall policy
Answer: A
QUESTION 58
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration? A. B. C. D.
fw unload policy fw unloadlocal fw delete all.all@localhost fwm unloadlocal
Answer: B
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
18
QUESTION 59
MegaCorp is using SmartCenter Server with several gateways. Their requirements result in a heavy log load. Would it be feasible to add the SmartEvent Correlation Unit and SmartEvent Server to their SmartCenter Server? A. No. SmartCenter SIC will interfere with the function of SmartEvent. B. No. If SmartCenter is already under stress, the use of a separate server for SmartEvent is recommended. C. No, SmartEvent and Smartcenter cannot be installed on the same machine at the same time. D. Yes. SmartEvent must be installed on your SmartCenter Server. Answer: B
QUESTION 60
Which file gives you a list of all security servers in use, including port number? A. B. C. D.
$FWDIR/conf/conf.conf $FWDIR/conf/servers.conf $FWDIR/conf/fwauthd.conf $FWDIR/conf/serversd.conf
Answer: C
QUESTION 61
Captive Portal is a __________ that allows the gateway to request login information from the user. A. B. C. D.
Pre-configured and customizable web-based tool Transparent network inspection tool LDAP server add-on Separately licensed feature
Answer: A
QUESTION 62
SmartEvent does NOT use which of the following procedures to identify events? A. B. C. D.
Matching a log against each event definition Create an event candidate Matching a log against local exclusions Matching a log against global exclusions
Answer: C Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events: Matching a Log Against Global Exclusions Matching a Log Against Each Event Definition
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
19
Creating an Event Candidate When a Candidate Becomes an Event Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm QUESTION 63
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host? A. No extra configuration is needed. B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface. C. The NAT IP address must be added to the external Gateway interface anti-spoofing group. D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface. Answer: D
QUESTION 64
Match the ClusterXL modes with their configurations.
A. B. C. D.
A-2, B-3, C-4, D-1 A-2, B-3, C-1, D-5 A-3, B-5, C-1, D-4 A-5, B-2, C-4, D-1
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
20
Answer: C
QUESTION 65
How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface? A. Change the gateway settings to allow Captive Portal access via an external interface. B. No action is necessary. This access is available by default. C. Change the Identity Awareness settings under Global Properties to allow Captive Portal access on all interfaces. D. Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an external interface. Answer: A
QUESTION 66
To run GAiA in 64bit mode, which of the following is true? 1) Run set edition default 64-bit. 2) Install more than 4 GB RAM. 3) Install more than 4 TB of Hard Disk. A. B. C. D.
1 and 3 1 and 2 2 and 3 1, 2, and 3
Answer: B
QUESTION 67
When migrating the SmartEvent data base from one server to another, the last step is to save the files on the new server. Which of the following commands should you run to save the SmartEvent data base files on the new server? A. B. C. D.
cp restore migrate import eva_db_restore
Answer: D
QUESTION 68
You are MegaCorp's Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer. A. The Administrator decides the rule order by shifting the corresponding rules up and down. B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range. Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
21
C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range. D. The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others. Answer: B
QUESTION 69
You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window.
What must you enable to see the Directional Match? A. B. C. D.
directional_match(true) in the objects_5_0.C file on Security Management Server VPN Directional Match on the Gateway object's VPN tab VPN Directional Match on the VPN advanced window, in Global Properties Advanced Routing on each Security Gateway
Answer: C
QUESTION 70
If Jack was concerned about the number of log entries he would receive in the SmartReporter system, which policy would he need to modify? A. B. C. D.
Log Sequence Policy Report Policy Log Consolidator Policy Consolidation Policy
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
22
Answer: D
QUESTION 71
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI? A. B. C. D.
mgmt_cli add-host "Server_1" ip_ address "10.15.123.10" ?format txt mgmt_ cli add host name "Server_ 1" ip-address "10.15.123.10" ?format json mgmt_ cli add object-host "Server_ 1" ip-address "10.15.123.10" ?format json mgmt_cli add object "Server_ 1" ip-address "10.15.123.10" ?format json
Answer: B Explanation:
Example: mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json ?;--format jso"; is optional. By default the output is presented in plain text. Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add- host~v1.1%20 QUESTION 72
Which directory below contains log files? A. B. C. D.
/opt/CPSmartlog-R80/log /opt/CPshrd-R80/log /opt/CPsuite-R80/fw1/log /opt/CPsuite-R80/log
Answer: C
QUESTION 73
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why. A. B. C. D.
You checked the cache password on desktop option in Global Properties. Another rule that accepts HTTP without authentication exists in the Rule Base. You have forgotten to place the User Authentication Rule before the Stealth Rule. Users must use the SecuRemote Client, to use the User Authentication Rule.
Answer: B
QUESTION 74
Which of the following is the preferred method for adding static routes in GAiA? A. B. C. D.
In the CLI with the command "route add" In Web Portal, under Network Management > IPv4 Static Routes In the CLI via sysconfig In SmartDashboard under Gateway Properties > Topology
Answer: B
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
23
QUESTION 75
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer. A. B. C. D.
/etc/sysconfig/netconf.C /etc/conf/route.C /etc/sysconfig/network-scripts/ifcfg-ethx /etc/sysconfig/network
Answer: A
QUESTION 76
Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources' servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished? A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On. B. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target. C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets. D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target. Answer: C
QUESTION 77
You need to back up the routing, interface, and DNS configuration information from your R80 GAiA Security Gateway. Which backup-and-restore solution do you use? A. B. C. D.
Manual copies of the directory $FWDIR/conf GAiA back up utilities upgrade_export and upgrade_import commands Database Revision Control
Answer: B
QUESTION 78
Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R80 Firewall Rule Base. To make this scenario work, the IT administrator must: 1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
24
Sources. 2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected. 3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action. Ms. McHanry tries to access the resource but is unable. What should she do? A. Have the security administrator select the Action field of the Firewall Rule "Redirect HTTP connections to an authentication (captive) portal" B. Have the security administrator reboot the firewall C. Have the security administrator select Any for the Machines tab in the appropriate Access Role D. Install the Identity Awareness agent on her iPad Answer: A
QUESTION 79
You are investigating issues with two gateway cluster members that are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization? A. B. C. D.
TCP port 443 TCP port 257 TCP port 256 UDP port 8116
Answer: C Explanation:
Synchronization works in two modes: Full sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection. Delta sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP multicast or broadcast on port 8116. Full sync is used for initial transfers of state information, for many thousands of connections. If a cluster member is brought up after being down, it will perform full sync. After all members are synchronized, only updates are transferred via delta sync. Delta sync is quicker than full sync. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7288.htm Port info: https://www.cpug.org/forums/archive/index.php/t-12704.html QUESTION 80
SmartReporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT: A. B. C. D.
Analyzing traffic patterns against public resources. Possible worm/malware activity. Analyzing access attempts via social-engineering. Tracking attempted port scans.
Answer: C
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
25
QUESTION 81
If you need strong protection for the encryption of user data, what option would be the BEST choice? A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode. B. When you need strong encryption, IPsec is not the best choice. SSL VPN's are a better choice. C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol. D. Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols. Answer: C
QUESTION 82
Your R80 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule? A. On a GAiA Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility. B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object's Logs and Masters window, enable Schedule log switch, and select the Time object. C. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object. D. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logs and Masters window, to schedule a logswitch. Answer: B
QUESTION 83
Access Role objects define users, machines, and network locations as: A. B. C. D.
Credentialed objects Linked objects One object Separate objects
Answer: C
QUESTION 84
Firewall policies must be configured to accept VRRP packets on the GAiA platform if it runs Firewall software. The Multicast destination assigned by the Internet Assigned Numbers Authority (IANA) for VRRP is: A. 224.0.0.18 B. 224.0.0.5
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
26
C. 224.0.0.102 D. 224.0.0.22 Answer: A
QUESTION 85
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. He has received a new laptop and wants to access a ccess the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy. John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step? A. B. C. D.
Investigate this as a network connectivity issue Install the Identity Identity Awareness Agent Set static IP to DHCP After enabling enabling Identity Awareness, reboot the gateway
Answer: C
QUESTION 86
Your organization maintains several IKE VPN's. Executives in your organization want to know which mechanism Security Gateway R80 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives? A. B. C. D.
Certificate Revocation Revocation Lists Application Intelligence Key-exchange protocols Digital signatures
Answer: D
QUESTION 87
Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
27
An administrator has installed the latest latest HFA on the the system for fixing fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing? A. The restore is not possible because the backup file file does not have the same build number (version). (version). B. The restore is done by selecting Snapshot Management Management from the boot menu menu of GAiA. C. The restore can be done easily easily by the command restore restore and copying netconf.C from the production environment. D. A backup cannot be restored, because because the binary files are missing. missing. Answer: C
QUESTION 88
A snapshot delivers a complete GAiA backup. The resulting file can be stored on on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz? A. Reboot the system and call the start menu. menu. Select the option option Snapshot Management, provide provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name. B. As expert user, type the command snapshot -r MySnapshot.tgz. C. As expert user, type the command revert --file --file MySnapshot.tgz. D. As expert user, type type the command snapshot - R to restore from a local file. Then, provide the correct file name. Answer: C
QUESTION 89
Which Check Point address translation method allows a llows an administrator to use fewer ISPassigned IP addresses than the number of internal hosts requiring Internet connectivity? A. B. C. D.
