Checkpoint - Premium.156 915.80.by - Vceplus.100q

Checkpoint.Premium.156-915.80.by.VCEplus.
100q
Number: 156-915.80 VCEplus

Passing Score: 800
Time Limit: 120 min
File Version: 1.2
Exam Code: 156-915.80

Exam Name: CCSE Update R80
Certification Provider: Checkpoint
Corresponding Certifications: Checkpoint
Website: www.vceplus.com
Free Exam: https://vceplus.com/exam-156-915.80/
Questions & Answers Exam Engine is rigorously checked before being put up for sale. We make sure there is nothing irrelevant in 156-915.80 exam products
and you get latest questions. We strive to deliver the best 156-915.80 exam product for top grades in your first attempt.
VCE to PDF Converter : https://vceplus.com/vce-to-pdf/

Facebook: https://www.facebook.com/VCE.For.All.VN/
Twitter : https://twitter.com/VCE_Plus
Google+ : https://plus.google.com/+Vcepluscom
LinkedIn : https://www.linkedin.com/company/vceplus
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online
QUESTION 1
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall can run the same policy on all cores
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core.
These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel
instances in the Security Gateway process traffic through the same interfaces and apply the same security policy.
Reference: https://scl .checkpoint.com/documents/R77ZCP_R77_PerformanceTuning_WebAdmin/6731.htm
QUESTION 2
What is the command to show SecureXL status?
A. fwaccel status
B. fwaccel stats -m
C. fwaccel -s
D. fwaccel stat
Correct Answer: D
Section: (none)
Explanation
Explanation:
To check overall SecureXL status:
[Expert@HostName]# fwaccel stat
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
QUESTION 3
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day
Protection?
A. Smart Cloud Services

B. Load Sharing Mode Services
C. Threat Agent Solution
D. Public Cloud Services
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.checkpoint.com/products/threat-emulation-sandboxing/
QUESTION 4
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
A. Anti-Bot is the only countermeasure against unknown malware

B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
C. Anti-Bot is the only signature-based method of malware protection
D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1 checkpoint.com/documents/R76/CP_R76_AntiBotAntiVirus_AdminGuide/index.html
QUESTION 5
SmartEvent does NOT use which of the following procedures to identify events?
A. Matching a log against each event definition

B. Create an event candidate
C. Matching a log against local exclusions
D. Matching a log against global exclusions
Correct Answer: C
Section: (none)
Explanation
Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses
these procedures to identify events:
•Matching a Log Against Global Exclusions
•Matching a Log Against Each Event Definition
•Creating an Event Candidate
•When a Candidate Becomes an Event
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 6
Check Point recommends configuring Disk Space Management parameters to delete old log entities when available disk space is less than or equal to?
A. 50%
B. 75%
C. 80%
D. 15%
Correct Answer: D
Section: (none)
Explanation
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=skl 10557
QUESTION 7
VPN Tunnel Sharing can be configured with any of the options below, EXCEPT One:
A. Gateway-based
B. Subnet-based
C. IP range based
D. Host-based
Correct Answer: C
Section: (none)
Explanation
Explanation:
VPN Tunnel Sharing provides interoperability and scalability by controlling the number of VPN tunnels created between peer Security Gateways. There are three
available settings:
•One VPN tunnel per each pair of hosts
•One VPN tunnel per subnet pair
•One VPN tunnel per Security Gateway pair
Reference: https://scl.checkpoint.com/documents/R77ZCP_R77_VPN_AdminGuide/14018.htm
QUESTION 8
What is the responsibility of SOLR process on R80.10 management server?
A. Validating all data before it’s written into the database

B. It generates indexes of data written to the database
C. Communication between SmartConsole applications and the Security Management Server
D. Writing all information into the database
Correct Answer: B
Section: (none)
Explanation
QUESTION 9
What are the three components for Check Point Capsule?
A. Capsule Docs, Capsule Cloud, Capsule Connect

B. Capsule Workspace, Capsule Cloud, Capsule Connect
C. Capsule Workspace, Capsule Docs, Capsule Connect
D. Capsule Workspace, Capsule Docs, Capsule Cloud
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.checkpoint.com/solutions/mobile-security/check-point-capsule/
QUESTION 10
Which components allow you to reset a VPN tunnel?
A. vpn tu command or SmartView monitor

B. delete vpn ike sa or vpn shell command
C. vpn tunnelutil or delete vpn ike sa command
D. SmartView monitor only
Correct Answer: D
Section: (none)
Explanation
QUESTION 11
Which of the following is NOT an internal/native Check Point command?
A. fwaccel on
B. fw ct1 debug
C. tcpdump
D. cphaprob
Correct Answer: C
Section: (none)
Explanation
QUESTION 12
What is the valid range for VRID value in VRRP configuration?
A. 1 - 254
B. 1 - 255
C. 0 - 254
D. 0 - 255
Correct Answer: B
Section: (none)
Explanation
Explanation:
Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255. Reference: https://sc1.checkpoint.com/documents/R76/
CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 13
What are types of Check Point APIs available currently as part of R80.10 code?
A. Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API
B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
C. OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API
D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
Correct Answer: B
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/
CP_R80_CheckPoint_APLReferenceGuide.pdf?HashKey=1522171994_d7bae71a861bbc54c18c61420e586d77&xtn=.pdf
QUESTION 14
What GUI client would you use to view an IPS packet capture?
A. SmartView Monitor
B. SmartView Tracker
C. Smart Update
D. Smart Reporter
Correct Answer: B
Section: (none)
Explanation
Reference: https://scl.checkpoint.com/documents/R76ZCP_R76JPS_AdminGuide/12766.htm
QUESTION 15
Which command shows the current connections distributed by CoreXL FW instances?
A. fw ctl multik stat

