March Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

Note! The 156-215.80 Exam is no longer available.

156-215.80 Check Point Certified Security Administrator R80 Questions and Answers

Questions 4

Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?

Options:

A.

Application Control

B.

Data Awareness

C.

Identity Awareness

D.

Threat Emulation

Buy Now
Questions 5

You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?

Options:

A.

show unsaved

B.

show save-state

C.

show configuration diff

D.

show config-state

Buy Now
Questions 6

What is the most complete definition of the difference between the Install Policy button on the SmartConsole’s tab, and the Install Policy within a specific policy?

Options:

A.

The Global one also saves and published the session before installation.

B.

The Global one can install multiple selected policies at the same time.

C.

The local one does not install the Anti-Malware policy along with the Network policy.

D.

The second one pre-select the installation for only the current policy and for the applicable gateways.

Buy Now
Questions 7

Which Threat Prevention Profile is not included by default in R80 Management?

Options:

A.

Basic – Provides reliable protection on a range of non-HTTP protocols for servers, with minimal impact on network performance

B.

Optimized – Provides excellent protection for common network products and protocols against recent or popular attacks

C.

Strict – Provides a wide coverage for all products and protocols, with impact on network performance

D.

Recommended – Provides all protection for all common network products and servers, with impact on network performance

Buy Now
Questions 8

Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?

Options:

A.

The firewall topologies

B.

NAT Rules

C.

The Rule Base

D.

The VPN Domains

Buy Now
Questions 9

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway

Options:

A.

True, CLI is the prefer method for Licensing

B.

False, Central License are handled via Security Management Server

C.

False, Central License are installed via Gaia on Security Gateways

D.

True, Central License can be installed with CPLIC command on a Security Gateway

Buy Now
Questions 10

What is the BEST method to deploy Identity Awareness for roaming users?

Options:

A.

Use Office Mode

B.

Use identity agents

C.

Share user identities between gateways

D.

Use captive portal

Buy Now
Questions 11

Which message indicates IKE Phase 2 has completed successfully?

Options:

A.

Quick Mode Complete

B.

Aggressive Mode Complete

C.

Main Mode Complete

D.

IKE Mode Complete

Buy Now
Questions 12

Which of the following is NOT a tracking option? (Select three)

Options:

A.

Partial log

B.

Log

C.

Network log

D.

Full log

Buy Now
Questions 13

How would you determine the software version from the CLI?

Options:

A.

fw ver

B.

fw stat

C.

fw monitor

D.

cpinfo

Buy Now
Questions 14

Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitor displays _____________ for the given VPN tunnel.

Options:

A.

Down

B.

No Response

C.

Inactive

D.

Failed

Buy Now
Questions 15

The SmartEvent R80 Web application for real-time event monitoring is called:

Options:

A.

SmartView Monitor

B.

SmartEventWeb

C.

There is no Web application for SmartEvent

D.

SmartView

Buy Now
Questions 16

When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?

Options:

A.

Any size

B.

Less than 20GB

C.

More than 10GB and less than 20 GB

D.

At least 20GB

Buy Now
Questions 17

What is UserCheck?

Options:

A.

Messaging tool user to verify a user’s credentials

B.

Communication tool used to inform a user about a website or application they are trying to access

C.

Administrator tool used to monitor users on their network

D.

Communication tool used to notify an administrator when a new user is created

Buy Now
Questions 18

To view the policy installation history for each gateway, which tool would an administrator use?

Options:

A.

Revisions

B.

Gateway installations

C.

Installation history

D.

Gateway history

Buy Now
Questions 19

Which set of objects have an Authentication tab?

Options:

A.

Templates, Users

B.

Users, Networks

C.

Users, User Group

D.

Networks, Hosts

Buy Now
Questions 20

If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?

Options:

A.

Nothing

B.

TCP FIN

C.

TCP RST

D.

ICMP unreachable

Buy Now
Questions 21

Match the following commands to their correct function. Each command has one function only listed.

156-215.80 Question 21

Options:

A.

C1>F6; C2>F4; C3>F2; C4>F5

B.

C1>F2; C2>F1; C3>F6; C4>F4

C.

C1>F2; C2>F4; C3>F1; C4>F5

D.

C1>F4; C2>F6; C3>F3; C4>F5

Buy Now
Questions 22

A Cleanup rule:

Options:

A.

logs connections that would otherwise be dropped without logging by default.

B.

drops packets without logging connections that would otherwise be dropped and logged by default.

C.

logs connections that would otherwise be accepted without logging by default.

D.

drops packets without logging connections that would otherwise be accepted and logged by default.

Buy Now
Questions 23

How do you configure an alert in SmartView Monitor?

Options:

A.

An alert cannot be configured in SmartView Monitor.

B.

By choosing the Gateway, and Configure Thresholds.

C.

