156-315.80 Exam - Check Point Certified Security Expert - R80

NEW QUESTION 1
Which packet info is ignored with Session Rate Acceleration?

• A. source port ranges
• B. source ip
• C. source port
• D. same info from Packet Acceleration is used

Answer: C

NEW QUESTION 2
With SecureXL enabled, accelerated packets will pass through the following:

• A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
• B. Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device
• C. Network Interface Card and the Acceleration Device
• D. Network Interface Card, OSI Network Layer, and the Acceleration Device

Answer: C

NEW QUESTION 3
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?

• A. host name myHost12 ip-address 10.50.23.90
• B. mgmt: add host name ip-address 10.50.23.90
• C. add host name emailserver1 ip-address 10.50.23.90
• D. mgmt: add host name emailserver1 ip-address 10.50.23.90

Answer: D

NEW QUESTION 4
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

• A. edit fwaffinity.conf; reboot required
• B. cpconfig; reboot required
• C. edit fwaffinity.conf; reboot not required
• D. cpconfig; reboot not required

Answer: B

NEW QUESTION 5
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) ______ or _______ action for the file types.

• A. Inspect/Bypass
• B. Inspect/Prevent
• C. Prevent/Bypass
• D. Detect/Bypass

Answer: A

NEW QUESTION 6
What two ordered layers make up the Access Control Policy Layer?

• A. URL Filtering and Network
• B. Network and Threat Prevention
• C. Application Control and URL Filtering
• D. Network and Application Control

Answer: D

NEW QUESTION 7
Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?

• A. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.
• B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
• C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
• D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

Answer: A

NEW QUESTION 8
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

• A. ThreatWiki
• B. Whitelist Files
• C. AppWiki
• D. IPS Protections

Answer: B

NEW QUESTION 9
You need to see which hotfixes are installed on your gateway, which command would you use?

• A. cpinfo –h all
• B. cpinfo –o hotfix
• C. cpinfo –l hotfix
• D. cpinfo –y all

Answer: D

NEW QUESTION 10
Which of the following is NOT a component of Check Point Capsule?

• A. Capsule Docs
• B. Capsule Cloud
• C. Capsule Enterprise
• D. Capsule Workspace

Answer: C

NEW QUESTION 11
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were
dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

• A. fw ctl multik dynamic_dispatching on
• B. fw ctl multik dynamic_dispatching set_mode 9
• C. fw ctl multik set_mode 9
• D. fw ctl multik pq enable

Answer: C

NEW QUESTION 12
What is the command to check the status of Check Point processes?

• A. top
• B. cptop
• C. cphaprob list
• D. cpwd_admin list

Answer: D

NEW QUESTION 13
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

• A. RADIUS
• B. Remote Access and RADIUS
• C. AD Query
• D. AD Query and Browser-based Authentication

Answer: D

Explanation:
Identity Awareness gets identities from these acquisition sources:

NEW QUESTION 14
Which command collects diagnostic data for analyzing customer setup remotely?

• A. cpinfo
• B. migrate export
• C. sysinfo
• D. cpview

Answer: A

Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.

NEW QUESTION 15
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

• A. /opt/CPshrd-R80/conf/local.arp
• B. /var/opt/CPshrd-R80/conf/local.arp
• C. $CPDIR/conf/local.arp
• D. $FWDIR/conf/local.arp

Answer: D

NEW QUESTION 16
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

• A. Detects and blocks malware by correlating multiple detection engines before users are affected.
• B. Configure rules to limit the available network bandwidth for specified users or groups.
• C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
• D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Answer: A

NEW QUESTION 17
The SmartEvent R80 Web application for real-time event monitoring is called:

• A. SmartView Monitor
• B. SmartEventWeb
• C. There is no Web application for SmartEvent
• D. SmartView

Answer: B

NEW QUESTION 18
What is the difference between an event and a log?

• A. Events are generated at gateway according to Event Policy
• B. A log entry becomes an event when it matches any rule defined in Event Policy
• C. Events are collected with SmartWorkflow form Trouble Ticket systems
• D. Log and Events are synonyms

Answer: B

NEW QUESTION 19
......