156-215 80 PDF

Check Point
156-215.80
Check Point Certified Security Administrator
(CCSA) R80
Product Version: Full

URL link:
http://www.braindumps4it.com/braindumps-156-215.80.html
Thank you for purchasing Questons & Answers PDF
We also provide Practce Test Sofwaree Online Practce Test

Engine and Video Tutorials.
Visit our website to purchase full version of Practce Test or
Video Tutorials & to try practce test sofware for free:
Product Questions: 165
Version: 11.0
Question 1
Which of the following is NOT an integral part of VPN communicaton within a network?
A. VPNkey
B. VPN community
C. VPN trust enttes
D. VPN domain
Aoswern A
Question 2
Two administrators Dave and Jon both manage R80 Management as administrators for Alpha Corp. Jon
logged into the R80 Management and then shortly afer Dave logged in to the same server. They are
both in the Security Policies view. From the screenshots belowe why does Dave not have the rule no.6 in
his SmartConsole view even though Jon has it his in his SmartConsole view?
A. Jon is currently editng rule no.6 but has Published part of his changes.
B. Dave is currently editng rule no.6 and has marked this rule for deleton.
C. Dave is currently editng rule no.6 and has deleted it from his Rule Base.
D. Jon is currently editng rule no.6 but has not yet Published his changes.
Aoswern D
Explanaton:
When an administrator logs in to the Security Management Server through SmartConsolee a new editng
session starts. Thechanges that the administrator makes during the session are only available to that
administrator. Other administrators see a lock icon on object and rules that are being edited. To make
changes available to all administratorse and to unlock the objects andrules that are being editede the
administrator must publish the session.
Question 3
Vanessa is frewall administrator in her company; her company is using Check Point frewalls on central
and remote locatonse which are managed centrally by R80 Security Management Server. One central
locaton has an installed R77.30 Gateway on Open server. Remote locaton is using Check Point UTM-1
570 series appliance with R71. Which encrypton is used in Secure Internal Communicaton (SIC)
between central management and frewall on each locaton?
A. On central frewall AES128 encrypton is used for SICe on Remote frewall 3DES encrypton is used for
SIC.
B. On both frewallse the same encrypton is used for SIC. This is AES-GCM-256.
C. The Firewall Administrator can choose which encrypton suite will be used by SIC.
D. On central frewall AES256 encrypton is used for SICe on Remote frewall AES128 encrypton is used
for SIC.
Aoswern A
Explanaton:
Gateways above R71 use AES128 for SIC. If one of the gateways is R71 or belowe the gateways use 3DES.
Question 4
Review the following screenshot and select the BEST answer.

A. DataCenter Layer is an inline layer in the Access Control Policy.
B. By default all layers are shared with all policies.
C. If a connecton is dropped in Network Layere it will not be matched against the rules in Data Center
Layer.
D. If a connecton isaccepted in Network-layere it will not be matched against the rules in Data Center
Layer.
Aoswern C
Question 5
Which of the following is NOT a SecureXL trafc fow?
A. Medium Path
B. Accelerated Path
C. Fast Path
D. Slow Path
Aoswern C
Question 6
Which of the following Automatcally Generated Rules NAT rules have the lowest implementaton
priority?
A. Machine Hide NAT

B. Address Range Hide NAT
C. Network Hide NAT
D. Machine Statc NAT
Aoswern B,C
Explanaton:
SmartDashboard organizes the automatc NAT rules in thisorder:
Question 7
Fill in the blanks: VPN gateways authentcate using ___________ and ___________ .
A. Passwords; tokens
B. Certfcates; pre-shared secrets
C. Certfcates; passwords
D. Tokens; pre-shared secrets
Aoswern B
Explanaton:
VPN gateways authentcate using Digital Certfcates and Pre-shared secrets.
Question 8
In R80 spoofng is defned as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translaton.
B. Hiding your frewall from unauthorized users.
C. Detectng people using false or wrong authentcaton logins
D. Making packets appear as if they come from an authorized IP address.
Aoswern D
Explanaton:
IP spoofng replaces the untrusted source IP address with a fakee trusted onee to hijack connectons to
your network. Atackers use IP spoofng to send malware and bots to your protected networke to execute
DoS atackse or to gain unauthorized access.
Question 9
Fill in the blank: The __________ is used to obtain identfcaton and security informaton about network
users.
A. User Directory
B. User server
C. UserCheck
D. User index
Aoswern A
Question 10
Which Check Point feature enables applicaton scanning and the detecton?
A. Applicaton Dictonary
B. AppWiki
C. Applicaton Library
D. CPApp
Aoswern B
Explanaton:
AppWiki Applicaton Classifcaton Library
AppWiki enables applicaton scanning and detecton of more than 5e000 distnct applicatons and over
300e000 Web 2.0 widgets including instant messaginge social networkinge video streaminge VoIPe games
and more.
Question 11
DLP and Geo Policy are examples of what type of Policy?
A. Standard Policies
B. Shared Policies
C. Inspecton Policies
D. Unifed Policies
Aoswern B
Explanaton:
The Shared policies are installed with the Access Control Policy.
Sofware Blade
Descripton
Mobile Access
Launch Mobile Access policy in a SmartConsole. Confgure how your remote users access internal
resourcese such as their email accountse when they are mobile.
DLP
Launch Data Loss Preventon policy in a SmartConsole. Confgure advanced toolsto automatcally identfy
data that must not go outside the networke to block the leake and to educate users.
Geo Policy
Create a policy for trafc to or from specifc geographical or politcal locatons.
HTTPS Policy
The HTTPS Policy allows the Security Gateway to inspect HTTPS trafc to prevent security risks related to
the SSL protocol. To launch the HTTPS Policye click Manage & Setngs s Blades s HTTPS
Inspecton s Confgure in SmartDashboard
Question 12
Fill in the blank: A _________ VPN deployment is used to provide remote users with secure access to
internal corporate resources by authentcatng the user through an internet browser.
A. Clientless remote access

B. Clientless direct access
C. Client-based remoteaccess
D. Direct access
Aoswern A
Explanaton:
Clientless - Users connect through a web browser and use HTTPS connectons. Clientless solutons
usually supply access to web-based corporate resources.
Question 13
Which of the following statements is TRUE about R80 management plug-ins?
A. The plug-in is a package installed on the Security Gateway.

B. Installing a management plug-in requires a Snapshote just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and
support for new products.
D. Using a plug-in ofers full central management only if special licensing is applied to specifc features of
the plug-in.
Aoswern C
Question 14
Fill in the blank: Gaia can be confgured using the _______ or ______ .
A. Gaia; command line interface
B. WebUI; Gaia Interface
C. Command line interface; WebUI
D. Gaia Interface; GaiaUI
Aoswern C
Explanaton:
Confguring Gaia for the First Time
In This Secton:
Running the First Time Confguraton Wizard in WebUI
Running the First Time Confguraton Wizard in CLI
Afer you install Gaia for the frst tmee use the First Time Confguraton Wizard to confgure the system
and the Check Point products on it.
Question 15
Where can you trigger a failover of the cluster members?

Log in to Security Gateway CLI and run command clusterXL_admin down.
In SmartView Monitor right-click the Security Gateway member and select Cluster member stop.
Log into Security Gateway CLI and run command cphaprob down.
A. 1e 2e and 3
B. 2 and 3
C. 1 and 2
D. 1 and 3
Aoswern C
Explanaton:
How to Initate FailoverMethod
To Stop ClusterXL
To Start ClusterXL
Run:
and:
Efect:
Efect:
Recommended method:
Run:
In SmartView Monitor:
Question 16
Which utlity allows you to confgure the DHCP service on GAIA from the command line?
A. ifconfg
B. dhcp_cfg
C. sysconfg
D. cpconfg
Aoswern C
Explanaton:
Sysconfg Confguraton Optons
Menu Item
Purpose
7
DHCP Server Confguraton
Confgure SecurePlatorm DHCP Server.
8
DHCP Relay Confguraton
Setup DHCP Relay.
Refrence:htps:::sc1.checkpoint.com:documents:R76:CP_R76_Splat_AdminGuide:51558.htm
NOTE:Queston must be wrong because no answer is possible for GAIA systeme this must be SPLAT
version.
DHCP CLI confguraton for GAIA
reference:htps:::sc1.checkpoint.com:documents:R76:CP_R76_Gaia_WebAdmin:73181.htmmo80006
Question 17
Which VPN routng opton uses VPN routng for every connecton a satellite gateway handles?
A. To satellites through center only

B. To center only
C. To center and to other satellites through center
D. To centere or through the center to other satellitese to internet and other VPN targets
Aoswern D
Explanaton:
On the VPN Routng pagee enable the VPN routng for satellites sectone by selectng one of these
optons:
Question 18
Which product correlates logs and detects security threatse providing a centralized display of potental
atack paterns from all network devices?
A. SmartView Monitor
B. SmartEvent
C. SmartUpdate
D. SmartDashboard
Aoswern B
Explanaton:
SmartEvent correlates logs from all Check Point enforcement pointse including end-pointse to identfy
suspicious actvity from the cluter. Rapid data analysis and custom eventlogs immediately alert
administrators to anomalous behavior such as someone atemptng to use the same credental in
multple geographies simultaneously.
Question 19
What will be the efect of running the following command on the Security Management Server?
A. Remove the installed Security Policy.

B. Remove the local ACL lists.
C. No efect.
D. Reset SIC on all gateways.
Aoswern A
Explanaton:
This command uninstall actual security policy (already installed)
Question 20
An administrator is creatng an IPsec site-to-site VPN between his corporate ofce and branch ofce.
Both ofces are protected by Check Point Security Gateway managed by the same Security Management
Server. While confguring the VPN community to specify the pre-shared secret the administrator found
that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow
him to specify the pre-shared secret?
A. IPsec VPN blade should be enabled on both Security Gateway.

