Jul-2021 Latest ActualTestsIT 156-215.80 Exam Dumps with PDF and Exam Engine Free Updated Today!
Following are some new 156-215.80 Real Exam Questions!
NEW QUESTION 123
What is the purpose of the CPCA process?
- A. Generating and modifying certificates
- B. Communication between GUI clients and the SmartCenter server
- C. Sending and receiving logs
- D. Monitoring the status of processes
Answer: A
Explanation:
Reference:https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
NEW QUESTION 124
When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?
- A. Log, allow packets, email
- B. Drop packet, alert, none
- C. Log, send snmp trap, email
- D. Log, alert, none
Answer: D
Explanation:
Explanation/Reference:
Explanation: Configure Spoof Tracking - select the tracking action that is done when spoofed packets are detected:
Log - Create a log entry (default)
Alert - Show an alert
None - Do not log or alert
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/ R80/CP_R80_SecMGMT/126197
NEW QUESTION 125
What will be the effect of running the following command on the Security Management Server?
- A. Remove the installed Security Policy.
- B. Remove the local ACL lists.
- C. No effect.
- D. Reset SIC on all gateways.
Answer: A
Explanation:
Explanation/Reference:
Explanation: This command uninstall actual security policy (already installed) Reference: https://sc1.checkpoint.com/documents/R77/ CP_R77_SecurityGatewayTech_WebAdmin/6751.htm
NEW QUESTION 126
What Check Point tool is used to automatically update Check Point products for the Gaia OS?
- A. Check Point Upgrade Service Engine
- B. Check Point Upgrade Installation Service
- C. Check Point INSPECT Engine
- D. Check Point Update Engine
Answer: A
Explanation:
Reference:https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_Installation_and_Upgrade_Guide/ html_frameset.htm?topic=documents/R77/CP_R77_Gaia_Installation_and_Upgrade_Guide/129978
NEW QUESTION 127
The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is _______ .
- A. TCP 443
- B. TCP 18211
- C. TCP 257
- D. TCP 4433
Answer: A
NEW QUESTION 128
What will be the effect of running the following command on the Security Management Server?
- A. Remove the installed Security Policy.
- B. Remove the local ACL lists.
- C. No effect.
- D. Reset SIC on all gateways.
Answer: A
Explanation:
Explanation
This command uninstall actual security policy (already installed)
NEW QUESTION 129
The most important part of a site-to-site VPN deployment is the ________ .
- A. Encrypted VPN tunnel
- B. Remote users
- C. Internet
- D. VPN gateways
Answer: A
Explanation:
Site to Site VPN
The basis of Site to Site VPN is the encrypted VPN tunnel. Two Security Gateways negotiate a link and create a VPN tunnel and each tunnel can contain more than one VPN connection. One Security Gateway can maintain more than one VPN tunnel at the same time.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92709.htm
NEW QUESTION 130
You want to define a selected administrator's permission to edit a layer. However, when you click the + sign in the "Select additional profile that will be able edit this layer" you do not see anything. What is the most likely cause of this problem? Select the BEST answer.
- A. There are no permission profiles available and you need to create one first.
- B. All permission profiles are in use.
- C. "Edit layers by Software Blades" is unselected in the Permission Profile
- D. "Edit layers by selected profiles in a layer editor" is unselected in the Permission profile.
Answer: A
NEW QUESTION 131
Fill in the blank: Authentication rules are defined for ____________.
- A. Users using UserCheck
- B. Individual users
- C. All users in the database
- D. User groups
Answer: D
Explanation:
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SGW_WebAdmin/6721.htm
NEW QUESTION 132
Fill in the blank: Each cluster, at a minimum, should have at least ___________ interfaces.
- A. Five
- B. Two
- C. Four
- D. Three
Answer: D
NEW QUESTION 133
Which default Gaia user has full read/write access?
- A. Administrator
- B. Altuser
- C. Superuser
- D. Monitor
Answer: A
NEW QUESTION 134
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his desktop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
3) Changes from static IP address to DHCP for the client PC.
What should John request when he cannot access the web server from his laptop?
- A. Investigate this as a network connectivity issue
- B. John should install the Identity Awareness Agent
- C. The access should be changed to authenticate the user instead of the PC
- D. John should lock and unlock his computer
Answer: C
NEW QUESTION 135
You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.
Unfortunately, you get the message:
"There are no machines that contain Firewall Blade and SmartView Monitor".
What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.
- A. Purchase the SmartView Monitor license for your Security Management Server.
- B. Enable Monitoring on your Security Gateway.
- C. Enable Monitoring on your Security Management Server.
- D. Purchase the SmartView Monitor license for your Security Gateway.
Answer: B
NEW QUESTION 136
Fill in the blank: Each cluster has __________ interfaces.
- A. Five
- B. Two
- C. Four
- D. Three
Answer: D
Explanation:
Explanation
Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch.
NEW QUESTION 137
Which Threat Prevention Software Blade provides comprehensive against malicious and unwanted network traffic, focusing on application and server vulnerabilities?
- A. IPS
- B. Anti-Spam
- C. Anti-bot
- D. Anti-Virus
Answer: A
Explanation:
The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:
* Malware attacks
* Dos and DDoS attacks
* Application and server vulnerabilities
* Insider threats
* Unwanted application traffic, including IM and P2P
Reference: https://www.checkpoint.com/products/ips-software-blade/
NEW QUESTION 138
Which of the following is NOT an alert option?
