156-215.80 | Check-Point 156-215.80 Software 2020

Exam Code: 156-215.80 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Administrator
Certification Provider: Check-Point
Free Today! Guaranteed Training- Pass 156-215.80 Exam.

Also have 156-215.80 free dumps questions for you:

NEW QUESTION 1

Fill in the blank: The ____ collects logs and sends them to the ____.

  • A. Log server; security management server
  • B. Log server; Security Gateway
  • C. Security management server; Security Gateway
  • D. Security Gateways; log server

Answer: D

NEW QUESTION 2

Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?

  • A. Firewall
  • B. Identity Awareness
  • C. Application Control
  • D. URL Filtering

Answer: B

Explanation:
Check Point Identity Awareness Software Blade provides granular visibility of users, groups and machines, providing unmatched application and access control through the creation of accurate, identity-based policies. Centralized management and monitoring allows for policies to be managed from a single, unified console.

NEW QUESTION 3

You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?

  • A. SmartView Tracker and SmartView Monitor
  • B. SmartLSM and SmartUpdate
  • C. SmartDashboard and SmartView Tracker
  • D. SmartView Monitor and SmartUpdate

Answer: D

NEW QUESTION 4

You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right protections in place. Check Point has been selected for the security vendor. Which Check Point products protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?

  • A. IPS and Application Control
  • B. IPS, anti-virus and anti-bot
  • C. IPS, anti-virus and e-mail security
  • D. SandBlast

Answer: D

Explanation:
SandBlast Zero-Day Protection
Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point provides a deeper level of inspection so you can prevent more malware and zero-day attacks, while ensuring quick delivery of safe content to your users.

NEW QUESTION 5

You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.
156-215.80 dumps exhibit
Unfortunately, you get the message:
“There are no machines that contain Firewall Blade and SmartView Monitor”.
What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.
156-215.80 dumps exhibit

  • A. Purchase the SmartView Monitor license for your Security Management Server.
  • B. Enable Monitoring on your Security Management Server.
  • C. Purchase the SmartView Monitor license for your Security Gateway.
  • D. Enable Monitoring on your Security Gateway.

Answer: D

NEW QUESTION 6

Which of the following is the most secure means of authentication?

  • A. Password
  • B. Certificate
  • C. Token
  • D. Pre-shared secret

Answer: B

NEW QUESTION 7

Fill in the blank: Licenses can be added to the License and Contract repository _____.

  • A. From the User Center, from a file, or manually
  • B. From a file, manually, or from SmartView Monitor
  • C. Manually, from SmartView Monitor, or from the User Center
  • D. From SmartView Monitor, from the User Center, or from a file

Answer: A

NEW QUESTION 8

Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?

  • A. SmartManager
  • B. SmartConsole
  • C. Security Gateway
  • D. Security Management Server

Answer: C

NEW QUESTION 9

What is the difference between an event and a log?

  • A. Events are generated at gateway according to Event Policy
  • B. A log entry becomes an event when it matches any rule defined in Event Policy
  • C. Events are collected with SmartWorkflow from Trouble Ticket systems
  • D. Logs and Events are synonyms

Answer: B

NEW QUESTION 10

When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:

  • A. Security Management Server’s /home/.fgpt file and is available for future SmartConsole authentications.
  • B. Windows registry is available for future Security Management Server authentications.
  • C. there is no memory used for saving a fingerprint anyway.
  • D. SmartConsole cache is available for future Security Management Server authentications.

Answer: D

NEW QUESTION 11

What does ExternalZone represent in the presented rule?
156-215.80 dumps exhibit

  • A. The Internet.
  • B. Interfaces that administrator has defined to be part of External Security Zone.
  • C. External interfaces on all security gateways.
  • D. External interfaces of specific gateways.

Answer: B

Explanation:
Configuring Interfaces
Configure the Security Gateway 80 interfaces in the Interfaces tab in the Security Gateway window. To configure the interfaces:
From the Devices window, double-click the Security Gateway 80.
The Security Gateway
window opens.
Select the Interfaces tab.
Select Use the following settings. The interface settings open.
Select the interface and click Edit.
The Edit window opens.
From the IP Assignment section, configure the IP address of the interface:
Select Static IP.
Enter the IP address and subnet mask for the interface.
In Security Zone, select Wireless, DMS, External, or Internal. Security zone is a type of zone, created by a bridge to easily create segments, while maintaining IP addresses and router configurations. Security zones let you choose if to enable or not the firewall between segments.
References:

NEW QUESTION 12

In what way are SSL VPN and IPSec VPN different?