B. Pre-shared can only be used while creatng a VPN between a third party vendor and Check Point
Security Gateway.
C. Certfcate based Authentcaton is the only authentcaton method available between twoSecurity
Gateway managed by the same SMS.
D. The Security Gateways are pre-R75.50.
Aoswern A
Question 21
Alpha Corp.e and have recently returned from a training course on Check Point's new advanced R80
management platorm. You are presentng an in-house R80 Management to the other administrators in
Alpha Corp.
How will you describe the new “Publish” buton in R80 Management Console?
A. The Publish buton takes any changes an administrator has made in their management sessione
publishes a copy tothe Check Point of R80e and then saves it to the R80 database.
B. The Publish buton takes any changes an administrator has made in their management session and
publishes a copy to the Check Point Cloud of R80 and but does not save it to the R80
C. The Publish buton makes any changes an administrator has made in their management session
visible to all other administrator sessions and saves it to the Database.
D. The Publish buton makes any changes an administrator has made in their management sessionvisible
to the new Unifed Policy session and saves it to the Database.
Aoswern C
Explanaton:
To make your changes available to other administratorse and to save the database before installing a
policye you must publish the session. When you publish a sessione a new database version is created.
Question 22
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
A. High Availability
B. Load Sharing Multcast
C. Load Sharing Pivot
D. Master:Backup
Aoswern B
Explanaton:
Explanaton :ClusterXL uses the Multcast mechanism to associate the virtual cluster IP addresses with all
cluster members. By binding these IP addresses to a Multcast MAC addresse it ensures that all packets
sent to the clustere actng as a gatewaye will reach all members in the cluster.
Question 23
Fill in the blank: With the User Directory Sofware Bladee you can create R80 user defnitons on a(an)
___________ Server.
A. NT domain
B. SMTP
C. LDAP
D. SecurID
Aoswern C
Question 24
Which of the following is NOT a component of a Distnguished Name?
A. Organizaton Unit
B. Country
C. Common name
D. User container
Aoswern D
Explanaton:
Distnguished Name Components
CN=common namee OU=organizatonal unite O=organizatone L=localityeST=state or provincee C=country
name
Question 25
What are the three authentcaton methods for SIC?
A. Passwordse Userse and standards-based SSL for the creaton of security channels
B. Certfcatese standards-basedSSL for the creaton of secure channelse and 3DES or AES128 for
encrypton
C. Packet Filteringe certfcatese and 3DES or AES128 for encrypton
D. Certfcatese Passwordse and Tokens
Aoswern B
Explanaton:
Secure Internal Communicaton (SIC)SecureInternal Communicaton (SIC) lets Check Point platorms and
products authentcate with each other. The SIC procedure creates a trusted status between gatewayse
management servers and other Check Point components. SIC is required to install polices on gateways
and to send logs between gateways and management servers.
These security measures make sure of the safety of SIC:
Question 26
You have enabled “Full Log” as a tracking opton to a security rule. Howevere you are stll not seeing any
data type informaton. What is the MOST likely reason?
A. Logging has disk space issues. Change logging storage optons on the logging server or Security
Management Server propertes and install database.
B. Data Awareness is not enabled.
C. Identty Awareness is not enabled.
D. Logs are arriving from Pre-R80 gateways.
Aoswern A
Explanaton:
The most likelyreason for the logs data to stop is the low disk space on the logging devicee which can be
the Management Server or the Gateway Server.
Question 27
What is the order of NAT priorites?
A. Statc NATe IP pool NATe hide NAT

B. IP pool NATe statc NATe hide NAT
C. Statc NATe automatc NATe hide NAT
D. Statc NATe hide NATe IP pool NAT
Aoswern A
Explanaton:
The order of NAT priorites are:
Since Statc NAT has all of the advantages of IP Pool NAT and moree it has ahigher priority than the other
NAT methods.
Question 28
Which of the following is an identty acquisiton method that allows a Security Gateway to identfy Actve
Directory users and computers?
A. UserCheck
B. Actve Directory Query
C. Account Unit Query
D. User Directory Query
Aoswern B
Explanaton:
Explanaton :AD Query extracts user and computer identty informaton from the Actve Directory
Security Event Logs. The system generates a Security Event log entry when a user or computer accesses a
network resource. For examplee this occurs when a user logs ine unlocks a screene or accesses a network
drive.
Reference
:htps:::sc1.checkpoint.com:documents:R76:CP_R76_IdenttyAwareness_AdminGuide:62502.htm
Question 29
Ken wants to obtain a confguraton lock from other administrator on R80 Security Management Server.
He can do this via WebUI or a via CLI. Which command should be use in CLI? Choose the correct answer.
A. remove database lock

B. The database feature has onecommandlock database override.
C. override database lock
D. The database feature has two commands: lock database override and unlock database. Both will
work.
Aoswern D
Explanaton:
Use the database feature to obtain the confguraton lock. The databasefeature has two commands:
The commands do the same thing: obtain the confguraton lock from another administrator.
Descripton
Use the lock database override and unlock database commands to get exclusiveread-write access to the
database by taking write privileges to the database away from other administrators logged into the
system.
Syntax
Question 30
Examine the following Rule Base.

What can we infer about the recent changes made to the Rule Base?
A. Rule 7 was created by the 'admin' administrator in the current session

B. 8 changes have been made by administrators since the last policy installaton
C. Te rules 1e 5 and 6 cannot be edited by the 'admin'administrator
D. Rule 1 and object webserver are locked by another administrator
Aoswern B
Explanaton:
Explantaton: On top of the print screen there is a number "8" which consists for the number of changes
made and not saved.
Session Management Toolbar (top of SmartConsole)
Descripton
Discard changes made during the session
Enter session details and see the number of changes made in the session
Commit policy changes to the database and make them visible to other administrators
Note - The changes are savedon the gateways and enforced afer the next policy install
Question 31
ALPHA Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes
that even though he has logged in as an administratore he is unable to make any changes because all
confguraton optons are greyed out as shown in the screenshot image below. What is the likely cause
for this?
A. The Gaia:bin:confdis locked by another administrator from aSmartConsole session.

B. The database is locked by another administrator SSH session.
C. The Network address of his computer is in the blocked hosts.
D. The IP address of his computer is not in the allowed hosts.
Aoswern B
Explanaton:
There is a lock ontop lef side of the screen. B is the logical answer.
Question 32
Administrator Kof has just made some changes on his Management Server and then clicks on the
Publish buton in SmartConsole but then gets the error message shown in the screenshot below.
Where can the administrator check for more informaton on these errors?
A. The Log and Monitor secton in SmartConsole
B. The Validatons secton in SmartConsole
C. The Objects secton in SmartConsole
D. The Policies secton in SmartConsole
Aoswern B
Explanaton:
Validaton ErrorsThe validatons pane in SmartConsole shows confguraton error messages. Examples of
errors are object names that are not uniquee and the use of objects that are not valid in the Rule Base.
To publishe you must fx theerrors.
Question 33
You are working with multple Security Gateways enforcing an extensive number of rules. To simplify
security administratone which acton would you choose?
A. Eliminate all possible contradictory rules such as the Stealth orCleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network object that restrict all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and confgure each SecurityGateway directly.
Aoswern B
Question 34
Harriet wants to protect sensitve informaton from intentonal loss when users browse to a specifc URL:
htps:::personal.mymail.come which blade will she enable to achieve her goal?
A. DLP
B. SSL Inspecton
C. Applicaton Control
D. URL Filtering
Aoswern A
Explanaton:
Check Point revolutonizes DLP by combining technology and processes to move businesses from passive
detecton to actve Data Loss Preventon. Innovatve MultSpectt data classifcaton combines usere
content and process informaton to make accurate decisionse while UserCheckt technology empowers
users to remediate incidents in real tme. Check Point’s self-educatng network-based DLP soluton frees
IT:security personnel from incident handlingand educates users on proper data handling policies—
protectng sensitve corporate informaton from both intentonal and unintentonal loss.
Question 35
To optmize Rule Base efciency the most hit rules should be where?
A. Removed from the Rule Base.

B. Towards the middle of theRule Base.
C. Towards the top of the Rule Base.
D. Towards the botom of the Rule Base.
Aoswern C
Explanaton:
It is logical that if lesser rules are checked for the matched rule to be found the lesser CPU cycles the
device is using. Checkpoint match a session from the frst rule on top tll the last on the botom.
Question 36
Which of the following is NOT a license actvaton method?
A. SmartConsole Wizard
B. Online Actvaton
C. License Actvaton Wizard
D. Ofine Actvaton
Aoswern A
Question 37
Which policy type has its own Exceptons secton?
A. Thread Preventon
B. Access Control
C. Threat Emulaton
D. Desktop Security
Aoswern A
Explanaton:
The Exceptons Groups pane lets you defne excepton groups. When necessarye you can createexcepton
groups to use in the Rule Base. An excepton group contains one or more defned exceptons. This opton
facilitates ease-of-use so you do not have to manually defne exceptons in multple rules for commonly
required exceptons. You can choose towhich rules you want to add excepton groups. This means they
can be added to some rules and not to otherse depending on necessity.
Question 38
By defaulte which port does the WebUI listen on?
A. 80
B. 5535
C. 553
D. 8080
Aoswern C
Explanaton:
To confgure Security Management Server on Gaia:
Question 39
When doing a Stand-Alone Installatone you would install the Security Management Server with which
other Check Point architecture component?
A. Nonee Security Management Server would be installed by itself.

B. SmartConsole
C. SecureClient
D. Security Gateway
Aoswern D
Explanaton:
There are diferent deployment scenarios for Check Point sofware products.
Question 40
Which optons are given on featurese when editng a Role on Gaia Platorm?
A. Read:Writee Read Only

B. Read:Writee Read onlye None
C. Read:Writee None
D. Read Onlye None
Aoswern B
Explanaton:
RolesRole-based administraton (RBA) lets you create administratve roles for users. With RBAe an
administrator can allowGaia users to access specifed features by including those features in a role and
assigning that role to users. Each role can include a combinaton of administratve (read:write) access to
some featurese monitoring (readonly) access to other featurese andno access to other features.
You can also specify which access mechanisms (WebUI or the CLI) are available to the user.
Note - When users log in to the WebUIe they see only those features that they have read-only or
read:write access to. If they have read-only access to a featuree they can see the setngs pagese but
cannot change the setngs.
Gaia includes these predefned roles:
You cannot delete or change the predefned roles.
Note - Do not defne a new user for external users. An external user is one that is defned on an
authentcaton server (such as RADIUS or TACACS) and not on the local Gaia system.
Question 41
What is the default tme length that Hit Count Data is kept?
A. 3 month
B. 5 weeks
C. 12 months
D. 6 months
Aoswern D
Explanaton:
Keep Hit Count data up to -Select one of the tmerange optons. The default is 6 months. Data is kept in
the Security Management Server database for this period and is shown in the Hits column.
Question 42
Choose the Best place to fnd a Security Management Server backup fle named backup_fwe on a Check
Point Appliance.
A. :var:log:Cpbackup:backups:backup:backup_fw.tgs
B. :var:log:Cpbackup:backups:backup:backup_fw.tar
C. :var:log:Cpbackup:backups:backups:backup_fw.tar
D. :var:log:Cpbackup:backups:backup_fw.tgz
Aoswern D
Explanaton:
Gaia's Backup feature allows backing upthe confguraton of the Gaia OS and of the Security
Management server databasee or restoring a previously saved confguraton.
The confguraton is saved to a .tgz fle in the following directory:
Gaia OS Version
Hardware
Local Directory
R75.50 - R77.20
Check Point appliances
:var:log:CPbackup:backups:
Open Server
:var:CPbackup:backups:
R77.30
Check Point appliances
:var:log:CPbackup:backups:
Open Server
Question 43
With which command can view the running confguraton of Gaia-based system.
A. show conf-actve
B. show confguraton actve
C. show confguraton
D. show running-confguraton
Aoswern C
Question 44
Which of the following is TRUE regarding Gaia command line?

