156-315.80 Exam - Check Point Certified Security Expert - R80

NEW QUESTION 1
What is the SandBlast Agent designed to do?

• A. Performs OS-level sandboxing for SandBlast Cloud architecture
• B. Ensure the Check Point SandBlast services is running on the end user’s system
• C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
• D. Clean up email sent with malicious attachments

Answer: C

NEW QUESTION 2
GAiA Software update packages can be imported and installed offline in situation where:

• A. Security Gateway with GAiA does NOT have SFTP access to Internet
• B. Security Gateway with GAiA does NOT have access to Internet.
• C. Security Gateway with GAiA does NOT have SSH access to Internet.
• D. The desired CPUSE package is ONLY available in the Check Point CLOUD.

Answer: B

NEW QUESTION 3
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

• A. Logging has disk space issue
• B. Change logging storage options on the logging server or Security Management Server properties and install database.
• C. Data Awareness is not enabled.
• D. Identity Awareness is not enabled.
• E. Logs are arriving from Pre-R80 gateways.

Answer: A

NEW QUESTION 4
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

• A. restore_backup
• B. import backup
• C. cp_merge
• D. migrate import

Answer: D

NEW QUESTION 5
Which statement is true regarding redundancy?

• A. System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.
• B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
• C. Machines in a ClusterXL High Availability configuration must be synchronized.
• D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Answer: D

NEW QUESTION 6
Which is NOT an example of a Check Point API?

• A. Gateway API
• B. Management API
• C. OPSC SDK
• D. Threat Prevention API

Answer: A

NEW QUESTION 7
How many interfaces can you configure to use the Multi-Queue feature?

• A. 10 interfaces
• B. 3 interfaces
• C. 4 interfaces
• D. 5 interfaces

Answer: D

Explanation:
Note - References:

NEW QUESTION 8
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

• A. Source address, Destination address, Source port, Destination port, Protocol
• B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
• C. Source address, Destination address, Source port, Destination port
• D. Source address, Destination address, Destination port, Protocol

Answer: A

NEW QUESTION 9
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?

• A. fw accel stat
• B. fwaccel stat
• C. fw acces stats
• D. fwaccel stats

Answer: B

NEW QUESTION 10
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:

• A. All UDP packets
• B. All IPv6 Traffic
• C. All packets that match a rule whose source or destination is the Outside Corporate Network
• D. CIFS packets

Answer: D

NEW QUESTION 11
Which encryption algorithm is the least secured?

• A. AES-128
• B. AES-256
• C. DES
• D. 3DES

Answer: C

NEW QUESTION 12
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot _______.

• A. AV issues
• B. VPN errors
• C. Network issues
• D. Authentication issues

Answer: C

NEW QUESTION 13
Fill in the blank: Authentication rules are defined for ________.

• A. User groups
• B. Users using UserCheck
• C. Individual users
• D. All users in the database

Answer: A

NEW QUESTION 14
What happen when IPS profile is set in Detect Only Mode for troubleshooting?

• A. It will generate Geo-Protection traffic
• B. Automatically uploads debugging logs to Check Point Support Center
• C. It will not block malicious traffic
• D. Bypass licenses requirement for Geo-Protection control

Answer: C

Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of
IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

NEW QUESTION 15
If an administrator wants to add manual NAT for addresses now owned by the Check Point firewall, what else is necessary to be completed for it to function properly?

• A. Nothing - the proxy ARP is automatically handled in the R80 version
• B. Add the proxy ARP configurations in a file called /etc/conf/local.arp
• C. Add the proxy ARP configurations in a file called $FWDIR/conf/local.arp
• D. Add the proxy ARP configurations in a file called $CPDIR/conf/local.arp

Answer: D

NEW QUESTION 16
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

• A. sim erdos –e 1
• B. sim erdos – m 1
• C. sim erdos –v 1
• D. sim erdos –x 1

Answer: A

NEW QUESTION 17
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?

• A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
• B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
• C. Nothing - Check Point control connections function regardless of Geo-Protection policy
• D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Answer: C

NEW QUESTION 18
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

• A. Anti-Bot is the only countermeasure against unknown malware
• B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
• C. Anti-Bot is the only signature-based method of malware protection.
• D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.

Answer: D

NEW QUESTION 19
......