Hide Static Destination Static Source Dynamic Destination
Answer: A
QUESTION 90
Your company is running Security Management Server R80 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account? A. B. C. D.
Using SmartDashboard, under Users, select Add Add New Administrator Administrator Using SmartDashboard or cpconfig Using the Web console on GAiA under Product Product configuration, select Administrators Administrators Using cpconfig on the Security Security Management Server, choose Administrators
Answer: A
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
28
QUESTION 91
Where do you verify that UserDirectory is enabled? A. Verify that Security Security Gateway > General Properties > Authentication > Use UserDirectory UserDirectory (LDAP) for for Security Gateways is checked B. Verify that Global Properties Properties > Authentication > Use Use UserDirectory (LDAP) (LDAP) for Security Gateways Gateways is checked C. Verify that Security Gateway Gateway > General Properties > UserDirectory (LDAP) (LDAP) > Use UserDirectory UserDirectory (LDAP) for Security Gateways is checked D. Verify that Global Properties Properties > UserDirectory UserDirectory (LDAP) > Use UserDirectory UserDirectory (LDAP) for for Security Gateways is checked Answer: D
QUESTION 92
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster. A. B. C. D.
Symmetric routing routing Failovers Asymmetric routing Anti-Spoofing
Answer: C
QUESTION 93
What is the officially accepted diagnostic tool for IP Appliance Support? A. B. C. D.
ipsoinfo CST uag-diag cpinfo
Answer: B
QUESTION 94
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection? A. B. C. D.
Stateful Mode VPN Routing Mode Wire Mode Stateless Mode
Answer: C Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
29
Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamicrouting protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode". QUESTION 95
Which command collects diagnostic data for analyzing customer setup remotely? A. B. C. D.
cpinfo migrate export sysinfo cpview
Answer: A Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers). The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings. QUESTION 96
An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________. A. B. C. D.
client side NAT source NAT destination NAT None of these
Answer: B
QUESTION 97
You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard? A. B. C. D.
A group with generic user All users LDAP Account Unit Group Internal user Group
Answer: A
QUESTION 98
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
30
What is TRUE about the new package's NAT rules? A. B. C. D.
Rules 1, 2, 3 will appear in the new package. Only rule 1 will appear in the new package. NAT rules will be empty in the new package. Rules 4 and 5 will appear in the new package.
Answer: A
QUESTION 99
John is configuring a new R80 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
31
What's happening? A. B. C. D.
ClusterXL needs to be unselected to permit third party clustering configuration. Third Party Clustering is not available for R80 Security Gateways. John has an invalid ClusterXL license. John is not using third party hardware as IP Clustering is part of Check Point's IP Appliance.
Answer: A
QUESTION 100
What is the purpose of Priority Delta in VRRP? A. B. C. D.
When a box is up, Effective Priority = Priority + Priority Delta When an Interface is up, Effective Priority = Priority + Priority Delta When an Interface fail, Effective Priority = Priority ?Priority Delta When a box fail, Effective Priority = Priority ?Priority Delta
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
32
Answer: C Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP. If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet. Once the master sees this packet with a priority greater than its own, then it releases the VIP. QUESTION 101
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway? A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address. B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address. C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address. D. Place a static host route on the firewall for the valid IP address to the internal Web server. Answer: B
QUESTION 102
Which web services protocol is used to communicate to the Check Point R80 identity Awareness Web APi? A. B. C. D.
SOAP REST XLANG XML-RPC
Answer: B Explanation:
The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in JSON format. QUESTION 103
When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method? A. B. C. D.
Leveraging identity in the application control blade Basic identity enforcement in the internal network Identity-based auditing and logging Identity-based enforcement for non-AD users (non-Windows and guest users)
Answer: D
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
33
QUESTION 104
You have existing dbedit scripts from R77. Can you use them with R80.10? A. B. C. D.
dbedit is not supported in R80.10 dbedit is fully supported in R80.10 You can use dbedit to modify threat prevention or access policies, but not create or modify layers dbedit scripts are being replaced by mgmt._cli in R80.10
Answer: D Explanation:
dbedit (or GuiDbEdit) uses the cpmi protocol which is gradually being replaced by the new R80.10 automation architecture. cpmi clients are still supported in R80.10, but there are some functionalities that cannot be managed by cpmi anymore. For example, the Access and Threat policies do not have a cpmi representation. They can be managed only by the new mgmt_cli and not by cpmi clients. There are still many tables that have an inner cpmi representation (for example, network objects, services, servers, and global properties) and can still be managed using cpmi. QUESTION 105
Study the Rule base and Client Authentication Action properties screen -
After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The: A. user is prompted for authentication by the Security Gateway again.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
34
B. FTP data connection is dropped after the user is authenticated successfully. C. user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication. D. FTP connection is dropped by Rule 2. Answer: C
QUESTION 106
Because of pre-existing design constraints, you se t up manual NAT rules for your HTTP server. However, your FTP server and SMTP server a re both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti- spoofing settings. What is causing this? A. B. C. D.
Manual NAT rules are not configured correctly. Allow bi-directional NAT is not checked in Global Properties. Routing is not configured correctly. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.
Answer: D
QUESTION 107
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this? A. B. C. D.
UDP port 265 TCP port 265 UDP port 256 TCP port 256
Answer: D Explanation:
Synchronization works in two modes: Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection on port 256. Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port 8116. QUESTION 108
Which command will erase all CRL's? A. B. C. D.
vpn crladmin cpstop/cpstart vpn crl_zap vpn flush
Answer: C
QUESTION 109
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
35
Which of the following statements is TRUE about R80 management plug-ins? A. The plug-in is a package installed on the Security Gateway. B. Installing a management plug-in requires a Snapshot, just like any upgrade process. C. A management plug-in interacts with a Security Management Server to provide new features and support for new products. D. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in. Answer: C
QUESTION 110
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. A. B. C. D.
This statement is true because SecureXL does improve all traffic This statement is false because SecureXL does not improve this traffic but CoreXL does This statement is true because SecureXL does improve this traffic This statement is false because encrypted traffic cannot be inspected
Answer: C Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long duration connections. QUESTION 111
What is the SOLR database for? A. B. C. D.
Used for full text search and enables powerful matching capabilities Writes data to the database and full text search Serves GUI responsible to transfer request to the DLEserver Enables powerful matching capabilities and writes data to the database
Answer: A
QUESTION 112
Which of the following items should be configured for the Security Management Server to authenticate using LDAP? A. B. C. D.
Login Distinguished Name and password Windows logon password Check Point Password WMI object
Answer: A
QUESTION 113
What command syntax would you use to see accounts the gateway suspects are service
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
36
accounts? A. B. C. D.
pdp check_log pdp show service adlog check_accounts adlog a service_accounts
Answer: D
QUESTION 114
Peter is your new Security Administrator. On his first working day, he is very nervous and enters the wrong password three times. His account is locked. What can be done to unlock Peter's account? Give the BEST answer. A. You can unlock Peter's account by using the command fwm lock_admin -u Peter on the Security Management Server. B. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Management Server C. It is not possible to unlock Peter's account. You have to install the firewall once again or abstain from Peter's help. D. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Gateway. Answer: A
QUESTION 115
What command syntax would you use to turn on PDP logging in a distributed environment? A. B. C. D.
pdp track=1 pdp tracker on pdp logging on pdp log=1
Answer: B
QUESTION 116
VPN Tunnel Sharing can be configured with any of the options below, EXCEPT One: A. B. C. D.
Gateway-based Subnet-based IP range based Host-based
Answer: C Explanation:
VPN Tunnel Sharing provides interoperability and scalability by controlling the number of VPN tunnels created between peer Security Gateways. There are three available settings: One VPN tunnel per each pair of hosts One VPN tunnel per subnet pair One VPN tunnel per Security Gateway pair
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
37
You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information. You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels. QUESTION 117
What is the problem and how do you make the VPN use the VTI tunnels? A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star co mmunity B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP. Answer: B
QUESTION 118
Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed. Which actions should be taken to achieve that? 1) Use same hard drive for database directory, log files, and temporary directory. 2) Use Consolidation Rules. 3) Limit logging to blocked traffic only. 4) Use Multiple Database Tables. A. B. C. D.
2, 4 1, 3, 4 1, 2, 4 1, 2
Answer: A
QUESTION 119
Your expanding network currently includes ClusterXL running Multicast mode on two members, as shown in this topology:
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
38
You need to add interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for these interfaces is 10.10.10.3/24. Both cluster gateways have a Quad card with an available eth3 interface. What is the correct procedure to add these interfaces? A. 1. Disable "Cluster membership" from one Gateway via cpconfig.2. Configure the new interface via sysconfig from the "non-member" Gateway.3. Re-enable "Cluster membership" on the Gateway.4. Perform the same steps on the other Gateway.5. Update the topology in the cluster object.6. Install the Security Policy. B. 1. Configure the new interface on both members using WebUI.2. Update the new topology in the cluster object from SmartDashboard.3. Define virtual IP in the Dashboard4. Install the Security Policy. C. 1. Use WebUI to configure the new interfaces on both member.2. Update the topology in the cluster object.3. Reboot both gateways.4. Install the Security Policy. D. 1. Use the command ifconfig to configure and enable the new interface on both members.2. Update the topology in the cluster object for the cluster and both members.3. Install the Security Policy.4. Reboot the gateway. Answer: B
QUESTION 120
Which three of the following are ClusterXL member requirements? 1) same operating systems 2) same Check Point version 3) same appliance model
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
39
4) same policy A. B. C. D.
