156-215.80 | What Top Quality 156-215.80 Questions Pool Is
we provide Realistic Check-Point 156-215.80 free practice exam which are the best for clearing 156-215.80 test, and to get certified by Check-Point Check Point Certified Security Administrator. The 156-215.80 Questions & Answers covers all the knowledge points of the real 156-215.80 exam. Crack your Check-Point 156-215.80 Exam with latest dumps, guaranteed!
Online 156-215.80 free questions and answers of New Version:
NEW QUESTION 1
What protocol is specifically used for clustered environments?
- A. Clustered Protocol
- B. Synchronized Cluster Protocol
- C. Control Cluster Protocol
- D. Cluster Control Protocol
NEW QUESTION 2
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsible, which of these steps should NOT be performed:
- A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.
- B. Change the Standby Security Management Server to Active.
- C. Change the Active Security Management Server to Standby.
- D. Manually synchronize the Active and Standby Security Management Servers.
NEW QUESTION 3
Fill in the blank: In order to install a license, it must first be added to the ______ .
- A. User Center
- B. Package repository
- C. Download Center Web site
- D. License and Contract repository
NEW QUESTION 4
How many users can have read/write access in Gaia at one time?
- A. Infinite
- B. One
- C. Three
- D. Two
NEW QUESTION 5
Which of the following is NOT an option for internal network definition of Anti-spoofing?
- A. Specific – derived from a selected object
- B. Route-based – derived from gateway routing table
- C. Network defined by the interface IP and Net Mask
- D. Not-defined
NEW QUESTION 6
Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
- A. Auditor
- B. Read Only All
- C. Super User
- D. Full Access
To create a new permission profile:
In SmartConsole, go to Manage & Settings > Permissions and Administrators > Permission Profiles.
Click New Profile.
The New Profile window opens.
Enter a unique name for the profile.
Select a profile type:
Read/Write All - Administrators can make changes
Auditor (Read Only All) - Administrators can see information but cannot make changes
Customized - Configure custom settings
NEW QUESTION 7
Fill in the blank: In Security Gateways R75 and above, SIC uses _____ for encryption.
- A. AES-128
- B. AES-256
- C. DES
- D. 3DES
NEW QUESTION 8
Fill in the blank: A(n) _____ rule is created by an administrator and is located before the first and before last rules in the Rule Base.
- A. Firewall drop
- B. Explicit
- C. Implicit accept
- D. Implicit drop
- E. Implied
This is the order that rules are enforced:
First Implied Rule: You cannot edit or delete this rule and no explicit rules can be placed before it.
Explicit Rules: These are rules that you create.
Before Last Implied Rules: These implied rules are applied before the last explicit rule.
Last Explicit Rule: We recommend that you use the Cleanup rule as the last explicit rule.
Last Implied Rules: Implied rules that are configured as Last in Global Properties.
Implied Drop Rule: Drops all packets without logging.
NEW QUESTION 9
Review the rules. Assume domain UDP is enabled in the implied rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
- A. can connect to the Internet successfully after being authenticated.
- B. is prompted three times before connecting to the Internet successfully.
- C. can go to the Internet after Telnetting to the client authentication daemon port 259.
- D. can go to the Internet, without being prompted for authentication.
NEW QUESTION 10
How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?
- A. Change the gateway settings to allow Captive Portal access via an external interface.
- B. No action is necessar
- C. This access is available by default.
- D. Change the Identity Awareness settings under Global Properties to allow Captive Policy access on all interfaces.
- E. Change the Identity Awareness settings under Global Properties to allow Captive Policy access for an external interface.
NEW QUESTION 11
Which of the following is NOT a component of a Distinguished Name?
- A. Organization Unit
- B. Country
- C. Common name
- D. User container
Distinguished Name Components
CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name
NEW QUESTION 12
Fill in the blank: The tool ____ generates a R80 Security Gateway configuration report.
- A. infoCP
- B. infoview
- C. cpinfo
- D. fw cpinfo
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.
When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security Gateways involved in your case.
NEW QUESTION 13
Which identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?
- A. ADQuery
- B. Terminal Servers Endpoint Identity Agent
- C. Endpoint Identity Agent and Browser-Based Authentication
- D. RADIUS and Account Logon
NEW QUESTION 14
Which of the following commands is used to monitor cluster members?