B. fw ctl affinity -I
C. fw ctl instances -v
D. fw ctl iflist
Correct Answer: A
Section: (none)
Explanation
Explanation:
The fw ctl multik stat and fw6ctl multik stat (multi-kernel statistics) commands show information for each kernel instance. The state and processing core number
of each instance is displayed, along with:
•The number of connections currently being handled.
•The peak number of concurrent connections the instance has handled since its inception.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 16
Which of the following is NOT a valid way to view interface’s IP address settings in Gaia?
A. Using the command sthtool in Expert Mode

B. Viewing the file / config/ active
C. Via the Gaia WebUl
D. Via the command show configuration in CLISH
Correct Answer: A
Section: (none)
Explanation
QUESTION 17
What is mandatory for ClusterXL to work properly?
A. The number of cores must be the same on every participating cluster node
B. The Magic MAC number must be unique per cluster node.
C. The Sync Interface must not have an IP address configured
D. If you have “Non-monitored Private" interfaces, the number of those interfaces must be the same on all cluster members
Correct Answer: B
Section: (none)
Explanation
QUESTION 18
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint
D. SmartDashboard
Correct Answer: A
Section: (none)
Explanation
Reference: https://scl.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_AdminGuide/htmLframeset.htm?topic=documents/
R80.10/ WebAdminGuides/EN/CP_R80.10_MobileAccess_AdminGuide/158353
QUESTION 19
What can you do to see the current number of kernel instances in a system with CoreXL enabled?
A. Browse to Secure Platform Web GUI

B. Only Check Point support personnel can access that information
C. Execute SmarDashboard client
D. Execute command cpconfig
Correct Answer: D
Section: (none)
Explanation
Reference: https://scl.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 20
You have existing dbedit scripts from R77. Can you use them with R80.10?
A. dbedit is not supported in R80.10

B. dbedit is fully supported in R80.10
C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers
D. dbedit scripts are being replaced by mgmt._cli in R80.10
Correct Answer: D
Section: (none)
Explanation
Explanation:
dbedit (or GuiDbEdit) uses the cpmi protocol which is gradually being replaced by the new R80.10 automation architecture, cpmi clients are still supported in
R80.10, but there are some functionalities that cannot be managed by cpmi anymore. For example, the Access and Threat policies do not have a cpmi
representation. They can be managed only by the new mgmt_cli and not by cpmi clients. There are still many tables that have an inner cpmi representation (for
example, network objects, services, servers, and global properties) and can still be managed using cpmi.
Reference: htto://www.checkpoint com/downloads/product related/r80 10-ingmt-architecture-overview.pdf
QUESTION 21
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
A. Lagging
B. Synchronized
C. Never been synchronized
D. Collision
Correct Answer: B
Section: (none)
Explanation
Explanation:
The possible synchronization statuses are:
Never been synchronized - immediately after the Secondary Security Management server has been installed, it has not yet undergone the first manual
synchronization that brings it up to date with the Primary Security Management server.
Synchronized - the peer is properly synchronized and has the same database information and installed Security Policy.
Lagging - the peer SMS has not been synchronized properly.
For instance, on account of the fact that the Active SMS has undergone changes since the previous synchronization (objects have been edited, or the Security
Policy has been newly installed), the information on the Standby SMS is lagging.
Advanced - the peer SMS is more up-to-date.
For instance, in the above figure, if a system administrators logs into Security Management server B before it has been synchronized with the Security
Management server A, the status of the Security Management server A is Advanced, since it contains more up-to-date information which the former does not
have.
In this case, manual synchronization must be initiated by the system administrator by changing the Active SMS to a Standby SMS. Perform a synch
me operation from the more advanced server to the Standby SMS. Change the Standby SMS to the Active SMS.
Collision - the Active SMS and its peer have different installed policies and databases. The administrator must perform manual synchronization and decide which
of the SMSs to overwrite.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/13132
QUESTION 22
The Correlation Unit performs all but which of the following actions:
A. Marks logs that individually are not events, but may be part of a larger pattern to be identified later
B. Generates an event based on the Event policy
C. Assigns a severity level to the event
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event
Correct Answer: C
Section: (none)
Explanation
QUESTION 23
In Gaia, if one is unsure about a possible command, what command lists all possible commands.
A. show all |grep commands
B. show configuration
C. show commands
D. get all commands
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76ZCP_R76_Gaia_WebAdmin/75697.htm
QUESTION 24
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Correct Answer: C
Section: (none)
Explanation
QUESTION 25
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct Answer: A
Section: (none)
Explanation
Explanation:
These are the types of Automatic Reactions:
•Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction.
•Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a
period of time from one minute to more than three weeks. See Create a Block Source Reaction
•Block Event activity
• instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of
time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction.
•External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data.
•SNMP Trap • generate an SNMP Trap. See Create an SNMP Trap Reaction.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoringy/html_frameset.htm?topic=documents/R80/
CP_R80_LogginaAndMonitoring/131915
QUESTION 26
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of
A. Threat Emulation
B. HTTPS
C. QOS
D. VoIP
Correct Answer: D
Section: (none)
Explanation
Explanation:
The following types of traffic are not load-balanced by the CoreXL Dynamic Dispatcher (this traffic will always be handled by the same CoreXL FW instance):
•VoIP
• VPN encrypted packets
QUESTION 27
When simulating a problem on CLusterXL cluster with cphaprob -d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what
command allows you remove the problematic state?
A. cphaprob -d STOP unregister
B. cphaprob STOP unregister
C. cphaprob unregister STOP
D. cphaprob -d unregister STOP
Correct Answer: A
Section: (none)
Explanation
Explanation:
esting a failover in a controlled manner using following command;
#cphaprob -d STOP -s problem -t 0 register
This will register a problem state on the cluster member this was entered on;
If you then run;
#cphaprob list
this will show an entry named STOP, to remove this problematic register run following;
#cphaprob -d STOP unregister
Reference: https://fwknowledge.wordpress.com/2013/04/04/manual-failover-of-the-fw-cluster/
QUESTION 28
Which one of the following processes below would not start if there was a licensing issue.
A. CPD
B. CPCA
C. FWM
D. CPWD
Correct Answer: A
Section: (none)
Explanation
QUESTION 29
In which case is a Sticky Decision Function relevant?
A. Load Sharing - Multicast