A. Confguraton changes should be done in mgmt_cli and use CLISH for monitoringe Expert mode is used
only for OS level tasks.
B. Confguraton changes should bedone in expert-mode and CLISH is used for monitoring.
C. Confguraton changes should be done in mgmt-cli and use expert-mode for OS-level tasks.
D. All confguraton changes should be made in CLISH and expert-mode should be used for OS-level
tasks.
Aoswern D
Question 45
If there are two administrators logged in at the same tme to the SmartConsolee and there are objects
locked for editnge what must be done to make them available to other administrators? Choose the BEST
answer.
A. Publish ordiscard the session.

B. Revert the session.
C. Save and install the Policy.
D. Delete older versions of database.
Aoswern A
Explanaton:
To make changes available to all administratorse and to unlock the objects and rules that are being
editede the administrator must publish the session.
To make your changes available to other administratorse and to save the database before installing a
policye you must publish the session. When you publish a sessione a new database version is created.
When you selectInstall Policye you are prompted to publish all unpublished changes. You cannot install a
policy if the included changes are not published.
Question 46
Which one of the following is the preferred licensing model? Select the Best answer.
A. Locallicensing because it tes the package license to the IP-address of the gateway and has no
dependency of the Security Management Server.
B. Central licensing because it tes the package license to the IP-address of the Security Management
Server and has nodependency of the gateway.
C. Local licensing because it tes the package license to the MAC-address of the gateway management
interface and has no Security Management Server dependency.
D. Central licensing because it tes the package license to the MAC-address of the Security Management
Server Mgmt-interface and has no dependency of the gateway.
Aoswern B
Explanaton:
Central License
A Central License is a license atached to the Security Management server IP addresse rather than the
gateway IP address.The benefts of a Central License are:
Question 47
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the
systems this waye how many machines will he need if he does NOT include a SmartConsole machine in
his calculatons?
A. One machinee but itneeds to be installed using SecurePlatorm for compatbility purposes.
B. One machine
C. Two machines
D. Three machines
Aoswern C
Explanaton:
One for Security Management Server and the other one for the Security Gateway.
Question 48
Fill in the blank: A new license should be generated and installed in all of the following situatons EXCEPT
when ________ .
A. The license is atached to the wrong Security Gateway

B. The existng license expires
C. The license is upgraded
D. The IP address of the Security Management or Security Gateway has changed
Aoswern A
Explanaton:
There is no need to generate new license in this situatone just need to detach license from wrong
Security Gateway and atach it to the right one.
Question 49
What is the default shell for the command line interface?
A. Expert
B. Clish
C. Admin
D. Normal
Aoswern B
Explanaton:
The default shell of the CLI is called clish
Question 50
When you upload a package or license to the appropriate repository in SmartUpdatee where is the
package or license stored
A. Security Gateway
B. Check Point user center
C. Security Management Server
D. SmartConsole installed device
Aoswern C
Explanaton:
SmartUpdate installs two repositories on the Security Management server:
The Package Repository requires a separate licensee in additon to the license for the Security
Management server. This license should stpulate the number of nodes that can be managed in
the Package Repository.
Question 51
Fill in the blank: The tool _______ generates a R80 Security Gateway confguraton report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Aoswern C
Explanaton:
CPInfo is an auto-updatableutlity that collects diagnostcs data on a customer's machine at the tme of
executon and uploads it to Check Point servers (it replaces the standalone cp_uploader utlity for
uploading fles to Check Point servers).
The CPinfo output fle allowsanalyzing customer setups from a remote locaton. Check Point support
engineers can open the CPinfo fle in a demo modee while viewing actual customer Security Policies and
Objects. This allows the in-depth analysis of customer's confguraton and environment setngs.
When contactng Check Point Supporte collect the cpinfo fles from the Security Management server and
Security Gateways involved in your case.
Question 52
Which of the following commands can be used to remove site-to-site IPSEC Security Associatons (SA)?
A. vpn tu
B. vpn ipsec remove -l
C. vpn debug ipsec
D. fw ipsec tu
Aoswern A
Explanaton:
vpn tuDescripton Launch the TunnelUtl tool which isused to control VPN tunnels.
Usagevpn tu
vpn tunnelutl
Examplevpn tu
Output
********** Select Opton **********
(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user(Client)
(5) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(0) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users
(Q) Quit
Question 53
Which of the following is NOT an authentcaton scheme used for accounts created through
SmartConsole?
A. Security questons
B. Check Point password
C. SecurID
D. RADIUS
Aoswern A
Explanaton:
Authentcaton Schemes :- Check Point Password
- Operatng System Password
- RADIUS
- SecurID
- TACAS
-Undefned If a user with an undefned authentcaton scheme ismatched to a Security Rule with some
form of authentcatone access isalways denied.
Question 54
Which pre-defned Permission Profle should be assigned to an administrator that requires full access to
audit all confguratons without modifying them?
A. Auditor
B. Read Only All
C. Super User
D. Full Access
Aoswern B
Explanaton:
To create a new permission profle:
The New Profle window opens.
Question 55
Packages and licenses are loaded from all of theses sources EXCEPT
A. Download Center Web site

B. UserUpdate
C. User Center
D. Check Point DVD
Aoswern B
Explanaton:
Packages and licenses are loaded into these repositories from severalsources:
Question 56
Which of the following technologies extracts detailed informaton from packets and stores that
informaton in state tables?
A. INSPECT Engine
B. Stateful Inspecton
C. Packet Filtering
D. Applicaton Layer Firewall
Aoswern B
Question 57
On the following graphice you will fnd layers of policies.
What is a precedence of trafc inspecton for the defned polices?
A. A packet arrives at the gatewaye it is checked against the rules in the networks policy layer and then if
implicit Drop Rule drops the packete it comes next to IPS layer and then afer acceptng the packet it
passes to Threat Preventon layer.
B. A packet arrives at the gatewaye it is checked against the rules in the networks policy layer and then if
there is any rule which accepts the packete it comes next to IPS layer and then afer acceptng the packet
it passes to Threat Preventonlayer
C. A packet arrives at the gatewaye it is checked against the rules in the networks policy layer and then if
there is any rule which accepts the packete it comes next to Threat Preventon layer and then afer
acceptng the packet it passes to IPS layer.
D. A packet arrives at the gatewaye it is checked against the rules in IPS policy layer and then it comes
next to the Network policy layer and then afer acceptng the packet it passes to Threat Preventon layer.
Aoswern B
Explanaton:
To simplify Policy managemente R80 organizes the policy into Policy Layers. A layer is a set of rulese or a
Rule Base.
For examplee when you upgrade to R80 from earlier versions:
When the gateway matches a rule in a layere it starts to evaluate the rules in the next layer.
All layers are evaluated in parallel
Question 58
Tina is a new administrator who is currently reviewing the new Check Point R80 Management console
interface. In the Gateways viewe she is reviewing the Summary screen as in the screenshot below. What
as an 'Open Server'?
A. Check Point sofware deployed on a non-Check Point appliance.
B. The Open Server Consortum approved Server Hardware usedfor the purpose of Security and
Availability.
C. A check Point Management Server deployed using the Open Systems Interconnecton (OSI) Server and
Security deployment model.
D. A check Point Management Server sofware using the Open SSL.
Aoswern A
Explanaton:
Open Server
Non-Check Point hardware platorm that is certfed by Check Point as supportng Check Point products.
Open Servers allow customers the fexibility of deploying Check Point sofware on systems which have
not been pre-hardened orpre-installed (servers running standard versions of Solarise Windowse Red Hat
Linux).
Question 59
Choose the BEST describes the Policy Layer Trafc Inspecton?
A. If a packet does not match any of the inline layerse the matching contnues to the next Layer.
B. If a packet matches an inline layere it will contnue matching the next layer.
C. If a packet does not match any of the inline layerse the packet will be matched against the Implicit
Clean-up Rule.
D. If a packet does not match a Network Policy Layere the matching contnues to its inline layer.
Aoswern B
Question 60
What are the three confict resoluton rules in the Threat Preventon Policy Layers?
A. Confict on actone confict on exceptone and confict on setngs
B. Confict on scopee confict on setngse and confict on excepton
C. Confict on setngse confict on addresse and confict on excepton
D. Confict on actone confict on destnatone and confict on setngs
Aoswern C
Question 61
What does the “unknown” SIC status shown on SmartConsole mean?
A. The SMS can contact the Security Gateway but cannot establish Secure Internal Communicaton.
B. SIC actvaton key requires a reset.
C. The SIC actvaton key is not known by any administrator.
D. There is no connecton between the Security Gateway and SMS.
Aoswern D
Explanaton:
The most typical status is Communicatng. Any other statusindicates that the SIC communicaton is
problematc. For examplee if the SIC status is Unknown then there is no connecton between the
Gateway and the Security Management server. If the SIC status is Not Communicatnge the Security
Management server is able to contact the gatewaye but SIC communicaton cannot be established.
Question 62
Kofe the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port
number currently set on the default HTTPS port. Which CLISH commands are required to be able to
change this TCP port?
A. set web ssl-port <new port numbers
B. set Gaia-portal <new port numbers
C. set Gaia-portal htps-port <new port numbers
D. set web htps-port <new port numbers
Aoswern A
Explanaton:
HostNames set web ssl-port <Port_Numbers
HostNames save confg
[Expert@HostName]m grep 'htpd:ssl_port' :confg:db:inital
Question 63
Fill in the blank: Browser-based Authentcaton sends users to a web page to acquire identtes using
________ .
A. User Directory
B. Captve Portaland Transparent Kerberos Authentcaton
C. Captve Portal
D. UserCheck
Aoswern B
Explanaton:
To enable Identty Awareness:
The Identty Awareness Confguraton wizard opens.
Question 64
Which default user has full read:write access?
A. Monitor
B. Altuser
C. Administrator
D. Superuser
Aoswern C
Question 65
Fill in the blank: The _________ collects logs and sends them to the _________ .
A. Log server;security management server

