Check-Point 156-215.80 Free Practice Questions

NEW QUESTION 1

How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?

• A. Change the gateway settings to allow Captive Portal access via an external interface.
• B. No action is necessar
• C. This access is available by default.
• D. Change the Identity Awareness settings under Global Properties to allow Captive Policy access on all interfaces.
• E. Change the Identity Awareness settings under Global Properties to allow Captive Policy access for an external interface.

Answer: A

NEW QUESTION 2

Which of the following is NOT an element of VPN Simplified Mode and VPN Communities?

• A. “Encrypt” action in the Rule Base
• B. Permanent Tunnels
• C. “VPN” column in the Rule Base
• D. Configuration checkbox “Accept all encrypted traffic”

Answer: A

Explanation:
Migrating from Traditional Mode to Simplified Mode
To migrate from Traditional Mode VPN to Simplified Mode:
1. On the Global Properties > VPN page, select one of these options:
• Simplified mode to all new Firewall Policies
• Traditional or Simplified per new Firewall Policy
2. Click OK.
3. From the R80 SmartConsole Menu, select Manage policies. The Manage Policies window opens.
4. Click New.
The New Policy window opens.
5. Give a name to the new policy and select Access Control.
In the Security Policy Rule Base, a new column marked VPN shows and the Encrypt option is no longer available in the Action column. You are now working in Simplified Mode.

NEW QUESTION 3

Which rule is responsible for the user authentication failure?

• A. Rule 4
• B. Rule 6
• C. Rule 3
• D. Rule 5

Answer: C

NEW QUESTION 4

What is the difference between SSL VPN and IPSec VPN?

• A. IPSec VPN does not require installation of a resident VPN client
• B. SSL VPN requires installation of a resident VPN client
• C. SSL VPN and IPSec VPN are the same
• D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser

Answer: D

NEW QUESTION 5

You can see the following graphic:

What is presented on it?

• A. Properties of personal .p12 certificate file issued for user John.
• B. Shared secret properties of John’s password.
• C. VPN certificate properties of the John’s gateway.
• D. Expired .p12 certificate properties for user John.

Answer: A

NEW QUESTION 6

In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server (Security Management Server)?

• A. Display policies and logs on the administrator's workstation.
• B. Verify and compile Security Policies.
• C. Processing and sending alerts such as SNMP traps and email notifications.
• D. Store firewall logs to hard drive storage.

Answer: A

NEW QUESTION 7

Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?

• A. All options stop Check Point processes
• B. backup
• C. migrate export
• D. snapshot

Answer: D

NEW QUESTION 8

Which of the following statements is TRUE about R80 management plug-ins?

• A. The plug-in is a package installed on the Security Gateway.
• B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
• C. A management plug-in interacts with a Security Management Server to provide new features and support for new products.
• D. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.

Answer: C

NEW QUESTION 9

Which VPN routing option uses VPN routing for every connection a satellite gateway handles?

• A. To satellites through center only
• B. To center only
• C. To center and to other satellites through center
• D. To center, or through the center to other satellites, to internet and other VPN targets

Answer: D

Explanation:
On the VPN Routing page, enable the VPN routing for satellites section, by selecting one of these options:
To center and to other Satellites through center; this allows connectivity between Gateways; for example, if the spoke Gateways are DAIP Gateways, and the hub is a Gateway with a static IP address
To center, or through the center to other satellites, to Internet and other VPN targets; this allows connectivity between the Gateways, as well as the ability to inspect all communication passing through the hub to the Internet.

NEW QUESTION 10

Which path below is available only when CoreXL is enabled?

• A. Slow path
• B. Firewall path
• C. Medium path
• D. Accelerated path

Answer: C

NEW QUESTION 11

Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

• A. Full
• B. Light
• C. Custom
• D. Complete

Answer: A

Explanation:
Endpoint Identity Agents – dedicated client agents installed on users’ computers that acquire and report identities to the Security Gateway.

NEW QUESTION 12

Which identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?

• A. ADQuery
• B. Terminal Servers Endpoint Identity Agent
• C. Endpoint Identity Agent and Browser-Based Authentication
• D. RADIUS and Account Logon

Answer: D

NEW QUESTION 13

Where would an administrator enable Implied Rules logging?

• A. In Smart Log Rules View
• B. In SmartDashboard on each rule
• C. In Global Properties under Firewall
• D. In Global Properties under log and alert

Answer: B

NEW QUESTION 14

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his desktop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
3) Changes from static IP address to DHCP for the client PC.
What should John request when he cannot access the web server from his laptop?

• A. John should lock and unlock his computer
• B. Investigate this as a network connectivity issue
• C. The access should be changed to authenticate the user instead of the PC
• D. John should install the Identity Awareness Agent

Answer: C

NEW QUESTION 15

Fill in the blank: To build an effective Security Policy, use a _____ and _____ rule.

• A. Cleanup; stealth
• B. Stealth; implicit
• C. Cleanup; default
• D. Implicit; explicit

Answer: A

NEW QUESTION 16

Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?

• A. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
• B. She needs to run sysconfig and restart the SSH process.
• C. She needs to edit /etc/scpusers and add the Standard Mode account.
• D. She needs to run cpconfig to enable the ability to SCP files.

Answer: C

NEW QUESTION 17

Fill in the blank: Authentication rules are defined for ____ .

