Test-King 156-915 80 v2018-11-18 by Roman 59q

156-915.80.exam.
59q
Number: 156-915.80
Passing Score: 800
Time Limit: 120 min
https://www.gratisexam.com/
156-915. 80
Check Point Certified Security Expert Update
Exam A
QUESTION 1
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member
but unfortunately the member continues to show down. What command do you run to determine the case?
A. cphaprob –f register
B. cphaprob –d–s report
C. cpstat–f-all
D. cphaprob –a list
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/63/6357d81e3b75b5a09a422d715c3b3d79/CP_R80.10_ClusterXL_AdminGuide.pdf?
HashKey=1522170580_c51bd784a86600b5f6141c0f1a6322fd&xtn=.pdf
QUESTION 2
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day
Protection?
A. Smart Cloud Services

B. Load Sharing Mode Services
C. Threat Agent Solution
D. Public Cloud Services
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.checkpoint.com/products/threat-emulation-sandboxing/
QUESTION 3
Which of the following is NOT a valid way to view interface’s IP address settings in Gaia?
A. Using the command sthtool in Expert Mode

B. Viewing the file / config/ active
C. Via the Gaia WebUl
D. Via the command show configuration in CLISH
Correct Answer: A
Section: (none)
Explanation
QUESTION 4
Check Point recommends configuring Disk Space Management parameters to delete old log entities when available disk space is less than or equal to?
A. 50%
B. 75%
C. 80%
D. 15%
Correct Answer: D
Section: (none)
Explanation
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk110557
QUESTION 5
Which of the following is NOT an internal/native Check Point command?
A. fwaccel on
B. fw ct1 debug
C. tcpdump
D. cphaprob
Correct Answer: C
Section: (none)
Explanation
QUESTION 6
What is the SandBlast Agent designed to do?
A. Performs OS-level sandboxing for SandBlast Cloud architecture

B. Ensure the Check Point SandBlast services is running on the end user’s system
C. If malware enters an end user’s system, the SandBlast Agent prevents the malware form spreading with the network
D. Clean up email sent with malicious attachments.
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/ds-sandblast-agent.pdf
QUESTION 7
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/120829
QUESTION 8
What Shell is required in Gaia to use WinSCP?
A. UNIX
B. CPShell
C. CLISH
D. Bash
Correct Answer: D
Section: (none)
Explanation
Reference: https://winscp.net/eng/docs/ui_login_scp
QUESTION 9
Which one of the following is true about Threat Emulation?
A. Takes less than a second to complete

B. Works on MS Office and PDF files only
C. Always delivers a file
D. Takes minutes to complete (less than 3 minutes)
Correct Answer: D
Section: (none)
Explanation
QUESTION 10
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R80.10?
A. 2 CPU cores, 4GB of RAM and 15GB of disk space
B. 8 CPU cores, 16GB of RAM and 500 GB of disk space
C. 4 CPU cores, 8GB of RAM and 500GB of disk space
D. 8 CPU cores, 32GB of RAM and 1 TB of disk space
Correct Answer: C
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/db/dbf0aa7672f1dd6031e6096b40510674/CP_R80.10_ReleaseNotes.pdf?
HashKey=1522175073_c4e7fc63c894ad28b3fbe49f9430c023&xtn=.pdf page 16
QUESTION 11
The “MAC magic” value must be modified under the following condition:
A. There is more than one cluster connected to the same VLAN

B. A firewall cluster is configured to use Multicast for CCP traffic
C. There are more than two members in a firewall cluster
D. A firewall cluster is configured to use Broadcast for CCP traffic
Correct Answer: D
Section: (none)
Explanation
QUESTION 12
The Correlation Unit performs all but which of the following actions:
A. Marks logs that individually are not events, but may be part of a larger pattern to be identified later
B. Generates an event based on the Event policy
C. Assigns a severity level to the event
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event
Correct Answer: C
Section: (none)
Explanation
QUESTION 13
The following command is used to verify the CPUSE version:
A. HostName:0>show installer status build

