150 likes | 164 Views
Killtest ensures that you can pass Check Point 156-315.80 exam in first try. We are providing the updated high quality Check Point 156-315.80 Practice Exam with real exam questions and accurate answers. Every single question in Killtest 156-315.80 practice exam is developed according to the new pattern of Check Point. We are also providing free update for 156-315.80 Check Point Certified Security Expert - R80 exam. Now you can check free demo of Updated Check Point 156-315.80 Practice Exam V10.02 online.
E N D
Check Point Certified Security Expert - R80 100% Pass Materials | KillTest 156-315.80 Q&As Killtest keeps 40% discount for saving more on real 156-315.80 exam questions and answers Version: V10.02 No. of Q&As: 375 Contact: sales@killtest.com
The safer , easier way to help you pass any IT exams. 1.Identify the API that is not supported by Check Point currently. A. R80 Management API B. Identity Awareness Web Services API C. Open REST API D. OPSEC SDK Answer: C 2.SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution? A. Management Dashboard B. Gateway C. Personal User Storage D. Behavior Risk Engine Answer: C Explanation: Reference: https://community.checkpoint.com/docs/DOC-3072-sandblast-mobile-architecture-overview 3.What are the different command sources that allow you to communicate with the API server? A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services D. API_cli Tool, Gaia CLI, Web Services Answer: B Explanation: Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20 4.What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation? A. Anti-Bot is the only countermeasure against unknown malware B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers C. Anti-Bot is the only signature-based method of malware protection. D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center. Answer: D Explanation: Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AntiBotAntiVirus_AdminGuide/index.html 5.Which TCP-port does CPM process listen to? A. 18191 B. 18190 1 / 13
The safer , easier way to help you pass any IT exams. C. 8983 D. 19009 Answer: D Explanation: Reference: https://www.checkpoint.com/downloads/products/r80.10-security-management-architecture- overview.pdf 6.Which method below is NOT one of the ways to communicate using the Management API’s? A. Typing API commands using the “mgmt_cli” command B. Typing API commands from a dialog box inside the SmartConsole GUI application C. Typing API commands using Gaia’s secure shell(clish)19+ D. Sending API commands over an http connection using web-services Answer: D Explanation: Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20 7.Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager? A. fw accel stat B. fwaccel stat C. fw acces stats D. fwaccel stats Answer: B Explanation: Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut ionid=sk41397 8.SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX? A. Application and Client Service B. Network and Application C. Network and Layers D. Virtual Adapter and Mobile App Answer: B Explanation: Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut ionid=sk67820 9.Which command would disable a Cluster Member permanently? A. clusterXL_admin down B. cphaprob_admin down 2 / 13
The safer , easier way to help you pass any IT exams. C. clusterXL_admin down-p D. set clusterXL down-p Answer: C 10.Which two of these Check Point Protocols are used by SmartEvent Processes? A. ELA and CPD B. FWD and LEA C. FWD and CPLOG D. ELA and CPLOG Answer: D 11.Fill in the blank: The tool ________ generates a R80 Security Gateway configuration report. A. infoCP B. infoview C. cpinfo D. fw cpinfo Answer: C 12.Which of these statements describes the Check Point ThreatCloud? A. Blocks or limits usage of web applications B. Prevents or controls access to web sites based on category C. Prevents Cloud vulnerability exploits D. A worldwide collaborative security network Answer: D 13.Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every A. 15 sec B. 60 sec C. 5 sec D. 30 sec Answer: B Explanation: Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm 14.Which command will allow you to see the interface status? A. cphaprob interface B. cphaprob –I interface C. cphaprob –a if D. cphaprob stat Answer: C Explanation: Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7298.htm 3 / 13
The safer , easier way to help you pass any IT exams. 15.Which command can you use to enable or disable multi-queue per interface? A. cpmq set B. Cpmqueue set C. Cpmq config D. St cpmq enable Answer: A Explanation: Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm 16.To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction? A. 5 Network; Host; Objects; Services; API B. 3 Incoming; Outgoing; Network C. 2 Internal; External D. 4 Incoming; Outgoing; Internal; Other Answer: D Explanation: Reference: http://dl3.checkpoint.com/paid/21/CP_R76_SmartEventIntro_AdminGuide.pdf?HashKey=1538417023_7 cb74dfe0e109c21f130f556d419faaf&xtn=.pdf 17.There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct? A. Using Web Services B. Using Mgmt_cli tool C. Using CLISH D. Using SmartConsole GUI console E. Events are collected with SmartWorkflow from Trouble Ticket systems Answer: E Explanation: Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20 18.CoreXL is supported when one of the following features is enabled: A. Route-based VPN B. IPS C. IPv6 D. Overlapping NAT Answer: B Explanation: CoreXL does not support Check Point Suite with these features: - Check Point QoS (Quality of Service) 4 / 13