1, 3, and 4 1, 2, and 4 2, 3, and 4 1, 2, and 3
Answer: B
QUESTION 121
GAiA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the: A. B. C. D.
Check Point Upgrade Service Engine. Check Point Software Update Agent Check Point Remote Installation Daemon (CPRID) Check Point Software Update Daemon
Answer: A
QUESTION 122
Security Gateway R80 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services. A. B. C. D.
SMTP, FTP, TELNET SMTP, FTP, HTTP, TELNET FTP, HTTP, TELNET FTP, TELNET
Answer: C
QUESTION 123
Which of the following authentication methods can be configured in the Identity Awareness setup wizard? A. B. C. D.
Check Point Password TACACS LDAP Windows password
Answer: C
QUESTION 124
MegaCorp is running Smartcenter R70, some Gateways at R65 and some other Gateways with R60. Management wants to upgrade to the most comprehensive IPv6 support. What should the administrator do first? A. Upgrade Smartcenter to R80 first. B. Upgrade R60-Gateways to R65.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
40
C. Upgrade every unit directly to R80. D. Check the ReleaseNotes to verify that every step is supported. Answer: D
QUESTION 125
Which of the following commands can provide the most complete restoration of a R80 configuration? A. B. C. D.
upgrade_import cpinfo -recover cpconfig fwm dbimport -p
Answer: A
QUESTION 126
Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict? A. B. C. D.
Select Ignore Database in the Action Properties window. Permit access to Finance_net. Select Intersect with user database in the Action Properties window. Select Intersect with user database or Ignore Database in the Action Properties window.
Answer: D
QUESTION 127
Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this? A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here. B. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install. C. In the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator. D. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets. Answer: B
QUESTION 128
If your firewall is performing a lot of IPS inspection and the CPUs assigned to fw_worker_thread are at or near 100%, which of the following could you do to improve performance?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
41
A. B. C. D.
Add more RAM to the system. Add more Disk Drives. Assign more CPU cores to CoreXL Assign more CPU cores to SecureXL.
Answer: C
QUESTION 129
You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean? A. B. C. D.
The cluster link is down. The physical interface is administratively set to DOWN. The physical interface is down. CCP pakets couldn't be sent to or didn't arrive from neighbor member.
Answer: D
QUESTION 130
Which is not a blade option when configuring SmartEvent? A. B. C. D.
Correlation Unit SmartEvent Unit SmartEvent Server Log Server
Answer: B Explanation:
On the Management tab, enable these Software Blades: Logging & Status SmartEvent Server SmartEvent Correlation Unit QUESTION 131
You are running a R80 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production? A. B. C. D.
manual backup upgrade_export backup snapshot
Answer: D
QUESTION 132
You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
42
A. No action is needed because cpshell has a timeout of one hour by default. B. Log in as the default user expert and start cpinfo. C. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo. D. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo. Answer: D
QUESTION 133
Why would you not see a CoreXL configuration option in cpconfig? A. B. C. D.
The gateway only has one processor CoreXL is not licenses CoreXL is disabled via policy CoreXL is not enabled in the gateway object
Answer: A
QUESTION 134
What happen when IPS profile is set in Detect-Only Mode for troubleshooting? A. B. C. D.
It will generate Geo-Protection traffic Automatically uploads debugging logs to Check Point Support Center It will not block malicious traffic Bypass licenses requirement for Geo-Protection control
Answer: C Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic. During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic. QUESTION 135
You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
43
A. B. C. D.
2 or 3 1 or 2 1 or 3 All
Answer: C
QUESTION 136
You are troubleshooting a HTTP connection problem. You've started fw monitor -o http.pcap. When you open http.pcap with Wireshark there is only one line. What is the most likely reason? A. B. C. D.
fw monitor was restricted to the wrong interface. Like SmartView Tracker only the first packet of a connection will be captured by fw monitor. By default only SYN pakets are captured. Acceleration was turned on and therefore fw monitor sees only SYN.
Answer: D
QUESTION 137
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by antispoofing protections. Which of the following is the MOST LIKELY cause?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
44
A. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side. B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External. C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +. D. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side. Answer: A
QUESTION 138
You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in CLISH to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer. A. B. C. D.
ethtool set interface mii_tool ifconfig -a
Answer: B
QUESTION 139
Which process should you debug if SmartDashboard login fails? A. B. C. D.
sdm cpd fwd fwm
Answer: D
QUESTION 140
What are you required to do before running the command upgrade_export? A. B. C. D.
Run a cpstop on the Security Gateway. Run a cpstop on the Security Management Server. Close all GUI clients. Run cpconfig and set yourself up as a GUI client.
Answer: C
QUESTION 141
When migrating the SmartEvent data base from one server to another, the first step is to back up
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
45
the files on the original server. Which of the following commands should you run to back up the SmartEvent data base? A. B. C. D.
migrate export eva_db_backup snapshot backup
Answer: B
QUESTION 142
Which features are only supported with R80.10 Gateways but not R77.x? A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies. B. Limits the upload and download throughput for streaming media in the company to 1 Gbps. C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. D. Time object to a rule to make the rule active only during specified times. Answer: C
QUESTION 143
Review the Rule Base displayed.
For which rules will the connection templates be generated in SecureXL? A. B. C. D.
Rules 2 and 5 Rules 2 through 5 Rule 2 only All rules except Rule 3
Answer: D
QUESTION 144
How granular may an administrator filter an Access Role with identity awareness? Per: A. Specific ICA Certificate B. AD User
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
46
C. Radius Group D. Windows Domain Answer: B
QUESTION 145
Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list. A. B. C. D.
Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows Check Point GAiA and SecurePlatform, and Microsoft Windows Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows
Answer: B
QUESTION 146
Which two processes are responsible on handling Identity Awareness? A. B. C. D.
pdp and lad pdp and pdp-11 pep and lad pdp and pep
Answer: D
QUESTION 147
Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials? A. B. C. D.
Access Policy Access Role Access Rule Access Certificate
Answer: B
QUESTION 148
Which of the following is NOT defined by an Access Role object? A. B. C. D.
Source Network Source Machine Source User Source Server
Answer: D
QUESTION 149
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
47
You want to store the GAiA configuration in a file for later reference. What command should you use? A. B. C. D.
write mem show config -f save config -o save configuration
Answer: D
QUESTION 150
When do modifications to the Event Policy take effect? A. B. C. D.
As soon as the Policy Tab window is closed. When saved on the SmartEvent Server and installed to the Correlation Units. When saved on the Correlation Units, and pushed as a policy. When saved on the SmartEvent Client, and installed on the SmartEvent Server.
Answer: B
QUESTION 151
Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly? A. Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy. B. Run the command revert to restore the snapshot, establish SIC, and install the Policy. C. Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy. D. Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy. Answer: A
QUESTION 152
Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R80? A. B. C. D.
External-user group LDAP group A group with a generic user All Users
Answer: B
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
48
QUESTION 153
Your primary Security Gateway runs on GAiA. What is the easiest way to back up your Security Gateway R80 configuration, including routing and network configuration files? A. B. C. D.
Copying the directories $FWDIR/conf and $FWDIR/lib to another location. Using the native GAiA backup utility from command line or in the Web based user interface. Using the command upgrade_export. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.
Answer: B
QUESTION 154
You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other. How would you accomplish this? A. B. C. D.
Define the two port-scan detections as an exception. You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other. Select the two port-scan detections as a sub-event. Select the two port-scan detections as a new event.
Answer: A
QUESTION 155
Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R80 installation benefits. Your plan must meet the following required and desired objectives: Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours. Desired Objective: The R80 components that enforce the Security Policies should be backed up at least once a week. Desired Objective: Back up R80 logs at least once a week. Your disaster recovery plan is as follows: - Use the cron utility to run the command upgrade_export each night on the Security Management Servers. - Configure the organization's routine back up software to back up the files created by the command upgrade_export. - Configure the GAiA back up utility to back up the Security Gateways every Saturday night. - Use the cron utility to run the command upgrade_export each Saturday night on the log servers. - Configure an automatic, nightly logswitch. - Configure the organization's routine back up software to back up the switched logs every n ight. Upon evaluation, your plan: A. Meets the required objective and only one desired objective. B. Meets the required objective but does not meet either desired objective. C. Does not meet the required objective.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
49
D. Meets the required objective and both desired objectives. Answer: D
QUESTION 156
John detected high load on sync interface. Which is most recommended solution? A. B. C. D.
For short connections like http service ?delay sync for 2 seconds Add a second interface to handle sync traffic For short connections like http service ?do not sync For short connections like icmp service ?delay sync for 2 seconds
Answer: A
QUESTION 157
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of? A. B. C. D.