B. [Expert@HostName:0]#show installer status
C. [Expert@HostName:0]#show installer status build
D. HostName:0>show installer build
Correct Answer: A
Section: (none)
Explanation
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
QUESTION 14
Which of these options is an implicit MEP option?
A. Primary-backup
B. Source address based
C. Round robin
D. Load Sharing
Correct Answer: A
Section: (none)
Explanation
Explanation:
There are three methods to implement implicit MEP:
First to Respond, in which the first Security Gateway to reply to the peer Security Gateway is chosen. An organization would choose this option if, for example,
the organization has two Security Gateways in a MEP configuration - one in London, the other in New York. It makes sense for VPN-1 peers located in England
to try the London Security Gateway first and the NY Security Gateway second. Being geographically closer to VPN peers in England, the London Security
Gateway is the first to respond, and becomes the entry point to the internal network. See: First to Respond.
Primary-Backup, in which one or multiple backup Security Gateways provide "high availability" for a primary Security Gateway. The remote peer is configured to
work with the primary Security Gateway, but switches to the backup Security Gateway if the primary goes down. An organization might decide to use this
configuration if it has two machines in a MEP environment, one of which is stronger than the other. It makes sense to configure the stronger machine as the
primary. Or perhaps both machines are the same in terms of strength of performance, but one has a cheaper or faster connection to the Internet. In this case,
the machine with the better Internet connection should be configured as the primary. See: Primary-Backup Security Gateways.
Load Distribution, in which the remote VPN peer randomly selects a Security Gateway with which to open a connection. For each IP source/destination address
pair, a new Security Gateway is randomly selected. An organization might have a number of machines with equal performance abilities. In this case, it makes
sense to enable load distribution. The machines are used in a random and equal way. See: Random Selection.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13812.htm
QUESTION 15
John detected high load on sync interface. Which is most recommended solution?
A. For short connections like http service – delay sync for 2 seconds
B. Add a second interface to handle sync traffic
C. For short connections like http service – do not sync
D. For short connections like icmp service – delay sync for 2 seconds
Correct Answer: A
Section: (none)
Explanation
QUESTION 16
What is the SOLR database for?
A. Used for full text search and enables powerful matching capabilities
B. Writes data to the database and full text search
C. Serves GUI responsible to transfer request to the DLEserver
D. Enables powerful matching capabilities and writes data to the database
Correct Answer: A
Section: (none)
Explanation
QUESTION 17
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Correct Answer: C
Section: (none)
Explanation
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance
and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure
VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification
in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of
"Wire Mode".
QUESTION 18
On R80.10 the IPS Blade is managed by:
A. Threat Protection policy

B. Anti-Bot Blade
C. Threat Prevention policy
D. Layers on Firewall policy
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf very top of last page.
QUESTION 19
Which packet info is ignored with Session Rate Acceleration?
A. source port ranges
B. source ip
C. source port
D. same info from Packet Acceleration is used
Correct Answer: C
Section: (none)
Explanation
Reference: http://trlj.blogspot.com/2015/10/check-point-acceleration.html
QUESTION 20
What is the purpose of Priority Delta in VRRP?
A. When a box is up, Effective Priority = Priority + Priority Delta

B. When an Interface is up, Effective Priority = Priority + Priority Delta
C. When an Interface fail, Effective Priority = Priority – Priority Delta
D. When a box fail, Effective Priority = Priority – Priority Delta
Correct Answer: C
Section: (none)
Explanation
Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP.
If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP
HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet.
Once the master sees this packet with a priority greater than its own, then it releases the VIP.
QUESTION 21
What is the purpose of a SmartEvent Correlation Unit?
A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server
B. The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.
C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.
D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server
Correct Answer: C
Section: (none)
Explanation
QUESTION 22
The CDT utility supports which of the following?
A. Major version upgrades to R77.30

