156-315.80 Exam - Check Point Certified Security Expert - R80

NEW QUESTION 1
You can access the ThreatCloud Repository from:

• A. R80.10 SmartConsole and Application Wiki
• B. Threat Prevention and Threat Tools
• C. Threat Wiki and Check Point Website
• D. R80.10 SmartConsole and Threat Prevention

Answer: D

NEW QUESTION 2
How many images are included with Check Point TE appliance in Recommended Mode?

• A. 2(OS) images
• B. images are chosen by administrator during installation
• C. as many as licensed for
• D. the most new image

Answer: A

NEW QUESTION 3
How is communication between different Check Point components secured in R80? As with all questions, select the BEST answer.

• A. By using IPSEC
• B. By using SIC
• C. By using ICA
• D. By using 3DES

Answer: B

NEW QUESTION 4
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when _______ .

• A. The license is attached to the wrong Security Gateway.
• B. The existing license expires.
• C. The license is upgraded.
• D. The IP address of the Security Management or Security Gateway has changed.

Answer: A

NEW QUESTION 5
Which of the following is a task of the CPD process?

• A. Invoke and monitor critical processes and attempts to restart them if they fail
• B. Transfers messages between Firewall processes
• C. Log forwarding
• D. Responsible for processing most traffic on a security gateway

Answer: A

Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/12496.htm

NEW QUESTION 6
Which command shows detailed information about VPN tunnels?

• A. cat $FWDIR/conf/vpn.conf
• B. vpn tu tlist
• C. vpn tu
• D. cpview

Answer: B

NEW QUESTION 7
What is the minimum amount of RAM needed for a Threat Prevention Appliance?

• A. 6 GB
• B. 8GB with Gaia in 64-bit mode
• C. 4 GB
• D. It depends on the number of software blades enabled

Answer: C

NEW QUESTION 8
John is using Management HA. Which Smartcenter should be connected to for making changes?

• A. secondary Smartcenter
• B. active Smartenter
• C. connect virtual IP of Smartcenter HA
• D. primary Smartcenter

Answer: B

NEW QUESTION 9
DLP and Geo Policy are examples of what type of Policy?

• A. Standard Policies
• B. Shared Policies
• C. Inspection Policies
• D. Unified Policies

Answer: B

NEW QUESTION 10
What is the purpose of the CPCA process?

• A. Monitoring the status of processes.
• B. Sending and receiving logs.
• C. Communication between GUI clients and the SmartCenter server.
• D. Generating and modifying certificates.

Answer: D

NEW QUESTION 11
Which of the following is NOT an option to calculate the traffic direction?

• A. Incoming
• B. Internal
• C. External
• D. Outgoing

Answer: D

NEW QUESTION 12
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?

• A. Pentagon
• B. Combined
• C. Meshed
• D. Star

Answer: D

NEW QUESTION 13
Fill in the blank: The R80 feature _______ permits blocking specific IP addresses for a specified time period.

• A. Block Port Overflow
• B. Local Interface Spoofing
• C. Suspicious Activity Monitoring
• D. Adaptive Threat Prevention

Answer: C

Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation.
References:

NEW QUESTION 14
Where you can see and search records of action done by R80 SmartConsole administrators?

• A. In SmartView Tracker, open active log
• B. In the Logs & Monitor view, select “Open Audit Log View”
• C. In SmartAuditLog View
• D. In Smartlog, all logs

Answer: B

NEW QUESTION 15
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?

• A. There is a virus foun
• B. Traffic is still allowed but not accelerated.
• C. The connection required a Security server.
• D. Acceleration is not enabled.
• E. The traffic is originating from the gateway itself.

Answer: D

NEW QUESTION 16
What cloud-based SandBlast Mobile application is used to register new devices and users?

• A. Check Point Protect Application
• B. Management Dashboard
• C. Behavior Risk Engine
• D. Check Point Gateway

Answer: D

NEW QUESTION 17
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

• A. fw ctl sdstat
• B. fw ctl affinity –l –a –r –v
• C. fw ctl multik stat
• D. cpinfo

Answer: B

NEW QUESTION 18
What command would show the API server status?

• A. cpm status
• B. api restart
• C. api status
• D. show api status

Answer: C

NEW QUESTION 19
......