Checkpoint Testking 156-915 80 v2019-03-18 by Donald 105q PDF

156-915.80.
105q
Number: 156-915.80
Passing Score: 800
Time Limit: 120 min
https://www.gratisexam.com/
156-915.80
Check Point Certified Security Expert Update
Exam A
QUESTION 1
What is the port used for SmartConsole to connect to the Security Management Server:
A. CPMI port 18191/TCP

B. CPM port / TCP port 19009
C. SIC port 18191/TCP
D. https port 4434/TCP
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which is the correct order of a log flow processed by SmartEvents components:
A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
B. Firewall > SmartEvent Server Database > Correlation unit > Log Server > SmartEvent Client
C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct Answer: D
Section: (none)
Explanation
QUESTION 3
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct Answer: A
Section: (none)
Explanation
Explanation:
These are the types of Automatic Reactions:
Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction.
Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a
period of time from one minute to more than three weeks. See Create a Block Source Reaction
Block Event activity - instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a
configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction.
External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data.
SNMP Trap - generate an SNMP Trap. See Create an SNMP Trap Reaction.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/131915
QUESTION 4
In R80.10, how do you manage your Mobile Access Policy?
A. Through the Unified Policy

B. Through the Mobile Console
C. From SmartDashboard
D. From the Dedicated Mobility Tab
Correct Answer: C
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/f7/f78b067c6838c747e1568f139b6e6e8d/CP_R80.10_MobileAccess_AdminGuide.pdf?
HashKey=1522170407_805ae0a295fd6664fa23700cc1482686&xtn=.pdf
QUESTION 5
Which one of the following is true about Threat Emulation?
A. Takes less than a second to complete

B. Works on MS Office and PDF files only
C. Always delivers a file
D. Takes minutes to complete (less than 3 minutes)
Correct Answer: D
Section: (none)
Explanation
QUESTION 6
The “MAC magic” value must be modified under the following condition:
A. There is more than one cluster connected to the same VLAN

B. A firewall cluster is configured to use Multicast for CCP traffic
C. There are more than two members in a firewall cluster
D. A firewall cluster is configured to use Broadcast for CCP traffic
Correct Answer: D
Section: (none)
Explanation
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
QUESTION 7
Which statement is true regarding redundancy?
A. System Administrator know when their cluster has failed over and can also see why it failed over by using the cphaprob f it command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a Cluster XL High Availability configuration must be synchronized.
D. Both Cluster XL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.checkpoint.com/download/public-files/gaia-technical-brief.pdf page 5
QUESTION 8
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_ report.pdf file was
delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing
some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?
A. SandBlast Threat Emulation

B. SandBlast Agent
C. Check Point Protect
D. SandBlast Threat Extraction
Correct Answer: D
Section: (none)
Explanation
QUESTION 9
What is the SOLR database for?
A. Used for full text search and enables powerful matching capabilities
B. Writes data to the database and full text search
C. Serves GUI responsible to transfer request to the DLEserver
D. Enables powerful matching capabilities and writes data to the database
Correct Answer: A
Section: (none)
Explanation
QUESTION 10
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Correct Answer: C
Section: (none)
Explanation
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance
and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure
VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification
in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of
"Wire Mode".
QUESTION 11
On R80.10 the IPS Blade is managed by:
A. Threat Protection policy

B. Anti-Bot Blade
C. Threat Prevention policy
D. Layers on Firewall policy
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf very top of last page.
QUESTION 12
Which packet info is ignored with Session Rate Acceleration?
A. source port ranges

B. source ip
C. source port
D. same info from Packet Acceleration is used
Correct Answer: C
Section: (none)
Explanation
Reference: http://trlj.blogspot.com/2015/10/check-point-acceleration.html
QUESTION 13
The CDT utility supports which of the following?
A. Major version upgrades to R77.30

