• Home
  • Articles
  • [Q101-Q124] Best Quality CheckPoint 156-215.80 Exam Questions PDFVCE Realistic Practice Exams [2021]

[Q101-Q124] Best Quality CheckPoint 156-215.80 Exam Questions PDFVCE Realistic Practice Exams [2021]

Share

Best Quality CheckPoint 156-215.80 Exam Questions PDFVCE Realistic Practice Exams [2021]

Critical Information To Check Point Certified Security Administrator R80 Pass the First Time

NEW QUESTION 101
Which application should you use to install a contract file?

  • A. SmartUpdate
  • B. WebUI
  • C. SmartProvisioning
  • D. SmartView Monitor

Answer: A

Explanation:
Explanation/Reference:
Explanation: Using SmartUpdate: If you already use an NGX R65 (or higher) Security Management / Provider-1 / Multi-Domain Management Server, SmartUpdate allows you to import the service contract file that you have downloaded in Step #3.
Open SmartUpdate and from the Launch Menu select 'Licenses & Contracts' -> 'Update Contracts' -> 'From File...' and provide the path to the file you have downloaded in Step #3:

Note: If SmartUpdate is connected to the Internet, you can download the service contract file directly from the UserCenter without going through the download and import steps.
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk33089

 

NEW QUESTION 102
A client has created a new Gateway object that will be managed at a remote location.
When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?

  • A. Anti-spoofing not configured on the interfaces on the Gateway object.
  • B. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
  • C. A Gateway object created using the Check Point > Secure Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
  • D. Secure Internal Communications (SIC) not configured for the object.

Answer: B

 

NEW QUESTION 103
What does it mean if Deyra sees the gateway status:

Choose the BEST answer.

  • A. VPN software blade is reporting a malfunction
  • B. Security Gateway's MGNT NIC card is disconnected.
  • C. There is a blade reporting a problem
  • D. SmartCenter Server cannot reach this Security Gateway

Answer: C

Explanation:
Explanation

 

NEW QUESTION 104
What is the most recommended installation method for Check Point appliances?

  • A. DVD media created with Check Point ISOMorphic
  • B. Cloud based installation
  • C. USB media created with Check Point ISOMorphic
  • D. SmartUpdate installation

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 105
Which deployment adds a Security Gateway to an existing environment without changing IP routing?

  • A. Distributed
  • B. Remote
  • C. Standalone
  • D. Bridge Mode

Answer: D

Explanation:
Explanation
References:

 

NEW QUESTION 106
Which default Gaia user has full read/write access?

  • A. Administrator
  • B. Altuser
  • C. Superuser
  • D. Monitor

Answer: A

 

NEW QUESTION 107
Which command is used to add users to or from existing roles?

  • A. Add user <User Name> roles <List>
  • B. Add user <User Name>
  • C. Add rba user <User Name> roles <List>
  • D. Add rba user <User Name>

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Configuring Roles - CLI (rba)

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73101.htm

 

NEW QUESTION 108
Session unique identifiers are passed to the web api using which http header option?

  • A. Application
  • B. X-chkp-sid
  • C. Proxy-Authorization
  • D. Accept-Charset

Answer: C

 

NEW QUESTION 109
You are unable to login to SmartDashboard. You log into the management server and run #cpwd_admin list with the following output:

What reason could possibly BEST explain why you are unable to connect to SmartDashboard?

  • A. CPSM is down
  • B. CDP is down
  • C. SVR is down
  • D. FWM is down

Answer: D

Explanation:
Explanation
The correct answer would be FWM (is the process making available communication between SmartConsole applications and Security Management Server.). STATE is T (Terminate = Down) Symptoms
[Expert@HostName:0]# ps -aux | grep fwm
[Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"

 

NEW QUESTION 110
Packages and licenses are loaded from all of theses sources EXCEPT

  • A. UserUpdate
  • B. User Center
  • C. Download Center Web site
  • D. Check Point DVD

Answer: A

Explanation:
Explanation/Reference:
Explanation: Packages and licenses are loaded into these repositories from several sources:
the Download Center web site (packages)

the Check Point DVD (packages)

the User Center (licenses)

by importing a file (packages and licenses)

by running the cpliccommand line

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide- webAdmin/13128.htm

 

NEW QUESTION 111
Which of the following is NOT a SecureXL traffic flow?

  • A. Slow Path
  • B. Accelerated Path
  • C. Medium Path
  • D. Fast Path

Answer: D

Explanation:
SecureXL is an acceleration solution that maximizes performance of the Firewall and does not compromise security. When SecureXL is enabled on a Security Gateway, some CPU intensive operations are processed by virtualized software instead of the Firewall kernel. The Firewall can inspect and process connections more efficiently and accelerate throughput and connection rates. These are the SecureXL traffic flows:
Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL.
Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the Firewall.
Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path. For example, packets that are inspected by IPS cannot use the accelerated path and can be offloaded to the IPS PSL (Passive Streaming Library). SecureXL processes these packets more quickly than packets on the slow path.