B. Load Balancing - Forward
C. High Availability
D. Load Sharing - Unicast
Correct Answer: C
Section: (none)
Explanation
QUESTION 30
GAiA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
A. Check Point Upgrade Service Engine.

B. Check Point Software Update Agent
C. Check Point Remote Installation Daemon (CPRID)
D. Check Point Software Update Daemon
Correct Answer: A
Section: (none)
Explanation
QUESTION 31
Which is the correct order of a log flow processed by SmartEvents components:
A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
B. Firewall > SmartEvent Server Database > Correlation unit > Log Server > SmartEvent Client
C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct Answer: D
Section: (none)
Explanation
QUESTION 32
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
A. This statement is true because SecureXL does improve all traffic

B. This statement is false because SecureXL does not improve this traffic but CoreXL does
C. This statement is true because SecureXL does improve this traffic
D. This statement is false because encrypted traffic cannot be inspected
Correct Answer: C
Section: (none)
Explanation
Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small
packets flowing in long duration connections.
Reference: https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/10001/FILE/SecureXL_and_Nokia_IPSO_White_Paper_20080401.pdf
QUESTION 33
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security, report.pdf file was
delivered to here mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing
some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?
A. SandBlast Threat Emulation

B. SandBlast Agent
C. Check Point Protect
D. SandBlast Threat Extraction
Correct Answer: D
Section: (none)
Explanation
QUESTION 34
The Event List within the Events tab contains:
A. a list of options available for running a query.
B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list
C. events generated by a query.
D. the details of a selected event
Correct Answer: C
Section: (none)
Explanation
Explanation:
These are the components of the Events tab:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
QUESTION 35
What CLI command will reset the IPS pattern matcher statistics?
A. ips reset pmstat
B. ips pstats reset
C. ips pm stats refresh
D. ips pmstats reset
Correct Answer: D
Section: (none)
Explanation
Explanation:
ips pmstats reset
Description - Resets the data that is collected to calculate the pmstat statistics.
Usage - ips pmstats reset
Reference: https://scl .checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/84627.htm#o84635
QUESTION 36
What Shell is required in Gaia to use WinSCP?
A. UNIX
B. CPShell
C. CLISH
D. Bash
Correct Answer: D
Section: (none)
Explanation
Reference: https://winscp.net/eng/docs/ui_login_scp
QUESTION 37
In SPLAT the command to set the timeout was idle. In order to achieve this and increase the timeout for Gaia, what command do you use?
A. set idle <value>

B. set inactivity-timeout <value>
C. set timeout <value>
D. set inactivity <value>
Correct Answer: B
Section: (none)
Explanation
QUESTION 38
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restrict all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each security Gateway directly.
Correct Answer: B
Section: (none)
Explanation
QUESTION 39
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself

