High quality 156-915.80 Study Guides 2021

NEW QUESTION 1
Where do you create and modify the Mobile Access policy in R80?

• A. SmartConsole
• B. SmartMonitor
• C. SmartEndpoint
• D. SmartDashboard

Answer: A

NEW QUESTION 2
Which of the following is NOT an internal/native Check Point command?

• A. fwaccel on
• B. fw ct1 debug
• C. tcpdump
• D. cphaprob

Answer: C

NEW QUESTION 3
Use the table to match the BEST Management High Availability synchronication-status descriptions for your Security Management Server (SMS).
Exhibit:

• A. A-5, B-3, C-1, D-2
• B. A-3, B-1, C-4, D-2
• C. A-3, B-5, C-2, D-4
• D. A-3, B-1, C-5, D-4

Answer: D

NEW QUESTION 4
Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed. Which actions should be taken to achieve that?
1) Use same hard drive for database directory, log files, and temporary directory.
2) Use Consolidation Rules.
3) Limit logging to blocked traffic only.
4) Use Multiple Database Tables.

• A. 2, 4
• B. 1, 3, 4
• C. 1, 2, 4
• D. 1, 2

Answer: A

NEW QUESTION 5
Which Security Gateway R80 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:

• A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.
• B. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.
• C. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.
• D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.

Answer: C

NEW QUESTION 6
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

• A. Source
• B. Track
• C. User
• D. Action

Answer: A

NEW QUESTION 7
Which two processes are responsible on handling Identity Awareness?

• A. pdp and lad
• B. pdp and pdp-11
• C. pep and lad
• D. pdp and pep

Answer: D

NEW QUESTION 8
When a packet is flowing through the security gateway, which one of the following is a valid inspection path?

• A. Acceleration Path
• B. Small Path
• C. Firewall Path
• D. Medium Path

Answer: D

NEW QUESTION 9
Review the Rule Base displayed.

For which rules will the connection templates be generated in SecureXL?

• A. Rules 2 and 5
• B. Rules 2 through 5
• C. Rule 2 only
• D. All rules except Rule 3

Answer: D

NEW QUESTION 10
Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company’s Network Security Developer Team is having issue testing new API with newly deployed R80.10 Security Management Server and blames Check Point Security Management Server as root cause. The ticket has been created and issue is at Aaron’s desk for an investigation. What do you recommend as the best suggestion for Aaron to make sure API testing works as expected?

• A. Aaron should check API Server status from expert CLI by “fwm api status” and if it’s stopped he should start using command “fwm api start” on Security Management Server.
• B. Aaron should check API Server5 status from expert CLI by “cpapi status” and if it’s stopped he should start using command “cpapi start” on Security Management Server.
• C. Aaron should check API Server status from expert CLI by “api status” and if it’s stopped he should start using command “api start” on Security Management Server.
• D. Aaron should check API Server status from expert CLI by “cpm api status” and if it’s stopped he should start using command “cpm api start” on Security Management Server.

Answer: C

NEW QUESTION 11
You are investigating issues with two gateway cluster members that are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

• A. TCP port 443
• B. TCP port 257
• C. TCP port 256
• D. UDP port 8116

Answer: C

Explanation: Synchronization works in two modes:
Full sync is used for initial transfers of state information, for many thousands of connections. If a cluster member is brought up after being down, it will perform full sync. After all members are synchronized, only updates are transferred via delta sync. Delta sync is quicker than full sync.
References:

NEW QUESTION 12
Which is not a blade option when configuring SmartEvent?

• A. Correlation Unit
• B. SmartEvent Unit
• C. SmartEvent Server
• D. Log Server

Answer: B

Explanation: On the Management tab, enable these Software Blades:

NEW QUESTION 13
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R80 Security Gateway and then start a new HTTP connection from host
10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

• A. o=outbound kernel, before the virtual machine
• B. I=inbound kernel, after the virtual machine
• C. O=outbound kernel, after the virtual machine
• D. i=inbound kernel, before the virtual machine

Answer: B

NEW QUESTION 14
Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

• A. Are used for securing internal network communications between the SmartDashboard and the Security Management Server.
• B. For R75 Security Gateways are created during the Security Management Server installation.
• C. Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.
• D. Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.

Answer: D

NEW QUESTION 15
Where can you find the Check Point’s SNMP MIB file?

• A. $CPDIR/lib/snmp/chkpt.mib
• B. $FWDIR/conf/snmp.mib
• C. It is obtained only by request from the TAC.
• D. There is no specific MIB file for Check Point products.

Answer: A

NEW QUESTION 16
What is the purpose of the pre-defined exclusions included with SmartEvent R80?

• A. To allow SmartEvent R80 to function properly with all other R71 devices.
• B. To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71.
• C. As a base for starting and building exclusions.
• D. To give samples of how to write your own exclusion.

Answer: B

NEW QUESTION 17
If you need strong protection for the encryption of user data, what option would be the BEST choice?

• A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mod
• B. Choose SHA in Quick Mode and encrypt with AE
• C. Use AH protoco
• D. Switch to Aggressive Mode.
• E. When you need strong encryption, IPsec is not the best choic
• F. SSL VPN’s are a better choice.
• G. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
• H. Disable Diffie-Hellman by using stronger certificate based key-derivatio
• I. Use AES-256 bit on all encrypted channels and add PFS to QuickMod
• J. Use double encryption by implementing AH and ESP as protocols.

Answer: C

NEW QUESTION 18
What is the purpose of a SmartEvent Correlation Unit?

• A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server
• B. The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.
• C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.
• D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server

Answer: C

NEW QUESTION 19
What is the purpose of Priority Delta in VRRP?

• A. When a box is up, Effective Priority = Priority + Priority Delta
• B. When an Interface is up, Effective Priority = Priority + Priority Delta
• C. When an Interface fail, Effective Priority = Priority – Priority Delta
• D. When a box fail, Effective Priority = Priority – Priority Delta

Answer: C

Explanation: Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP. If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet. Once the master sees this packet with a priority greater than its own, then it releases the VIP.