Threat Emulation HTTPS QOS VolP
Answer: D Explanation:
The following types of traffic are not load-balanced by the CoreXL Dynamic Dispatcher (this traffic will always be handled by the same CoreXL FW instance): VoIP VPN encrypted packets QUESTION 158
All R80 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication? A. B. C. D.
FTP SMTP HTTP RLOGIN
Answer: B
QUESTION 159
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________. A. B. C. D.
destination on server side source on server side source on client side destination on client side
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
50
Answer: D
QUESTION 160
In SPLAT the command to set the timeout was idle. In order to achieve this and increase the timeout for Gaia, what command do you use? A. B. C. D.
set idle set inactivity-timeout set timeout set inactivity
Answer: B
QUESTION 161
How many pre-defined exclusions are included by default in SmartEvent R80 as part of the product installation? A. B. C. D.
5 0 10 3
Answer: D
QUESTION 162
The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account? A. B. C. D.
Type fwm unlock_admin from the Security Management Server command line. Type fwm unlock_admin -u from the Security Gateway command line. Type fwm lock_admin -u from the Security Management Server command line. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
Answer: C
QUESTION 163
Which packet info is ignored with Session Rate Acceleration? A. B. C. D.
source port ranges source ip source port same info from Packet Acceleration is used
Answer: C
QUESTION 164
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
51
ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT: A. B. C. D.
Export setup DHCP Server configuration Time & Date GUI Clients
Answer: D
QUESTION 165
The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method? A. B. C. D.
When accuracy in detecting identity is crucial Leveraging identity for Data Center protection Protecting highly sensitive servers Identity based enforcement for non-AD users (non-Windows and guest users)
Answer: D
QUESTION 166
Select the command set best used to verify proper failover function of a new ClusterXL configuration. A. B. C. D.
reboot cphaprob -d failDevice -s problem -t 0 register / cphaprob -d failDevice unregister clusterXL_admin down / clusterXL_admin up cpstop/cpstart
Answer: C
QUESTION 167
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them? A. B. C. D.
fw cti multik dynamic_dispatching on fw cti multik dynamic_dispatching set_mode 9 fw cti multik set_mode 9 fw cti multik pq enable
Answer: C Explanation:
To fully enable the CoreXL Dynamic Dispatcher on Security Gateway: 1. Run in Expert mode: [Expert@HostName]# fw ctl multik set_mode 9 Example output:
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
52
[[email protected]:0]# fw ctl multik set_mode 9 Please reboot the system [[email protected]:0]# QUESTION 168
How could you compare the Fingerprint shown to the Fingerprint on the server?
A. B. C. D.
Run cpconfig, select the Certificate's Fingerprint option and view the fingerprint Run cpconfig, select the GUI Clients option and view the fingerprint Run cpconfig, select the Certificate Authority option and view the fingerprint Run sysconfig, select the Server Fingerprint option and view the fingerprint
Answer: A
QUESTION 169
Which of the following is a CLI command for Security Gateway R80? A. B. C. D.
fw tab -u fw shutdown fw merge fwm policy_print
Answer: A
QUESTION 170
What is the purpose of a SmartEvent Correlation Unit? A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server B. The SmartEvent Correlation Unit's task it to assign severity levels to the identified events.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
53
C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events. D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server Answer: C
QUESTION 171
When defining QoS global properties, which option below is not valid? A. B. C. D.
Weight Authenticated timeout Schedule Rate
Answer: C
QUESTION 172
When restoring R80 using the command upgrade_import, which of the following items are NOT restored? A. B. C. D.
SIC Certificates Licenses Route tables Global properties
Answer: C
QUESTION 173
When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered? 1) Each member must have a unique source IP ad dress. 2) Every interface on each member requires a unique IP address. 3) All VTI's going to the same remote peer must have the sa me name. 4) Cluster IP addresses are required. A. B. C. D.
1, 2, and 4 2 and 3 1, 2, 3 and 4 1, 3, and 4
Answer: C
QUESTION 174
What can you do to see the current number of kernel instances in a system with CoreXL enabled? A. Browse to Secure Platform Web GUI B. Only Check Point support personnel can access that information
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
54
C. Execute SmarDashboard client D. Execute command cpconfig Answer: D
QUESTION 175
Which of the following authentication methods can be configured in the Identity Awareness setup wizard? A. B. C. D.
TACACS Captive Portal Check Point Password Windows password
Answer: B
QUESTION 176
How could you compare the Fingerprint shown to the Fingerprint on the server? Run cpconfig and select:
A. B. C. D.
the Certificate Authority option and view the fingerprint. the GUI Clients option and view the fingerprint. the Certificate's Fingerprint option and view the fingerprint. the Server Fingerprint option and view the fingerprint.
Answer: C
QUESTION 177
A ClusterXL configuration is limited to ___ members.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
55
A. B. C. D.
There is no limit. 16 6 2
Answer: C
QUESTION 178
Match the VPN-related terms with their definitions. Each correct term is only used once.
A. B. C. D.
A-3, B-4, C-1, D-5 A-4, B-3, C-5, D-2 A-2, B-5, C-4, D-1 A-3, B-2, C-1, D-4
Answer: B
QUESTION 179
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original "web_public_IP" is the node object that represents the new Web server's public IP address. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT. When you try to browse the Web server from the Internet you see the error "page cannot be displayed". Which of the following is NOT a possible reason? A. There is no Security Policy defined that allows HTTP traffic to the protected Web server. B. There is no ARP table entry for the protected Web server's public IP address. C. There is no route defined on the Security Gateway for the public IP address to the Web server's private IP address. D. There is no NAT rule translating the source IP address of packets coming from the protected Web server. Answer: D
QUESTION 180
As a Security Administrator, you must refresh the Client Authentication authorization time- out every time a new user connection is authorized. How do you do this? Enable the Refreshable
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
56
Timeout setting: A. B. C. D.
in the user object's Authentication screen. in the Gateway object's Authentication screen. in the Limit tab of the Client Authentication Action Properties screen. in the Global Properties Authentication screen.
Answer: C
QUESTION 181
Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates: A. Are used for securing internal network communications between the SmartDashboard and the Security Management Server. B. For R75 Security Gateways are created during the Security Management Server installation. C. Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway. D. Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates. Answer: D
QUESTION 182
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Option A
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
57
B. Option B C. Option C D. Option D Answer: A
QUESTION 183
Use the table to match the BEST Management High Availability synchronication-status descriptions for your Security Management Server (SMS).
A. B. C. D.
A-5, B-3, C-1, D-2 A-3, B-1, C-4, D-2 A-3, B-5, C-2, D-4 A-3, B-1, C-5, D-4
Answer: D
QUESTION 184
How are cached usernames and passwords cleared from the memory of a R80 Security Gateway? A. B. C. D.
By using the Clear User Cache button in SmartDashboard. Usernames and passwords only clear from memory after they time out. By retrieving LDAP user information using the command fw fetchldap. By installing a Security Policy.
Answer: D
QUESTION 185
Which of the following items should be configured for the Security Management Server to authenticate using LDAP? A. Check Point Password B. WMI object C. Domain Admin username
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
58
D. Windows logon password Answer: A
QUESTION 186
When simulating a problem on CLusterXL cluster with cphaprob d STOP s problem t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state? A. B. C. D.
cphaprob d STOP unregister cphaprob STOP unregister cphaprob unregister STOP cphaprob d unregister STOP
Answer: A Explanation:
esting a failover in a controlled manner using following command; # cphaprob -d STOP -s problem -t 0 register This will register a problem state on the cluster member this was entered on; If you then run; # cphaprob list this will show an entry named STOP. to remove this problematic register run following; # cphaprob -d STOP unregister QUESTION 187
What type of traffic can be re-directed to the Captive Portal? A. B. C. D.
SMTP HTTP All of the above FTP
Answer: B
QUESTION 188
Which one of these is NOT a firewall chain? A. B. C. D.
RTM packet in (rtm) VPN node add (vpnad) IP Options restore (in) (ipopt_res) Fw SCV inbound (scv)
Answer: B
QUESTION 189
What command would show the API server status? A. cpm status B. api restart C. api status
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
59
D. show api status Answer: C
QUESTION 190
In R80 spoofing is defined as a method of: A. B. C. D.
Disguising an illegal IP address behind an authorized IP address through Port Address Translation. Hiding your firewall from unauthorized users. Detecting people using false or wrong authentication logins Making packets appear as if they come from an authorized IP address.
Answer: D Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access. QUESTION 191
What is the purpose of the pre-defined exclusions included with SmartEvent R80? A. To allow SmartEvent R80 to function properly with all other R71 devices. B. To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71. C. As a base for starting and building exclusions. D. To give samples of how to write your own exclusion. Answer: B
QUESTION 192
The Firewall kernel is replicated multiple times, therefore: A. The Firewall kernel only touches the packet if the connection is accelerated B. The Firewall can run different policies per core C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out D. The Firewall can run the same policy on all cores Answer: D Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the Security Gateway process traffic through the same interfaces and apply the same security policy. QUESTION 193
Which statements about Management HA are correct? 1) Primary SmartCenter describes first installed SmartCenter Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
60
2) Active SmartCenter is always used to administrate with SmartConsole 3) Active SmartCenter describes first installed SmartCenter 4) Primary SmartCenter is always used to ad ministrate with SmartConsole A. B. C. D.