B. SmartConsole
C. SecureClient
D. SmartEvent
Correct Answer: D
Section: (none)
Explanation
QUESTION 40
When defining QoS global properties, which option below is not valid?
A. Weight
B. Authenticated timeout
C. Schedule
D. Rate
Correct Answer: C
Section: (none)
Explanation
Reference: https://scl.checkpoint.com/documents/R76ZCP_R76_QoS_AdminGuide/14871.htm
QUESTION 41
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
Correct Answer: A
Section: (none)
Explanation
Reference: https://scl.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/120829
QUESTION 42
The Security Gateway is installed on GAiA R80. The default port for the Web User Interface is________.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Correct Answer: D
Section: (none)
Explanation
QUESTION 43
Fill in the blank: The command_________provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwn dbimport -p <export file>
D. cpinfo -recover
Correct Answer: A
Section: (none)
Explanation
QUESTION 44
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company's security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Use the URL Filtering and Application Control Software Blades to:
•Create a Granular Policy - Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. You can also create
an HTTPS policy that enables Security Gateways to inspect HTTPS traffic and prevent security risks related to the SSL protocol.
•Manage Bandwidth Consumption - Configure rules to limit the available network bandwidth for specified users or groups. You can define separate limits for
uploading and downloading.
•Keep Your Policies Updated
• The Application Database is updated regularly, which helps you makes sure that your Internet security policy has the newest applications and website
categories. Security Gateways connect to the Check Point Online Web Service to identify new social networking widgets and website categories.
•Communicate with Users
• UserCheck objects add flexibility to URL Filtering and Application Control and let the Security Gateways communicate with users. UserCheck helps users
understand that certain websites are against the company's security policy. It also tells users about the changes in Internet policy related to websites and
applications.
Reference: https://sc1.checkpoint.com/documents/R8Q/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R8Q/CP_R80_SecMGMT/l 26197
QUESTION 45
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Correct Answer: C
Section: (none)
Explanation
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves
performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private
and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive
state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire,
thus the meaning of "Wire Mode". Reference: https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk30974
QUESTION 46
Which of these options is an implicit MEP option?
A. Primary-backup
B. Source address based
C. Round robin
D. Load Sharing
Correct Answer: A
Section: (none)
Explanation
Explanation:
There are three methods to implement implicit MEP:
First to Respond, in which the first Security Gateway to reply to the peer Security Gateway is chosen. An organization would choose this option if, for example,
the organization has two Security Gateways in a MEP configuration - one in London, the other in New York. It makes sense for VPN-1 peers located in England
to try the London Security Gateway first and the NY Security Gateway second. Being geographically closer to VPN peers in England, the London Security
Gateway is the first to respond, and becomes the entry point to the internal network. See: First to Respond.
Primary-Backup, in which one or multiple backup Security Gateways provide "high availability" for a primary Security Gateway. The remote peer is configured to
work with the primary Security Gateway, but switches to the backup Security Gateway if the primary goes down. An organization might decide to use this
configuration if it has two machines in a MEP environment, one of which is stronger than the other. It makes sense to configure the stronger machine as the
primary. Or perhaps both machines are the same in terms of strength of performance, but one has a cheaper or faster connection to the Internet. In this case, the
machine with the better Internet connection should be configured as the primary. See: Primary-Backup Security Gateways.
Load Distribution, in which the remote VPN peer randomly selects a Security Gateway with which to open a connection. For each IP source/destination address
pair, a new Security Gateway is randomly selected. An organization might have a number of machines with equal performance abilities. In this case, it makes
sense to enable load distribution. The machines are used in a random and equal way. See: Random Selection.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13812.htm
QUESTION 47
On R80.10 the IPS Blade is managed by:
A. Threat Protection policy

B. Anti-Bot Blade
C. Threat Prevention policy
D. Layers on Firewall policy
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf very top of last page.
QUESTION 48
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
A. mgmt_cIi add-host "Server_1" ip_address "10.15.123.10" - format txt
B. mgmt_cli add host name "Server_1" ip-address "10.15.123.10" - format json
C. mgmt_cli add object-host "Server_1“ ip-address "10.15.123.10" - format json
D. mgmt_cli add object “Server_1" ip-address ”10.15.123.10” - format json
Correct Answer: B
Section: (none)
Explanation
Example:
mgmt_cIi add host name "New Host 1" ip-address ”192.0.2.1’--format json
• "--format json" is optional. By default the output is presented in plain text.
Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1 %20
QUESTION 49
Which one of these is NOT a firewall chain?
A. RTM packet in (rtm)

B. VPN node add (vpnad)
C. IP Options restore (in) (ipopt_res)
D. Fw SCV inbound (scv)
Correct Answer: B
Section: (none)
Explanation
Reference: http://dkcheckpoint.blogspot.com/2016/07/chapter-2-chain-module.html
QUESTION 50
Fill in the blank: The tool_____________generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Correct Answer: C
Section: (none)
Explanation
QUESTION 51
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will be need if he
does NOT include a SmartConsole machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Correct Answer: C
Section: (none)
Explanation
QUESTION 52
Which command will reset the kernel debug options to default settings?
A. fw ctl dbg -a 0
B. fw ctl dbg resetall
C. fw ctl debug 0
D. fw ctl debug set 0
Correct Answer: C
Section: (none)
Explanation
Explanation:
Reset the debugs to the default.
In case someone changed the setting in the past and since then the firewall was not rebooted we should set all back to the defaults.
Reference: https://itsecworks.coin/2011/08/09/checkpoint-firewall-debugging-basics/
QUESTION 53
Fill in the blank: The R80 utility fw monitor is used to troubleshoot_______.
A. User data base corruption