By right-clicking on the Gateway, and selecting Properties.

D.

By right-clicking on the Gateway, and selecting System Information.

Buy Now
Questions 24

Which rule is responsible for the user authentication failure?

156-215.80 Question 24

Options:

A.

Rule 4

B.

Rule 6

C.

Rule 3

D.

Rule 5

Buy Now
Questions 25

To fully enable Dynamic Dispatcher on a Security Gateway:

Options:

A.

run fw ctl multik set_mode 9 in Expert mode and then reboot

B.

Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu

C.

Edit /proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot

D.

run fw ctl multik set_mode 1 in Expert mode and then reboot

Buy Now
Questions 26

You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?

Options:

A.

Run fwm dbexport -1 filename. Restore the database. Then, run fwm dbimport -1 filename to import the users.

B.

Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.

C.

Restore the entire database, except the user database, and then create the new user and user group.

D.

Restore the entire database, except the user database.

Buy Now
Questions 27

You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.

156-215.80 Question 27

Unfortunately, you get the message:

“There are no machines that contain Firewall Blade and SmartView Monitor”.

What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.

156-215.80 Question 27

Options:

A.

Purchase the SmartView Monitor license for your Security Management Server.

B.

Enable Monitoring on your Security Management Server.

C.

Purchase the SmartView Monitor license for your Security Gateway.

D.

Enable Monitoring on your Security Gateway.

Buy Now
Questions 28

How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?

Options:

A.

Change the gateway settings to allow Captive Portal access via an external interface.

B.

No action is necessary. This access is available by default.

C.

Change the Identity Awareness settings under Global Properties to allow Captive Policy access on all interfaces.

D.

Change the Identity Awareness settings under Global Properties to allow Captive Policy access for an external interface.

Buy Now
Questions 29

SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

Options:

A.

Threat Emulation

B.

Mobile Access

C.

Mail Transfer Agent

D.

Threat Cloud

Buy Now
Questions 30

Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?

Options:

A.

SandBlast Threat Emulation

B.

SandBlast Agent

C.

Check Point Protect

D.

SandBlast Threat Extraction

Buy Now
Questions 31

You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

Options:

A.

A group with generic user

B.

All users

C.

LDAP Account Unit Group

D.

Internal user Group

Buy Now
Questions 32

Which of the below is the MOST correct process to reset SIC from SmartDashboard?

Options:

A.

Run cpconfig, and click Reset.

B.

Click the Communication button for the firewall object, then click Reset. Run cpconfig on the gateway and type a new activation key.

C.

Run cpconfig, and select Secure Internal Communication > Change One Time Password.

D.

Click Communication > Reset on the Gateway object, and type a new activation key.

Buy Now
Questions 33

Where do you verify that UserDirectory is enabled?

Options:

A.

Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked

B.

Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked.

C.

Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked.

D.

Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked.

Buy Now
Questions 34

What is the appropriate default Gaia Portal address?

Options:

A.

HTTP://[IPADDRESS]

B.

HTTPS://[IPADDRESS]:8080

C.

HTTPS://[IPADDRESS]:4434

D.

HTTPS://[IPADDRESS]

Buy Now
Questions 35

What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?

Options:

A.

In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.

B.

Install the View Implicit Rules package using SmartUpdate.

C.

Define two log servers on the R77 Gateway object. Lof Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.

D.

Check the Log Implied Rules Globally box on the R77 Gateway object.

Buy Now
Questions 36

Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.

Options:

A.

SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status

B.

SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor

C.

SmartView Tracker, CPINFO, SmartUpdate

D.

Security Policy Editor, Log Viewer, Real Time Monitor GUI

Buy Now
Questions 37

Which of the following uses the same key to decrypt as it does to encrypt?

Options:

A.

Asymmetric encryption

B.

Dynamic encryption

C.

Certificate-based encryption

D.

Symmetric encryption

Buy Now
Questions 38

You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?

Options:

A.

SNX modifies the routing table to forward VPN traffic to the Security Gateway.

B.

An office mode address must be obtained by the client.

C.

The SNX client application must be installed on the client.

D.

Active-X must be allowed on the client.

Buy Now
Questions 39

You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right protections in place. Check Point has been selected for the security vendor. Which Check Point products protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?

Options:

A.

IPS and Application Control

B.

IPS, anti-virus and anti-bot

C.

IPS, anti-virus and e-mail security

D.

SandBlast

Buy Now
Questions 40

Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

Options:

A.

One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

B.

One machine

C.

Two machines

D.

Three machines

Buy Now
Questions 41

You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Options:

A.

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

B.

Create a separate Security Policy package for each remote Security Gateway.

C.

Create network object that restrict all applicable rules to only certain networks.

D.

Run separate SmartConsole instances to login and configure each Security Gateway directly.