1 and 4 2 and 3 1 and 2 3 and 4
Answer: C
QUESTION 194
What CLI command will reset the IPS pattern matcher statistics? A. B. C. D.
ips reset pmstat ips pstats reset ips pmstats refresh ips pmstats reset
Answer: D Explanation:
ips pmstats reset Description - Resets the data that is collected to calculate the pmstat statistics. Usage - ips pmstats reset QUESTION 195
What is the primary benefit of using the command upgrade_export over either backup or snapshot? A. upgrade_export is operating system independent and can be used when backup or snapshot is not available. B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not. C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time. D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not. Answer: A
QUESTION 196
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember? A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services. B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server. C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
61
D. You can limit the authentication attempts in the User Properties' Authentication tab. Answer: B
QUESTION 197
When a packet is flowing through the security gateway, which one of the following is a valid inspection path? A. B. C. D.
Acceleration Path Small Path Firewall Path Medium Path
Answer: D
QUESTION 198
Charles requests a Website while using a computer not in the net_singapore network.
What is TRUE about his location restriction?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
62
A. B. C. D.
Source setting in Source column always takes precedence. Source setting in User Properties always takes precedence. As location restrictions add up, he would be allowed from net_singapore and net_sydney. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.
Answer: D
QUESTION 199
What is the responsibility of SOLR process on R80.10 management server? A. B. C. D.
Validating all data before it's written into the database It generates indexes of data written to the database Communication between SmartConsole applications and the Security Management Server Writing all information into the database
Answer: B
QUESTION 200
What happens if the identity of a user is known? A. B. C. D.
If the user credentials do not match an Access Role, the traffic is automatically dropped. If the user credentials do not match an Access Role, the system displays a sandbox. If the user credentials do not match an Access Role, the gateway moves onto the next rule. If the user credentials do not match an Access Role, the system displays the Captive Portal.
Answer: C
QUESTION 201
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support? A. B. C. D.
fw cpinfo cpinfo -o date.cpinfo.txt diag cpstat - date.cpstat.txt
Answer: B
QUESTION 202
Which of the following are authentication methods that Security Gateway R80 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods. A. B. C. D.
Proxied, User, Dynamic, Session Connection, User, Client User, Client, Session User, Proxied, Session
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
63
Answer: C
QUESTION 203
Which Check Point tool allows you to open a debug file and see the VPN packet exchange details. A. B. C. D.
PacketDebug.exe VPNDebugger.exe IkeView.exe IPSECDebug.exe
Answer: C
QUESTION 204
Which CLI tool helps on verifying proper ClusterXL sync? A. B. C. D.
fw stat fw ctl sync fw ctl pstat cphaprob stat
Answer: C
QUESTION 205
Which of the following items should be configured for the Security Management Server to authenticate via LDAP? A. B. C. D.
Check Point Password Active Directory Server object Windows logon password WMI object
Answer: B
QUESTION 206
You intend to upgrade a Check Point Gateway from R71 to R80. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time? A. B. C. D.
database revision snapshot upgrade_export backup
Answer: D
QUESTION 207
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
64
What is the command to show SecureXL status? A. B. C. D.
fwaccel status fwaccel stats -m fwaccel -s fwaccel stat
Answer: D Explanation:
To check overall SecureXL status: [Expert@HostName]# fwaccel stat QUESTION 208
In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why? A. B. C. D.
sglondon_1 because it the first configured object with the lowest IP. sglondon_2 because sglondon_1 has highest IP. sglondon_1, because it is up again, sglondon_2 took over during reboot. sglondon_2 because it has highest priority.
Answer: D
QUESTION 209
Which of the following CLISH commands would you use to set the admin user's shell to bash? A. B. C. D.
set user admin shell bash set user admin shell /bin/bash set user admin shell = /bin/bash set user admin /bin/bash
Answer: B
QUESTION 210
The connection to the ClusterXL member `A' breaks. The ClusterXL member `A' status is now `down'. Afterwards the switch admin set a port to ClusterXL member `B' to `down'. What will happen? A. B. C. D.
ClusterXL member `B' also left the cluster. ClusterXL member `B' stays active as last member. Both ClusterXL members share load equally. ClusterXL member `A' is asked to come back to cluster.
Answer: B
QUESTION 211
You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
65
connection in SmartView Tracker? A. B. C. D.
Two, one for outbound, one for inbound Only one, outbound Two, both outbound, one for the real IP connection and one for the NAT IP connection Only one, inbound
Answer: B
QUESTION 212
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. What should John do when he cannot access the web server from a different personal computer? A. B. C. D.
John should lock and unlock his computer Investigate this as a network connectivity issue The access should be changed to authenticate the user instead of the PC John should install the Identity Awareness Agent
Answer: C
QUESTION 213
Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests. A. B. C. D.
Key-logging ICA Certificates SecureClient Single Sign-On
Answer: D
QUESTION 214
You cannot use SmartDashboard's User Directory features to connect to the LDAP server.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
66
What should you investigate? 1) Verify you have read-only permissions as administrator for the operating system. 2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server. 3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration. A. B. C. D.
1, 2, and 3 2 and 3 1 and 2 1 and 3
Answer: B
QUESTION 215
Which of the following tools is used to generate a Security Gateway R80 configuration report? A. B. C. D.
fw cpinfo infoCP cpinfo infoview
Answer: C
QUESTION 216
Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.
A. This is an example of Hide NAT. B. There is not enough information provided in the Wireshark capture to determine the NAT settings. C. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties. D. This is an example of Static NAT and Translate destination on client side checked in Global Properties. Answer: D
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
67
QUESTION 217
Which of the following options is available with the GAiA cpconfig utility on a Management Server? A. B. C. D.
Export setup DHCP Server configuration GUI Clients Time & Date
Answer: C
QUESTION 218
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role? A. B. C. D.
Action Source User Track
Answer: B
QUESTION 219
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem? A. B. C. D.
John should install the Identity Awareness Agent The firewall admin should install the Security Policy John should lock and unlock the computer Investigate this as a network connectivity issue
Answer: B
QUESTION 220
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
68
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts? A. B. C. D.
Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/. Reinstall the Security Management Server and restore using upgrade_import. Type fwm lock_admin -ua from the Security Management Server command line. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Answer: C
QUESTION 221
You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem? A. B. C. D.
The new Gateway's temporary license has expired. The object was created with Node > Gateway. The Gateway object is not specified in the first policy rule column Install On. No Masters file is created for the new Gateway.
Answer: B
QUESTION 222
Which of the following describes the default behavior of an R77 Security Gateway? A. Traffic is filtered using controlled port scanning. B. IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected. C. All traffic is expressly permitted via explicit rules. D. Traffic not explicitly permitted is dropped. Answer: D
QUESTION 223
When you use the Global Properties' default settings on R77, which type of traffic will be dropped if NO explicit rule allows the traffic? A. B. C. D.
Firewall logging and ICA key-exchange information RIP traffic Outgoing traffic originating from the Security Gateway SmartUpdate connections
Answer: B
QUESTION 224
What is the supported ClusterXL configuration when configuring a cluster synchronization
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
69
network on a VLAN interface? A. B. C. D.
It is supported on the lowest VLAN tag of the VLAN interface It is not supported on a VLAN tag. It is supported on VLAN tag 4095 It is supported on VLAN tag 4096.
Answer: A
QUESTION 225
Which SmartConsole component can Administrators use to track changes to the Rule Base? A. B. C. D.
SmartView Monitor SmartReporter WebUI SmartView Tracker
Answer: D
QUESTION 226
UDP packets are delivered if they are ___________. A. B. C. D.
referenced in the SAM related dynamic tables a valid response to an allowed request on the inverse UDP ports and IP a stateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP bypassing the kernel by the forwarding layer of ClusterXL
Answer: B
QUESTION 227
When, during policy installation, does the atomic load task run? A. B. C. D.
It is the first task during policy installation. It is the last task during policy installation. Before CPD runs on the Gateway. Immediately after fwm load runs on theSmart Center.
Answer: B
QUESTION 228
What process is responsible for transferring the policy file from Smart Center to the Gateway? A. B. C. D.
FWD FWM CPRID CPD
Answer: D
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
70
QUESTION 229
What firewall kernel table stores information about port allocations for Hide NAT connections? A. B. C. D.
NAT_dst_any_list host_ip_addrs NAT_src_any_list fwx_alloc
Answer: D
QUESTION 230
Where do you define NAT properties so that NAT is performed either client side or server side? A. B. C. D.
In SmartDashboard under Gateway setting In SmartDashboard under Global Properties > NAT definition In SmartDashboard in the NAT Rules In file $DFWDIR/lib/table.def
Answer: B
QUESTION 231
The process ___________ is responsible for all other security server processes run on the Gateway. A. B. C. D.
FWD CPLMD FWM CPD
Answer: A
QUESTION 232
The process ________ is responsible for GUI Client communication with the Smart Center. A. B. C. D.