B. Only Jumbo HFA’s and hotfixes
C. Only major version upgrades to R80.10
D. All upgrades
Correct Answer: D
Section: (none)
Explanation
Explanation:
The Central Deployment Tool (CDT) is a utility that runs on an R77 / R77.X / R80 / R80.10 Security Management Server / Multi-Domain Security Management
Server (running Gaia OS).
It allows the administrator to automatically install CPUSE Offline packages (Hotfixes, Jumbo Hotfix Accumulators (Bundles), Upgrade to a Minor Version, Upgrade
to a Major Version) on multiple managed Security Gateways and Cluster Members at the same time.
Reference: https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands
QUESTION 14
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall can run the same policy on all cores
Correct Answer: D
Section: (none)
Explanation
Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These
instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the
Security Gateway process traffic through the same interfaces and apply the same security policy.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_PerformanceTuning_WebAdmin/6731.htm
QUESTION 15
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Correct Answer: C
Section: (none)
Explanation
QUESTION 16
Which is not a blade option when configuring SmartEvent?
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
Correct Answer: B
Section: (none)
Explanation
Explanation:
On the Management tab, enable these Software Blades:
Logging & Status
SmartEvent Server
SmartEvent Correlation Unit
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/120829
QUESTION 17
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10
QUESTION 18
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
A. mgmt_cli add-host “Server_1” ip_ address “10.15.123.10” – format txt

B. mgmt_ cli add host name “Server_ 1” ip-address “10.15.123.10” – format json
C. mgmt_ cli add object-host “Server_ 1” ip-address “10.15.123.10” – format json
D. mgmt_cli add object “Server_ 1” ip-address “10.15.123.10” – format json
Correct Answer: B
Section: (none)
Explanation
Example:
mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json
• "--format json" is optional. By default the output is presented in plain text.
Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1%20
QUESTION 19
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the
following except?
A. Create new dashboards to manage 3rd party task

B. Create products that use and enhance 3rd party solutions.
C. Execute automated scripts to perform common tasks.
D. Create products that use and enhance the Check Point Solution.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to:
Use an automated script to perform common tasks
Integrate Check Point products with 3rd party solutions
Create products that use and enhance the Check Point solution
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
HashKey=1522190468_125d63ea5296b7dadd3e4fd81c708cc5&xtn=.pdf
QUESTION 20
Which command shows the current connections distributed by CoreXL FW instances?
A. fw ctl multik stat
B. fw ctl affinity –l
C. fw ctl instances –v
D. fw ctl iflist
Correct Answer: A
Section: (none)
Explanation
Explanation:
The fw ctl multik stat and fw6ctl multik stat (multi-kernel statistics) commands show information for each kernel instance. The state and processing core number of
each instance is displayed, along with:
The number of connections currently being handled.
The peak number of concurrent connections the instance has handled since its inception.
QUESTION 21
What is the valid range for VRID value in VRRP configuration?
A. 1 – 254
B. 1 – 255
C. 0 – 254
D. 0 – 255
Correct Answer: B
Section: (none)
Explanation
Explanation:
Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 22
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Use the URL Filtering and Application Control Software Blades to:
Create a Granular Policy - Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. You can also
create an HTTPS policy that enables Security Gateways to inspect HTTPS traffic and prevent security risks related to the SSL protocol.
Manage Bandwidth Consumption - Configure rules to limit the available network bandwidth for specified users or groups. You can define separate limits for
uploading and downloading.
Keep Your Policies Updated - The Application Database is updated regularly, which helps you makes sure that your Internet security policy has the newest
applications and website categories. Security Gateways connect to the Check Point Online Web Service to identify new social networking widgets and website
categories.
Communicate with Users - UserCheck objects add flexibility to URL Filtering and Application Control and let the Security Gateways communicate with users.
UserCheck helps users understand that certain websites are against the company's security policy. It also tells users about the changes in Internet policy related
to websites and applications.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 23
Which command will reset the kernel debug options to default settings?
A. fw ctl dbg –a 0
B. fw ctl dbg resetall
C. fw ctl debug 0
D. fw ctl debug set 0
Correct Answer: C
Section: (none)
Explanation
Explanation:
Reset the debugs to the default.
In case someone changed the setting in the past and since then the firewall was not rebooted we should set all back to the defaults.
Reference: https://itsecworks.com/2011/08/09/checkpoint-firewall-debugging-basics/
QUESTION 24
You need to change the number of firewall instances used by CoreXL. How can you achieve this goal?
A. edit fwaffinity.conf; reboot required