B. Log server; Security Gateway
C. Security management server; Security Gateway
D. Security Gateways; log server
Aoswern D
Question 66
The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is _______ .
A. TCP 18211
B. TCP 257
C. TCP 5533
D. TCP 553
Aoswern D
Question 67
Fill in the blank: To build an efectve Security Policye use a ________ and _______ rule.
A. Cleanup; stealth
B. Stealth; implicit
C. Cleanup; default
D. Implicit; explicit
Aoswern A
Question 68
Which type of Check Point license is ted to the IP address of a specifc Security Gateway and cannot be
transferred to a gateway that has a diferent IP address?
A. Central
B. Corporate
C. Formal
D. Local
Aoswern D
Question 69
Which utlity shows the security gateway general system informaton statstcs like operatng system
informaton and resource usagee and individual sofware blade statstcs of VPNe Identty Awareness and
DLP?
A. cpconfg
B. fwctl pstat
C. cpview
D. fw ctl multk stat
Aoswern C
Explanaton:
CPView Utlity is a text based built-in utlity that can be run ('cpview' command) on Security Gateway :
Security Management Server : Mult-Domain Security Management Server. CPView Utlityshows
statstcal data that contain both general system informaton (CPUe Memorye Disk space) and informaton
for diferent Sofware Blades (only on Security Gateway). The data is contnuously updated in easy to
access views.
Question 70
The following graphic shows:

A. View from SmartLog for logs initated from source address 10.1.1.202
B. View from SmartView Tracker for logs of destnaton address 10.1.1.202
C. View from SmartView Tracker for logs initated from source address 10.1.1.202
D. Viewfrom SmartView Monitor for logs initated from source address 10.1.1.202
Aoswern C
Question 71
In R80e Unifed Policy is a combinaton of
A. Access control policye QoS Policye Desktop Security Policy and endpoint policy.
B. Access control policye QoS Policye Desktop Security Policy and Threat Preventon Policy.
C. Firewall policye address Translaton and applicaton and URL flteringe QoS Policye Desktop Security
Policy and Threat Preventon Policy.
D. Access control policye QoS Policye DesktopSecurity Policy and VPN policy.
Aoswern D
Explanaton:
D is the best answer given the choices.
Unifed Policy
In R80 the Access Control policy unifes the policies of these pre-R80 Sofware Blades:
Question 72
Fill in the blank: The command __________ provides the most complete restoraton of a R80
confguraton.
A. upgrade_import
B. cpconfg
C. fwm dbimport -p <export fles
D. cpinfo -recover
Aoswern A
Explanaton:
(Should be "migrate import")
"migrate import" Restores backed up confguraton for R80 versione in previous versions the command
was "upgrade_import".
Question 73
The Gaia operatng system supports which routng protocols?
A. BGPe OSPFe RIP

B. BGPe OSPFe EIGRPe PIMe IGMP
C. BGPe OSPFe RIPe PIMe IGMP
D. BGPe OSPFe RIPe EIGRP
Aoswern A
Explanaton:
The Advanced Routng SuiteThe Advanced Routng Suite CLI is available as part of the Advanced
Networking Sofware Blade.
For organizatons looking to implement scalablee fault-tolerante secure networkse the Advanced
Networking blade enables them to run industry-standard dynamic routng protocols including BGPe OSPFe
RIPv1e and RIPv2 on security gateways. OSPFeRIPv1e and RIPv2 enable dynamic routng over a single
autonomous system—like a single departmente companye or service provider—to avoid network failures.
BGP provides dynamic routng support across more complex networks involving multple autonomous
systems—such as when a company uses two service providers or divides a network into multple areas
with diferent administrators responsible for the performance of each.
Question 74
Joey wants to confgure NTP on R80 Security Management Server. He decided to do this via WebUI.
What is the correct address to access the Web UI for Gaia platorm via browser?
A. Error! Hyperlink reference not valid.

B. Error! Hyperlink reference not valid.
C. Error! Hyperlink reference not valid.
D. Error! Hyperlink reference not valid.
Aoswern A
Explanaton:
Accessto Web UI Gaiaadministraton interfacee initate a connecton from a browser to the default
administraton IP address: Logging in to the WebUI
Logging in
To log in to the WebUI:
Error! Hyperlink reference not valid. IP addresss
Question 75
Which applicaton should you use to install a contract fle?
A. SmartView Monitor
B. WebUI
C. SmartUpdate
D. SmartProvisioning
Aoswern C
Explanaton:
Using SmartUpdate: If you already use an NGX R65 (or higher) Security Management : Provider-1 :
Mult-Domain Management Servere SmartUpdate allows you to import the service contract fle that you
have downloaded in Step m3.
Open SmartUpdate and from theLaunch Menu select 'Licenses & Contracts' -s 'Update Contracts' -s
'From File...' and provide the path to the fle you have downloaded in Step m3:
Note: If SmartUpdate is connected to the Internete you can download the service contract fle directly
fromthe UserCenter without going through the download and import steps.
Question 76
Which feature is NOT provided by all Check Point Mobile Access solutons?
A. Support for IPv6

B. Granular access control
C. Strong user authentcaton
D. Secure connectvity
Aoswern A
Explanaton:
Types of SolutonsAll of Check Point's Remote Access solutons provide:
Question 77
You work as a security administrator for a large company. CSO of your company has atended a security
conference where he has learnt how hackers constantly modify their strategies and techniques to evade
detecton and reach corporate resources. He wants to make sure that his company has the right
protectons in place. Check Point has been selected for the security vendor. Which Check Point products
protects BEST against malware and zero-day atacks while ensuring quick delivery of safe content to your
users?
A. IPS and Applicaton Control

B. IPSe ant-virus and ant-bot
C. IPSe ant-virus and e-mail security
D. SandBlast
Aoswern D
Explanaton:
SandBlast Zero-Day Protecton
Hackers constantly modify their strategies and techniques to evade detecton and reach corporate
resources. Zero-day exploit protecton from Check Point provides adeeper level of inspecton so you can
prevent more malware and zero-day atackse while ensuring quick delivery of safe content to your
users.Reference:htps:::www.checkpoint.com:products-solutons:zero-day-protecton:
Question 78
Fill in the blank: Each cluster has __________ interfaces.
A. Five
B. Two
C. Three
D. Four
Aoswern C
Explanaton:
Each cluster member has three interfaces: one external interfacee oneinternal interfacee and one for
synchronizaton. Cluster member interfaces facing in each directon are connected via a switche routere or
VLAN switch.
Question 79
What are the three essental components of the Check Point Security Management Architecture?
A. SmartConsolee Security Management Servere Security Gateway

B. SmartConsolee SmartUpdatee Security Gateway
C. Security Management Servere Security Gatewaye Command Line Interface
D. WebUIe SmartConsolee Security Gateway
Aoswern A
Explanaton:
DeploymentsBasic deployments:
Assume an environment with gateways on diferent sites. Each SecurityGateway connects to the Internet
on one sidee and to a LAN on the other.
You can create a Virtual Private Network (VPN) between the two Security Gatewayse to secure all
communicaton between them.
The Security Management server is installed in the LANe andis protected by a Security Gateway. The
Security Management server manages the Security Gateways and lets remote users connect securely to
the corporate network. SmartDashboard can be installed on the Security Management server or another
computer.
Therecan be other OPSEC-partner modules (for examplee an Ant-Virus Server) to complete the network
security with the Security Management server and its Security Gateways.
Question 80
What are the two types of address translaton rules?
A. Translated packet and untranslated packet

B. Untranslated packet and manipulated packet
C. Manipulated packet and original packet
D. Original packet and translated packet
Aoswern D
Explanaton:
NAT Rule BaseThe NAT Rule Base has two sectons that specify how the IP addresses are translated:
Question 81
You are unable to login to SmartDashboard. You log into the management server and run mcpwd_admin
list with the following output:
What reason could possibly BEST explain why you are unable to connect to SmartDashboard?
A. CDP is down
B. SVR is down
C. FWM is down
D. CPSM is down
Aoswern C
Explanaton:
The correct answer would be FWM (is the process making available communicaton between
SmartConsole applicatons and Security Management Server.). STATE is T (Terminate = Down)
Explanaton :
Symptoms
[Expert@HostName:0]m ps -aux | grep fwm
[Expert@HostName:0]m cpwd_admin start -name FWM -path "$FWDIR:bin:fwm" -command "fwm"
Question 82
What does ExternalZone represent in the presented rule?
A. The Internet.
B. Interfaces that administrator has defned to be part of External Security Zone.
C. External interfaces on all security gateways.
D. External interfaces of specifc gateways.
Aoswern B
Explanaton:
Confguring Interfaces
Confgure the Security Gateway 80 interfaces in the Interfaces tab in the Security Gateway window.
To confgure the interfaces:
The Security Gateway windowopens.
The Edit window opens.
Question 83
Fill in the blank: The R80 utlity fw monitor is used to troubleshoot _____________
A. User data base corrupton

B. LDAP conficts
C. Trafc issues
D. Phase two key negotaton
Aoswern C
Explanaton:
CheckPoint's FW Monitor is a powerful built-in tool for capturing network trafc at the packet level.
The FW Monitor utlity captures network packets at multple capture points along the FireWall
inspecton chains. These captured packets can be inspected laterusing the WireShark
Question 84
What are the two high availability modes?
A. Load Sharing and Legacy