FWD FWM CPD CPLMD
Answer: B
QUESTION 233
Fill in the blank. To save your OSPF configuration in GAiA, enter the command ___________ . Answer: save config
QUESTION 234
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
71
Type the command and syntax to view critical devices on a cluster member in a ClusterXL environment. Answer: cphaprob -ia list
QUESTION 235
In a zero downtime firewall cluster environment, what command syntax do you run to avoid switching problems around the cluster for command cphaconf? Answer: set_ccp broadcast
QUESTION 236
Write the full fw command and syntax that you would use to troubleshoot ClusterXL sync issues. Answer: fw tab -s -t connections
QUESTION 237
Fill in the blank. You can set Acceleration to ON or OFF using command syntax ___________ . Answer: fwaccel off/on
QUESTION 238
Type the command and syntax you would use to verify that your Check Point cluster is functioning correctly. Answer: cphaprob state
QUESTION 239
To provide full connectivity upgrade status, use command Answer: cphaprob fcustat
QUESTION 240
Type the full fw command and syntax that will show full synchronization status. Answer: fw ctl pstat
QUESTION 241
To stop acceleration on a GAiA Security Gateway, enter command: Answer: fwaccel off
QUESTION 242
Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member. Answer: fw ctl setsync off
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
72
QUESTION 243
Fill in the blanks. To view the number of concurrent connections going through core 0 on the firewall, you would use the command and syntax __ __ _ ___ __ ___________ __ . Answer: fw -i 0 tab -t connections -s
QUESTION 244
Fill in the blank. What is the correct command and syntax used to view a connection table summary on a Check Point Firewall? Answer: fw tab -t connections -s
QUESTION 245
Fill in the blank. To enter the router shell, use command __________ . Answer: cligated
QUESTION 246
Fill in the blank. To remove site-to-site IKE and IPSEC keys you would enter command ____ ___ and select the option to delete all IKE and IPSec SA's. Answer: vpn tu
QUESTION 247
Fill in the blank. To verify the SecureXL status, you would enter command _____________ . Answer: fwaccel stat
QUESTION 248
Type the command and syntax that you would use to view the virtual cluster interfaces of a ClusterXL environment. Answer: cphaprob -a if
QUESTION 249
Fill in the blank.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
73
In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108. Review the exhibit and type the IP address of the member serving as the pivot machine in the space below. Answer: 10.4.8.2
QUESTION 250
In a zero downtime scenario, which command do you run manually after all cluster members are upgraded? Answer: cphaconf set_ccp multicast
QUESTION 251
Fill in the blank. To verify that a VPN Tunnel is properly established, use the command _________ Answer: vpn tunnelutil
QUESTION 252
Fill in the blanks. To view the number of concurrent connections going through your firewall, you would use the command and syntax __ ___ __ __________ __ . Answer: fw tab -t connections -s
QUESTION 253
Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL) connections with the LDAP Server is Answer: 636
QUESTION 254
Fill in the blank. The command that typically generates the firewall application, operating system, and hardware specific drivers is _________ . Answer: snapshot
QUESTION 255
The command useful for debugging by capturing packet information, including verifying LDAP authentication on all Check Point platforms is Answer: fw monitor
QUESTION 256
Fill in the blank.
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
74
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2 Internal host 10.4.8.108 pings 10.4.8.3, and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. According to the output, which member is the standby machine? Answer: 10.4.8.1
QUESTION 257
Fill in the blank. The user wants to replace a failed Windows-based firewall with a new server running GAiA. For the most complete restore of an GAiA configuration, he or she will use the command Answer: migrate_import
QUESTION 258
Fill in the blank.
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member's IP address? Answer: 10.4.8.2
QUESTION 259
Fill in the blank with a numeric value. The default port number for standard TCP connections with
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
75
the LDAP server is Answer: 389
QUESTION 260
Type the full cphaprob command and syntax that will show full synchronization status. Answer: cphaprob -i list
QUESTION 261
To bind a NIC to a single processor when using CoreXL on GAiA, you would use the command Answer: sim affinity
QUESTION 262
Complete this statement. To save interface information before upgrading a Windows Gateway, use command Answer: ipconfig -a > [filename].txt
QUESTION 263
MultiCorp is located in Atlanta. It has a branch office in Europe, Asia, and Africa. Each location has its own AD controller for local user login. How many ADqueries have to be configured? Answer: 4
QUESTION 264
Type the command and syntax to configure the Cluster Control Protocol (CCP) to use Broadcast. Answer: cphaconf set_ccp broadcast
QUESTION 265
Fill in the blank. To verify SecureXL statistics, you would use the command ________ . Answer: fwaccel stats
QUESTION 266
Which is the correct order of a log flow processed by SmartEvents components: A. B. C. D.
Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client Firewall > SmartEvent Server Database > Correlation unit > Log Server > SmartEvent Client Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Answer: D
QUESTION 267
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
76
In SmartEvent, what are the different types of automatic reactions that the administrator can configure? A. B. C. D.
Mail, Block Source, Block Event Activity, External Script, SNMP Trap Mail, Block Source, Block Destination, Block Services, SNMP Trap Mail, Block Source, Block Destination, External Script, SNMP Trap Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Answer: A
QUESTION 268
Which components allow you to reset a VPN tunnel? A. vpn command or SmartView monitor tu B. delete or vpn she11 command vpn ike sa C. vpn or delete vpn command tunnelutil ike sa D. SmartView monitor only Answer: D
QUESTION 269
When synchronizing clusters, which of the following statements is FALSE? A. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized. B. Only cluster members running on the same OS platform can be synchronized. C. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization. D. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails. Answer: D
QUESTION 270
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older? A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. B. Limits the upload and download throughout for streaming media in the company to 1 Gbps. C. Time object to a rule to make the rule active only during specified times. D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule Answer: A
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
77
QUESTION 271
In R80.10, how do you manage your Mobile Access Policy? A. B. C. D.
Through the Unified Policy Through the Mobile Console From SmartDashboard From the Dedicated Mobility Tab
Answer: C
QUESTION 272
You find one of your cluster gateways showing "Down" when you run the "cphaprob stat" command. You then run the "clusterXL_admin up" on the down member but unfortunately the member continues to show down. What command do you run to determine the case? A. B. C. D.
cphaprob f register cphaprob ds report cpstatf-all cphaprob a list
Answer: D
QUESTION 273
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection? A. B. C. D.
Smart Cloud Services Load Sharing Mode Services Threat Agent Solution Public Cloud Services
Answer: C
QUESTION 274
Which of the following is NOT a valid way to view interface's IP address settings in Gaia? A. B. C. D.
Using the command sthtool in Expert Mode Viewing the file / config/ active Via the Gaia WebUl Via the command show in CLISH configuration
Answer: A
QUESTION 275
Check Point recommends configuring Disk Space Management parameters to delete old log entities when available disk space is less than or equal to?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
78
A. B. C. D.
50% 75% 80% 15%
Answer: D
QUESTION 276
What API command below creates a new host with the name "New Host" and IP address of "192.168.0.10"? A. B. C. D.
new host name "New Host" ip-address "192.168.0.10" set host name "New Host" ip-address "192.168.0.10" create host name "New Host" ip-address "192.168.0.10" add host name "New Host" ip-address "192.168.0.10"
Answer: D
QUESTION 277
What are types of Check Point APIs available currently as part of R80.10 code? A. Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API C. OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API Answer: B
QUESTION 278
Which of the following is NOT an internal/native Check Point command? A. fwaccel on B. fw ct1 debug C. tcpdump D. cphaprob Answer: C
QUESTION 279
What is the SandBlast Agent designed to do? A. Performs OS-level sandboxing for SandBlast Cloud architecture B. Ensure the Check Point SandBlast services is running on the end user's system C. If malware enters an end user's system, the SandBlast Agent prevents the malware form spreading with the network
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
79
D. Clean up email sent with malicious attachments. Answer: C
QUESTION 280
The SmartEvent R80 Web application for real-time event monitoring is called: A. B. C. D.
SmartView Monitor SmartEventWeb There is no Web application for SmartEvent SmartView
Answer: A
QUESTION 281
What Shell is required in Gaia to use WinSCP? A. B. C. D.
UNIX CPShell CLISH Bash
Answer: D
QUESTION 282
Which one of the following is true about Threat Emulation? A. B. C. D.
Takes less than a second to complete Works on MS Office and PDF files only Always delivers a file Takes minutes to complete (less than 3 minutes)
Answer: D
QUESTION 283
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R80.10? A. B. C. D.
2 CPU cores, 4GB of RAM and 15GB of disk space 8 CPU cores, 16GB of RAM and 500 GB of disk space 4 CPU cores, 8GB of RAM and 500GB of disk space 8 CPU cores, 32GB of RAM and 1 TB of disk space
Answer: C
QUESTION 284
The "MAC magic" value must be modified under the following condition:
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
80
A. B. C. D.
There is more than one cluster connected to the same VLAN A firewall cluster is configured to use Multicast for CCP traffic There are more than two members in a firewall cluster A firewall cluster is configured to use Broadcast for CCP traffic
Answer: D
QUESTION 285
The Correlation Unit performs all but which of the following actions: A. B. C. D.
