156-315.80 | The Far Out Guide To 156-315.80 Actual Exam

NEW QUESTION 1
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

• A. fwd
• B. fwm
• C. cpd
• D. cpwd

Answer: B

NEW QUESTION 2
What is the mechanism behind Threat Extraction?

• A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
• B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.
• C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
• D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Answer: D

NEW QUESTION 3
If an administrator wants to add manual NAT for addresses now owned by the Check Point firewall, what else is necessary to be completed for it to function properly?

• A. Nothing - the proxy ARP is automatically handled in the R80 version
• B. Add the proxy ARP configurations in a file called /etc/conf/local.arp
• C. Add the proxy ARP configurations in a file called $FWDIR/conf/local.arp
• D. Add the proxy ARP configurations in a file called $CPDIR/conf/local.arp

Answer: D

NEW QUESTION 4
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)

• A. The current administrator has read-only permissions to Threat Prevention Policy.
• B. Another user has locked the rule for editing.
• C. Configuration lock is presen
• D. Click the lock symbol to gain read-write access.
• E. The current administrator is logged in as read-only because someone else is editing the policy.

Answer: B

Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_

NEW QUESTION 5
Which command shows actual allowed connections in state table?

• A. fw tab –t StateTable
• B. fw tab –t connections
• C. fw tab –t connection
• D. fw tab connections

Answer: B

NEW QUESTION 6
What is the command to show SecureXL status?

• A. fwaccel status
• B. fwaccel stats -m
• C. fwaccel -s
• D. fwaccel stat

Answer: D

Explanation:
To check overall SecureXL status: [Expert@HostName]# fwaccel stat References:

NEW QUESTION 7
The following command is used to verify the CPUSE version:

• A. HostName:0>show installer status build
• B. [Expert@HostName:0]#show installer status
• C. [Expert@HostName:0]#show installer status build
• D. HostName:0>show installer build

Answer: A

NEW QUESTION 8
What is the default size of NAT table fwx_alloc?

• A. 20000
• B. 35000
• C. 25000
• D. 10000

Answer: C

NEW QUESTION 9
What is the benefit of “tw monitor” over “tcpdump”?

• A. “fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.
• B. “fw monitor” is also available for 64-Bit operating systems.
• C. With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”
• D. “fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.

Answer: C

NEW QUESTION 10
Which firewall daemon is responsible for the FW CLI commands?

• A. fwd
• B. fwm
• C. cpm
• D. cpd

Answer: A

NEW QUESTION 11
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:

• A. All UDP packets
• B. All IPv6 Traffic
• C. All packets that match a rule whose source or destination is the Outside Corporate Network
• D. CIFS packets

Answer: D

NEW QUESTION 12
What is true about the IPS-Blade?

• A. In R80, IPS is managed by the Threat Prevention Policy
• B. In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
• C. In R80, IPS Exceptions cannot be attached to “all rules”
• D. In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

Answer: A

NEW QUESTION 13
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

• A. cphaprob –f register
• B. cphaprob –d –s report
• C. cpstat –f all
• D. cphaprob –a list

Answer: D

NEW QUESTION 14
Which process handles connection from SmartConsole R80?

• A. fwm
• B. cpmd
• C. cpm
• D. cpd

Answer: C

NEW QUESTION 15
At what point is the Internal Certificate Authority (ICA) created?

• A. Upon creation of a certificate.
• B. During the primary Security Management Server installation process.
• C. When an administrator decides to create one.
• D. When an administrator initially logs into SmartConsole.

Answer: B

NEW QUESTION 16
SmartEvent does NOT use which of the following procedures to identify events:

• A. Matching a log against each event definition
• B. Create an event candidate
• C. Matching a log against local exclusions
• D. Matching a log against global exclusions

Answer: C

Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
• Matching a Log Against Global Exclusions
• Matching a Log Against Each Event Definition
• Creating an Event Candidate
• When a Candidate Becomes an Event References:

NEW QUESTION 17
Which of the following is a task of the CPD process?

• A. Invoke and monitor critical processes and attempts to restart them if they fail
• B. Transfers messages between Firewall processes
• C. Log forwarding
• D. Responsible for processing most traffic on a security gateway

Answer: A

Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/12496.htm

NEW QUESTION 18
Which of the SecureXL templates are enabled by default on Security Gateway?

• A. Accept
• B. Drop
• C. NAT
• D. None

Answer: D

NEW QUESTION 19
Where do you create and modify the Mobile Access policy in R80?

• A. SmartConsole
• B. SmartMonitor
• C. SmartEndpoint
• D. SmartDashboard

Answer: A

NEW QUESTION 20
Office mode means that:

• A. SecurID client assigns a routable MAC addres
• B. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
• C. Users authenticate with an Internet browser and use secure HTTPS connection.
• D. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
• E. Allows a security gateway to assign a remote client an IP addres
• F. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Answer: D

NEW QUESTION 21
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules

• A. 1, 2, 3, 4
• B. 1, 4, 2, 3
• C. 3, 1, 2, 4
• D. 4, 3, 1, 2

Answer: A

NEW QUESTION 22
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

• A. restore_backup
• B. import backup
• C. cp_merge
• D. migrate import

Answer: D

NEW QUESTION 23
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?

• A. new host name “New Host” ip-address “192.168.0.10”
• B. set host name “New Host” ip-address “192.168.0.10”
• C. create host name “New Host” ip-address “192.168.0.10”
• D. add host name “New Host” ip-address “192.168.0.10”

Answer: D

NEW QUESTION 24
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

• A. $FWDIR/database/fwauthd.conf
• B. $FWDIR/conf/fwauth.conf
• C. $FWDIR/conf/fwauthd.conf
• D. $FWDIR/state/fwauthd.conf

Answer: C

NEW QUESTION 25
Which remote Access Solution is clientless?

• A. Checkpoint Mobile
• B. Endpoint Security Suite
• C. SecuRemote
• D. Mobile Access Portal

Answer: D

NEW QUESTION 26
......