B. cpconfig; reboot required
C. edit fwaffinity.conf; reboot not required
D. cpconfig: reboot not required
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm#o94530
QUESTION 25
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. that is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager
B. Full Layer4 VPN –SSL VPN that gives users network access to all mobile applications
C. Full layer3 VPN –IPSec VPN that gives users network access to all mobile applications
D. You can make sure that documents are sent to the intended recipients only
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/82201.htm
QUESTION 26
Firewall policies must be configured to accept VRRP packets on the GAiA platform if it runs Firewall software. The Multicast destination assigned by the Internet
Assigned Numbers Authority (IANA) for VRRP is:
A. 224.0.0.18
B. 224.0.0.5
C. 224.0.0.102
D. 224.0.0.22
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
QUESTION 27
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Correct Answer: C
Section: (none)
Explanation
QUESTION 28
What is the responsibility of SOLR process on R80.10 management server?
A. Validating all data before it’s written into the database

B. It generates indexes of data written to the database
C. Communication between SmartConsole applications and the Security Management Server
D. Writing all information into the database
Correct Answer: B
Section: (none)
Explanation
QUESTION 29
You want to store the GAiA configuration in a file for later reference. What command should you use?
A. write mem <filename>

B. show config –f <filename>
C. save config –o <filename>
D. save configuration <filename>
Correct Answer: D
Section: (none)
Explanation
QUESTION 30
What can you do to see the current number of kernel instances in a system with CoreXL enabled?
A. Browse to Secure Platform Web GUI

B. Only Check Point support personnel can access that information
C. Execute SmarDashboard client
D. Execute command cpconfig
Correct Answer: D
Section: (none)
Explanation
QUESTION 31
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of
A. Threat Emulation
B. HTTPS
C. QOS
D. VolP
Correct Answer: D
Section: (none)
Explanation
Explanation:
The following types of traffic are not load-balanced by the CoreXL Dynamic Dispatcher (this traffic will always be handled by the same CoreXL FW instance):
VoIP
VPN encrypted packets
QUESTION 32
Why would you not see a CoreXL configuration option in cpconfig?
A. The gateway only has one processor

B. CoreXL is not licenses
C. CoreXL is disabled via policy
D. CoreXL is not enabled in the gateway object
Correct Answer: A
Section: (none)
Explanation
QUESTION 33
In SPLAT the command to set the timeout was idle. In order to achieve this and increase the timeout for Gaia, what command do you use?
A. set idle <value>

B. set inactivity–timeout <value>
C. set timeout <value>
D. set inactivity <value>
Correct Answer: B
Section: (none)
Explanation
QUESTION 34
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
A. Anti-Bot is the only countermeasure against unknown malware

B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
C. Anti-Bot is the only signature-based method of malware protection
D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AntiBotAntiVirus_AdminGuide/index.html
QUESTION 35
In Gaia, if one is unsure about a possible command, what command lists all possible commands.
A. show all |grep commands

B. show configuration
C. show commands
D. get all commands
Correct Answer: C
Section: (none)
Explanation
QUESTION 36
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself

B. SmartConsole
C. SecureClient
D. SmartEvent
Correct Answer: D
Section: (none)
Explanation
QUESTION 37
Fill in the blank: The R80 utility fw monitor is used to troubleshoot __________.
A. User data base corruption

B. LDAP conflicts
C. Traffic issues
D. Phase two key negotiation
Correct Answer: C
Section: (none)
Explanation
QUESTION 38
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restrict all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each security Gateway directly.
Correct Answer: B
Section: (none)
Explanation
QUESTION 39
Fill in the blank: The command _______________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport –p <export file>
D. cpinfo –recover
Correct Answer: A
Section: (none)
Explanation
QUESTION 40
Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.
A. Block Port Overflow