Marks logs that individually are not events, but may be part of a larger pattern to be identified later Generates an event based on the Event policy Assigns a severity level to the event Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event
Answer: C
QUESTION 286
The following command is used to verify the CPUSE version: A. B. C. D.
HostName:0>show installer status build [Expert@HostName:0]#show installer status [Expert@HostName:0]#show installer status build HostName:0>show installer build
Answer: A
QUESTION 287
Which statement is true regarding redundancy? A. System Administrator know when their cluster has failed over and can also see why it failed over by using the cphaprob f it command. B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast. C. Machines in a Cluster XL High Availability configuration must be synchronized. D. Both Cluster XL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments. Answer: D
QUESTION 288
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_ report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway? A. SandBlast Threat Emulation B. SandBlast Agent
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
81
C. Check Point Protect D. SandBlast Threat Extraction Answer: D
QUESTION 289
Which command collects diagnostic data for analyzing customer setup remotely? A. B. C. D.
cpinfo migrate export sysinfo cpview
Answer: A
QUESTION 290
When deploying multiple clustered firewalls on the same subnet, what does the firewall administrator need to configure to prevent CCP broadcasts being sent to the wrong cluster? A. B. C. D.
Set the fwha_mac_magic_forward parameter in the $CPDIR/boot/modules/ha_boot. conf Set the fwha_mac_magic parameter in the $FWDIR/boot/fwkern.conf file Set the cluster global ID using the command "cphaconf cluster_id set " Set the cluster global ID using the command "fw ctt set cluster_id "
Answer: C
QUESTION 291
Which of these options is an implicit MEP option? A. B. C. D.
Primary-backup Source address based Round robin Load Sharing
Answer: A
QUESTION 292
John detected high load on sync interface. Which is most recommended solution? A. B. C. D.
For short connections like http service ?delay sync for 2 seconds Add a second interface to handle sync traffic For short connections like http service ?do not sync For short connections like icmp service ?delay sync for 2 seconds
Answer: A
QUESTION 293
What is the SOLR database for?
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
82
A. B. C. D.
Used for full text search and enables powerful matching capabilities Writes data to the database and full text search Serves GUI responsible to transfer request to the DLEserver Enables powerful matching capabilities and writes data to the database
Answer: A
QUESTION 294
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection? A. B. C. D.
Stateful Mode VPN Routing Mode Wire Mode Stateless Mode
Answer: C
QUESTION 295
On R80.10 the IPS Blade is managed by: A. B. C. D.
Threat Protection policy Anti-Bot Blade Threat Prevention policy Layers on Firewall policy
Answer: A
QUESTION 296
Which packet info is ignored with Session Rate Acceleration? A. B. C. D.
source port ranges source ip source port same info from Packet Acceleration is used
Answer: C
QUESTION 297
What is the purpose of Priority Delta in VRRP? A. B. C. D.
When a box is up, Effective Priority = Priority + Priority Delta When an Interface is up, Effective Priority = Priority + Priority Delta When an Interface fail, Effective Priority = Priority ?Priority Delta When a box fail, Effective Priority = Priority ?Priority Delta
Answer: C
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
83
QUESTION 298
What is the purpose of a SmartEvent Correlation Unit? A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server B. The SmartEvent Correlation Unit's task it to assign severity levels to the identified events. C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events. D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server Answer: C
QUESTION 299
The CDT utility supports which of the following? A. B. C. D.
Major version upgrades to R77.30 Only Jumbo HFA's and hotfixes Only major version upgrades to R80.10 All upgrades
Answer: D
QUESTION 300
The Firewall kernel is replicated multiple times, therefore: A. The Firewall kernel only touches the packet if the connection is accelerated B. The Firewall can run different policies per core C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out D. The Firewall can run the same policy on all cores Answer: D
QUESTION 301
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster. A. B. C. D.
Symmetric routing Failovers Asymmetric routing Anti-Spoofing
Answer: C
QUESTION 302
Which is not a blade option when configuring SmartEvent? A. Correlation Unit
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
84
B. SmartEvent Unit C. SmartEvent Server D. Log Server Answer: B
QUESTION 303
What command would show the API server status? A. B. C. D.
cpm status api restart api status show api status
Answer: C
QUESTION 304
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them? A. B. C. D.
fw cti multik dynamic_dispatching on fw cti multik dynamic_dispatching set_mode 9 fw cti multik set_mode 9 fw cti multik pq enable
Answer: C
QUESTION 305
You have existing dbedit scripts from R77. Can you use them with R80.10? A. B. C. D.
dbedit is not supported in R80.10 dbedit is fully supported in R80.10 You can use dbedit to modify threat prevention or access policies, but not create or modify layers dbedit scripts are being replaced by mgmt._cli in R80.10
Answer: D
QUESTION 306
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. A. B. C. D.
This statement is true because SecureXL does improve all traffic This statement is false because SecureXL does not improve this traffic but CoreXL does This statement is true because SecureXL does improve this traffic This statement is false because encrypted traffic cannot be inspected
Answer: C
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
85
QUESTION 307
What are the three components for Check Point Capsule? A. B. C. D.
Capsule Docs, Capsule Cloud, Capsule Connect Capsule Workspace, Capsule Cloud, Capsule Connect Capsule Workspace, Capsule Docs, Capsule Connect Capsule Workspace, Capsule Docs, Capsule Cloud
Answer: D
QUESTION 308
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI? A. B. C. D.
mgmt_cli add-host "Server_1" ip_ address "10.15.123.10" ?format txt mgmt_ cli add host name "Server_ 1" ip-address "10.15.123.10" ?format json mgmt_ cli add object-host "Server_ 1" ip-address "10.15.123.10" ?format json mgmt_cli add object "Server_ 1" ip-address "10.15.123.10" ?format json
Answer: B
QUESTION 309
When defining QoS global properties, which option below is not valid? A. B. C. D.
Weight Authenticated timeout Schedule Rate
Answer: C
QUESTION 310
Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all of the following except? A. B. C. D.
Create new dashboards to manage 3rd party task Create products that use and enhance 3rd party solutions. Execute automated scripts to perform common tasks. Create products that use and enhance the Check Point Solution.
Answer: A
QUESTION 311
What happen when IPS profile is set in Detect-Only Mode for troubleshooting? A. It will generate Geo-Protection traffic B. Automatically uploads debugging logs to Check Point Support Center C. It will not block malicious traffic
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
86
D. Bypass licenses requirement for Geo-Protection control Answer: C
QUESTION 312
When simulating a problem on CLusterXL cluster with cphaprob d STOP s problem t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state? A. B. C. D.
cphaprob d STOP unregister cphaprob STOP unregister cphaprob unregister STOP cphaprob d unregister STOP
Answer: A
QUESTION 313
You are investigating issues with two gateway cluster members that are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization? A. B. C. D.
TCP port 443 TCP port 257 TCP port 256 UDP port 8116
Answer: C
QUESTION 314
Which command shows the current connections distributed by CoreXL FW instances? A. B. C. D.
fw ctl multik stat fw ctl affinity l fw ctl instances v fw ctl iflist
Answer: A
QUESTION 315
What is the most ideal Synchronization Status for Security Management Server High Availability deployment? A. B. C. D.
Lagging Synchronized Never been synchronized Collision
Answer: B
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
87
QUESTION 316
What GUI client would you use to view an IPS packet capture? A. B. C. D.
SmartView Monitor SmartView Tracker Smart Update Smart Reporter
Answer: B
QUESTION 317
What is the valid range for VRID value in VRRP configuration? A. B. C. D.
1 254 1 - 255 0 - 254 0 - 255
Answer: B
QUESTION 318
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade? A. Detects and blocks malware by correlating multiple detection engines before users are affected. B. Configure rules to limit the available network bandwidth for specified users or groups. C. Use UserCheck to help users understand that certain websites are against the company's security policy. D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. Answer: A
QUESTION 319
Which command will reset the kernel debug options to default settings? A. B. C. D.
fw ctl dbg a 0 fw ctl dbg resetall fw ctl debug 0 fw ctl debug set 0
Answer: C
QUESTION 320
You need to change the number of firewall instances used by CoreXL. How can you achieve this goal? A. edit fwaffinity.conf; reboot required
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
88
B. cpconfig; reboot required C. edit fwaffinity.conf; reboot not required D. cpconfig: reboot not required Answer: B
QUESTION 321
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN? A. that is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager B. Full Layer4 VPN -SSL VPN that gives users network access to all mobile applications C. Full layer3 VPN -IPSec VPN that gives users network access to all mobile applications D. You can make sure that documents are sent to the intended recipients only Answer: C
QUESTION 322
What does the command vpn do? crl__zap A. B. C. D.
Nothing, it is not a valid command Erases all CRL's from the gateway cache Erases VPN certificates from cache Erases CRL's from the management server cache
Answer: B
QUESTION 323
Firewall policies must be configured to accept VRRP packets on the GAiA platform if it runs Firewall software. The Multicast destination assigned by the Internet Assigned Numbers Authority (IANA) for VRRP is: A. B. C. D.
224.0.0.18 224.0.0.5 224.0.0.102 224.0.0.22
Answer: A
QUESTION 324
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this? A. B. C. D.
