Check-Point 156-215.80 Free Practice Questions

NEW QUESTION 1

The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?

• A. R80 Management contains compatibility packages for managing earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.
• B. R80 Management requires the separate installation of compatibility hotfix packages for managing the earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.
• C. R80 Management was designed as a completely different Management system and so can only monitor Check Point Gateways prior to R80.
• D. R80 Management cannot manage earlier versions of Check Point Gateways prior to R80. Only R80 and above Gateways can be manage
• E. Consult the R80 Release Notes for more information.

Answer: A

NEW QUESTION 2

If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer.

• A. Publish or discard the session.
• B. Revert the session.
• C. Save and install the Policy.
• D. Delete older versions of database.

Answer: A

Explanation:
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.
When you select Install Policy, you are prompted to publish all unpublished changes. You cannot install a policy if the included changes are not published.

NEW QUESTION 3

Using ClusterXL, what statement is true about the Sticky Decision Function?

• A. Can only be changed for Load Sharing implementations
• B. All connections are processed and synchronized by the pivot
• C. Is configured using cpconfig
• D. Is only relevant when using SecureXL

Answer: A

NEW QUESTION 4

What are types of Check Point APIs available currently as part of R80.10 code?

• A. Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API
• B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
• C. OSE API, OPSEC SDK API, Threat Prevention API and Policy Editor API
• D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API

Answer: B

NEW QUESTION 5

Which of the following is NOT an alert option?

• A. SNMP
• B. High alert
• C. Mail
• D. User defined alert

Answer: B

Explanation:
In Action, select:
none - No alert.
log - Sends a log entry to the database.
alert - Opens a pop-up window to your desktop.
mail - Sends a mail alert to your Inbox.
snmptrap - Sends an SNMP alert.
useralert - Runs a script. Make sure a user-defined action is available. Go to SmartDashboard > Global Properties > Log and Alert > Alert Commands.

NEW QUESTION 6

Provide very wide coverage for all products and protocols, with noticeable performance impact.

How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

• A. Set High Confidence to Low and Low Confidence to Inactive.
• B. Set the Performance Impact to Medium or lower.
• C. The problem is not with the Threat Prevention Profil
• D. Consider adding more memory to the appliance.
• E. Set the Performance Impact to Very Low Confidence to Prevent.

Answer: B

NEW QUESTION 7

Joey is using the computer with IP address 192.168.20.13. He wants to access web page “www.Check Point.com”, which is hosted on Web server with IP address 203.0.113.111. How many rules on Check Point Firewall are required for this connection?

• A. Two rules – first one for the HTTP traffic and second one for DNS traffic.
• B. Only one rule, because Check Point firewall is a Packet Filtering firewall
• C. Two rules – one for outgoing request and second one for incoming replay.
• D. Only one rule, because Check Point firewall is using Stateful Inspection technology.

Answer: D

NEW QUESTION 8

Which one of the following is the preferred licensing model? Select the Best answer.

• A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
• B. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway.
• C. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
• D. Central licensing because it ties the package license to the MAC-address of the Security Management Server Mgmt-interface and has no dependency of the gateway.

Answer: B

Explanation:
Central License
A Central License is a license attached to the Security Management server IP address, rather than the gatewa IP address. The benefits of a Central License are:
Only one IP address is needed for all licenses.
A license can be taken from one gateway and given to another.
The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.

NEW QUESTION 9

During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

• A. Dropped without sending a negative acknowledgment
• B. Dropped without logs and without sending a negative acknowledgment
• C. Dropped with negative acknowledgment
• D. Dropped with logs and without sending a negative acknowledgment

Answer: D

NEW QUESTION 10

Which of the following commands is used to monitor cluster members?

• A. cphaprob state
• B. cphaprob status
• C. cphaprob
• D. cluster state

Answer: A

NEW QUESTION 11

How would you determine the software version from the CLI?

• A. fw ver
• B. fw stat
• C. fw monitor
• D. cpinfo

Answer: A

NEW QUESTION 12

What port is used for delivering logs from the gateway to the management server?

• A. Port 258
• B. Port 18209
• C. Port 257
• D. Port 981

Answer: C

NEW QUESTION 13

Message digests use which of the following?

• A. DES and RC4
• B. IDEA and RC4
• C. SSL and MD4
• D. SHA-1 and MD5

Answer: D

NEW QUESTION 14

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the following except:

• A. Create new dashboards to manage 3rd party task
• B. Create products that use and enhance 3rd party solutions
• C. Execute automated scripts to perform common tasks
• D. Create products that use and enhance the Check Point Solution

Answer: A

NEW QUESTION 15

Fill in the blank: Each cluster has _____ interfaces.

• A. Five
• B. Two
• C. Three
• D. Four

Answer: C

Explanation:
Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch.

NEW QUESTION 16

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ____ .

• A. User Directory
• B. Captive Portal and Transparent Kerberos Authentication
• C. Captive Portal
• D. UserCheck

Answer: B

Explanation:
To enable Identity Awareness:
Log in to SmartDashboard.
From the Network Objects tree, expand the Check Point branch.
Double-click the Security Gateway on which to enable Identity Awareness.
In the Software Blades section, select Identity Awareness on the Network Security tab.
The Identity Awareness
Configuration wizard opens.
Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers
Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.

NEW QUESTION 17

Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?

• A. A star community requires Check Point gateways, as it is a Check Point proprietary technology.
• B. In a star community, satellite gateways cannot communicate with each other.
• C. In a mesh community, member gateways cannot communicate directly with each other.
• D. In a mesh community, all members can create a tunnel with any other member.

Answer: D

NEW QUESTION 18

Choose the Best place to find a Security Management Server backup file named backup_fw, on a Check Point Appliance.

• A. /var/log/Cpbackup/backups/backup/backup_fw.tgs
• B. /var/log/Cpbackup/backups/backup/backup_fw.tar
• C. /var/log/Cpbackup/backups/backups/backup_fw.tar
• D. /var/log/Cpbackup/backups/backup_fw.tgz

Answer: D

Explanation:
Gaia's Backup feature allows backing up the configuration of the Gaia OS and of the Security Management server database, or restoring a previously saved configuration. The configuration is saved to a .tgz file in the following directory:
Gaia OS Version Hardware
Local Directory R75.40 - R77.20
Check Point appliances
/var/log/CPbackup/backups/ Open Server
/var/CPbackup/backups/ R77.30
Check Point appliances
/var/log/CPbackup/backups/ Open Server

NEW QUESTION 19

In order to modify Security Policies the administrator can use which of the following tools? Select the BEST answer.

• A. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
• B. SmartConsole and WebUI on the Security Management Server.
• C. mgmt_cli or WebUI on Security Gateway and SmartConsole on the Security Management Server.
• D. SmartConsole or mgmt_cli on any computer where SmartConsole is installed.

Answer: D

NEW QUESTION 20

Which of the following are types of VPN communicates?

• A. Pentagon, star, and combination
• B. Star, octagon, and combination
• C. Combined and star
• D. Meshed, star, and combination

Answer: D

NEW QUESTION 21
......