B. Only Jumbo HFA’s and hotfixes
C. Only major version upgrades to R80.10
D. All upgrades
Correct Answer: D
Section: (none)
Explanation
Explanation:
The Central Deployment Tool (CDT) is a utility that runs on an R77 / R77.X / R80 / R80.10 Security Management Server / Multi-Domain Security Management
Server (running Gaia OS).
It allows the administrator to automatically install CPUSE Offline packages (Hotfixes, Jumbo Hotfix Accumulators (Bundles), Upgrade to a Minor Version, Upgrade
to a Major Version) on multiple managed Security Gateways and Cluster Members at the same time.
Reference: https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands
QUESTION 23
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall can run the same policy on all cores
Correct Answer: D
Section: (none)
Explanation
Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These
instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the
Security Gateway process traffic through the same interfaces and apply the same security policy.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_PerformanceTuning_WebAdmin/6731.htm
QUESTION 24
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Correct Answer: C
Section: (none)
Explanation
QUESTION 25
Which is not a blade option when configuring SmartEvent?
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
Correct Answer: B
Section: (none)
Explanation
Explanation:
On the Management tab, enable these Software Blades:
Logging & Status
SmartEvent Server
SmartEvent Correlation Unit
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/120829
QUESTION 26
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10
QUESTION 27
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware
upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
A. fw cti multik dynamic_dispatching on

B. fw cti multik dynamic_dispatching set_mode 9
C. fw cti multik set_mode 9
D. fw cti multik pq enable
Correct Answer: C
Section: (none)
Explanation
Explanation:
To fully enable the CoreXL Dynamic Dispatcher on Security Gateway:
1. Run in Expert mode:
[Expert@HostName]# fw ctl multik set_mode 9
Example output:
[Expert@R77.30:0]# fw ctl multik set_mode 9
Please reboot the system
[Expert@R77.30:0]#
QUESTION 28
You have existing dbedit scripts from R77. Can you use them with R80.10?
A. dbedit is not supported in R80.10

B. dbedit is fully supported in R80.10
C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers
D. dbedit scripts are being replaced by mgmt._cli in R80.10
Correct Answer: D
Section: (none)
Explanation
Explanation:
dbedit (or GuiDbEdit) uses the cpmi protocol which is gradually being replaced by the new R80.10 automation architecture. cpmi clients are still supported in
R80.10, but there are some functionalities that cannot be managed by cpmi anymore. For example, the Access and Threat policies do not have a cpmi
representation. They can be managed only by the new mgmt_cli and not by cpmi clients. There are still many tables that have an inner cpmi representation (for
example, network objects, services, servers, and global properties) and can still be managed using cpmi.
Reference: https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf
QUESTION 29
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
A. This statement is true because SecureXL does improve all traffic

B. This statement is false because SecureXL does not improve this traffic but CoreXL does
C. This statement is true because SecureXL does improve this traffic
D. This statement is false because encrypted traffic cannot be inspected
Correct Answer: C
Section: (none)
Explanation
Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets
flowing in long duration connections.
Reference: https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/10001/FILE/SecureXL_and_Nokia_IPSO_White_Paper_20080401.pdf
QUESTION 30
What are the three components for Check Point Capsule?
A. Capsule Docs, Capsule Cloud, Capsule Connect

B. Capsule Workspace, Capsule Cloud, Capsule Connect
C. Capsule Workspace, Capsule Docs, Capsule Connect
D. Capsule Workspace, Capsule Docs, Capsule Cloud
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.checkpoint.com/solutions/mobile-security/check-point-capsule/
QUESTION 31
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
A. mgmt_cli add-host “Server_1” ip_ address “10.15.123.10” – format txt