- A. cphaprob state
- B. cphaprob status
- C. cphaprob
- D. cluster state
NEW QUESTION 15
Which of the following is NOT an advantage to using multiple LDAP servers?
- A. You achieve a faster access time by placing LDAP servers containing the database at remote sites
- B. Information on a user is hidden, yet distributed across several servers
- C. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
- D. You gain High Availability by replicating the same information on several servers
NEW QUESTION 16
NAT can NOT be configured on which of the following objects?
- A. HTTP Logical Server
- B. Gateway
- C. Address Range
- D. Host
NEW QUESTION 17
What will be the effect of running the following command on the Security Management Server?
- A. Remove the installed Security Policy.
- B. Remove the local ACL lists.
- C. No effect.
- D. Reset SIC on all gateways.
This command uninstall actual security policy (already installed) References:
NEW QUESTION 18
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?
- A. There is a virus foun
- B. Traffic is still allowed but not accelerated
- C. The connection required a Security server
- D. Acceleration is not enabled
- E. The traffic is originating from the gateway itself
NEW QUESTION 19
Which options are given on features, when editing a Role on Gaia Platform?
- A. Read/Write, Read Only
- B. Read/Write, Read only, None
- C. Read/Write, None
- D. Read Only, None
Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow Gaia users to access specified features by including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (readonly) access to other features, and no access to other features.
You can also specify which access mechanisms (WebUI or the CLI) are available to the user.
Note - When users log in to the WebUI, they see only those features that they have read-only or read/write access to. If they have read-only access to a feature, they can see the settings pages, but cannot change the settings.
Gaia includes these predefined roles:
You cannot delete or change the predefined roles.
Note - Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS) and not on the local Gaia system.
NEW QUESTION 20
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?
- A. SmartView Tracker and SmartView Monitor
- B. SmartLSM and SmartUpdate
- C. SmartDashboard and SmartView Tracker
- D. SmartView Monitor and SmartUpdate
NEW QUESTION 21
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the following except:
- A. Create new dashboards to manage 3rd party task
- B. Create products that use and enhance 3rd party solutions
- C. Execute automated scripts to perform common tasks
- D. Create products that use and enhance the Check Point Solution
NEW QUESTION 22
What is the BEST method to deploy identity Awareness for roaming users?
- A. Use Office Mode
- B. Use identity agents
- C. Share user identities between gateways
- D. Use captive portal
NEW QUESTION 23
From SecureXL perspective, what are the tree paths of traffic flow:
- A. Initial Path; Medium Path; Accelerated Path
- B. Layer Path; Blade Path; Rule Path
- C. Firewall Path; Accept Path; Drop Path
- D. Firewall Path; Accelerated Path; Medium Path
NEW QUESTION 24
Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?
- A. Security questions
- B. Check Point password
- C. SecurID
- D. RADIUS
Authentication Schemes :- Check Point Password
- Operating System Password
- Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied.
NEW QUESTION 25
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically?
- A. No, since “maintain current active cluster member” option on the cluster object properties is enabled by default
- B. No, since “maintain current active cluster member” option is enabled by default on the Global Properties
- C. Yes, since “Switch to higher priority cluster member” option on the cluster object properties is enabled by default
- D. Yes, since “Switch to higher priority cluster member” option is enabled by default on the Global Properties
What Happens When a Security Gateway Recovers?
In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are redistributed among all active members. High Availability and Load Sharing in ClusterXL ClusterXL Administration Guide R77 Versions | 31 In a High Availability configuration, when the failed Security Gateway in a cluster recovers, the recovery method depends on the configured cluster setting. The options are:
• Maintain Current Active Security Gateway means that if one member passes on control to a lower priority member, control will be returned to the higher priority member only if the lower priority member fails. This mode is recommended if all members are equally capable of processing traffic, in order to minimize the number of failover events.
• Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher priority member is restored, then control will be returned to the higher priority member. This mode is recommended if one member is better equipped for handling connections, so it will be the default Security Gateway.
NEW QUESTION 26
P.S. Thedumpscentre.com now are offering 100% pass ensure 156-215.80 dumps! All 156-215.80 exam questions have been updated with correct answers: https://www.thedumpscentre.com/156-215.80-dumps/ (485 New Questions)