Anda di halaman 1dari 8

Checkpoint

156-915.80

Check Point Certified


Security Expert Update
- R80.10
Version: Demo

[ Total Questions: 10]


Web: www.examsout.com

Email: support@examsout.com
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at feedback@examsout.com

Support
If you have any questions about our product, please provide the following items:

exam code
screenshot of the question
login id/email

please contact us at support@examsout.com and our technical experts will provide support within 24 hours.

Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Best Practice Tool Checkpoint - 156-915.80

Question #:1

Which command collects diagnostic data for analyzing customer setup remotely?

A. cpinfo

B. migrate export

C. sysinfo

D. cpview

Answer: A

Explanation
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of

execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading
files to Check Point servers).

The CPInfo output file allows analyzing customer setups from a remote location. Check Point support

engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and

Objects. This allows the in-depth analysis of customer's configuration and environment settings.

Question #:2

When deploying multiple clustered firewalls on the same subnet, what does the firewall administrator need to
configure to prevent CCP broadcasts being sent to the wrong cluster?

A. Set the fwha_mac_magic_forward parameter in the $CPDIR/boot/modules/ha_boot. conf

B. Set the fwha_mac_magic parameter in the $FWDIR/boot/fwkern.conf file

C. Set the cluster global ID using the command “cphaconf cluster_id set <value>”

D. Set the cluster global ID using the command “fw ctt set cluster_id <value>”

Answer: C

Question #:3

Which of these options is an implicit MEP option?

A. Primary-backup

B. Source address based

Only Way to Success in your 1st Attempt 1 of 5


Best Practice Tool Checkpoint - 156-915.80

C. Round robin

D. Load Sharing

Answer: A

Explanation
There are three methods to implement implicit MEP:

First to Respond, in which the first Security Gateway to reply to the peer Security Gateway is chosen. An

organization would choose this option if, for example, the organization has two Security Gateways in a MEP
configuration - one in London, the other in New York. It makes sense for VPN-1 peers located in England to
try the London Security Gateway first and the NY Security Gateway second. Being geographically closer to
VPN peers in England, the London Security Gateway is the first to respond, and becomes the entry point to the
internal network. See: First to Respond.

Primary-Backup, in which one or multiple backup Security Gateways provide "high availability" for a primary
Security Gateway. The remote peer is configured to work with the primary Security Gateway, but switches to
the backup Security Gateway if the primary goes down. An organization might decide to use this configuration
if it has two machines in a MEP environment, one of which is stronger than the other. It makes sense to
configure the stronger machine as the primary. Or perhaps both machines are the same in terms of strength of
performance, but one has a cheaper or faster connection to the Internet. In this case, the machine with the
better Internet connection should be configured as the primary. See: Primary-Backup Security Gateways.

Load Distribution, in which the remote VPN peer randomly selects a Security Gateway with which to open a
connection. For each IP source/destination address pair, a new Security Gateway is randomly selected. An
organization might have a number of machines with equal performance abilities. In this case, it makes

sense to enable load distribution. The machines are used in a random and equal way. See: Random

Selection.

Question #:4

John detected high load on sync interface. Which is most recommended solution?

A. For short connections like http service – delay sync for 2 seconds

B. Add a second interface to handle sync traffic

C. For short connections like http service – do not sync

D. For short connections like icmp service – delay sync for 2 seconds

Answer: A

Question #:5

Only Way to Success in your 1st Attempt 2 of 5


Best Practice Tool Checkpoint - 156-915.80

What is the SOLR database for?

A. Used for full text search and enables powerful matching capabilities

B. Writes data to the database and full text search

C. Serves GUI responsible to transfer request to the DLEserver

D. Enables powerful matching capabilities and writes data to the database

Answer: A

Question #:6

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session
without employing Stateful Inspection?

A. Stateful Mode

B. VPN Routing Mode

C. Wire Mode

D. Stateless Mode

Answer: C

Explanation
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing
Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source
and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure
VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place,
dynamicrouting protocols that do not survive state verification in non-Wire Mode configurations can now be
deployed.

The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of
"Wire Mode".

Question #:7

On R80.10 the IPS Blade is managed by:

A. Threat Protection policy

B. Anti-Bot Blade

C.

Only Way to Success in your 1st Attempt 3 of 5


Best Practice Tool Checkpoint - 156-915.80

C. Threat Prevention policy

D. Layers on Firewall policy

Answer: A

Question #:8

Which packet info is ignored with Session Rate Acceleration?

A. source port ranges

B. source ip

C. source port

D. same info from Packet Acceleration is used

Answer: C

Question #:9

What is the purpose of Priority Delta in VRRP?

A. When a box is up, Effective Priority = Priority + Priority Delta

B. When an Interface is up, Effective Priority = Priority + Priority Delta

C. When an Interface fail, Effective Priority = Priority – Priority Delta

D. When a box fail, Effective Priority = Priority – Priority Delta

Answer: C

Explanation
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The
monitored interfaces do not have to be running VRRP. If a monitored interface loses its link state, then VRRP
will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP
HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup
platform will beging to send out its own HELLO packet. Once the master sees this packet with a priority
greater than its own, then it releases the VIP.

Question #:10

What is the purpose of a SmartEvent Correlation Unit?

A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to

Only Way to Success in your 1st Attempt 4 of 5


Best Practice Tool Checkpoint - 156-915.80
A.
the SmartEvent Server

B. The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.

C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats
and convert them to events.

D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server

Answer: C

Only Way to Success in your 1st Attempt 5 of 5


About examsout.com
examsout.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam
Questions, Study Guides, Practice Tests.

We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.

View list of all certification exams: All vendors

We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
below.

Sales: sales@examsout.com
Feedback: feedback@examsout.com
Support: support@examsout.com

Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.