B. mgmt_ cli add host name “Server_ 1” ip-address “10.15.123.10” – format json
C. mgmt_ cli add object-host “Server_ 1” ip-address “10.15.123.10” – format json
D. mgmt_cli add object “Server_ 1” ip-address “10.15.123.10” – format json
Correct Answer: B
Section: (none)
Explanation
Example:
mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json
• "--format json" is optional. By default the output is presented in plain text.
Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1%20
QUESTION 32
What GUI client would you use to view an IPS packet capture?
A. SmartView Monitor
B. SmartView Tracker
C. Smart Update
D. Smart Reporter
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12766.htm
QUESTION 33
What is the valid range for VRID value in VRRP configuration?
A. 1 – 254
B. 1 – 255
C. 0 – 254
D. 0 – 255
Correct Answer: B
Section: (none)
Explanation
Explanation:
Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 34
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Use the URL Filtering and Application Control Software Blades to:
Create a Granular Policy - Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. You can also
create an HTTPS policy that enables Security Gateways to inspect HTTPS traffic and prevent security risks related to the SSL protocol.
Manage Bandwidth Consumption - Configure rules to limit the available network bandwidth for specified users or groups. You can define separate limits for
uploading and downloading.
Keep Your Policies Updated - The Application Database is updated regularly, which helps you makes sure that your Internet security policy has the newest
applications and website categories. Security Gateways connect to the Check Point Online Web Service to identify new social networking widgets and website
categories.
Communicate with Users - UserCheck objects add flexibility to URL Filtering and Application Control and let the Security Gateways communicate with users.
UserCheck helps users understand that certain websites are against the company's security policy. It also tells users about the changes in Internet policy related
to websites and applications.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 35
Which command will reset the kernel debug options to default settings?
A. fw ctl dbg –a 0
B. fw ctl dbg resetall
C. fw ctl debug 0
D. fw ctl debug set 0
Correct Answer: C
Section: (none)
Explanation
Explanation:
Reset the debugs to the default.
In case someone changed the setting in the past and since then the firewall was not rebooted we should set all back to the defaults.
Reference: https://itsecworks.com/2011/08/09/checkpoint-firewall-debugging-basics/
QUESTION 36
You need to change the number of firewall instances used by CoreXL. How can you achieve this goal?
A. edit fwaffinity.conf; reboot required

B. cpconfig; reboot required
C. edit fwaffinity.conf; reboot not required
D. cpconfig: reboot not required
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm#o94530
QUESTION 37
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. that is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager
B. Full Layer4 VPN –SSL VPN that gives users network access to all mobile applications
C. Full layer3 VPN –IPSec VPN that gives users network access to all mobile applications
D. You can make sure that documents are sent to the intended recipients only
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/82201.htm
QUESTION 38
What does the command vpn crl__zap do?
A. Nothing, it is not a valid command

B. Erases all CRL’s from the gateway cache
C. Erases VPN certificates from cache
D. Erases CRL’s from the management server cache
Correct Answer: B
Section: (none)
Explanation
Reference: https://indeni.com/check-point-firewalls-certification-revocation-list-crl-check-mechanism-on-a-check-point-gateway/
QUESTION 39
Firewall policies must be configured to accept VRRP packets on the GAiA platform if it runs Firewall software. The Multicast destination assigned by the Internet
Assigned Numbers Authority (IANA) for VRRP is:
A. 224.0.0.18
B. 224.0.0.5
C. 224.0.0.102
D. 224.0.0.22
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
QUESTION 40
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. UDP port 265

B. TCP port 265
C. UDP port 256
D. TCP port 256
Correct Answer: D
Section: (none)
Explanation
Explanation:
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP
connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on
port 8116.
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/html_frameset.htm?topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/7288
QUESTION 41
GAiA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
A. Check Point Upgrade Service Engine.

B. Check Point Software Update Agent
C. Check Point Remote Installation Daemon (CPRID)
D. Check Point Software Update Daemon
Correct Answer: A
Section: (none)
Explanation
QUESTION 42
What is the responsibility of SOLR process on R80.10 management server?
A. Validating all data before it’s written into the database
B. It generates indexes of data written to the database
C. Communication between SmartConsole applications and the Security Management Server
D. Writing all information into the database
Correct Answer: B
Section: (none)
Explanation
QUESTION 43
VPN Tunnel Sharing can be configured with any of the options below, EXCEPT One:
A. Gateway-based
B. Subnet-based
C. IP range based
D. Host-based
Correct Answer: C
Section: (none)
Explanation
Explanation:
VPN Tunnel Sharing provides interoperability and scalability by controlling the number of VPN tunnels created between peer Security Gateways. There are three
available settings:
One VPN tunnel per each pair of hosts
One VPN tunnel per subnet pair
One VPN tunnel per Security Gateway pair
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/14018.htm
QUESTION 44
You want to store the GAiA configuration in a file for later reference. What command should you use?
A. write mem <filename>

B. show config –f <filename>
C. save config –o <filename>
D. save configuration <filename>
Correct Answer: D
Section: (none)
Explanation
QUESTION 45
In Gaia, if one is unsure about a possible command, what command lists all possible commands.
A. show all |grep commands

