IT-Pruefung

Prüfungshilfen für IT Zertifizierungen

http://www.it-pruefung.com
Wir bieten Ihnen einen kostenlosen einjährigen Upgrade Service an
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Exam : 156-915.80

Title : Check Point Certified Security

Expert Update - R80

Vendor : CheckPoint

Version : DEMO

1
Get Latest & Valid 156-915.80 Exam's Question and Answers from It-pruefung.com. 1
http://www.it-pruefung.com/156-915.80.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.1 When a packet is flowing through the security gateway, which one of the following is a valid
inspection path?
A. Small Path
B. Firewall Path
C. Acceleration Path
D. Medium Path
Answer: D

NO.2 You have existing dbedit scripts from R77. Can you use them with R80.10?
A. dbedit is not supported in R80.10
B. dbedit is fully supported in R80.10
C. dbedit scripts are being replaced by mgmt._cli in R80.10
D. You can use dbedit to modify threat prevention or access policies, but not create or modify layers
Answer: C
Explanation
dbedit (or GuiDbEdit) uses the cpmi protocol which is gradually being replaced by the new R80.10
automation architecture. cpmi clients are still supported in R80.10, but there are some functionalities
that cannot be managed by cpmi anymore. For example, the Access and Threat policies do not have a
cpmi representation.
They can be managed only by the new mgmt_cli and not by cpmi clients. There are still many tables
that have an inner cpmi representation (for example, network objects, services, servers, and global
properties) and can still be managed using cpmi.
References:

NO.3 Which of the following are authentication methods that Security Gateway R80 uses to validate
connection attempts? Select the response below that includes the MOST complete list of valid
authentication methods.
A. Proxied, User, Dynamic, Session
B. User, Proxied, Session
C. User, Client, Session
D. Connection, User, Client
Answer: C

NO.4 Which command shows the current connections distributed by CoreXL FW instances?
A. fw ctl multik stat
B. fw ctl instances -v
C. fw ctl iflist
D. fw ctl affinity -l
Answer: A
Explanation
The fw ctl multik stat and fw6ctl multik stat (multi-kernel statistics) commands show information for
each kernel instance. The state and processing core number of each instance is displayed, along with:
* The number of connections currently being handled.
* The peak number of concurrent connections the instance has handled since its inception.

2
Get Latest & Valid 156-915.80 Exam's Question and Answers from It-pruefung.com. 2
http://www.it-pruefung.com/156-915.80.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.5 You want to verify if your management server is ready to upgrade to R80.10. What tool could
you use in this process?
A. migrate import
B. pre_upgrade_verifier
C. migrate export
D. upgrade_tools verify
Answer: B

NO.6 How many images are included with Check Point TE appliance in Recommended Mode?
A. Images are chosen by administrator during installation
B. the most new image
C. as many as licensed for
D. 2 (OS) images
Answer: D

NO.7 The Event List within the Events tab contains:

A. the details of a selected event.
B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied
list.
C. events generated by a query.
D. a list of options available for running a query.
Answer: C
Explanation
These are the components of the Events tab:

References:

NO.8 Automatic affinity means that is SecureXL is running, the affinity for each interface is
automatically reset every.
A. 15 sec
B. 30 sec

3
Get Latest & Valid 156-915.80 Exam's Question and Answers from It-pruefung.com. 3
http://www.it-pruefung.com/156-915.80.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

C. 5 sec
D. 60 sec
Answer: D

NO.9 Fill in the blank. To enter the router shell, use command __________ .
Answer:
cligated

NO.10 Fill in the blanks. To view the number of concurrent connections going through your firewall,
you would use the command and syntax __ ___ __ __________ __ .
Answer:
fw tab -t connections -s

NO.11 Looking at the SYN packets in the Wireshark output, select the statement that is true about
NAT.

A. There is not enough information provided in the Wireshark capture to determine the NAT settings
.
B. This is an example of Hide NAT.
C. This is an example of Static NAT and Translate destination on client side unchecked in Global
Properties.
D. This is an example of Static NAT and Translate destination on client side checked in Global
Properties.
Answer: D

NO.12 During inspection of your Threat Prevention logs you find four different computers having
one event each with a Critical Severity. Which of those hosts should you try to remediate first?
A. Host having a Critical event found by IPS
B. Host having a Critical event found by Antivirus
C. Host having a Critical event found by Anti-Bot
D. Host having a Critical event found by Threat Emulation
Answer: C

NO.13 To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?
A. User

4
Get Latest & Valid 156-915.80 Exam's Question and Answers from It-pruefung.com. 4
http://www.it-pruefung.com/156-915.80.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