B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
Correct Answer: C
Section: (none)
Explanation
QUESTION 41
In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Correct Answer: D
Section: (none)
Explanation
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware
and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
Reference: http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement_AdminGuide.pdf?
HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
QUESTION 42
Which file gives you a list of all security servers in use, including port number?
A. $FWDIR/conf/conf.conf
B. $FWDIR/conf/servers.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/conf/serversd.conf
Correct Answer: C
Section: (none)
Explanation
QUESTION 43
Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company’s
Network Security Developer Team is having issue testing new API with newly deployed R80.10 Security Management Server and blames Check Point Security
Management Server as root cause. The ticket has been created and issue is at Aaron’s desk for an investigation. What do you recommend as the best suggestion
for Aaron to make sure API testing works as expected?
A. Aaron should check API Server status from expert CLI by “fwm api status” and if it’s stopped he should start using command “fwm api start” on Security
Management Server.
B. Aaron should check API Server5 status from expert CLI by “cpapi status” and if it’s stopped he should start using command “cpapi start” on Security
Management Server.
C. Aaron should check API Server status from expert CLI by “api status” and if it’s stopped he should start using command “api start” on Security Management
Server.
D. Aaron should check API Server status from expert CLI by “cpm api status” and if it’s stopped he should start using command “cpm api start” on Security
Management Server.
Correct Answer: C
Section: (none)
Explanation
QUESTION 44
What utility would you use to configure route-based VPNs?
A. vpn shell
B. vpn tu
C. vpn sw_topology
D. vpn set_slim_server
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13824.htm
QUESTION 45
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the
Internet?
A. Export R80 configuration, clean install R80.10 and import the configuration
B. CPUSE online upgrade
C. CPUSE offline upgrade
D. SmartUpdate upgrade
Correct Answer: C
Section: (none)
Explanation
QUESTION 46
CPD is a core Check Point process that does all of the following EXCEPT:
A. AMON status pull from the Gateway

B. Management High Availability (HA) sync
C. SIC (Secure Internal Communication) functions
D. Policy installation
Correct Answer: B
Section: (none)
Explanation
Reference: https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/11880/FILE/How-To-Troubleshoot-SIC-related-Issues.pdf
QUESTION 47
What processes does CPM control?
A. Object-Store, Database changes, CPM Process and web-services

B. web-services, CPMI process, DLEserver, CPM process
C. DLEServer, Object-Store, CP Process and database changes
D. web_services, dle_server and object_Store
Correct Answer: D
Section: (none)
Explanation
QUESTION 48
Where you can see and search records of action done by R80 SmartConsole administrators?
A. In SmartView Tracker, open active log
B. In the Logs & Monitor view, select “Open Audit Log View”
C. In SmartAudit Log View
D. In SmartLog, all logs
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/188029
QUESTION 49
What is the limitation of employing Sticky Decision Function?
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C. With SDF enabled, only ClusterXL in legacy mode is supported
D. With SDF enabled, you can only have three Sync interfaces at most
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7290.htm
QUESTION 50
Mobile Access supports all of the following methods of Link Translation EXCEPT:
A. Hostname Translation (HT)

B. Path Translation (PT)
C. URL Translation (UT)
D. Identity Translation (IT)
Correct Answer: D
Section: (none)
Explanation
QUESTION 51
What is true of the API server on R80.10?
A. By default the API-server is activated and does not have hardware requirements
B. By default the API-server is not active and should be activated from the WebUI
C. By default the API server is active on management and stand-alone servers with 16GB of RAM (or more)
D. By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8 GB of RAM (more)
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 52
Which deployment methods can an administrator choose when deploying the Sandblast agent?
A. Manually installing the deployment agent on each workstation

B. Use GPO and SCCM to deploy the deployment agent.
C. Use both SCCM and GPO for the deployment agent and End Point Management to push the Agent.
D. Use the Configure SandBlast Agent to push the Agent.
Correct Answer: C
Section: (none)
Explanation
QUESTION 53
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?
A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation

B. Firewall, IPS, Threat Emulation, Application Control
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction
D. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/138383
QUESTION 54
What’s true about Troubleshooting option in the IPS profile properties?
A. Temporarily change the active protection profile to “Default_Protection”