B. Traditonal and New
C. Actve and Standby
D. New and Legacy
Aoswern D
Explanaton:
ClusterXL has four working modes. This secton briefy describes each mode and its relatve advantages
and disadvantages.
Question 85
Fill in the blank: The R80 feature ________ permits blocking specifc IP addresses for a specifed tme
period.
A. Block Port Overfow

B. Local Interface Spoofng
C. Suspicious Actvity Monitoring
D. Adaptve Threat Preventon
Aoswern C
Explanaton:
Explanaton :
Suspicious Actvity Rules SolutonSuspicious Actvity Rules is a utlity integrated into SmartView Monitor
that is used to modify access privileges upon detecton of any suspicious network actvity (for examplee
several atempts to gain unauthorized access).
The detecton of suspicious actvity is based on thecreaton of Suspicious Actvity rules. Suspicious
Actvity rules are Firewall rules that enable the system administrator to instantly block suspicious
connectons that are not restricted by the currently enforced security policy. These rulese once set
(usually with an expiraton date)e can be applied immediately without the need to perform an Install
Policy operaton
Question 86
Which Threat Preventon Sofware Blade provides comprehensive against malicious and unwanted
network trafce focusing on applicaton and server vulnerabilites?
A. Ant-Virus
B. IPS
C. Ant-Spam
D. Ant-bot
Aoswern B
Explanaton:
The IPS Sofware Blade provides a complete Intrusion Preventon System security solutone providing
comprehensive network protecton against malicious and unwanted network trafce including:
Question 87
What is the purpose of Captve Portal?
A. It provides remote access to SmartConsole

B. It manages user permission in SmartConsole
C. It authentcates userse allowing them access to the Internet and corporate resources
D. It authentcates userse allowing them access to the Gaia OS
Aoswern C
Explanaton:
Reference :htps:::www.checkpoint.com:products:identty-awareness-sofware-blade:
Question 88
While enabling the Identty Awareness blade the Identty Awareness wizard does not automatcally
detect the windows domain. Why does it not detect the windows domain?
A. Security Gateways is not part of the Domain

B. SmartConsole machine is not part ofhe domain
C. SMS is not part of the domain
D. Identty Awareness is not enabled on Global propertes
Aoswern B
Explanaton:
See Choosing Identty Sources.
Note - When you enable Browser-Based Authentcaton on a Security Gateway that is on an IP Series
appliancee make sure to set the Voyagermanagement applicaton port to a port other than 553 or 80.
The Integraton With Actve Directory window opens.
When SmartDashboard is part of the domaine SmartDashboard suggests this domain automatcally. If
you select this domaine the systemcreates an LDAP Account Unit with all of the domain controllers in the
organizaton's Actve Directory.
Question 89
View the rule below. What does the lock-symbol in the lef column mean? Select the BEST answer.
A. The current administrator has read-only permissions to Threat Preventon Policy.

B. Another user has locked the rule for editng.
C. Confguraton lock is present. Click the lock symbol to gain read-write access.
D. The current administrator is logged in as read-only because someone else is editng the policy.
Aoswern B
Explanaton:
Administrator Collaboraton
More than one administrator can connect to the Security Management Server at the same tme. Every
administrator has their own usernamee and works in a session that is independent of the other
administrators.
session starts. The changes that the administrator makes during the session are only available to that
administrator. Other administrators see a lock icon on object and rules that are being edited.
Question 90
When atemptng to start a VPN tunnele in the logs the error 'no proposal chosen' is seen numerous
tmes. No other VPN-related log entries are present. Which phase of the VPN negotatons has failed?
A. IKE Phase 1
B. IPSEC Phase 2
C. IPSEC Phase 1
D. IKE Phase 2
Aoswern D
Question 91
Which command is used to add users to or from existng roles?
A. Add rba user <User Names roles <Lists

B. Add rba user <User Names
C. Add user <User Names roles <Lists
D. Add user <User Names
Aoswern A
Explanaton:
Confguring Roles - CLI (rba)
Descripton
Syntax
add rba role <Names domain-type System
readonly-features <Lists
readwrite-features <Lists
add rba user <User names access-mechanisms [Web-UI | CLI]
add rba user <User Names roles <Lists
delete rba role <Names
delete rba role <Names
readonly-features <Lists
readwrite-features <L
delete rba user <User Names access-mechanisms[Web-UI | CLI]
delete rba user <User Names roles <Lists
Question 92
You are the administrator for Alpha Corp. You have logged into your R80 Management server. You are
making some changes in the Rule Base and notce that rule No.6 has a pencil icon next to it.
What does this mean?
A. The rule No.6 has been marked for deletonin your Management session.
B. The rule No.6 has been marked for deleton in another Management session.
C. The rule No.6 has been marked for editng in your Management session.
D. The rule No.6 has been marked for editng in another Management session.
Aoswern C
Question 93
Which type of the Check Point license tes the package license to the IP address of the Security
Management Server?
A. Local
B. Central
C. Corporate
D. Formal
Aoswern B
Question 94
What is NOT an advantage of Packet Filtering?
A. Low Security and No Screening above Network Layer

B. Applicaton Independence
C. High Performance
D. Scalability
Aoswern A
Explanaton:
Packet Filter Advantages and Disadvantages
Advantages
Disadvantages
Applicaton independence
Low security
High performance
No screening above the network layer
Scalability
Question 95
In the Check Point three-tered architecturee which of the following is NOT a functon of the Security
Management Server (Security Management Server)?
A. Display policies and logs on the administrator's workstaton.

B. Verify and compile Security Policies.
C. Processing andsending alerts such as SNMP traps and email notfcatons.
D. Store frewall logs to hard drive storage.
Aoswern A
Question 96
Web Control Layer has been set up using the setngs in the following dialogue:
Consider the following policy and select the BEST answer.
A. Trafc that does not match any rule in the subpolicy is dropped.
B. All employees can access only Youtube and Vimeo.
C. Access to Youtube and Vimeo is allowed only once a day.
D. Anyone from internal network can access theinternete expect the trafc defned in drop rules 5.2e 5.5
and 5.6.
Aoswern D
Explanaton:
Policy Layers and Sub-PoliciesR80 introduces the concept of layers and sub-policiese allowing you to
segment your policy according to your network segments orbusiness units:functons. In additone you
can also assign granular privileges by layer or sub-policy to distribute workload and tasks to the most
qualifed administrators
Question 97
Which of the following are types of VPN communicates?

A. Pentagone stare and combinaton
B. Stare octagone and combinaton
C. Combined and star
D. Meshede stare and combinaton
Aoswern D
Question 98
Fill in the blank: RADIUS protocol uses ______ to communicate with the gateway.
A. UDP
B. TDP
C. CCP
D. HTTP
Aoswern A
Explanaton:
Parameters:
Parameter
Descripton
port
UDPport on the RADIUS server. This value must match the port as confgured on the RADIUS server.
Typically this 1812 (default) or 1655 (non-standard but a commonly used alternatve).
Question 99
When a packet arrives at the gatewaye the gateway checks it against the rules in the top Policy Layere
sequentally from top to botome and enforces the frst rule that matches a packet. Which of the
following statements about the order of rule enforcement is true?
A. If the Acton is Accepte the gateway allows the packet to pass through the gateway.
B. If the Acton is Drope the gateway contnues to check rules in the next Policy Layer down.
C. If the Acton is Accepte the gateway contnues to check rules in the next Policy Layer down.
D. Ifhe Acton is Drope the gateway applies the Implicit Clean-up Rule for that Policy Layer.
Aoswern C
Explanaton:
NEW QUESTIONS
Question 100
Ofce mode means that:

A. SecureID client assigns a routable MAC address. Afer the user authentcates for a tunnele the VPN
gateway assigns a routable IP address to the remote client.
B. Users authentcate with an Internet browser and use secure HTTPS connecton.
C. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
D. Allows a security gateway to assign a remote client an IP address. Afer the user authentcates for a
tunnele the VPN gateway assigns a routable IP address to the remote client.
Aoswern D
Explanaton:
Ofce Mode enables a Security Gateway to assign internal IP addresses to SecureClient users. This IP
address will not be exposed to the public networke but is encapsulated inside the VPN tunnel between
the client and the Gateway. The IP to be used externally should be assigned to the client in the usual way
by the Internet Service provider used for the Internet connecton. This mode allows a Security
Administrator to control which addresses are used by remote clients inside the local network and makes
them part of the local network. The mechanism is based on an IKE protocol extension through which the
Security Gateway can send an internal IP address to the client.
Question 101
Administrator wishes to update IPS from SmartConsole by clicking on the opton “update now” under
the IPS tab. Which device requires internet access for the update to work?
A. Security Gateway
B. Device where SmartConsole is installed
C. SMS
D. SmartEvent
Aoswern C
Explanaton:
Updatng IPS ManuallyYou can immediately update IPS with real-tme informaton on atacks and allthe
latest protectons from the IPS website. You can only manually update IPS if a proxy is defned in Internet
Explorer setngs.
To obtain updates of all the latest protectons from the IPS website:
The LAN Setngs window opens.
Thesetngs for the Internet Explorer proxy server are confgured.
If you chose to automatcally mark new protectons for Follow Upe you have the opton to open the
Follow Up page directly to see the new protectons.
Question 102
Jack works for a managed service provider and he has been tasked to create 17 new policies for several
new customers. He does not have much tme. What is the BEST way to do this with R80 security
management?
A. Create a text-fle withmgmt_cliscript that creates all objects and policies. Open thefle in
SmartConsole Command Line to run it.
B. Create a text-fle with Gaia CLI -commands in order to create all objects and policies. Run the fle in
CLISH with commandload confguraton.
C. Create a text-fle with DBEDIT script that creates allobjects and policies. Run the fle in the command
line of the management server using commanddbedit -f.
D. Use Object Explorer in SmartConsole to create the objects and Manage Policies from the menu to
create the policies.
Aoswern A
Explanaton:
Did youknow: mgmt_cli can accept csv fles as inputs using the --batch opton.
The frst row should contain the argument names and the rows below it should hold the values for these
parameters.
So an equivalent soluton to the powershell script could look likethis:
data.csv:
name
ipv5-address
color
host1
102.168.35.1
black
host2
102.168.35.2
red
host3
102.168.35.3
blue
mgmt_cli add host --batch data.csv -u <usernames -p <passwords -m <management servers
This can work with any type of command not just"add host" : simply replace the column names with the
ones relevant to the command you need.
Question 103
When Identty Awareness is enablede which identty source(s) is(are) used for Applicaton Control?
A. RADIUS
B. Remote Access and RADIUS
C. AD Query
D. AD Query and Browser-based Authentcaton
Aoswern D
Explanaton:
Identty Awareness gets identtes from these acquisiton sources:
Question 104
Which of the following is NOT a back up method?
A. Save backup
B. System backup
C. snapshot
D. Migrate
Aoswern A
Explanaton:
The built-in Gaiabackup procedures:
Check Point provides three diferent procedures for backing up (and restoring) the operatng system and
networking parameters on yourappliances.
Question 105
Which of the following is NOT an advantage to using multple LDAP servers?
A. You achieve a faster access tme by placing LDAP servers containing the database at remotesites
B. Informaton on a user is hiddene yet distributed across several servers
C. You achieve compartmentalizaton by allowing a large number of users to be distributed across several
servers
D. You gain High Availability by replicatng the same informaton on several servers
Aoswern A
Question 106
Which Check Point sofware blade prevents malicious fles from entering a network using virus
signatures and anomaly-based protectons from ThreatCloud?
A. Firewall
B. Applicaton Control
C. Ant-spamand Email Security
D. Antvirus
Aoswern D
Explanaton:
The enhanced Check Point Antvirus Sofware Blade uses real-tme virus signatures and anomaly-based
protectons from ThreatCloudte the frst collaboratve network to fght cybercrimee to detect and block
malware at the gateway before users are
afected.Reference:htps:::www.checkpoint.com:products:antvirus-sofware-blade:
Question 107
What is the default method for destnaton NAT?
A. Destnaton side
B. Source side
C. Server side
D. Client side
Aoswern D
Question 108
Choose what BEST describes a Session.
A. Starts when an Administratorpublishes all the changes made on SmartConsole.