• A. User groups
• B. Users using UserCheck
• C. Individual users
• D. All users in the database

Answer: A

NEW QUESTION 18

Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages.

• A. Shared policy packages
• B. Shared policies
• C. Concurrent policy packages
• D. Concurrent policies

Answer: A

NEW QUESTION 19

What happens if the identity of a user is known?

• A. If the user credentials do not match an Access Role, the system displays the Captive Portal.
• B. If the user credentials do not match an Access Role, the system displays a sandbox.
• C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
• D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.

Answer: D

NEW QUESTION 20

What is the main difference between Threat Extraction and Threat Emulation?

• A. Threat Emulation never delivers a file and takes more than 3 minutes to complete
• B. Threat Extraction always delivers a file and takes less than a second to complete
• C. Threat Emulation never delivers a file that takes less than a second to complete
• D. Threat Extraction never delivers a file and takes more than 3 minutes to complete

Answer: B

NEW QUESTION 21

What are the three tabs available in SmartView Tracker?

• A. Network & Endpoint, Management, and Active
• B. Network, Endpoint, and Active
• C. Predefined, All Records, Custom Queries
• D. Endpoint, Active, and Custom Queries

Answer: C

NEW QUESTION 22

You are unable to login to SmartDashboard. You log into the management server and run #cpwd_admin list with the following output:

What reason could possibly BEST explain why you are unable to connect to SmartDashboard?

• A. CDP is down
• B. SVR is down
• C. FWM is down
• D. CPSM is down

Answer: C

Explanation:
The correct answer would be FWM (is the process making available communication between SmartConsole applications and Security Management Server.). STATE is T (Terminate = Down)
Symptoms
SmartDashboard fails to connect to the Security Management server.
Verify if the FWM process is running. To do this, run the command:
[Expert@HostName:0]# ps -aux | grep fwm
If the FWM process is not running, then try force-starting the process with the following command: [Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm" [Expert@HostName:0]# ps -aux | grep fwm
[Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"

NEW QUESTION 23

What is the SOLR database for?

• A. Used for full text search and enables powerful matching capabilities
• B. Writes data to the database and full text search
• C. Serves GUI responsible to transfer request to the DLE server
• D. Enables powerful matching capabilities and writes data to the database

Answer: A

NEW QUESTION 24

What happens if the identity of a user is known?

• A. If the user credentials do not match an Access Role, the traffic is automatically dropped.
• B. If the user credentials do not match an Access Role, the system displays a sandbox.
• C. If the user credentials do not match an Access Role, the gateway moves onto the next rule.
• D. If the user credentials do not match an Access Role, the system displays the Captive Portal.

Answer: C

NEW QUESTION 25

Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted
communication. Which of the following methods is BEST to accomplish this task?

• A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination por
• B. Then, export the corresponding entries to a separate log file for documentation.
• C. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocol
• D. Apply the alert action or customized messaging.
• E. Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.
• F. Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.

Answer: A

NEW QUESTION 26

Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?

• A. A star community requires Check Point gateways, as it is a Check Point proprietary technology.
• B. In a star community, satellite gateways cannot communicate with each other.
• C. In a mesh community, member gateways cannot communicate directly with each other.
• D. In a mesh community, all members can create a tunnel with any other member.

Answer: D

NEW QUESTION 27

What are the three essential components of the Check Point Security Management Architecture?

• A. SmartConsole, Security Management Server, Security Gateway
• B. SmartConsole, SmartUpdate, Security Gateway
• C. Security Management Server, Security Gateway, Command Line Interface
• D. WebUI, SmartConsole, Security Gateway

Answer: A

Explanation:
Standalone deployment - Security Gateway and the Security Management server are installed on the same machine.
Distributed deployment - Security Gateway and the Security Management server are installed on different machines.
Deployments
Basic deployments:

Assume an environment with gateways on different sites. Each Security Gateway connects to the Internet on one side, and to a LAN on the other.
You can create a Virtual Private Network (VPN) between the two Security Gateways, to secure all communication between them.
The Security Management server is installed in the LAN, and is protected by a Security Gateway. The Security Management server manages the Security Gateways and lets remote users connect securely to the corporate network. SmartDashboard can be installed on the Security Management server or another computer.
There can be other OPSEC-partner modules (for example, an Anti-Virus Server) to complete the network security with the Security Management server and its Security Gateways.

NEW QUESTION 28

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?

• A. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
• B. Select Block intruder from the Tools menu in SmartView Tracker.
• C. Create a Suspicious Activity Rule in Smart Monitor.
• D. Add a temporary rule using SmartDashboard and select hide rule.

Answer: C

NEW QUESTION 29

Which options are given on features, when editing a Role on Gaia Platform?

• A. Read/Write, Read Only
• B. Read/Write, Read only, None
• C. Read/Write, None
• D. Read Only, None

Answer: B

Explanation:
Roles
Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow Gaia users to access specified features by including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (readonly) access to other features, and no access to other features.
You can also specify which access mechanisms (WebUI or the CLI) are available to the user.
Note - When users log in to the WebUI, they see only those features that they have read-only or read/write access to. If they have read-only access to a feature, they can see the settings pages, but cannot change the settings.
Gaia includes these predefined roles:
You cannot delete or change the predefined roles.
Note - Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS) and not on the local Gaia system.

NEW QUESTION 30

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?

• A. Central
• B. Corporate
• C. Formal
• D. Local

Answer: D

NEW QUESTION 31
......