B. Temporarily set all protections to track (log) in SmartView Tracker
C. Temporarily will disable IPS kernel engine
D. Temporarily set all active protections to Detect
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/52512.htm
QUESTION 55
What is the least ideal Synchronization Status for Security Management Server High Availability deployment?
A. Lagging
B. Synchronized
C. Never been synchronized
D. Collision
Correct Answer: A
Section: (none)
Explanation
Explanation:
The possible synchronization statuses are:
Never been synchronized - immediately after the Secondary Security Management server has been installed, it has not yet undergone the first manual
synchronization that brings it up to date with the Primary Security Management server.
Synchronized - the peer is properly synchronized and has the same database information and installed Security Policy.
Lagging - the peer SMS has not been synchronized properly.
For instance, on account of the fact that the Active SMS has undergone changes since the previous synchronization (objects have been edited, or the Security
Policy has been newly installed), the information on the Standby SMS is lagging.
Advanced - the peer SMS is more up-to-date.
For instance, in the above figure, if a system administrators logs into Security Management server B before it has been synchronized with the Security Management
server A, the status of the Security Management server A is Advanced, since it contains more up-to-date information which the former does not have.
In this case, manual synchronization must be initiated by the system administrator by changing the Active SMS to a Standby SMS. Perform a synch me operation
from the more advanced server to the Standby SMS. Change the Standby SMS to the Active SMS.
Collision - the Active SMS and its peer have different installed policies and databases. The administrator must perform manual synchronization and decide
which of the SMSs to overwrite.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/
CP_R76_SecMan_WebAdmin/13132
QUESTION 56
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss.
Providing the Active Security Management Server is responsive, which of these steps should NOT be performed:
A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.
B. Change the Standby Security Management Server to Active.
C. Change the Active Security Management Server to Standby.
D. Manually synchronize the Active and Standby Security Management Servers.
Correct Answer: A
Section: (none)
Explanation
QUESTION 57
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you
try to remediate first?
A. Host having a Critical event found by Threat Emulation

B. Host having a Critical event found by IPS
C. Host having a Critical event found by Antivirus
D. Host having a Critical event found by Anti-Bot
Correct Answer: A
Section: (none)
Explanation
QUESTION 58
After successfully exporting a policy package, how would you import that package into another SMS database in R80.10?
A. import_package.py
B. upgrade_import
C. migrate
D. cp_merge
Correct Answer: B
Section: (none)
Explanation
QUESTION 59
Choose the ClusterXL process that is defined by default as a critical device?
A. cpp
B. fwm
C. assld
D. fwd
Correct Answer: D
Section: (none)
Explanation
QUESTION 60
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept
B. Drop
C. NAT
D. None
Correct Answer: A
Section: (none)
Explanation
QUESTION 61
What is the command to see cluster status in cli expert mode?
A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat
Correct Answer: D
Section: (none)
Explanation
QUESTION 62
What are the methods of SandBlast Threat Emulation deployment?
A. Cloud, Appliance and Private

B. Cloud, Appliance and Hybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and Vmware
Correct Answer: A
Section: (none)
Explanation
QUESTION 63
NAT rules are prioritized in which order?
1. Automatic Static NAT

2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm
QUESTION 64
Events can be categorized and assigned to System Administrators to track their path through the workflow. Which of the following is NOT an option?
A. Under Investigation
B. Pending Investigation
C. False Positive
D. Open
Correct Answer: D
Section: (none)
Explanation
QUESTION 65
How is the processing order for overall inspection and routing of packets?
A. Firewall, NAT, Routing

B. NAT, Firewall, Routing
C. Firewall, NAT
D. NAT, Firewall
Correct Answer: A
Section: (none)
Explanation
QUESTION 66
When Configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure
individual policies for each application?
A. Basic Approach
B. Strong Approach
C. Advanced Approach
D. Medium Approach
Correct Answer: C
Section: (none)
Explanation
QUESTION 67
When using Monitored circuit VRRP, what is a priority delta?
A. When an interface fails the priority changes to the priority delta

B. When an interface fails the delta claims the priority
C. When an interface fails the priority delta is subtracted from the priority
D. When an interface fails the priority delta decides if the other interfaces takes over
Correct Answer: C
Section: (none)
Explanation
QUESTION 68
Daisy need to review how the Security Gateway Cluster, Jonas, behaves when a cluster member comes back on line. Where would she review the behavior of
cluster member recovery in the Dashboard?
A. Open SmartDashboard, select and open the Cluster Object Jonas, Select ClusterXL and review the High Availability recovery options.
B. Open SmartDashboard, select and open the Cluster Object Jonas, Select Cluster Members and review the High Availability recovery options.
C. Open SmartDashboard, select and open the Cluster Object Jonas, Select Topology – Advanced Options and review the High Availability recovery options.
D. Open SmartDashboard, select and open the Cluster Object Jonas, Select ClusterXL – Advanced Options and review the High Availability recovery options.
Correct Answer: C
Section: (none)
Explanation
QUESTION 69
Jack is using SmartEvent and does not see the identities of the users on the events. As an administrator with full access, what does he need to do to fix his issue?
A. Open SmartDashboard and toggle the Show or Hide Identities Icon, then re-open SmartEvent
B. Open SmartEvent, Click on Query Properties and select the User column
C. Open SmartEvent, go to the Policy Tab, select General Settings from the left column > User Identities and check the box Show Identities
D. Open SmartEvent and toggle the Show or Hide Identities icon
Correct Answer: C
Section: (none)
Explanation
QUESTION 70
What is true about the IPS-Blade?
A. in R80, IPS is managed by the Threat Prevention Policy

B. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. in R80, IPS Exceptions cannot be attached to “all rules”
D. in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Correct Answer: A
Section: (none)
Explanation
QUESTION 71
What command verifies that the API server is responding?
A. api stat
B. api status
C. show api_status
D. api_get_status
Correct Answer: B
Section: (none)
Explanation
Reference: https://community.checkpoint.com/thread/6524-can-anybody-let-me-know-how-can-we-import-policyrules-via-csv-file
QUESTION 72
What does the command vpn crl_zap do?
A. Nothing, it is not a valid command

B. Erases all CRL’s from the gateway cache
C. Erases VPN certificates from cache
D. Erases CRL’s from the management server cache
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/12467.htm#o12618
QUESTION 73
The concept of layers was introduced in R80. What is the biggest benefit of layers?
A. To break one policy into several virtual policies.

B. Policy Layers and Sub-Policies enable flexible control over the security policy.
C. To include Threat Prevention as a sub policy for the firewall policy
D. They improve the performance on OS kernel version 3.0
Correct Answer: B
Section: (none)
Explanation
QUESTION 74
What Factors preclude Secure XL Templating?
A. Source Port Ranges/Encrypted Connections

B. IPS
C. ClusterXL in load sharing Mode
D. CoreXL
Correct Answer: A
Section: (none)
Explanation
QUESTION 75
If an administrator wants to add manual NAT for addresses not owned by the Check Point firewall, what else is necessary to be completed for it to function
properly?
A. Nothing – the proxy ARP is automatically handled in the R80 version

B. Add the proxy ARP configuration in a file called /etc/conf/local.arp
C. Add the proxy ARP configuration in a file called $FWDIR/conf/local.arp
D. Add the proxy ARP configurations in a file called $CPDIR/config/local.arp
Correct Answer: C
Section: (none)
Explanation
QUESTION 76
The Regulatory Compliance pane shows compliance statistics for selected regulatory standards, based on the Security Best Practice scan. Which of the following
does NOT show in this pane?
A. The total number of Regulatory Requirements that are monitored

B. The Average compliance score for each regulation shown
C. The average number of Regulatory Requirements that are monitored
D. The Number of Regulatory Requirements for each Regulation
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Compliance_WebAdminGuide/96026.htm
QUESTION 77
In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
A. Basic, Optimized, Strict

B. Basic, Optimized, Severe
C. General, Escalation, Severe
D. General, purposed, Strict
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=documents/R80/
CP_R80BC_ThreatPrevention/136486
QUESTION 78
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the
requirement?
A. add host name <New HostName> ip-address <ip address>

B. add hostname <New HostName> ip-address <ip address>
C. set host name <New HostName> ip-address <ip address>
D. set hostname <New HostName> ip-address <ip address>
Correct Answer: A
Section: (none)
Explanation
QUESTION 79
Return oriented programming (ROP) exploits are detected by which security blade?
A. Check Point Anti-Virus / Threat Emulation
B. Intrusion Prevention Software
C. Application control
D. Data Loss Prevention
Correct Answer: A
Section: (none)
Explanation
QUESTION 80
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
A. CCP and 18190

B. CCP and 257
C. CCP and 8116
D. CPC and 8116
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/index.html
QUESTION 81
If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?
A. Nothing
B. TCP FIN
C. TCP RST
D. ICMP unreachable
Correct Answer: A
Section: (none)
Explanation
QUESTION 82
What has to be taken into consideration when configuring Management HA?
A. The Database revisions will not be synchronized between the management servers.
B. SmartConsole must be closed prior to synchronize changes in the objects database.
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to
reconsider your design.
Correct Answer: A
Section: (none)
Explanation
QUESTION 83
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members?
A. fw ctl set int fwha vmac global param enabled