B. Starts when an Administrator logs in to the Security Management Server through SmartConsole and
ends when it is published.
C. Sessions ends when policy is pushed to the Security Gateway.
D. Sessions locksthe policy package for editng.
Aoswern B
Explanaton:
administrator has their own usernamee and works in a session that isindependent of the other
administrators.
administrator. Other administrators see a lock icon on object and rules that are being edited.
Question 109
Which of the following is NOT a VPN routng opton available in a star community?
A. To satellites through center only

B. To centere or through the center to other satellitese to Internet and other VPN targets
C. To center and to other satellites throughcenter
D. To center only
Aoswern A,D
Explanaton:
SmartConsoleFor simple hubs and spokes (or if there is only one Hub)e the easiest way is to confgure a
VPN star community in R80 SmartConsole:
The two Dynamic Objects (DAIP Security Gateways) can securely route communicaton through the
Security Gateway with the statc IP address.
Question 110
What is the default shell of Gaia CLI?
A. Monitor
B. CLI.sh
C. Read-only
D. Bash
Aoswern B
Explanaton:
This chapter gives an introducton to the Gaia command line interface (CLI).
The default shell of the CLI is called clish.
Question 111
Which of the following licenses are considered temporary?
A. Perpetual and Trial

B. Plug-and-play and Evaluaton
C. Subscripton and Perpetual
D. Evaluaton and Subscripton
Aoswern B
Explanaton:
Should be Trial or Evaluatone even Plug-and-play (all are synonyms ). Answer B is the best choise.
Question 112
Where can administrator edit a list of trusted SmartConsole clients in R80?
A. cpconfgon aSecurity Management Servere in the WebUI logged into a Security Management Server.
B. Only using SmartConsole: Manage and Setngs s Permissions and Administrators s Advanced s
Trusted Clients.
C. Incpconfgon a Security Management Servere in the WebUI logged into a Security Management Servere
in SmartConsole:Manage and SetngssPermissions and AdministratorssAdvancedsTrusted Clients.
D. WebUI client logged to Security Management Servere SmartDashboard:Manage and
SetngssPermissions and AdministratorssAdvancedsTrusted Clientse viacpconfgon a Security Gateway.
Aoswern B
Explanaton:
To change trusted client setngs:
Question 113
Fill in the blanks: In the Network policy layere the default acton for the Implied last rule is ________ all
trafc. Howevere in the Applicaton Control policy layere the default acton is ________ all trafc.
A. Accept; redirect
B. Accept; drop
C. Redirect; drop
D. Drop; accept
Aoswern D
Question 114
Vanessa is a Firewall administrator. She wants to test a backup of her company’s producton Firewall
cluster Dallas_GW. She has a lab environment that is identcal to her producton environment. She
decided to restore producton backup via SmartConsole in lab environment. Which details she need to fll
in System Restore window before she can click OK buton and test the backup?
A. Servere SCPe Usernamee Passworde Pathe Commente Member

B. Servere TFTPe Usernamee Passworde Pathe Commente All Members
C. Servere Protocole Usernamee Passworde Pathe Commente All Members
D. Servere ProtocoleUsernamee Passworde Pathe Commente member
Aoswern C
Question 115
On the following picture an administrator confgures Identty Awareness:

Afer clicking “Next” the above confguraton is supported by:
A. Kerberos SSO which will be working forActve Directory integraton

B. Based on Actve Directory integraton which allows the Security Gateway to correlate Actve Directory
users and machines to IP addresses in a method that is completely transparent to the user
C. Obligatory usage of Captve Portal
D. The ports 553 or 80 what will be used by Browser-Based and confgured Authentcaton
Aoswern B
Explanaton:
Question 116
What does it mean if Bob gets this result on an object search? Refer to the image below. Choose the
BEST answer.
A. Search detailed is missing the subnet mask.
B. There is no object on the database with that name or that IP address.
C. There is no object on the database with that IP address.
D. Objectdoes not have a NAT IP address.
Aoswern B
Question 117
Why would an administrator see the message below?

A. A new Policy Package created on both the Management and Gateway will be deleted and must be
packed up frst before proceeding.
B. A newPolicy Package created on the Management is going to be installed to the existng Gateway.
C. A new Policy Package created on the Gateway is going to be installed on the existng Management.
D. A new Policy Package created on the Gateway and transferred tothe management will be overwriten
by the Policy Package currently on the Gateway but can be restored from a periodic backup on the
Gateway.
Aoswern B
Question 118
Fill in the blank: The _________ sofware blade enables Applicaton Security policies to allowe blocke or
limit website access based on usere groupe and machine identtes.
A. Applicaton Control
B. Data Awareness
C. URL Filtering
D. Threat Emulaton
Aoswern A
Question 119
At what point is the Internal Certfcate Authority (ICA) created?

A. Upon creaton of a certfcate
B. During the primary Security Management Server installaton process.
C. When an administrator decides to create one.
D. When an administrator initally logs into SmartConsole.
Aoswern B
Explanaton:
Introductonto the ICAThe ICA is a Certfcate Authority which is an integral part of the Check Point
product suite. It is fully compliant with X.500 standards for both certfcates and CRLs. See the relevant
X.500 and PKI documentatone as well as RFC 2550 standards for more informaton. You can read more
about Check Point and PKI in the R76 VPN Administraton Guide.
The ICA is located on the Security Management server. It is created during the installaton processe when
the Security Management server is confgured.
Question 120
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another
satellite VPN gateway?
A. Pentagon
B. Combined
C. Meshed
D. Star
Aoswern D
Explanaton:
VPN communites are based on Star and Mesh topologies. In a Mesh communitye there are VPN
connectons between each Security Gateway. In a Star communitye satellites have a VPN connecton with
the center Security Gatewaye but not to each other.
Question 121
Which informaton is included in the “Full Log” tracking optone but is not included in the “Log” tracking
opton?
A. fle atributes
B. applicaton informaton
C. destnaton port
D. data type informaton
Aoswern D
Question 122
In the R80 SmartConsolee on which tab are Permissions and Administrators defned?
A. Security Policies
B. Logs and Monitor
C. Manage and Setngs
D. Gateway and Servers
Aoswern C
Question 123
Which type of Endpoint Identty Agent includes packet tagging and computer authentcaton?
A. Full
B. Light
C. Custom
D. Complete
Aoswern A
Explanaton:
Endpoint Identty Agents – dedicated client agents installed on users’ computers that acquire and report
identtes to the Security Gateway.
Question 124
Fill in the blanks: The Applicaton Layer Firewalls inspect trafc through the ________ layer(s) of the
TCP:IP model and up to and including the ________ layer.
A. Lower; Applicaton
B. First two; Internet
C. First two; Transport
D. Upper; Applicaton
Aoswern A
Question 125
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The
cluster is confgured to work as HA (High availability) with default cluster confguraton. FW_A is
confgured to have higher priority than FW_B. FW_A was actve and processing the trafc in the
morning. FW_B was standby. Around 1100 ame its interfaces went down and this caused a failover. FW_B
became actve. Afer an houre FW_A’s interface issues were resolved and it became operatonal. When it
re-joins the clustere will it become actve automatcally?
A. Noe since “maintain current actve cluster member” opton on the cluster object propertes is enabled
by default
B. Noe since “maintain current actve cluster member” opton is enabled by default on the Global
Propertes
C. Yese since “Switch to higher priority cluster member” opton on the cluster object propertes is
enabled by default
D. Yese since “Switch to higher priority cluster member” opton is enabled by default on the Global
Propertes
Aoswern A
Explanaton:
What Happens When a Security Gateway Recovers?
In a Load Sharing confguratone when the failed Security Gateway in a cluster recoverse all connectons
are redistributed among all actve members. High Availability and Load Sharing in ClusterXL ClusterXL
Administraton Guide R77 Versions | 31 In a High Availability confguratone when the failed Security
Gateway in a cluster recoverse the recovery method depends on the confgured cluster setng. The
optons are:
• Maintain Current Actve Security Gatewaymeans that if one member passes on control to a lower
priority membere control will be returned to the higher priority member only if the lower priority
member fails. This mode is recommended if all members are equally capable of processing trafce in
order to minimize the number of failover events.
• Switch to Higher Priority Security Gateway means that if the lower priority member has control and the
higher priority member is restorede then control will be returned to the higher priority member. This
mode is recommended if one member is beter equipped for handling connectonse so it will be the
default Security Gateway.
Question 126
Afer the inital installaton the First Time Confguraton Wizard should be run. Select the BEST answer.
A. First Time Confguraton Wizard can be run from the Unifed SmartConsole.
B. First Time Confguraton Wizard can be run from the command line or from the WebUI.
C. Firstme Confguraton Wizard can only be run from the WebUI.
D. Connecton to the internet is required before running the First Time Confguraton wizard.
Aoswern B
Explanaton:
Check Point Security Gateway and Check Point Security Management requirerunning the First Time
Confguraton Wizard in order to be confgured correctly. The First Time Confguraton Wizard is available
in Gaia Portal and also through CLI.
To invoke the First Time Confguraton Wizard through CLIe run the confg_system commandfrom the
Expert shell.
Question 127
In order to modify Security Policies the administrator can use which of the following tools? Select the
BEST answer.
A. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
B. SmartConsole and WebUI on the Security Management Server.
C. mgmt_cli or WebUI on Security Gateway and SmartConsole on the Security Management Server.
D. SmartConsole or mgmt_cli on any computer where SmartConsole is installed.
Aoswern D
Question 128
Which of the following is NOT an element of VPN Simplifed Mode and VPN Communites?
A. “Encrypt” acton in the Rule Base