B. EDAP conflicts
C. Traffic issues
D. Phase two key negotiation
Correct Answer: C
Section: (none)
Explanation
QUESTION 54
Why would you not see a CoreXL configuration option in cpconfig?
A. The gateway only has one processor

B. CoreXL is not licenses
C. CoreXL is disabled via policy
D. CoreXL is not enabled in the gateway object
Correct Answer: A
Section: (none)
Explanation
QUESTION 55
What happen when IPS profile is set in Detect-Only Mode for troubleshooting?
A. It will generate Geo-Protection traffic

B. Automatically uploads debugging logs to Check Point Support Center
C. It will not block malicious traffic
D. Bypass licenses requirement for Geo-Protection control
Correct Answer: C
Section: (none)
Explanation
Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set
to Prevent so that they will not block any traffic. During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while
avoiding any impact on the flow of traffic.
Reference: https://scl .checkpoint.com/documents/R76/CP_R76JPS_AdminGuide/12750.htm
QUESTION 56
Fill in the blank: The R80 featurepermits blocking specific IP addresses for a specified time period.
A. Block Port Overflow

B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
Correct Answer: C
Section: (none)
Explanation
QUESTION 57
When synchronizing clusters, which of the following statements is FALSE?
A. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.
B. Only cluster members running on the same OS platform can be synchronized.
C. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
D. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.
Correct Answer: D
Section: (none)
Explanation
QUESTION 58
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R80.10?
A. 2 CPU cores, 4GB of RAM and 15GB of disk space

B. 8 CPU cores, 16GB of RAM and 500 GB of disk space
C. 4 CPU cores, 8GB of RAM and 500GB of disk space
D. 8 CPU cores, 32GB of RAM and 1 TB of disk space
Correct Answer: C
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/db/dbf0aa7672f1dd6031e6096b40510674/CP_R80.10_ReleaseNotes.pdf?
HashKey=1522175073_c4e7fc63c894ad28b3fbe49f9430c023&xtn=.pdf page 16
QUESTION 59
You need to change the number of firewall instances used by CoreXL. How can you achieve this goal?
A. edit fwaffinity.conf; reboot required

B. cpconfig; reboot required
C. edit fwaffinity.conf; reboot not required
D. cpconfig: reboot not required
Correct Answer: B
Section: (none)
Explanation
Reference: httos://sc1.checkpoint.com/documents/R76/CP_R76.PerformanceTuning WebAdmin/6731.htm#o94530
QUESTION 60
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control
over the rule base flow and which security functionalities take precedence.
B. Limits the upload and download throughout for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it
rather than in the next rule
Correct Answer: A
Section: (none)
Explanation
Reference: http://slideplayer.com/slide/12183998/
QUESTION 61
You want to store the GAiA configuration in a file for later reference. What command should you use?
A. write mem <filename>

B. show config -f <filename>
C. save config -o <filename>
D. save configuration <filename>
Correct Answer: D
Section: (none)
Explanation
QUESTION 62
The following command is used to verify the CPUSE version:
A. HostName:0>show installer status build
B. [Expert@HostName:0]#show installer status
C. [Expert@HostName:0]#show installer status build
D. HostName:0>show installer build
Correct Answer: A
Section: (none)
Explanation
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
QUESTION 63
In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Correct Answer: D
Section: (none)
Explanation
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware
and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
Reference: http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/
CP_R80_SecurityManagement_AdminGuide.pdf?HashKey=1479584563_6f823c8ea 1514609148aa4fec5425db2&xtn=. pdf
QUESTION 64
What is the purpose of a SmartEvent Correlation Unit?
A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server
B. The SmartEvent Correlation Unit's task it to assign severity levels to the identified events.
C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.
D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server
Correct Answer: C
Section: (none)
Explanation
QUESTION 65
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control
over the rule base flow and which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Correct Answer: C
Section: (none)
Explanation
Reference: http://slideplayer.com/slide/12183998/
QUESTION 66
Which packet info is ignored with Session Rate Acceleration?
A. source port ranges

B. source ip
C. source port
D. same info from Packet Acceleration is used
Correct Answer: C
Section: (none)
Explanation
Reference: http://trlj.blogspot.com/2015/10/check-point-acceleration.html
QUESTION 67
What is the purpose of Priority Delta in VRRP?
A. When a box is up, Effective Priority = Priority + Priority Delta

B. When an Interface is up, Effective Priority = Priority + Priority Delta
C. When an Interface fail, Effective Priority = Priority - Priority Delta
D. When a box fail, Effective Priority = Priority - Priority Delta
Correct Answer: C
Section: (none)
Explanation
Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running
VRRP. If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new
VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO
packet. Once the master sees this packet with a priority greater than its own, then it releases the VIP.
QUESTION 68
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
A. 20 minutes
B. 15 minutes
C. Admin account cannot be unlocked automatically
D. 30 minutes at least
Correct Answer: D
Section: (none)
Explanation
QUESTION 69
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Correct Answer: C
Section: (none)
Explanation
QUESTION 70
Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all of the
following except?
A. Create new dashboards to manage 3rd party task