B. fw ctl get int fwha vmac global param enabled; result of command should return value 1
C. cphaprob –a if
D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm
QUESTION 84
When an encrypted packet is decrypted, where does this happen?
A. Security policy
B. Inbound chain
C. Outbound chain
D. Decryption is not supported
Correct Answer: A
Section: (none)
Explanation
QUESTION 85
What are the main stages of a policy installation?
A. Verification & Compilation, Transfer and Commit

B. Verification & Compilation, Transfer and Installation
C. Verification, Commit, Installation
D. Verification, Compilation & Transfer, Installation
Correct Answer: B
Section: (none)
Explanation
QUESTION 86
Jack has finished building his new SMS server, Red, on new hardware. He used SCP to move over the Red-old.tgz export of his old SMS server. What is the
command he will use to import this into the new server?
A. Expert@Red# ./upgrade import Red-old.tgz

B. Red> ./migrate import Red-old.tgz
C. Expert@Red# ./migrate import Red-old.tgz
D. Red> ./upgrade import Red-old.tgz
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/16535.htm
QUESTION 87
What are the methods of SandBlast Threat Emulation deployment?
A. Cloud, Appliance and Private

B. Cloud, Appliance and Hybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and VMware
Correct Answer: A
Section: (none)
Explanation
QUESTION 88
SandBlast agent extends 0 day prevention to what part of the network?
A. Web Browsers and user devices

B. DMZ server
C. Cloud
D. Email servers
Correct Answer: A
Section: (none)
Explanation
QUESTION 89
When using Monitored circuit VRRP, what is a priority delta?
A. When an interface fails the priority changes to the priority delta
B. When an interface fails the delta claims the priority
C. When an interface fails the priority delta is subtracted from the priority
D. When an interface fails the priority delta decides if the other interfaces takes over
Correct Answer: C
Section: (none)
Explanation
QUESTION 90
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming
B. Internal
C. External
D. Outgoing
Correct Answer: D
Section: (none)
Explanation
QUESTION 91
What command lists all interfaces using Multi-Queue?
A. cpmq get
B. show interface all
C. cpmq set
D. show multiqueue all
Correct Answer: A
Section: (none)
Explanation
QUESTION 92
From SecureXL perspective, what are the tree paths of traffic flow:
A. Initial Path; Medium Path; Accelerated Path

B. Layer Path; Blade Path; Rule Path
C. Firewall Path, Accept Path; Drop Path
D. Firewall Path; Accelerated Path; Medium Path
Correct Answer: D
Section: (none)
Explanation
QUESTION 93
Security Checkup Summary can be easily conducted within:
A. Summary
B. Views
C. Reports
D. Checkups
Correct Answer: C
Section: (none)
Explanation
QUESTION 94
Select the right answer to export IPS profiles to copy to another management server?
A. IPS profile export is not allowed
B. fwm dbexport –p <profile-name>
C. SmartDashboard – IPS tab – Profiles – select profile + right click and select “export profile”
D. ips_export_import export <profile-name>
Correct Answer: D
Section: (none)
Explanation
QUESTION 95
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode
configuration, chain modules marked with ___________ will not apply.
A. ffff
B. 1
C. 3
D. 2
Correct Answer: D
Section: (none)
Explanation
QUESTION 96
CPM process stores objects, policies, users, administrators, licenses and management data in a database. This database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Correct Answer: B
Section: (none)
Explanation
QUESTION 97
In what way in Secure Network Distributor (SND) a relevant feature of the Security Gateway?
A. SND is a feature to accelerate multiple SSL VPN connections

B. SND is an alternative to IPSec Main Mode, using only 3 packets
C. SND is used to distribute packets among Firewall instances
D. SND is a feature of fw monitor to capture accelerated packets
Correct Answer: C
Section: (none)
Explanation
QUESTION 98
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
A. Using Web Services