B. Permanent Tunnels
C. “VPN” column in the Rule Base
D. Confguraton checkbox “Accept all encrypted trafc”
Aoswern A
Explanaton:
Migratng from Traditonal Mode to Simplifed Mode
To migrate from Traditonal Mode VPN to Simplifed Mode:
1. On theGlobal PropertessVPNpagee select one of these optons:
•Simplifed mode to all new Firewall Policies
•Traditonal orSimplifed per new Firewall Policy
2. ClickOK.
3. From the R80 SmartConsoleMenue selectManage policies.
TheManage Policieswindow opens.
5. ClickNew.
TheNew Policywindow opens.
5. Give a name to the new policy and selectAccess Control.
Inthe Security Policy Rule Basee a new column markedVPNshows and theEncryptopton is no longer
available in theActoncolumn. You are now working in Simplifed Mode.
Question 129
Fill in the blanks: A Check Point sofware license consists of a _______ and _______ .
A. Sofware container; sofware package

B. Sofware blade; sofware container
C. Sofware package; signature
D. Signature; sofware blade
Aoswern B
Explanaton:
Check Point's licensing is designed to be scalable and modular. To this ende Check Point ofers both
predefned packages as well as the ability to custom build a soluton tailored to the needs of the Network
Administrator. This is accomplishedby the use of of the following license components:
Question 130
Fill in the blank: Once a license is actvatede a ________ should be installed.
A. License Management fle

B. Security Gateway Contract fle
C. Service Contract fle
D. License Contract fle
Aoswern C
Explanaton:
Service Contract FileFollowing the actvaton of the licensee a Service Contract File should be installed.
This fle contains important informaton about all subscriptons purchased for a specifc device and is
installed via SmartUpdate. A detailed explanaton of the Service Contract File can be found in sk33080.
Question 131
Which policy type is used to enforce bandwidth and trafc control rules?
A. Threat Emulaton
B. Access Control
C. QoS
D. Threat Preventon
Aoswern C
Explanaton:
Check Point's QoS SolutonQoS is a policy-based QoS management soluton from Check Point Sofware
Technologies Ltd.e satsfes your needsfor a bandwidth management soluton. QoS is a uniquee sofware-
only based applicaton that manages trafc end-to-end across networkse by distributng enforcement
throughout network hardware and sofware.
Question 132
Bob and Joe both have Administrator Roles on their Gaia Platorm. Bob logs in on the WebUI and then
Joe logs in through CLI. Choose what BEST describes the following scenarioe where Bob and Joe are both
logged in:
A. When Joe logs ine Bob will be log out automatcally.
B. Since they both are log in on diferent interfacese they both will be able to make changes.
C. If Joe tries to make changese he won'te database will be locked.
D. Bob will be prompt that Joe logged in.
Aoswern C
Question 133
Fill in the blank: When LDAP is integrated with Check Point Security Managemente it is then referred to
as _______
A. UserCheck
B. User Directory
C. User Administraton
D. User Center
Aoswern B
Explanaton:
Check Point User Directory integrates LDAPe and other external user management technologiese with the
Check Point soluton. If you have a large user counte werecommend that you use an external user
management database such as LDAP for enhanced Security Management Server performance.
Question 134
Which Check Point sofware blade provides protecton from zero-day and undiscovered threats?
A. Firewall
B. Threat Emulaton
D. Threat Extracton
Aoswern D
Explanaton:
SandBlast Threat Emulaton
As part of the Next Generaton Threat Extracton sofware bundle (NGTX)e the SandBlast Threat
Emulaton capability prevents infectons from undiscovered exploits zero-day and targeted atacks. This
innovatve soluton quickly inspects fles and runs them in a virtual sandbox to discover malicious
behavior. Discovered malware is prevented from entering the network.
Question 135
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
A. assign privileges to users.
B. edit the home directory of the user.
C. add users to your Gaia system.
D. assign user rights to their home directory in the Security Management Server
Aoswern D
Explanaton:
UsersUse the WebUI and CLI to manage user accounts. You can:
Question 136
Look at the following screenshot and select the BEST answer.
A. Clients external to the Security Gateway can download archive fles from FTP_Ext server using FTP.
B. Internal clients can upload and download any-fles to FTP_Ext-server using FTP.
C. Internal clients can upload and download archive-flesto FTP_Ext server using FTP.
D. Clients external to the Security Gateway can upload any fles to the FTP_Ext-server using FTP.
Aoswern A
Question 137
Fill in the blanks: A security Policy is created in _________ e stored in the _________ e and Distributed to
the various __________ .
A. Rule basee Security Management Servere Security Gateways

B. SmartConsolee Security Gatewaye Security Management Servers
C. SmartConsolee Security Management Servere Security Gateways
D. The Check Point databasee SmartConsolee Security Gateways
Aoswern A
Question 138
Look at the screenshot below. What CLISH command provides this output?
A. show confguraton all
B. show confd confguraton
C. show confd confguraton all
D. show confguraton
Aoswern D
Explanaton:
Question 139
Which authentcaton scheme requires a user to possess a token?
A. TACACS
B. SecurID
C. Check Point password
D. RADIUS
Aoswern B
Explanaton:
SecurIDSecurID requires users to both possess a token authentcator and to supply a PIN or password
Question 140
If there is an Accept Implied Policy set to “First”e what is the reason Jorge cannot see any logs?
A. Log Implied Rule was not selected on GlobalPropertes.

B. Log Implied Rule was not set correctly on the track column on the rules base.
C. Track log column is set to none.
D. Track log column is set to Log instead of Full Log.
Aoswern A
Explanaton:
Implied Rules are confgured only on Global Propertes.
Question 141
The most important part of a site-to-site VPN deployment is the ________ .
A. Internet
B. Remote users
C. Encrypted VPN tunnel
D. VPN gateways
Aoswern C
Explanaton:
Site to Site VPNThe basis of Site to Site VPN is the encrypted VPN tunnel. Two Security Gateways
negotate a link and create a VPN tunnel and each tunnel can contain more than one VPN connecton.
One Security Gateway can maintain more than one VPN tunnel at the same tme.
Question 142
R80 Security Management Server can be installed on which of the following operatng systems?
A. Gaiaonly
B. Gaiae SPLATe Windows Server only
C. Gaiae SPLATe Windows Server and IPSO only
D. Gaia and SPLAT only
Aoswern A
Explanaton:
R80 can be installed only on GAIA OS.
Supported Check Point Installatons All R80 servers are supported on the Gaia Operatng System:
• Security Management Server
• Mult-Domain Security Management Server
• Log Server
• Mult-Domain Log Server
• SmartEvent Server
Question 143
What port is used for delivering logs from the gateway to the management server?
A. Port 258
B. Port 18200
C. Port 257
D. Port 081
Aoswern C
Question 144
The organizaton's security manager wishes to back up just the Gaia operatng system parameters. Which
command can be used to back up only Gaia operatng system parameters like interface detailse Statc
routes and Proxy ARP entries?
A. show confguraton
B. backup
C. migrate export
D. upgrade export
Aoswern B
Explanaton:
3. System Backup (and System Restore)System Backup can be used to backup current system
confguraton. A backup creates a compressed fle that contains the Check Point confguraton including
the networking and operatng system parameterse such as routng and interface confguraton etc.e but
unlike a snapshote it does not include the operatng systeme product binariese and hotixes.
Question 145
Choose what BEST describes users on Gaia Platorm.
A. There is one default user that cannot be deleted.

B. There are two default users and one cannot deleted.
C. There is one default user that can be deleted.
D. There are two default users that cannot be deleted and one SmartConsoleAdministrator.
Aoswern B
Explanaton:
Exlanton:These users are created by default and cannot be deleted:
Question 146
You are going to upgrade from R77 to R80. Before the upgradee you want to back up the system so thate if
there are any problemse you can easily restore to the old version with all confguraton and management
fles intact. What is the BEST backup method in this scenario?
A. backup
B. Database Revision
C. snapshot
D. migrate export
Aoswern C
Explanaton:
2. Snapshot ManagementThe snapshot creates a binary image of the entre root (lv_current) disk
partton. This includes Check Point productse confguratone and operatng system.
Startng in R77.10e exportng an image from one machine and importng that image on anothermachine
of the same type is supported.
The log partton is not included in the snapshot. Thereforee any locally stored FireWall logs will not be
saved.
Question 147
The IT Management team is interested in the new features of the Check Point R80 Management and
wants to upgrade but they are concerned that the existng R77.30 Gaia Gateways cannot be managed by
R80 because it is so diferent. As the administrator responsible for the Firewallse how can you answer or
confrm these concerns?
A. R80 Management contains compatbility packages for managing earlier versions of Check Point
Gateways prior to R80. Consult the R80 Release Notes for more informaton.
B. R80 Management requires the separate installaton of compatbility hotix packages for managingthe
earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more
informaton.
C. R80 Management was designed as a completely diferent Management system and so can only
monitor Check Point Gateways prior to R80.
D. R80 Management cannot manage earlier versions of Check Point Gateways prior to R80. Only R80 and
above Gateways can be managed. Consult the R80 Release Notes for more informaton.
Aoswern A
Explanaton:
Question 148
Provide very wide coverage for all products and protocolse with notceable performance impact.
How could you tune the profle in order to lower the CPU load stll maintaining security at good level?
Select the BEST answer.
A. Set High Confdence to Low and Low Confdence to Inactve.

