156-915.80 Exam Questions

Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. Wha...

Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Aut...

Your primary Security Gateway runs on GAiA. What is the easiest way to back up your Security Gateway R80 configuration, including routing and network configuration files?

You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port s...

Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R80 installation benefits. Your plan must meet the followin...

John detected high load on sync interface. Which is most recommended solution?

When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of?

All R80 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will...

In SPLAT the command to set the timeout was idle. In order to achieve this and increase the timeout for Gaia, what command do you use?

How many pre-defined exclusions are included by default in SmartEvent R80 as part of the product installation?

The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you u...

Which packet info is ignored with Session Rate Acceleration?

ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?

Select the command set best used to verify proper failover function of a new ClusterXL configuration.

You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To o...

How could you compare the Fingerprint shown to the Fingerprint on the server?

Which of the following is a CLI command for Security Gateway R80?

What is the purpose of a SmartEvent Correlation Unit?

When defining QoS global properties, which option below is not valid?

When restoring R80 using the command upgrade_import, which of the following items are NOT restored?

When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered? 1) Each member must have a unique source IP address. 2) Every...

What can you do to see the current number of kernel instances in a system with CoreXL enabled?

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

How could you compare the Fingerprint shown to the Fingerprint on the server? Run cpconfig and select:

A ClusterXL configuration is limited to ___ members.

Match the VPN-related terms with their definitions. Each correct term is only used once.

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: Source: Any || Destination: web_public_IP |...

As a Security Administrator, you must refresh the Client Authentication authorization time- out every time a new user connection is authorized. How do you do this? Enable the Refre...

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be...

Use the table to match the BEST Management High Availability synchronication-status descriptions for your Security Management Server (SMS).

How are cached usernames and passwords cleared from the memory of a R80 Security Gateway?

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?

When simulating a problem on CLusterXL cluster with cphaprob -d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove th...

What type of traffic can be re-directed to the Captive Portal?

Which one of these is NOT a firewall chain?

What command would show the API server status?

In R80 spoofing is defined as a method of:

What is the purpose of the pre-defined exclusions included with SmartEvent R80?

The Firewall kernel is replicated multiple times, therefore:

Which statements about Management HA are correct? 1) Primary SmartCenter describes first installed SmartCenter 2) Active SmartCenter is always used to administrate with SmartConsol...

What CLI command will reset the IPS pattern matcher statistics?

What is the primary benefit of using the command upgrade_export over either backup or snapshot?

The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you reme...

When a packet is flowing through the security gateway, which one of the following is a valid inspection path?

Charles requests a Website while using a computer not in the net_singapore network. What is TRUE about his location restriction?

What is the responsibility of SOLR process on R80.10 management server?

What happens if the identity of a user is known?