B. Using Mgmt_cli tool
C. Using CLISH
D. Using SmartConsole GUI console
Correct Answer: C
Section: (none)
Explanation
QUESTION 99
What information is NOT collected from a Security Gateway in a Cpinfo?
A. Firewall logs
B. Configuration and database files
C. System message logs
D. OS and network statistics
Correct Answer: A
Section: (none)
Explanation
QUESTION 100
Which statement is most correct regarding about “CorrectXL Dynamic Dispatcher”?
A. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses.
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores.
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type.
D. The CoreXL FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type.
Correct Answer: B
Section: (none)
Explanation
QUESTION 101
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client
communications, database manipulation, policy compilation and Management HA synchronization?
A. cpwd
B. fwd
C. cpd
D. fwm
Correct Answer: D
Section: (none)
Explanation
QUESTION 102
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck
objects?
A. Ask
B. Drop
C. Inform
D. Reject
Correct Answer: D
Section: (none)
Explanation
QUESTION 103
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090, 22
B. 19190, 22
C. 18190, 80
D. 19009, 443
Correct Answer: D
Section: (none)
Explanation
QUESTION 104
Which command would you use to determine the current Cluster Global ID?
A. fw ctl show global_cluster_id

B. fw ctl get int global_cluster_id
C. Expert -> cphaconf cluster_id get
D. Cish -> cphaconf cluster_id get
Correct Answer: C
Section: (none)
Explanation
QUESTION 105
Check Point security components are divided into the following components:
A. GUI Client, Security Gateway, WebUI interface

B. GUI Client, Security Management, Security Gateway
C. Security Gateway, WebUI interface, Consolidated Security Logs
D. Security Management, Security Gateway, Consolidate Security Logs
Correct Answer: B
Section: (none)
Explanation

Checkpoint Testking 156-915 80 v2019-03-18 by Donald 105q PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Checkpoint Testking 156-915 80 v2019-03-18 by Donald 105q PDF

Caricato da

Copyright:

Formati disponibili

156-915.80.

Check Point Certified Security Expert Update

A. CPMI port 18191/TCP

A. Through the Unified Policy

A. Takes less than a second to complete

A. There is more than one cluster connected to the same VLAN

A. SandBlast Threat Emulation

A. Threat Protection policy

A. source port ranges

A. Major version upgrades to R77.30

A. mgmt_cli add-host “Server_1” ip_ address “10.15.123.10” – format txt

A. Create new dashboards to manage 3rd party task

A. fw ctl multik stat

A. edit fwaffinity.conf; reboot required

A. Validating all data before it’s written into the database

A. write mem <filename>

A. Browse to Secure Platform Web GUI

A. The gateway only has one processor

A. set idle <value>

A. Anti-Bot is the only countermeasure against unknown malware

A. show all |grep commands

A. None, Security Management Server would be installed by itself

A. User data base corruption

A. Block Port Overflow

A. AMON status pull from the Gateway

A. Object-Store, Database changes, CPM Process and web-services

A. Hostname Translation (HT)

A. Manually installing the deployment agent on each workstation

A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation

A. Temporarily change the active protection profile to “Default_Protection”

A. Host having a Critical event found by Threat Emulation

A. Cloud, Appliance and Private

1. Automatic Static NAT

A. Firewall, NAT, Routing

A. When an interface fails the priority changes to the priority delta

A. in R80, IPS is managed by the Threat Prevention Policy

A. Nothing, it is not a valid command

A. To break one policy into several virtual policies.

A. Source Port Ranges/Encrypted Connections

A. Nothing – the proxy ARP is automatically handled in the R80 version

A. The total number of Regulatory Requirements that are monitored

A. Basic, Optimized, Strict

A. add host name <New HostName> ip-address <ip address>

A. Check Point Anti-Virus / Threat Emulation

A. CCP and 18190

A. fw ctl set int fwha vmac global param enabled

A. Verification & Compilation, Transfer and Commit

A. Expert@Red# ./upgrade import Red-old.tgz

A. Cloud, Appliance and Private

A. Web Browsers and user devices

A. Initial Path; Medium Path; Accelerated Path

A. IPS profile export is not allowed

A. SND is a feature to accelerate multiple SSL VPN connections

A. Using Web Services

A. fw ctl show global_cluster_id

A. GUI Client, Security Gateway, WebUI interface

Potrebbero piacerti anche