B. Create products that use and enhance 3rd party solutions.
C. Execute automated scripts to perform common tasks.
D. Create products that use and enhance the Check Point Solution
Correct Answer: A
Section: (none)
Explanation
Explanation:
Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to:
•Use an automated script to perform common tasks
•Integrate Check Point products with 3rd party solutions
•Create products that use and enhance the Check Point solution
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631 f640d0/
CP_R80_CheckPoint_API_ReferenceGuide.pdf?HashKey=1522190468.125d63ea5296b7dadd3e4fd81c708cc5&xtn=.pdf
QUESTION 71
What scenario indicates that SecureXL is enabled?
A. Dynamic objects are available in the Object Explorer
B. SecureXL can be disabled in cpconfig
C. fwaccel commands can be used in clish
D. Only one packet in a stream is seen in a fw monitor packet capture
Correct Answer: C
Section: (none)
Explanation
QUESTION 72
What is the port used for SmartConsole to connect to the Security Management Server:
A. CPMI port 18191/TCP

B. CPM port/TCP port 19009
C. SIC port 18191/TCP
D. https port 4434/TCP
Correct Answer: A
Section: (none)
Explanation
QUESTION 73
John detected high load on sync interface. Which is most recommended solution?
A. For short connections like http service - delay sync for 2 seconds
B. Add a second interface to handle sync traffic
C. For short connections like http service - do not sync
D. For short connections like icmp service - delay sync for 2 seconds
Correct Answer: A
Section: (none)
Explanation
QUESTION 74
Which is a suitable command to check whether Drop Templates are activated or not?
A. fw ctl get int activate _drop_ templates

B. fwaccel stat
C. fwaccel stats
D. fw ctl templates -d
Correct Answer: B
Section: (none)
Explanation
QUESTION 75
What is the SOLR database for?
A. Used for full text search and enables powerful matching capabilities
B. Writes data to the database and full text search
C. Serves GUI responsible to transfer request to the DLEserver
D. Enables powerful matching capabilities and writes data to the database
Correct Answer: A
Section: (none)
Explanation
QUESTION 76
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. UDP port 265

B. TCP port 265
C. UDP port 256
D. TCP port 256
Correct Answer: D
Section: (none)
Explanation
Explanation:
Synchronization works in two modes:
•Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP
connection on port 256.
•Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on
port 8116.
Reference: https://sc1 .checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/html_frameset.htm?topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/7288
QUESTION 77
Which of the following statements is TRUE about R80 management plug-ins?
A. The plug-in is a package installed on the Security Gateway.

B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and support for new products.
D. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
Correct Answer: C
Section: (none)
Explanation
QUESTION 78
The "MAC magic" value must be modified under the following condition:
A. There is more than one cluster connected to the same VLAN

B. A firewall cluster is configured to use Multicast for CCP traffic
C. There are more than two members in a firewall cluster
D. A firewall cluster is configured to use Broadcast for CCP traffic
Correct Answer: D
Section: (none)
Explanation
QUESTION 79
Which web services protocol is used to communicate to the Check Point R80 identity Awareness Web APi?
A. SOAP
B. REST
C. XLANG
D. XML-RPC
Correct Answer: B
Section: (none)
Explanation
Explanation:
The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in JSON format.
Reference: https://scl.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ldentityAwareness_AdminGuide/htmLframeset.htm?
topic=documents/R80.10/ WebAdminGuides/EN/CP_R80.10_ldentityAwareness_AdminGuide/148699
QUESTION 80
In R80.10, how do you manage your Mobile Access Policy?
A. Through the Unified Policy

B. Through the Mobile Console
C. From SmartDashboard
D. From the Dedicated Mobility Tab
Correct Answer: C
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/f7/f78b067c6838c747el 568f 139b6e6e8d/
CP_R80.10_MobileAccess_AdminGuide.pdf?HashKey=l 522170407_805ae0a295fd6664fa23700cc1482686&xtn=.pdf
QUESTION 81
What API command below creates a new host with the name "New Host" and IP address of "192.168.0.10"?
A. new host name “New Host" ip-address “192.168.0.10”

B. set host name “New Host" ip-address “192.168.0.10”
C. create host name "New Host" ip-address "192.168.0.10"
D. add host name “New Host" ip-address "192.168.0.10"
Correct Answer: D
Section: (none)
Explanation
Explanation:
Sample Command with SmartConsole CLI You can use the add host command to create a new host and then publish the changes. > add host name
"Sample_Host” ip-address “192.0.2.3" > publish
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631 f640d0/
CP_R80_CheckPoint_API_ReferenceGuide.pdf?HashKey=l 522171823_f53d2a32a77bde441b88d53824dcb893&xtn=.pdf
QUESTION 82
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware
upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
A. fw cti multik dynamic_dispatching on

