156-315.80 Exam - Check Point Certified Security Expert - R80

NEW QUESTION 1
Using ClusterXL, what statement is true about the Sticky Decision Function?

• A. Can only be changed for Load Sharing implementations
• B. All connections are processed and synchronized by the pivot
• C. Is configured using cpconfig
• D. Is only relevant when using SecureXL

Answer: A

NEW QUESTION 2
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?

• A. enable DLP and select.exe and .bat file type
• B. enable .exe & .bat protection in IPS Policy
• C. create FW rule for particular protocol
• D. tecli advanced attributes set prohibited_file_types exe.bat

Answer: A

NEW QUESTION 3
The _______ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

• A. Next Generation Threat Prevention
• B. Next Generation Threat Emulation
• C. Next Generation Threat Extraction
• D. Next Generation Firewall

Answer: B

NEW QUESTION 4
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

• A. Application Control
• B. Threat Emulation
• C. Anti-Virus
• D. Advanced Networking Blade

Answer: B

NEW QUESTION 5
Which of the following commands shows the status of processes?

• A. cpwd_admin -l
• B. cpwd -l
• C. cpwd admin_list
• D. cpwd_admin list

Answer: D

NEW QUESTION 6
John detected high load on sync interface. Which is most recommended solution?

• A. For short connections like http service – delay sync for 2 seconds
• B. Add a second interface to handle sync traffic
• C. For short connections like http service – do not sync
• D. For short connections like icmp service – delay sync for 2 seconds

Answer: A

NEW QUESTION 7
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?

• A. Slow Path
• B. Medium Path
• C. Fast Path
• D. Accelerated Path

Answer: A

NEW QUESTION 8
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?

• A. 3
• B. 2
• C. 1
• D. 4

Answer: D

NEW QUESTION 9
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

• A. Secure Internal Communication (SIC)
• B. Restart Daemons if they fail
• C. Transfers messages between Firewall processes
• D. Pulls application monitoring status

Answer: D

NEW QUESTION 10
What is the correct order of the default “fw monitor” inspection points?

• A. i, I, o, O
• B. 1, 2, 3, 4
• C. i, o, I, O
• D. I, i, O, o

Answer: C

NEW QUESTION 11
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

• A. UDP port 265
• B. TCP port 265
• C. UDP port 256
• D. TCP port 256

Answer: D

Explanation:
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port 8116.

NEW QUESTION 12
The Event List within the Event tab contains:

• A. a list of options available for running a query.
• B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.
• C. events generated by a query.
• D. the details of a selected event.

Answer: C

NEW QUESTION 13
When setting up an externally managed log server, what is one item that will not be configured on the R80 Security Management Server?

• A. IP
• B. SIC
• C. NAT
• D. FQDN

Answer: C

NEW QUESTION 14
Fill in the blank: The R80 utility fw monitor is used to troubleshoot _______ .

• A. User data base corruption
• B. LDAP conflicts
• C. Traffic issues
• D. Phase two key negotiations

Answer: C

Explanation:
Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark.

NEW QUESTION 15
What must you do first if “fwm sic_reset” could not be completed?

• A. Cpstop then find keyword “certificate” in objects_5_0.C and delete the section
• B. Reinitialize SIC on the security gateway then run “fw unloadlocal”
• C. Reset SIC from Smart Dashboard
• D. Change internal CA via cpconfig

Answer: D

NEW QUESTION 16
How can SmartView application accessed?

• A. http://<Security Management IP Address>/smartview
• B. http://<Security Management IP Address>:4434/smartview/
• C. https://<Security Management IP Address>/smartview/
• D. https://<Security Management host name>:4434/smartview/

Answer: C

NEW QUESTION 17
Which one of the following is true about Threat Emulation?

• A. Takes less than a second to complete
• B. Works on MS Office and PDF files only
• C. Always delivers a file
• D. Takes minutes to complete (less than 3 minutes)

Answer: D

NEW QUESTION 18
Which utility allows you to configure the DHCP service on Gaia from the command line?

• A. ifconfig
• B. dhcp_ofg
• C. sysconfig
• D. cpconfig

Answer: C

NEW QUESTION 19
......