Buy Now
Questions 42

Which of the following is NOT an integral part of VPN communication within a network?

Options:

A.

VPN key

B.

VPN community

C.

VPN trust entities

D.

VPN domain

Buy Now
Questions 43

With which command can you view the running configuration of Gaia-based system.

Options:

A.

show conf-active

B.

show configuration active

C.

show configuration

D.

show running-configuration

Buy Now
Questions 44

ALPHA Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes that even though he has logged in as an administrator, he is unable to make any changes because all configuration options are greyed out as shown in the screenshot image below. What is the likely cause for this?

156-215.80 Question 44

Options:

A.

The Gaia /bin/confd is locked by another administrator from a SmartConsole session.

B.

The database is locked by another administrator SSH session.

C.

The Network address of his computer is in the blocked hosts.

D.

The IP address of his computer is not in the allowed hosts.

Buy Now
Questions 45

What is the default shell for the command line interface?

Options:

A.

Expert

B.

Clish

C.

Admin

D.

Normal

Buy Now
Questions 46

View the rule below. What does the lock-symbol in the left column mean? Select the BEST answer.

156-215.80 Question 46

Options:

A.

The current administrator has read-only permissions to Threat Prevention Policy.

B.

Another user has locked the rule for editing.

C.

Configuration lock is present. Click the lock symbol to gain read-write access.

D.

The current administrator is logged in as read-only because someone else is editing the policy.

Buy Now
Questions 47

Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

Options:

A.

Auditor

B.

Read Only All

C.

Super User

D.

Full Access

Buy Now
Questions 48

What will be the effect of running the following command on the Security Management Server?

156-215.80 Question 48

Options:

A.

Remove the installed Security Policy.

B.

Remove the local ACL lists.

C.

No effect.

D.

Reset SIC on all gateways.

Buy Now
Questions 49

You are the administrator for Alpha Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

156-215.80 Question 49

What does this mean?

Options:

A.

The rule No.6 has been marked for deletion in your Management session.

B.

The rule No.6 has been marked for deletion in another Management session.

C.

The rule No.6 has been marked for editing in your Management session.

D.

The rule No.6 has been marked for editing in another Management session.

Buy Now
Questions 50

Which utility allows you to configure the DHCP service on GAIA from the command line?

Options:

A.

ifconfig

B.

dhcp_cfg

C.

sysconfig

D.

cpconfig

Buy Now
Questions 51

Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server. He can do this via WebUI or a via CLI. Which command should be use in CLI? Choose the correct answer.

Options:

A.

remove database lock

B.

The database feature has one command lock database override.

C.

override database lock

D.

The database feature has two commands: lock database override and unlock database. Both will work.

Buy Now
Questions 52

What does ExternalZone represent in the presented rule?

156-215.80 Question 52

Options:

A.

The Internet.

B.

Interfaces that administrator has defined to be part of External Security Zone.

C.

External interfaces on all security gateways.

D.

External interfaces of specific gateways.

Buy Now
Questions 53

Where can you trigger a failover of the cluster members?

1. Log in to Security Gateway CLI and run command clusterXL_admin down.

2. In SmartView Monitor right-click the Security Gateway member and select Cluster member down.

3. Log into Security Gateway CLI and run command cphaprob down.

Options:

A.

1, 2, and 3

B.

2 and 3

C.

1 and 2

D.

1 and 3

Buy Now
Questions 54

What does the “unknown” SIC status shown on SmartConsole mean?

Options:

A.

The SMS can contact the Security Gateway but cannot establish Secure Internal Communication.

B.

SIC activation key requires a reset.

C.

The SIC activation key is not known by any administrator.

D.

There is no connection between the Security Gateway and SMS.

Buy Now
Questions 55

Which options are given on features, when editing a Role on Gaia Platform?

Options:

A.

Read/Write, Read Only

B.

Read/Write, Read only, None

C.

Read/Write, None

D.

Read Only, None

Buy Now
Questions 56

Which of the following Automatically Generated Rules NAT rules have the lowest implementation priority?

Options:

A.

Machine Hide NAT

B.

Address Range Hide NAT

C.

Network Hide NAT

D.

Machine Static NAT

Buy Now
Questions 57

Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?

Options:

A.

UserCheck

B.

Active Directory Query

C.

Account Unit Query

D.

User Directory Query

Buy Now
Questions 58

Which of the following commands can be used to remove site-to-site IPSEC Security Associations (SA)?

Options:

A.

vpn tu

B.

vpn ipsec remove -l

C.

vpn debug ipsec

D.

fw ipsec tu

Buy Now
Questions 59

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

Options:

A.

John should install the identity Awareness Agent

B.

The firewall admin should install the Security Policy

C.

John should lock and unlock the computer

D.

Investigate this as a network connectivity issue

Buy Now
Questions 60

Where do we need to reset the SIC on a gateway object?