B. fw cti multik dynamic_dispatching set_mode 9
C. fw cti multik set_mode 9
D. fw cti multik pq enable
Correct Answer: C
Section: (none)
Explanation
Explanation:
To fully enable the CoreXL Dynamic Dispatcher on Security Gateway:
1. Run in Expert mode:
[Expert@HostName]# fw ctl multik set_mode 9
Example output'.
[Expert@R77.30:0]# fw ctl multik set_mode 9
Please reboot the system [Expert@R77.30:0]#
QUESTION 83
You find one of your cluster gateways showing "Down" when you run the "cphaprob stat" command. You then run the ”clusterXL_admin up” on the down member
but unfortunately the member continues to show down. What command do you run to determine the case?
A. cphaprob -f register
B. cphaprob -d-s report
C. cpstat-f-all
D. cphaprob -a list
Correct Answer: D
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/63/6357d81e3b75b5a09a422d715c3b3d79/CP_R80.10_ClusterXL_AdminGuide.pdf?
HashKey=1522170580_c51bd784a86600b5f6141c0fla6322fd&xtn=.pdf
QUESTION 84
Customer's R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the
Internet?
A. Export R80 configuration, clean install R80.10 and import the configuration
B. CPUSE online upgrade
C. CPUSE offline upgrade
D. SmartUpdate upgrade
Correct Answer: C
Section: (none)
Explanation
QUESTION 85
Which one of the following is true about Threat Emulation?
A. Takes less than a second to complete

B. Works on MS Office and PDF files only
C. Always delivers a file
D. Takes minutes to complete (less than 3 minutes)
Correct Answer: D
Section: (none)
Explanation
QUESTION 86
Which is not a blade option when configuring SmartEvent?
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
Correct Answer: B
Section: (none)
Explanation
Explanation:
On the Management tab, enable these Software Blades:
•Logging & Status
•SmartEvent Server
•SmartEvent Correlation Unit
Reference: https://sc1 .checkpoint.com/documents/R80/CP_R80_LoaqingAndMonitorina/htm_frameset.htm?topic=documents/R80/
CP_R80_LoaoinqAndMonitorino/120829
QUESTION 87
Which file gives you a list of all security servers in use, including port number?
A. $FWDIR/conf/conf.conf
B. $FWDIR/conf/servers.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/conf/serversd.conf
Correct Answer: C
Section: (none)
Explanation
QUESTION 88
Firewall policies must be configured to accept VRRP packets on the GAiA platform if it runs Firewall software. The Multicast destination assigned by the Internet
Assigned Numbers Authority (IANA) for VRRP is:
A. 224.0.0.18
B. 224.0.0.5
C. 224.0.0.102
D. 224.0.0.22
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
QUESTION 89
Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10.
Company's Network Security Developer Team is having issue testing new API with newly deployed R80.10 Security Management Server and blames Check
Point Security Management Server as root cause. The ticket has been created and issue is at Aaron's desk for an investigation. What do you recommend as the
best suggestion for Aaron to make sure API testing works as expected?
A. Aaron should check API Server status from expert CLI by “fwm api status’ and if it’s stopped he should start using command "fwm api start" on Security
Management Server.
B. Aaron should check API Server5 status from expert CLI by "cpapi status" and if if s stopped he should start using command “cpapi start" on Security
Management Server.
C. Aaron should check API Server status from expert CLI by "api status” and if it's stopped he should start using command "api start" on Security Management
Server.
D. Aaron should check API Server status from expert CLI by "cpm api status" and if it's stopped he should start using command "cpm api start” on Security
Management Server
Correct Answer: C
Section: (none)
Explanation
QUESTION 90
When deploying multiple clustered firewalls on the same subnet, what does the firewall administrator need to configure to prevent CCP broadcasts being sent to
the wrong cluster?
A. Set the fwha_mac_magic_forward parameter in the $CPDIR/boot/modules/ha_boot.conf

B. Set the fwha_mac_magic parameter in the $FWDIR/booVfwkern.conf file
C. Set the cluster global ID using the command “cphaconf cluster_id set <value>"
D. Set the cluster global ID using the command “fw ctt set cluster_id <value>"
Correct Answer: C
Section: (none)
Explanation
QUESTION 91
Which statement is true regarding redundancy?
A. System Administrator know when their cluster has failed over and can also see why it failed over by using the cphaprob f it command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a Cluster XL High Availability configuration must be synchronized.
D. Both Cluster XL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.checkpoint.com/download/public-files/gaia-technical-brief.pdf page 5
QUESTION 92
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. that is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager
B. Full Layer4 VPN -SSL VPN that gives users network access to all mobile applications
C. Full Iayer3 VPN -IPSec VPN that gives users network access to all mobile applications
D. You can make sure that documents are sent to the intended recipients only
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77ZCP_R77_Mobile_Access_WebAdmin/82201.htm
QUESTION 93
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Correct Answer: A
Section: (none)
Explanation
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it
replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while
viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.
QUESTION 94
You are investigating issues with two gateway cluster members that are not able to establish the first initial cluster synchronization. What service is used by the
FWD daemon to do a Full Synchronization?
A. TCP port 443