  • A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
  • B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
  • C. IPSec VPN does not support two factor authentication, SSL VPN does support this
  • D. IPSec VPN uses an additional virtual adapter, SSL VPN uses the client network adapter only

Answer: D

NEW QUESTION 13

Which identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?

  • A. ADQuery
  • B. Terminal Servers Endpoint Identity Agent
  • C. Endpoint Identity Agent and Browser-Based Authentication
  • D. RADIUS and Account Logon

Answer: D

NEW QUESTION 14

What are the two high availability modes?

  • A. Load Sharing and Legacy
  • B. Traditional and New
  • C. Active and Standby
  • D. New and Legacy

Answer: D

Explanation:
ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages.
Load Sharing Multicast Mode
Load Sharing Unicast Mode
New High Availability Mode
High Availability Legacy Mode

NEW QUESTION 15

Where would an administrator enable Implied Rules logging?

  • A. In Smart Log Rules View
  • B. In SmartDashboard on each rule
  • C. In Global Properties under Firewall
  • D. In Global Properties under log and alert

Answer: B

NEW QUESTION 16

What port is used for communication to the User Center with SmartUpdate?

  • A. CPMI 200
  • B. TCP 8080
  • C. HTTP 80
  • D. HTTPS 443

Answer: D

NEW QUESTION 17

Phase 1 of the two-phase negotiation process conducted by IKE operates in a_____ mode.

  • A. Main
  • B. Authentication
  • C. Quick
  • D. High Alert

Answer: A

NEW QUESTION 18

How many packets does the IKE exchange use for Phase 1 Main Mode?

  • A. 12
  • B. 1
  • C. 3
  • D. 6

Answer: D

NEW QUESTION 19

Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?

  • A. External-user group
  • B. LDAP group
  • C. A group with a genetic user
  • D. All Users

Answer: B

NEW QUESTION 20

What is the default shell for the command line interface?

  • A. Expert
  • B. Clish
  • C. Admin
  • D. Normal

Answer: B

Explanation:
The default shell of the CLI is called clish References:

NEW QUESTION 21

Fill in the blank: The ____ is used to obtain identification and security information about network users.

  • A. User Directory
  • B. User server
  • C. UserCheck
  • D. User index

Answer: A

NEW QUESTION 22

Where does the security administrator activate Identity Awareness within SmartDashboard?

  • A. Gateway Object > General Properties
  • B. Security Management Server > Identity Awareness
  • C. Policy > Global Properties > Identity Awareness
  • D. LDAP Server Object > General Properties

Answer: A

NEW QUESTION 23

What is the Transport layer of the TCP/IP model responsible for?

  • A. It transports packets as datagrams along different routes to reach their destination.
  • B. It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
  • C. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.
  • D. It deals with all aspects of the physical components of network connectivity and connects with different network types.

Answer: B

NEW QUESTION 24

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

  • A. UDP port 265
  • B. TCP port 265
  • C. UDP port 256
  • D. TCP port 256

Answer: B

NEW QUESTION 25

Which of the following is NOT defined by an Access Role object?

  • A. Source Network
  • B. Source Machine
  • C. Source User
  • D. Source Server

Answer: D

NEW QUESTION 26

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?

  • A. IPsec VPN blade should be enabled on both Security Gateway.
  • B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
  • C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
  • D. The Security Gateways are pre-R75.40.

Answer: C

NEW QUESTION 27

A digital signature:

  • A. Guarantees the authenticity and integrity of a message.
  • B. Automatically exchanges shared keys.
  • C. Decrypts data to its original form.
  • D. Provides a secure key exchange mechanism over the Internet.

Answer: A

NEW QUESTION 28

Which of the following is an authentication method used for Identity Awareness?

  • A. SSL
  • B. Captive Portal
  • C. PKI
  • D. RSA

Answer: B

NEW QUESTION 29
......

P.S. Easily pass 156-215.80 Exam with 485 Q&As Certshared Dumps & pdf Version, Welcome to Download the Newest Certshared 156-215.80 Dumps: https://www.certshared.com/exam/156-215.80/ (485 New Questions)