156-215.80 Exam Questions
561 real 156-215.80 exam questions with expert-verified answers and explanations. Page 6 of 12.
- Question #251Monitoring and Reporting
Which R77 GUI would you use to see number of packets accepted since the last policy install?
SmartView Monitorpacket counterstraffic statisticspolicy install - Question #252Deployment and Configuration
Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?
Identity Awarenessbridge modefirewall deployment modesfail open - Question #253User Management and Authentication
What is the Manual Client Authentication TELNET port?
manual client authenticationTELNET portport 259authentication ports - Question #254User Management and Authentication
Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of th...
captive portalIdentity Awarenessaccess roleHTTP redirect - Question #255VPN Solutions
How many packets does the IKE exchange use for Phase 1 Main Mode?
IKE Main ModePhase 1packet exchangeVPN negotiation - Question #256Network Address Translation (NAT)
What is also referred to as Dynamic NAT?
dynamic NAThide NATNAT typesaddress translation - Question #257Deployment and Configuration
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object d...
gateway objectpolicy installationexternally managed gatewaySIC - Question #258User Management and Authentication
Which of the following is NOT a valid option when configuring access for Captive Portal?
captive portalaccess configurationinterface optionsIdentity Awareness - Question #259Security Policy Management
As you review this Security Policy, what changes could you make to accommodate Rule 4?
rule base analysisVPN columnrule optimizationpolicy review - Question #260Security Gateway Troubleshooting
What happens when you run the command: fw sam -J src [Source IP Address]?
fw samsuspicious activity monitoringsource blockingCLI commands - Question #261VPN Solutions
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?
VPN authenticationcertificatespre-shared secretIKE - Question #262Deployment and Configuration
According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):
gateway objectsexternally managed gatewaySmartDashboardnetwork objects - Question #263User Management and Authentication
You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?
RSA SecurIDgeneric useruser integrationSmartDashboard - Question #264User Management and Authentication
Where does the security administrator activate Identity Awareness within SmartDashboard?
Identity Awarenessgateway objectSmartDashboardconfiguration - Question #265Security Gateway Troubleshooting
While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remembe...
SmartView TrackerBlock Intruderactive modeintrusion blocking - Question #266Security Policy Management
You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to...
Database Revision Controlbackupsecurity policyconfiguration management - Question #267Network Address Translation (NAT)
You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?
SmartView TrackerNAT loggingXlateSPortsource NAT - Question #268User Management and Authentication
What happens if the identity of a user is known?
Identity AwarenessAccess Rolerule matchinguser credentials - Question #269Security Gateway Troubleshooting
Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?
Block IntruderSmartView Trackeractive connectionschange control - Question #270Deployment and Configuration
What port is used for communication to the User Center with SmartUpdate?
SmartUpdateHTTPS 443User Centerport - Question #271Monitoring and Reporting
How do you configure an alert in SmartView Monitor?
SmartView Monitoralertsthreshold configurationgateway monitoring - Question #272Security Policy Management
Where would an administrator enable Implied Rules logging?
implied rulesloggingGlobal PropertiesSmartDashboard - Question #273VPN Solutions
Which of these attributes would be critical for a site-to-site VPN?
site-to-site VPNdata encryptionVPN attributessecurity requirements - Question #274Monitoring and Reporting
You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor. Unfortunately, you get the message: "There are no mach...
SmartView Monitormonitoring bladegateway configurationtroubleshooting - Question #275VPN Solutions
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm's business partners. Which SmartConsole application shou...
IKE Phase 2VPN troubleshootingSmartView Trackersite-to-site VPN - Question #276Introduction to Check Point Technology
Which of the following uses the same key to decrypt as it does to encrypt?
symmetric encryptioncryptographyencryption typesdata security - Question #277User Management and Authentication
How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?
Captive PortalIdentity Awarenessexternal interfacegateway settings - Question #278User Management and Authentication
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you reme...
User Authenticationauthentication rulerule matchinggateway behavior - Question #279User Management and Authentication
As a Security Administrator, you must refresh the Client Authentication authorized time-out every time a new user connection is authorized. How do you do this? Enable the Refreshab...
Client Authenticationrefreshable timeoutauthentication actionconfiguration - Question #280Deployment and Configuration
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be...
GAiAMAC addressnetwork interfaceeth0 configuration - Question #281User Management and Authentication
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access r...
identity awarenessuser authenticationIP-based access controlstatic IP limitation - Question #282User Management and Authentication
Review the rules. Assume domain UDP is enabled in the implied rules. What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
client authenticationimplied rulesHTTP accessauthentication bypass - Question #283Deployment and Configuration
Which component functions as the Internal Certificate Authority for R77?
Internal Certificate AuthorityICAManagement ServerPKI - Question #284Introduction to Check Point Technology
Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all of the following except:
Check Point APIAPI capabilitiesthird-party integrationmanagement API - Question #285VPN Solutions
In what way are SSL VPN and IPSec VPN different?
SSL VPNIPSec VPNvirtual adapterclientless VPN - Question #286Security Gateway Troubleshooting
Which command can you use to enable or disable multi-queue per interface?
cpmqmulti-queueCoreXLCLI commands - Question #287Security Gateway Troubleshooting
Which limitation of CoreXL is overcome by using (mitigated by) Multi-Queue?
CoreXLMulti-QueueNIC traffic queueCPU cores - Question #288Security Gateway Troubleshooting
To fully enable Dynamic Dispatcher on a Security Gateway:
Dynamic DispatcherCoreXLfw ctl multikperformance tuning - Question #289Introduction to Check Point Technology
What are types of Check Point APIs available currently as part of R80.10 code?
Check Point APIsR80.10Management APIOPSEC - Question #290ClusterXL High Availability
What is the purpose of Priority Delta in VRRP?
VRRPPriority Deltaeffective priorityinterface failure - Question #291Introduction to Check Point Technology
The Firewall kernel is replicated multiple times, therefore:
CoreXLFirewall kernelmulti-corepolicy enforcement - Question #292Introduction to Check Point Technology
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
Management APImgmt_cliSmartConsoleAPI methods - Question #293User Management and Authentication
Which the following type of authentication on Mobile Access can NOT be used as the first authentication method?
Mobile AccessDynamic IDfirst authentication methodauthentication methods - Question #294Security Gateway Troubleshooting
Which command can you use to verify the number of active concurrent connections?
concurrent connectionsfw ctl pstatconnection tablediagnostic commands - Question #295VPN Solutions
Which remote Access Solution is clientless?
clientless VPNMobile Access Portalremote accessSSL VPN - Question #296Introduction to Check Point Technology
What component of R80 Management is used for indexing?
R80 ManagementSOLRindexingarchitecture components - Question #297Network Address Translation (NAT)
Which NAT rules are prioritized first?
NAT rule prioritymanual NATautomatic NATpre-automatic NAT - Question #298Monitoring and Reporting
What is the difference between an event and a log?
eventslogsEvent PolicySmartEvent - Question #299Security Gateway Troubleshooting
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for virus...
SecureXL accelerationgateway-originated trafficacceleration bypasstraffic inspection - Question #300Introduction to Check Point Technology
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
Stateful Inspectionpacket rejectionrule baselogging behavior