B. TCP port 257
C. TCP port 256
D. UDP port 8116
Correct Answer: C
Section: (none)
Explanation
Explanation:
Synchronization works in two modes:
•Full sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP
connection.
•Delta sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP multicast or
broadcast on port 8116.
Full sync is used for initial transfers of state information, for many thousands of connections. If a cluster member is brought up after being down, it will perform
full sync. After all members are synchronized, only updates are transferred via delta sync. Delta sync is quicker than full sync.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_.ClusterXL_AdminGuide/7288.htm Port info:
https://www.cpug.org/forums/archive/index.php/t-12704.html
QUESTION 95
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10
QUESTION 96
What is the SandBlast Agent designed to do?
A. Performs OS-level sandboxing for SandBlast Cloud architecture

B. Ensure the Check Point SandBlast services is running on the end user's system
C. If malware enters an end user's system, the SandBlast Agent prevents the malware form spreading with the network
D. Clean up email sent with malicious attachments.
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/ds-sandblast-agent.pdf
QUESTION 97
What does the command vpn crlzap do?
A. Nothing, it is not a valid command

B. Erases all CRL's from the gateway cache
C. Erases VPN certificates from cache
D. Erases CRL's from the management server cache
Correct Answer: B
Section: (none)
Explanation
Reference: https://indeni.com/check-point-firewalls-certification-revocation-list-crl-check-mechanism-on-a-check-point-gateway/
QUESTION 98
GAiA Software update packages can be imported and installed offline in situation where:
A. Security Gateway with GAiA does NOT have SFTP access to Internet
B. Security Gateway with GAiA does NOT have access to Internet.
C. Security Gateway with GAiA does NOT have SSH access to internet
D. The desired CPUSE package is ONLY available in the Check Point CLOUD.
Correct Answer: B
Section: (none)
Explanation
QUESTION 99
What utility would you use to configure route-based VPNs?
A. vpn shell
B. vpn tu
C. vpn sw_topology
D. vpn set_slim_server
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76ZCP_R76_VPN_AdminGuide/13824.htm
QUESTION 100
The CDT utility supports which of the following?
A. Major version upgrades to R77.30

B. Only Jumbo HFA's and hotfixes
C. Only major version upgrades to R80.10
D. All upgrades
Correct Answer: D
Section: (none)
Explanation
Explanation:
The Central Deployment Tool (CDT) is a utility that runs on an R77 / R77.X / R80 / R80.10 Security Management Server / Multi-Domain Security Management
Server (running Gaia OS).
It allows the administrator to automatically install CPUSE Offline packages (Hotfixes, Jumbo Hotfix Accumulators (Bundles), Upgrade to a Minor Version,
Upgrade to a Major Version) on multiple managed Security Gateways and Cluster Members at the same time.
Reference: https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands

Checkpoint - Premium.156 915.80.by - Vceplus.100q

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Checkpoint - Premium.156 915.80.by - Vceplus.100q

Diunggah oleh

Hak Cipta:

Format Tersedia

Checkpoint.Premium.156-915.80.by.VCEplus.

Number: 156-915.80 VCEplus

Exam Code: 156-915.80

VCE to PDF Converter : https://vceplus.com/vce-to-pdf/

A. Smart Cloud Services

A. Anti-Bot is the only countermeasure against unknown malware

A. Matching a log against each event definition

A. Validating all data before it’s written into the database

A. Capsule Docs, Capsule Cloud, Capsule Connect

A. vpn tu command or SmartView monitor

A. fw ctl multik stat

A. Using the command sthtool in Expert Mode

A. Browse to Secure Platform Web GUI

A. dbedit is not supported in R80.10

A. cphaprob -d STOP unregister

A. Load Sharing - Multicast

A. Check Point Upgrade Service Engine.

A. This statement is true because SecureXL does improve all traffic

A. SandBlast Threat Emulation

A. set idle <value>

A. None, Security Management Server would be installed by itself

A. Threat Protection policy

A. RTM packet in (rtm)

A. User data base corruption

A. The gateway only has one processor

A. It will generate Geo-Protection traffic

A. Block Port Overflow

A. 2 CPU cores, 4GB of RAM and 15GB of disk space

A. edit fwaffinity.conf; reboot required

A. write mem <filename>

A. source port ranges

A. When a box is up, Effective Priority = Priority + Priority Delta

A. Create new dashboards to manage 3rd party task

A. Dynamic objects are available in the Object Explorer

A. CPMI port 18191/TCP

A. fw ctl get int activate _drop_ templates

A. UDP port 265

A. The plug-in is a package installed on the Security Gateway.

A. There is more than one cluster connected to the same VLAN

A. Through the Unified Policy

A. new host name “New Host" ip-address “192.168.0.10”

A. fw cti multik dynamic_dispatching on

A. Takes less than a second to complete

A. Set the fwha_mac_magic_forward parameter in the $CPDIR/boot/modules/ha_boot.conf

A. TCP port 443

A. Performs OS-level sandboxing for SandBlast Cloud architecture

A. Nothing, it is not a valid command

A. Major version upgrades to R77.30

Anda mungkin juga menyukai