- A. High alert
- B. User defined alert
- C. Mail
- D. SNMP
Answer: A
Explanation:
In Action, select:
* none - No alert.
* log - Sends a log entry to the database.
* alert - Opens a pop-up window to your desktop.
* mail - Sends a mail alert to your Inbox.
* snmptrap - Sends an SNMP alert.
* useralert - Runs a script. Make sure a user-defined action is available. Go to SmartDashboard > Global Properties > Log and Alert > Alert Commands.
Reference: https://sc1.checkpoint.com/documents/R77/
CP_R77_SmartViewMonitor_AdminGuide/101104.htm
NEW QUESTION 139
Web Control Layer has been set up using the settings in the following dialogue:
Consider the following policy and select the BEST answer.
- A. Anyone from internal network can access the internet, expect the traffic defined in drop rules 5.2, 5.5 and 5.6.
- B. All employees can access only Youtube and Vimeo.
- C. Access to Youtube and Vimeo is allowed only once a day.
- D. Traffic that does not match any rule in the subpolicy is dropped.
Answer: A
Explanation:
Explanation
Policy Layers and Sub-Policies
R80 introduces the concept of layers and sub-policies, allowing you to segment your policy according to your network segments or business units/functions. In addition, you can also assign granular privileges by layer or sub-policy to distribute workload and tasks to the most qualified administrators
NEW QUESTION 140
To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?
- A. Distributed
- B. Standalone
- C. Full HA Cluster
- D. High Availability
Answer: D
NEW QUESTION 141
Which type of attack can a firewall NOT prevent?
- A. SQL Injection
- B. SYN Flood
- C. Network Bandwidth Saturation
- D. Buffer Overflow
Answer: D
NEW QUESTION 142
How can the changes made by an administrator before publishing the session be seen by a superuser administrator?
- A. They cannot be seen
- B. From Manage and Settings > Sessions, right click on the session and click 'View Changes...'
- C. By impersonating the administrator with the 'Login as...' option
- D. From the SmartView Tracker audit log
Answer: D
NEW QUESTION 143
Which of the following is NOT an option to calculate the traffic direction?
- A. External
- B. Incoming
- C. Internal
- D. Outgoing
Answer: D
NEW QUESTION 144
Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.
- A. Quick
- B. Authentication
- C. Main
- D. High Alert
Answer: C
Explanation:
Explanation/Reference:
Explanation:
Phase I modes
Between Security Gateways, there are two modes for IKE phase I These modes only apply to IKEv1:
Main Mode
Aggressive Mode
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13847.htm
NEW QUESTION 145
Which of the following is NOT a VPN routing option available in a star community?
- A. To center only
- B. To satellites through center only
- C. To center and to other satellites through center
- D. To center, or through the center to other satellites, to Internet and other VPN targets
Answer: A,B
Explanation:
Explanation/Reference:
Explanation:
SmartConsole
For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 SmartConsole:
1. On the Star Community window, in the:
a. Center Gateways section, select the Security Gateway that functions as the "Hub".
b. Satellite Gateways section, select Security Gateways as the "spokes", or satellites.
2. On the VPN Routing page, Enable VPN routing for satellites section, select one of these options:
a. To center and to other Satellites through center - This allows connectivity between the Security Gateways, for example if the spoke Security Gateways are DAIP Security Gateways, and the Hub is a Security Gateway with a static IP address.
b. To center, or through the center to other satellites, to internet and other VPN targets - This allows connectivity between the Security Gateways as well as the ability to inspect all communication passing through the Hub to the Internet.
3. Create an appropriate Access Control Policy rule.
4. NAT the satellite Security Gateways on the Hub if the Hub is used to route connections from Satellites to the Internet.
The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_VPN/html_frameset.htm
NEW QUESTION 146
One of major features in R80 SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the same Security Policy?
- A. AdminA and AdminB are editing the same rule at the same time.
- B. A lock icon shows that a rule or an object is locked and will be available.
- C. AdminA, AdminB and AdminC are editing three different rules at the same time.
- D. A lock icon next to a rule informs that any Administrator is working on this particular rule.
Answer: D
Explanation:
Explanation
In SmartConsole, administrators work with sessions. A session is created each time an administrator logs into SmartConsole. Changes made in the session are saved automatically. These changes are private and available only to the administrator. To avoid configuration conflicts, other administrators see a lock icon on objects and rules that are being edited in other sessions
NEW QUESTION 147
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
- A. mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt
- B. mgmt_cli add object "Server_1" ip_address "10.15.123.10" --format json
- C. mgmt_cli add object-host "Server_1" ip_address "10.15.123.10" --format json
- D. mgmt_cli add host name "Server_1" ip_address "10.15.123.10" --format json
Answer: A
Explanation:
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1
NEW QUESTION 148
......
Resources From:
- 2021 Latest ActualTestsIT 156-215.80 Exam Dumps (PDF & Exam Engine) Free Share: https://www.actualtestsit.com/CheckPoint/156-215.80-exam-prep-dumps.html
Free Resources from ActualTestsIT, We Devoted to Helping You 100% Pass All Exams!