B. show configuration
C. show commands
D. get all commands
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm
QUESTION 46
In which case is a Sticky Decision Function relevant?
A. Load Sharing – Multicast

B. Load Balancing – Forward
C. High Availability
D. Load Sharing – Unicast
Correct Answer: C
Section: (none)
Explanation
QUESTION 47
The Security Gateway is installed on GAiA R80. The default port for the Web User Interface is _______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Correct Answer: D
Section: (none)
Explanation
QUESTION 48
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself

B. SmartConsole
C. SecureClient
D. SmartEvent
Correct Answer: D
Section: (none)
Explanation
QUESTION 49
Fill in the blank: The tool ___________ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Correct Answer: C
Section: (none)
Explanation
QUESTION 50
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restrict all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each security Gateway directly.
Correct Answer: B
Section: (none)
Explanation
QUESTION 51
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will be need if he does
NOT include a SmartConsole machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Correct Answer: C
Section: (none)
Explanation
QUESTION 52
Fill in the blank: The command _______________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwn dbimport –p <export file>
D. cpinfo –recover
Correct Answer: A
Section: (none)
Explanation
QUESTION 53
Which of the following statements is TRUE about R80 management plug-ins?
A. The plug-in is a package installed on the Security Gateway.

B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and support for new products.
D. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
Correct Answer: C
Section: (none)
Explanation
QUESTION 54
Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.
A. Block Port Overflow
B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
Correct Answer: C
Section: (none)
Explanation
QUESTION 55
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over
the rule base flow and which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Correct Answer: C
Section: (none)
Explanation
Reference: http://slideplayer.com/slide/12183998/
QUESTION 56
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
A. 20 minutes
B. 15 minutes
C. Admin account cannot be unlocked automatically
D. 30 minutes at least
Correct Answer: D
Section: (none)
Explanation
QUESTION 57
What scenario indicates that SecureXL is enabled?
A. Dynamic objects are available in the Object Explorer

B. SecureXL can be disabled in cpconfig
C. fwaccel commands can be used in clish
D. Only one packet in a stream is seen in a fw monitor packet capture
Correct Answer: C
Section: (none)
Explanation
QUESTION 58
What is the command to show SecureXL status?
A. fwaccel status
B. fwaccel stats –m
C. fwaccel –s
D. fwaccel stat
Correct Answer: D
Section: (none)
Explanation
Explanation:
To check overall SecureXL status:
[Expert@HostName]# fwaccel stat
QUESTION 59
Which file gives you a list of all security servers in use, including port number?
A. $FWDIR/conf/conf.conf
B. $FWDIR/conf/servers.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/conf/serversd.conf
Correct Answer: C
Section: (none)
Explanation

Test-King 156-915 80 v2018-11-18 by Roman 59q

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Test-King 156-915 80 v2018-11-18 by Roman 59q

Uploaded by

Copyright:

Available Formats

156-915.80.exam.

Check Point Certified Security Expert Update

A. Smart Cloud Services

A. Using the command sthtool in Expert Mode

A. Performs OS-level sandboxing for SandBlast Cloud architecture

A. Takes less than a second to complete

A. There is more than one cluster connected to the same VLAN

A. HostName:0>show installer status build

A. Threat Protection policy

A. When a box is up, Effective Priority = Priority + Priority Delta

A. Major version upgrades to R77.30

A. fw cti multik dynamic_dispatching on

A. dbedit is not supported in R80.10

A. This statement is true because SecureXL does improve all traffic

A. Capsule Docs, Capsule Cloud, Capsule Connect

A. mgmt_cli add-host “Server_1” ip_ address “10.15.123.10” – format txt

A. edit fwaffinity.conf; reboot required

A. Nothing, it is not a valid command

A. UDP port 265

A. Check Point Upgrade Service Engine.

A. write mem <filename>

A. show all |grep commands

A. Load Sharing – Multicast

A. None, Security Management Server would be installed by itself

A. The plug-in is a package installed on the Security Gateway.

A. Block Port Overflow

A. Dynamic objects are available in the Object Explorer

You might also like