Check-Point 156-215.80 Free Practice Questions

NEW QUESTION 1

The most important part of a site-to-site VPN deployment is the ____.

• A. Internet
• B. Remote users
• C. Encrypted VPN tunnel
• D. VPN gateways

Answer: C

Explanation:
Site to Site VPN
The basis of Site to Site VPN is the encrypted VPN tunnel. Two Security Gateways negotiate a link and create a VPN tunnel and each tunnel can contain more than one VPN connection. One Security Gateway can maintain more than one VPN tunnel at the same time.

NEW QUESTION 2

Which of the following is NOT a VPN routing option available in a star community?

• A. To satellites through center only
• B. To center, or through the center to other satellites, to Internet and other VPN targets
• C. To center and to other satellites through center
• D. To center only

Answer: A

Explanation:
SmartConsole
For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 SmartConsole:
On the Star Communitywindow, in the:
Center Gateways section, select the Security Gateway that functions as the "Hub".
Satellite Gateways section, select Security Gateways as the "spokes", or satellites.
On the VPN Routing page, Enable VPN routing for satellites section, select one of these options:
To center and to other Satellites through center - This allows connectivity between the Security Gateways, for example if the spoke Security Gateways are DAIP Security Gateways, and the Hub is a Security Gateway with a static IP address.
To center, or through the center to other satellites, to internet and other VPN targets - This allows connectivity between the Security Gateways as well as the ability to inspect all communication passing through the Hub to the Internet.
Create an appropriate Access Control Policy rule.
NAT the satellite Security Gateways on the Hub if the Hub is used to route connections from Satellites to the Internet.
The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address.

NEW QUESTION 3

A digital signature:

• A. Guarantees the authenticity and integrity of a message.
• B. Automatically exchanges shared keys.
• C. Decrypts data to its original form.
• D. Provides a secure key exchange mechanism over the Internet.

Answer: A

NEW QUESTION 4

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

• A. John should install the identity Awareness Agent
• B. The firewall admin should install the Security Policy
• C. John should lock and unlock the computer
• D. Investigate this as a network connectivity issue

Answer: C

NEW QUESTION 5

You want to store the GAiA configuration in a file for later reference. What command should you use?

• A. write mem <filename>
• B. show config -f <filename>
• C. save config -o <filename>
• D. save configuration <filename>

Answer: D

NEW QUESTION 6

The WebUI offers three methods for downloading Hotfixes via CPUSE. One of them is Automatic method. How many times per day will CPUSE agent check for hotfixes and automatically download them?

• A. Six times per day
• B. Seven times per day
• C. Every two hours
• D. Every three hours

Answer: D

NEW QUESTION 7

You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

• A. A group with generic user
• B. All users
• C. LDAP Account Unit Group
• D. Internal user Group

Answer: A

NEW QUESTION 8

What does ExternalZone represent in the presented rule?

• A. The Internet.
• B. Interfaces that administrator has defined to be part of External Security Zone.
• C. External interfaces on all security gateways.
• D. External interfaces of specific gateways.

Answer: B

Explanation:
Configuring Interfaces
Configure the Security Gateway 80 interfaces in the Interfaces tab in the Security Gateway window. To configure the interfaces:
From the Devices window, double-click the Security Gateway 80.
The Security Gateway
window opens.
Select the Interfaces tab.
Select Use the following settings. The interface settings open.
Select the interface and click Edit.
The Edit window opens.
From the IP Assignment section, configure the IP address of the interface:
Select Static IP.
Enter the IP address and subnet mask for the interface.
In Security Zone, select Wireless, DMS, External, or Internal. Security zone is a type of zone, created by a bridge to easily create segments, while maintaining IP addresses and router configurations. Security zones let you choose if to enable or not the firewall between segments.
References:

NEW QUESTION 9

Where would an administrator enable Implied Rules logging?

• A. In Smart Log Rules View
• B. In SmartDashboard on each rule
• C. In Global Properties under Firewall
• D. In Global Properties under log and alert

Answer: B

NEW QUESTION 10

In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?

• A. Rule 0
• B. Blank field under Rule Number
• C. Rule 1
• D. Cleanup Rule

Answer: A

NEW QUESTION 11

Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ____.

• A. The license is attached to the wrong Security Gateway
• B. The existing license expires
• C. The license is upgraded
• D. The IP address of the Security Management or Security Gateway has changed

Answer: A

Explanation:
There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.

NEW QUESTION 12

Fill in the blank: The R80 feature _____ permits blocking specific IP addresses for a specified time period.

• A. Block Port Overflow
• B. Local Interface Spoofing
• C. Suspicious Activity Monitoring
• D. Adaptive Threat Prevention

Answer: C

Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation

NEW QUESTION 13

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?

• A. Central
• B. Corporate
• C. Formal
• D. Local

Answer: D

NEW QUESTION 14

What does the “unknown” SIC status shown on SmartConsole mean?

• A. The SMS can contact the Security Gateway but cannot establish Secure Internal Communication.
• B. SIC activation key requires a reset.
• C. The SIC activation key is not known by any administrator.
• D. There is no connection between the Security Gateway and SMS.

Answer: D

Explanation:
The most typical status is Communicating. Any other status indicates that the SIC communication is problematic. For example, if the SIC status is Unknown then there is no connection between the Gateway an the Security Management server. If the SIC status is Not Communicating, the Security Management server is able to contact the gateway, but SIC communication cannot be established.

NEW QUESTION 15

Which command is used to obtain the configuration lock in Gaia?

• A. Lock database override
• B. Unlock database override
• C. Unlock database lock
• D. Lock database user

Answer: A

Explanation:
Obtaining a Configuration Lock
lock database override
unlock database

NEW QUESTION 16

The organization's security manager wishes to back up just the Gaia operating system parameters. Which command can be used to back up only Gaia operating system parameters like interface details, Static routes and Proxy ARP entries?

• A. show configuration
• B. backup
• C. migrate export
• D. upgrade export

Answer: B

Explanation:
3. System Backup (and System Restore)
System Backup can be used to backup current system configuration. A backup creates a compressed file that contains the Check Point configuration including the networking and operating system parameters, such as routing and interface configuration etc., but unlike a snapshot, it does not include the operating system, product binaries, and hotfixes.

NEW QUESTION 17

All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

• A. FTP
• B. SMTP
• C. HTTP
• D. RLOGIN

Answer: B

NEW QUESTION 18

When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?

• A. As expert user, issue these commands:# IP link set eth0 down# IP link set eth0 addr 00:0C:29:12:34:56# IP link set eth0 up
• B. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field(conf:(conns:(conn:hwaddr (“00:0C:29:12:34:56”)
• C. As expert user, issue the command:# IP link set eth0 addr 00:0C:29:12:34:56
• D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.

Answer: C

NEW QUESTION 19

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

• A. Smart Cloud Services
• B. Load Sharing Mode Services
• C. Threat Agent Solution
• D. Public Cloud Services

Answer: A

NEW QUESTION 20

Choose what BEST describes the reason why querying logs now is very fast.

• A. New Smart-1 appliances double the physical memory install
• B. Indexing Engine indexes logs for faster search results
• C. SmartConsole now queries results directly from the Security Gateway
• D. The amount of logs been store is less than the usual in older versions

Answer: B

NEW QUESTION 21
......