B. Action
C. Source
D. Track
Answer: C

NO.14 When simulating a problem on CLusterXL cluster with cphaprob -d STOP -s problem -t 0
register, to initiate a failover on an active cluster member, what command allows you remove the
problematic state?
A. cphaprob unregister STOP
B. cphaprob -d unregister STOP
C. cphaprob STOP unregister
D. cphaprob -d STOP unregister
Answer: D
Explanation
esting a failover in a controlled manner using following command;
# cphaprob -d STOP -s problem -t 0 register
This will register a problem state on the cluster member this was entered on;If you then run;
# cphaprob list
this will show an entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister
References:

NO.15 Check Point Management (cpm) is the main management process in that it provides the
architecture for a consolidated management console. CPM allows the GUI client and management
server to communicate via web service using ______.
A. TCP port 19009
B. TCP Port 18191
C. TCP Port 18209
D. TCP Port 18190
Answer: D

NO.16 Where does the security administrator activate Identity Awareness within SmartDashboard?
A. Security Management Server > Identity Awareness
B. Gateway Object > General Properties
C. Policy > Global Properties > Identity Awareness
D. LDAP Server Object > General Properties
Answer: B

NO.17 With SecureXL enabled, accelerated packets will pass through the following:
A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
B. Network Interface Card, OSI Network Layer, and the Acceleration Device
C. Network Interface Card, Check Point Firewall Kernel, and the Acceleration Device
D. Network Interface Card and the Acceleration Device

5
Get Latest & Valid 156-915.80 Exam's Question and Answers from It-pruefung.com. 5
http://www.it-pruefung.com/156-915.80.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Answer: D

NO.18 What information is NOT collected from a Security Gateway in a Cpinfo?

A. OS and network statistics
B. Firewall logs
C. Configuration and database files
D. System message logs
Answer: B

NO.19 Many companies have defined more than one administrator. To increase security, only one
administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?
A. In the object General Properties representing the specific Firewall, go to the Software Blades
product list and select Firewall. Right-click in the menu, select Administrator to Install to define only
this administrator.
B. Right-click on the object representing the specific administrator, and select that Firewall in Policy
Targets.
C. Put the one administrator in an Administrator group and configure this group in the specific
Firewall object in Advanced > Permission to Install.
D. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all
other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission
profile cannot install a policy on any Firewall not listed here.
Answer: C

NO.20 Type the command and syntax you would use to verify that your Check Point cluster is
functioning correctly.
Answer:
cphaprob state

NO.21 Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom
installs the systems this way, how many machines will be need if he does NOT include a
SmartConsole machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. Three machines
C. One machine
D. Two machines
Answer: D

NO.22 A Threat Prevention profile is a set of configurations based on the following. (Choose all that
apply.)
A. Anti-Virus settings, Anti-Bot settings, Threat Emulation settings
B. Anti-Bot settings, Threat Emulation settings, Intrusion-prevention settings, HTTPS inspection
settings
C. Anti-Virus settings, Anti-Bot settings, Threat Emulation settings, Intrusion-prevention settings
D. Anti-Virus settings, Anti-Bot settings, Threat Emulation settings, Intrusion-prevention settings,

6
Get Latest & Valid 156-915.80 Exam's Question and Answers from It-pruefung.com. 6
http://www.it-pruefung.com/156-915.80.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

HTTPS inspection settings

Answer: A

NO.23 What command lists all interfaces using Multi-Queue?

A. cpmq get
B. show interface all
C. show multiqueue all
D. cpmq set
Answer: A

NO.24 John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR
servers to designated IP addresses to minimize malware infection and unauthorized access risks.
Thus, the gateway policy permits access only from John's desktop which is assigned a static IP
address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization.
The IT department gave the laptop a static IP address, but that limits him to operating it only from his
desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his
laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have
access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs
the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web
Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
A. John should lock and unlock his computer
B. Investigate this as a network connectivity issue
C. John should install the Identity Awareness Agent
D. The access should be changed to authenticate the user instead of the PC
Answer: D

NO.25 Type the command and syntax that you would use to view the virtual cluster interfaces of a
ClusterXL environment.
Answer:
cphaprob -a if

NO.26 To fully enable Dynamic Dispatcher on a Security Gateway:

A. run fw ctl multik set_mode 1 in Expert mode and then reboot
B. run fw ctl multik set_mode 9 in Expert mode and then reboot
C. Edit /proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot
D. Using cpconfig, upodate the Dynamic Dispatcher value to "full" under the CoreXl menu
Answer: B

NO.27 You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal

7
Get Latest & Valid 156-915.80 Exam's Question and Answers from It-pruefung.com. 7
http://www.it-pruefung.com/156-915.80.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology
information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static
route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the
regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?
A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an
empty group object as each Gateway's VPN Domain
B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI,
remove the Gateways out of the mesh community and replace with a star community
C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use
dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static
routes
D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to
insure that they are correctly pointing to the VTI gateway IP.
Answer: A

8
Get Latest & Valid 156-915.80 Exam's Question and Answers from It-pruefung.com. 8
http://www.it-pruefung.com/156-915.80.html