 

NEW QUESTION 112
Two administrators Dave and Jon both manage R80 Management as administrators for Alpha Corp. Jon logged into the R80 Management and then shortly after Dave logged in to the same server. They are both in the Security Policies view. From the screenshots below, why does Dave not have the rule no.6 in his SmartConsole view even though Jon has it his in his SmartConsole view?

  • A. Jon is currently editing rule no.6 but has Published part of his changes.
  • B. Jon is currently editing rule no.6 but has not yet Published his changes.
  • C. Dave is currently editing rule no.6 and has marked this rule for deletion.
  • D. Dave is currently editing rule no.6 and has deleted it from his Rule Base.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited. To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
Reference:
http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/
CP_R80_SecurityManagement_AdminGuide.pdf?
HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf

 

NEW QUESTION 113
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

  • A. AD Query and Browser-based Authentication
  • B. Remote Access and RADIUS
  • C. AD Query
  • D. RADIUS

Answer: A

Explanation:
Explanation/Reference:
Explanation: Identity Awareness gets identities from these acquisition sources:
AD Query

Browser-Based Authentication

Endpoint Identity Agent

Terminal Servers Identity Agent

Remote Access

Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62007.htm

 

NEW QUESTION 114
By default, which port does the WebUI listen on?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
Explanation
To configure Security Management Server on Gaia:

 

NEW QUESTION 115
Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

  • A. Check Point password
  • B. Security questions
  • C. SecurID
  • D. RADIUS

Answer: B

Explanation:
Authentication Schemes :- Check Point Password
- Operating System Password
- RADIUS
- SecurID
- TACAS
- Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied.
Reference: http://dl3.checkpoint.com/paid/71/How_to_Configure_Client_Authentication.pdf?
HashKey=1479692369_23bc7cdfbeb67c147ec7bb882d557fd4&xtn=.pdf

 

NEW QUESTION 116
You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.

Unfortunately, you get the message:
"There are no machines that contain Firewall Blade and SmartView Monitor".
What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.

  • A. Purchase the SmartView Monitor license for your Security Management Server.
  • B. Enable Monitoring on your Security Gateway.
  • C. Enable Monitoring on your Security Management Server.
  • D. Purchase the SmartView Monitor license for your Security Gateway.

Answer: B

 

NEW QUESTION 117
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .

  • A. The IP address of the Security Management or Security Gateway has changed
  • B. The license is upgraded
  • C. The license is attached to the wrong Security Gateway
  • D. The existing license expires

Answer: C

Explanation:
There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.

 

NEW QUESTION 118
Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?

  • A. backup
  • B. All options stop Check Point processes
  • C. snapshot
  • D. migrate export

Answer: C

Explanation:
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk106127

 

NEW QUESTION 119
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address?

  • A. Master/Backup
  • B. Load Sharing Multicast
  • C. Load Sharing Pivot
  • D. High Availability

Answer: B

Explanation:
Explanation
ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members.
By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluster.

 

NEW QUESTION 120
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

  • A. mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt
  • B. mgmt_cli add object "Server_1" ip_address "10.15.123.10" --format json
  • C. mgmt_cli add object-host "Server_1" ip_address "10.15.123.10" --format json
  • D. mgmt_cli add host name "Server_1" ip_address "10.15.123.10" --format json

Answer: A

Explanation:
Explanation/Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1

 

NEW QUESTION 121
Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.

  • A. Quick
  • B. Authentication
  • C. Main
  • D. High Alert

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Phase I modes
Between Security Gateways, there are two modes for IKE phase I.
These modes only apply to IKEv1:
Main Mode

Aggressive Mode

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13847.htm

 

NEW QUESTION 122
The Captive Portal tool:

  • A. Acquires identities from unidentified users.
  • B. Is only used for guest user authentication.
  • C. Allows access to users already identified.
  • D. Is deployed from the Identity Awareness page in the Global Properties settings.

Answer: A

 

NEW QUESTION 123
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using
________.

  • A. Captive Portal
  • B. UserCheck
  • C. Captive Portal and Transparent Kerberos Authentication
  • D. User Directory

Answer: C

Explanation:
Explanation
To enable Identity Awareness:
* Log in to SmartDashboard.
* From the Network Objects tree, expand the Check Point branch.
* Double-click the Security Gateway on which to enable Identity Awareness.
* In the Software Blades section, select Identity Awareness on the Network Security tab.
The Identity Awareness Configuration wizard opens.
* Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
* AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers.
* Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.
References:

 

NEW QUESTION 124
......

156-215.80 EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.pdfvce.com/CheckPoint/156-215.80-exam-pdf-dumps.html

Related Articles

more
CheckPoint 156-215.80 Certification Practice Exam