Options:

A.

SmartDashboard > Edit Gateway Object > General Properties > Communication

B.

SmartUpdate > Edit Security Management Server Object > SIC

C.

SmartUpdate > Edit Gateway Object > Communication

D.

SmartDashboard > Edit Security Management Server Object > SIC

Buy Now
Questions 61

Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ________ all traffic. However, in the Application Control policy layer, the default action is ________ all traffic.

Options:

A.

Accept; redirect

B.

Accept; drop

C.

Redirect; drop

D.

Drop; accept

Buy Now
Questions 62

In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?

Options:

A.

Rule 0

B.

Blank field under Rule Number

C.

Rule 1

D.

Cleanup Rule

Buy Now
Questions 63

To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?

Options:

A.

Full HA Cluster

B.

High Availability

C.

Standalone

D.

Distributed

Buy Now
Questions 64

The fw monitor utility is used to troubleshoot which of the following problems?

Options:

A.

Phase two key negotiation

B.

Address translation

C.

Log Consolidation Engine

D.

User data base corruption

Buy Now
Questions 65

What port is used for delivering logs from the gateway to the management server?

Options:

A.

Port 258

B.

Port 18209

C.

Port 257

D.

Port 981

Buy Now
Questions 66

Which directory holds the SmartLog index files by default?

Options:

A.

$SMARTLOGDIR/data

B.

$SMARTLOG/dir

C.

$FWDIR/smartlog

D.

$FWDIR/log

Buy Now
Questions 67

What action can be performed from SmartUpdate R77?

Options:

A.

upgrade_export

B.

fw stat -1

C.

cpinfo

D.

remote_uninstall_verifier

Buy Now
Questions 68

Which of the following statements accurately describes the command snapshot?

Options:

A.

snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway.

B.

snapshot creates a Security Management Server full system-level backup on any OS

C.

snapshot stores only the system-configuration settings on the Gateway

D.

A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server

Buy Now
Questions 69

Jack works for a managed service provider and he has been tasked to create 17 new policies for several new customers. He does not have much time. What is the BEST way to do this with R80 security management?

Options:

A.

Create a text-file with mgmt_cli script that creates all objects and policies. Open the file in SmartConsole Command Line to run it.

B.

Create a text-file with Gaia CLI -commands in order to create all objects and policies. Run the file in CLISH with command load configuration.

C.

Create a text-file with DBEDIT script that creates all objects and policies. Run the file in the command line of the management server using command dbedit -f.

D.

Use Object Explorer in SmartConsole to create the objects and Manage Policies from the menu to create the policies.

Buy Now
Questions 70

Which of the following is NOT an advantage to using multiple LDAP servers?

Options:

A.

You achieve a faster access time by placing LDAP servers containing the database at remote sites

B.

Information on a user is hidden, yet distributed across several servers

C.

You achieve compartmentalization by allowing a large number of users to be distributed across several servers

D.

You gain High Availability by replicating the same information on several servers

Buy Now
Questions 71

Which SmartConsole component can Administrators use to track changes to the Rule Base?

Options:

A.

WebUI

B.

SmartView Tracker

C.

SmartView Monitor

D.

SmartReporter

Buy Now
Questions 72

Message digests use which of the following?

Options:

A.

DES and RC4

B.

IDEA and RC4

C.

SSL and MD4

D.

SHA-1 and MD5

Buy Now
Questions 73

Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as _______

Options:

A.

UserCheck

B.

User Directory

C.

User Administration

D.

User Center

Buy Now
Questions 74

When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

Options:

A.

RADIUS

B.

Remote Access and RADIUS

C.

AD Query

D.

AD Query and Browser-based Authentication

Buy Now
Questions 75

Look at the screenshot below. What CLISH command provides this output?

156-215.80 Question 75

Options:

A.

show configuration all

B.

show confd configuration

C.

show confd configuration all

D.

show configuration

Buy Now
Questions 76

If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?

Options:

A.

Log Implied Rule was not selected on Global Properties.

B.

Log Implied Rule was not set correctly on the track column on the rules base.

C.

Track log column is set to none.

D.

Track log column is set to Log instead of Full Log.

Buy Now
Questions 77

In the R80 SmartConsole, on which tab are Permissions and Administrators defined?

Options:

A.

Security Policies

B.

Logs and Monitor

C.

Manage and Settings

D.

Gateway and Servers

Buy Now
Questions 78

Administrator wishes to update IPS from SmartConsole by clicking on the option “update now” under the IPS tab. Which device requires internet access for the update to work?

Options:

A.

Security Gateway

B.

Device where SmartConsole is installed

C.

SMS

D.

SmartEvent

Buy Now
Exam Code: 156-215.80
Exam Name: Check Point Certified Security Administrator R80
Last Update: Dec 10, 2023
Questions: 525