UDP port 265 TCP port 265 UDP port 256 TCP port 256
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
89
Answer: D
QUESTION 325
GAiA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the: A. B. C. D.
Check Point Upgrade Service Engine. Check Point Software Update Agent Check Point Remote Installation Daemon (CPRID) Check Point Software Update Daemon
Answer: A
QUESTION 326
Which one of these is NOT a firewall chain? A. B. C. D.
RTM packet in (rtm) VPN node add (vpnad) IP Options restore (in) (ipopt_res) Fw SCV inbound (scv)
Answer: B
QUESTION 327
Which is a suitable command to check whether Drop Templates are activated or not? A. B. C. D.
fw ctl get int activate _drop_ templates fwaccel stat fwaccel stats fw ctl templates d
Answer: B
QUESTION 328
Which directory below contains log files? A. B. C. D.
/opt/CPSmartlog-R80/log /opt/CPshrd-R80/log /opt/CPsuite-R80/fw1/log /opt/CPsuite-R80/log
Answer: C
QUESTION 329
What is the responsibility of SOLR process on R80.10 management server? A. Validating all data before it's written into the database
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
90
B. It generates indexes of data written to the database C. Communication between SmartConsole applications and the Security Management Server D. Writing all information into the database Answer: B
QUESTION 330
VPN Tunnel Sharing can be configured with any of the options below, EXCEPT One: A. B. C. D.
Gateway-based Subnet-based IP range based Host-based
Answer: C
QUESTION 331
You want to store the GAiA configuration in a file for later reference. What command should you use? A. B. C. D.
write mem show config f save config o save configuration
Answer: D
QUESTION 332
What can you do to see the current number of kernel instances in a system with CoreXL enabled? A. B. C. D.
Browse to Secure Platform Web GUI Only Check Point support personnel can access that information Execute SmarDashboard client Execute command cpconfig
Answer: D
QUESTION 333
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of A. B. C. D.
Threat Emulation HTTPS QOS VolP
Answer: D
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
91
QUESTION 334
Why would you not see a CoreXL configuration option in cpconfig? A. B. C. D.
The gateway only has one processor CoreXL is not licenses CoreXL is disabled via policy CoreXL is not enabled in the gateway object
Answer: A
QUESTION 335
In SPLAT the command to set the timeout was idle. In order to achieve this and increase the timeout for Gaia, what command do you use? A. set idle B. set inactivitytimeout C. set timeout D. set inactivity Answer: B
QUESTION 336
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation? A. Anti-Bot is the only countermeasure against unknown malware B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers C. Anti-Bot is the only signature-based method of malware protection D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center Answer: D
QUESTION 337
SmartEvent does NOT use which of the following procedures to identify events? A. B. C. D.
Matching a log against each event definition Create an event candidate Matching a log against local exclusions Matching a log against global exclusions
Answer: C
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
92
QUESTION 338
In Gaia, if one is unsure about a possible command, what command lists all possible commands. A. B. C. D.
show all |grep commands show configuration show commands get all commands
Answer: C
QUESTION 339
In which case is a Sticky Decision Function relevant? A. B. C. D.
Load Sharing - Multicast Load Balancing - Forward High Availability Load Sharing - Unicast
Answer: C
QUESTION 340
The Security Gateway is installed on GAiA R80. The default port for the Web User Interface is _______. A. B. C. D.
TCP 18211 TCP 257 TCP 4433 TCP 443
Answer: D
QUESTION 341
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component? A. B. C. D.
None, Security Management Server would be installed by itself SmartConsole SecureClient SmartEvent
Answer: D
QUESTION 342
Fill in the blank: The tool ___________ generates a R80 Security Gateway configuration report. A. B. C. D.
infoCP infoview cpinfo fw cpinfo
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
93
Answer: C
QUESTION 343
Fill in the blank: The R80 utility fw is used to troubleshoot __________. monitor A. B. C. D.
User data base corruption EDAP conflicts Traffic issues Phase two key negotiation
Answer: C
QUESTION 344
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose? A. B. C. D.
Eliminate all possible contradictory rules such as the Stealth or Cleanup rules. Create a separate Security Policy package for each remote Security Gateway. Create network objects that restrict all applicable rules to only certain networks. Run separate SmartConsole instances to login and configure each security Gateway directly.
Answer: B
QUESTION 345
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will be need if he does NOT include a SmartConsole machine in his calculations? A. B. C. D.
One machine, but it needs to be installed using SecurePlatform for compatibility purposes. One machine Two machines Three machines
Answer: C
QUESTION 346
Fill in the blank: The command _______________ provides the most complete restoration of a R80 configuration. A. upgrade_import B. cpconfig C. fwn dbimport p D. cpinfo recover Answer: A
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
94
QUESTION 347
Which of the following statements is TRUE about R80 management plug-ins? A. The plug-in is a package installed on the Security Gateway. B. Installing a management plug-in requires a Snapshot, just like any upgrade process. C. A management plug-in interacts with a Security Management Server to provide new features and support for new products. D. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in. Answer: C
QUESTION 348
Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period. A. B. C. D.
Block Port Overflow Local Interface Spoofing Suspicious Activity Monitoring Adaptive Threat Prevention
Answer: C
QUESTION 349
In R80 spoofing is defined as a method of: A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation. B. Hiding your firewall from unauthorized users. C. Detecting people using false or wrong authentication logins D. Making packets appear as if they come from an authorized IP address. Answer: D
QUESTION 350
Which features are only supported with R80.10 Gateways but not R77.x? A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies. B. Limits the upload and download throughput for streaming media in the company to 1 Gbps. C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. D. Time object to a rule to make the rule active only during specified times. Answer: C
QUESTION 351
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
95
For best practices, what is the recommended time for automatic unlocking of locked admin accounts? A. B. C. D.
20 minutes 15 minutes Admin account cannot be unlocked automatically 30 minutes at least
Answer: D
QUESTION 352
What scenario indicates that SecureXL is enabled? A. B. C. D.
Dynamic objects are available in the Object Explorer SecureXL can be disabled in cpconfig fwaccel commands can be used in clish Only one packet in a stream is seen in a fw monitor packet capture
Answer: C
QUESTION 353
What is the command to show SecureXL status? A. B. C. D.
fwaccel status fwaccel stats m fwaccel -s fwaccel stat
Answer: D
QUESTION 354
Which web services protocol is used to communicate to the Check Point R80 identity Awareness Web APi? A. B. C. D.
SOAP REST XLANG XML-RPC
Answer: B
QUESTION 355
Which file gives you a list of all security servers in use, including port number? A. B. C. D.
$FWDIR/conf/conf.conf $FWDIR/conf/servers.conf $FWDIR/conf/fwauthd.conf $FWDIR/conf/serversd.conf
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
96
Answer: C
QUESTION 356
What CLI command will reset the IPS pattern matcher statistics? A. B. C. D.
ips reset pmstat ips pstats reset ips pmstats refresh ips pmstats reset
Answer: D
QUESTION 357
GAiA Software update packages can be imported and installed offline in situation where: A. B. C. D.
Security Gateway with GAiA does NOT have SFTP access to Internet Security Gateway with GAiA does NOT have access to Internet. Security Gateway with GAiA does NOT have SSH access to internet. The desired CPUSE package is ONLY available in the Check Point CLOUD.
Answer: B
QUESTION 358
The Event List within the Events tab contains: A. a list of options available for running a query. B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list. C. events generated by a query. D. the details of a selected event. Answer: C
QUESTION 359
What is mandatory for ClusterXL to work properly? A. B. C. D.
The number of cores must be the same on every participating cluster node The Magic MAC number must be unique per cluster node. The Sync Interface must not have an IP address configured If you have "Non-monitored Private" interfaces, the number of those interfaces must be the same on all cluster members
Answer: B
QUESTION 360
Which one of the following processes below would not start if there was a licensing issue. A. CPD
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
97
B. CPCA C. FWM D. CPWD Answer: A
QUESTION 361
Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company's Network Security Developer Team is having issue testing new API with newly deployed R80.10 Security Management Server and blames Check Point Security Management Server as root cause. The ticket has been created and issue is at Aaron's desk for an investigation. What do you recommend as the best suggestion for Aaron to make sure API testing works as expected? A. Aaron should check API Server status from expert CLI by "fwm api status" and if it's stopped he should start using command "fwm api start" on Security Management Server. B. Aaron should check API Server5 status from expert CLI by "cpapi status" and if it's stopped he should start using command "cpapi start" on Security Management Server. C. Aaron should check API Server status from expert CLI by "api status" and if it's stopped he should start using command "api start" on Security Management Server. D. Aaron should check API Server status from expert CLI by "cpm api status" and if it's stopped he should start using command "cpm api start" on Security Management Server. Answer: C
QUESTION 362
What utility would you use to configure route-based VPNs? A. vpn shell B. vpn tu C. vpn sw_topology D. vpn set_slim_server Answer: A
QUESTION 363
Where do you create and modify the Mobile Access policy in R80? A. B. C. D.
SmartConsole SmartMonitor SmartEndpoint SmartDashboard
Answer: A
QUESTION 364
Get Latest & Actual 156-915.80 Exam's Question and Answers from Passleader. http://www.passleader.com
98