B. Set the Performance Impact to Medium or lower.
C. The problem is not with the Threat Preventon Profle. Consider adding more memory to
theappliance.
D. Set the Performance Impact to Very Low Confdence to Prevent.
Aoswern B
Question 149
Fill in the blank: A _______ is used by a VPN gateway to send trafc as if it were a physical interface.
A. VPN Tunnel Interface

B. VPN community
C. VPN router
D. VPN interface
Aoswern A
Explanaton:
Route Based VPN
VPN trafc is routed according to the routng setngs (statc or dynamic) of the Security Gateway
operatng system. The Security Gateway uses a VTI (VPN Tunnel Interface) to send the VPNtrafc as if it
were a physical interface. The VTIs of Security Gateways in a VPN community connect and can support
dynamic routng protocols.
Question 150
Fill in the blank: The ________ feature allows administrators to share a policy with other policy
packages.
A. Shared policy packages

B. Shared policies
C. Concurrent policypackages
D. Concurrent policies
Aoswern A
Question 151
You want to defne a selected administrator's permission to edit a layer. Howevere when you click the +
sign in the “Select additonal profle that will be able edit this layer” you do not see anything. What is the
most likely cause of this problem? Select the BEST answer.
A. “Edit layers by Sofware Blades” is unselected in the Permission Profle
B. There are no permission profles available and you need to create one frst.
C. All permissionprofles are in use.
D. “Edit layers by selected profles in a layer editor” is unselected in the Permission profle.
Aoswern B
Question 152
Which of the following is NOT an alert opton?
A. SNMP
B. High alert
C. Mail
D. User defned alert
Aoswern B
Explanaton:
In Actone select:
Question 153
Fill in the blanks: A High Availability deployment is referred to as a ______ cluster and a Load Sharing
deployment is referred to as a ________ cluster.
A. Standby:standby; actve:actve
B. Actve:actve; standby:standby
C. Actve:actve; actve:standby;
D. Actve:standby; actve:actve
Aoswern D
Explanaton:
In a High Availability clustere only one member is actve (Actve:Standby operaton).
ClusterXL Load Sharing distributes trafcwithin a cluster so that the total throughput of multple
members is increased. In Load Sharing confguratonse all functoning members in the cluster are actvee
and handle network trafc (Actve:Actve operaton).
Question 154
AdminA and AdminB are both logged in on SmartConsole. What does it mean if AdminB sees a locked
icon on a rule? Choose the BEST answer.
A. Rule is locked by AdminAe because the save botom has not been press.
B. Rule is locked by AdminAe because an object on that rule is been edited.
C. Rule is locked by AdminAe and will make it available if session is published.
D. Rule is locked by AdminAe and if the session is savede rule will be available
Aoswern C
Question 155
Which of the following is TRUE about the Check Point Host object?
A. Check Point Host has no routng ability even ift has more than one interface installed.
B. When you upgrade to R80 from R77.30 or earlier versionse Check Point Host objects are converted to
gateway objects.
C. Check Point Host is capable of having an IP forwarding mechanism.
D. Check Point Host can act as a frewall.
Aoswern A
Question 156
Which of the following is NOT a set of Regulatory Requirements related to Informaton Security?
A. ISO 37001
B. Sarbanes Oxley (SOX)
C. HIPPA
D. PCI
Aoswern A
Explanaton:
ISO
37001 -Ant-bribery management
systemsReference:htp:::www.iso.org:iso:home:standards:management-standards:iso37001.htm
Question 157
Which command is used to obtain the confguraton lock in Gaia?
A. Lock database override

B. Unlock database override
C. Unlock database lock
D. Lock database user
Aoswern A
Explanaton:
Obtaining a Confguraton Lock
Question 158
Joey is using the computer with IP address 102.168.20.13. He wants to access web page “www.Check
Point.com”e which is hosted on Web server with IP address 203.0.113.111. How many rules on Check
Point Firewall are required for this connecton?
A. Two rules – frst one for the HTTP trafc and second one for DNS trafc.
B. Only one rulee because Check Point frewall is a Packet Filtering frewall
C. Two rules – one for outgoing request and second one for incoming replay.
D. Only one rulee because Check Point frewall is using Stateful Inspecton technology.
Aoswern D
Question 159
Fill in the blank: Licenses can be added to the License and Contract repository ________ .
A. From the User Centere from a flee or manually

B. From a flee manuallye or from SmartView Monitor
C. Manuallye from SmartView Monitore or from the User Center
D. From SmartView Monitore from the User Centere or from a fle
Aoswern A
Explanaton:
Question 160
Fill in the blank: A(n) _____ rule is created by an administrator and is located before the frst and before
last rules in the Rule Base.
A. Firewall drop
B. Explicit
C. Implicit accept
D. Implicit drop
E. Implied
Aoswern E
Explanaton:
This is the order that rules are enforced:
Question 161
Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .
A. Firewall policy install

B. Threat Preventon policy install
C. Ant-bot policy install
D. Access Control policy install
Aoswern A
Explanaton:
The next tme you install a policy on the gatewaye the IPS profle is also installed on the gateway and the
gateway immediately begins enforcing IPS protecton on network trafc.
Question 162
Fill in the blank: RADIUS Accountng gets ______ data from requests generated by the accountng client
A. Destnaton
B. Identty
C. Payload
D. Locaton
Aoswern B
Explanaton:
How RADIUS Accountng Works with Identty AwarenessRADIUS Accountng gets identty data
from RADIUS Accountng Requests generated by the RADIUS accountng client.
Question 163
Fill in the blank: The R80 SmartConsolee SmartEvent GUI cliente and _______ consolidate billions of logs
and shows them as prioritzed security events.
A. SmartMonitor
B. SmartView Web Applicaton
C. SmartReporter
D. SmartTracker
Aoswern B
Explanaton:
Event Analysis with SmartEventThe SmartEvent Sofware Blade is a unifed security event management
and analysis soluton that delivers real-tmee graphical threat management informaton. SmartConsolee
SmartView Web Applicatone and the SmartEvent GUI client consolidate billions of logs and show them
as prioritzed security events so you can immediately respond to security incidentse and do the necessary
actons to prevent more atacks. You can customize the views to monitor the events that are most
important to you. You can move from a high level view to detailed forensic analysis in a few clicks.
Withthe free-text search and suggestonse you can quickly run data analysis and identfy critcal security
events.
Question 164
Which Check Point sofware blade provides visibility of userse groups and machines while also providing
access control through identty-based policies?
A. Firewall
B. Identty Awareness
D. URL Filtering
Aoswern B
Explanaton:
Check Point Identty Awareness Sofware Blade provides granular visibilityof userse groups and machinese
providing unmatched applicaton and access control through the creaton of accuratee identty-based
policies. Centralized management and monitoring allows for policies to be managed from a singlee
unifed console.Reference:htps:::www.checkpoint.com:products:identty-awareness-sofware-blade:
Question 165
How many users can have read:write access in Gaia at one tme?
A. Infnite
B. One
C. Three
D. Two
Aoswern A
Explanaton:
administrator has their own usernamee and works in a session that is independent ofhe other
administrators.
administrator. Otheradministrators see a lock icon on object and rules that are being edited.
THANKS FOR PURCHASING QUESTIONS & ANSWERS PDF
We Also Provide Practce Exam Sofware (Online and Ofine) That

Simulates Real Exam Environment and Has Many Self-Assessment
Features. Download Free Product Demo From:
Money Back Guarantee

156-215 80 PDF

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

156-215 80 PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

Check Point

Product Version: Full

Thank you for purchasing Questons & Answers PDF

We also provide Practce Test Sofwaree Online Practce Test

Review the following screenshot and select the BEST answer.

Which of the following is NOT a SecureXL trafc fow?

A. Machine Hide NAT

In R80 spoofng is defned as a method of:

DLP and Geo Policy are examples of what type of Policy?

A. Clientless remote access

Which of the following statements is TRUE about R80 management plug-ins?

A. The plug-in is a package installed on the Security Gateway.

Where can you trigger a failover of the cluster members?

A. To satellites through center only

A. Remove the installed Security Policy.

A. IPsec VPN blade should be enabled on both Security Gateway.

Which of the following is NOT a component of a Distnguished Name?

What are the three authentcaton methods for SIC?

What is the order of NAT priorites?

A. Statc NATe IP pool NATe hide NAT

A. remove database lock

Examine the following Rule Base.

A. Rule 7 was created by the 'admin' administrator in the current session

Discard changes made during the session

A. The Gaia:bin:confdis locked by another administrator from aSmartConsole session.

A. Removed from the Rule Base.

Which of the following is NOT a license actvaton method?

By defaulte which port does the WebUI listen on?

A. Nonee Security Management Server would be installed by itself.

A. Read:Writee Read Only

Which of the following is TRUE regarding Gaia command line?

A. Publish ordiscard the session.

A. The license is atached to the wrong Security Gateway

What is the default shell for the command line interface?

A. Download Center Web site

What is a precedence of trafc inspecton for the defned polices?

Choose the BEST describes the Policy Layer Trafc Inspecton?

What does the “unknown” SIC status shown on SmartConsole mean?

Which default user has full read:write access?

A. Log server;security management server

The following graphic shows:

In R80e Unifed Policy is a combinaton of

The Gaia operatng system supports which routng protocols?

A. BGPe OSPFe RIP

A. Error! Hyperlink reference not valid.

Which applicaton should you use to install a contract fle?

A. Support for IPv6

A. IPS and Applicaton Control

Fill in the blank: Each cluster has __________ interfaces.

A. SmartConsolee Security Management Servere Security Gateway

What are the two types of address translaton rules?

A. Translated packet and untranslated packet

What does ExternalZone represent in the presented rule?

A. User data base corrupton

What are the two high availability modes?

A. Load Sharing and Legacy

A. Block Port Overfow

What is the purpose of Captve Portal?

A. It provides remote access to SmartConsole

A. Security Gateways is not part of the Domain

A. The current administrator has read-only permissions to Threat Preventon Policy.

Which command is used to add users to or from existng roles?