The safer , easier way to help you pass any IT exams. - Route-based VPN - IPv6 on IPSO - Overlapping NAT Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm 19.You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them? A. fw ctl multik dynamic_dispatching on B. fw ctl multik dynamic_dispatching set_mode 9 C. fw ctl multik set_mode 9 D. fw ctl multik pq enable Answer: C Explanation: Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut ionid=sk105261 20.Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________. A. TCP port 19009 B. TCP Port 18190 C. TCP Port 18191 D. TCP Port 18209 Answer: A 21.Which command is used to set the CCP protocol to Multicast? A. cphaprob set_ccp multicast B. cphaconf set_ccp multicast C. cphaconf set_ccp no_broadcast D. cphaprob set_ccp no_broadcast Answer: B Explanation: Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut ionid=sk20576 22.Which packet info is ignored with Session Rate Acceleration? A. source port ranges B. source ip C. source port 5 / 13
The safer , easier way to help you pass any IT exams. D. same info from Packet Acceleration is used Answer: C Explanation: Reference: http://trlj.blogspot.com/2015/10/check-point-acceleration.html 23.Which is the least ideal Synchronization Status for Security Management Server High Availability deployment? A. Synchronized B. Never been synchronized C. Lagging D. Collision Answer: D Explanation: Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R 80/CP_R80_SecMGMT/120712 24.During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first? A. Host having a Critical event found by Threat Emulation B. Host having a Critical event found by IPS C. Host having a Critical event found by Antivirus D. Host having a Critical event found by Anti-Bot Answer: D 25.In R80 spoofing is defined as a method of: A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation. B. Hiding your firewall from unauthorized users. C. Detecting people using false or wrong authentication logins D. Making packets appear as if they come from an authorized IP address. Answer: D Explanation: IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access. Reference: http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement _AdminGuide.pdf?HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf 26.Connections to the Check Point R80 Web API use what protocol? A. HTTPS B. RPC C. VPN 6 / 13
The safer , easier way to help you pass any IT exams. D. SIC Answer: A 27.Which command lists all tables in Gaia? A. fw tab –t B. fw tab –list C. fw-tab –s D. fw tab -1 Answer: C Explanation: Reference: http://dl3.checkpoint.com/paid/c7/c76b823d81bab77e1e40ac086fa81411/CP_R77_versions_CLI_Refere nceGuide.pdf?HashKey=1538418170_96def40f213f24a8b273cc77b408dd3f&xtn=.pdf 28.What is true about the IPS-Blade? A. In R80, IPS is managed by the Threat Prevention Policy B. In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict C. In R80, IPS Exceptions cannot be attached to “all rules” D. In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same Answer: A 29.Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade? A. Detects and blocks malware by correlating multiple detection engines before users are affected. B. Configure rules to limit the available network bandwidth for specified users or groups. C. Use UserCheck to help users understand that certain websites are against the company’s security policy. D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. Answer: A Explanation: Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AppControl_WebAdmin/60902.htm 30.What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection? A. Stateful Mode B. VPN Routing Mode C. Wire Mode D. Stateless Mode Answer: C Explanation: Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private 7 / 13
The safer , easier way to help you pass any IT exams. and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode". Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut ionid=sk30974 31.What Factor preclude Secure XL Templating? A. Source Port Ranges/Encrypted Connections B. IPS C. ClusterXL in load sharing Mode D. CoreXL Answer: A 32.In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command? A. fw ctl sdstat B. fw ctl affinity –l –a –r –v C. fw ctl multik stat D. cpinfo Answer: B 33.Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway /Cluster Members over Check Point SIC _____________ . A. TCP Port 18190 B. TCP Port 18209 C. TCP Port 19009 D. TCP Port 18191 Answer: D 34.The CPD daemon is a Firewall Kernel Process that does NOT do which of the following? A. Secure Internal Communication (SIC) B. Restart Daemons if they fail C. Transfers messages between Firewall processes D. Pulls application monitoring status Answer: D Explanation: Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut ionid=sk97638 35.What is not a component of Check Point SandBlast? A. Threat Emulation 8 / 13
The safer , easier way to help you pass any IT exams. B. Threat Simulator C. Threat Extraction D. Threat Cloud Answer: B 36.Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this? A. UDP port 265 B. TCP port 265 C. UDP port 256 D. TCP port 256 Answer: D Explanation: Synchronization works in two modes: Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection on port 256. Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port 8116. Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuid e/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGui de/7288 37.Fill in the blank: The command ___________ provides the most complete restoration of a R80 configuration. A. upgrade_import B. cpconfig C. fwm dbimport -p <export file> D. cpinfo –recover Answer: A 38.Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process: A. Allow GUI Client and management server to communicate via TCP Port 19001 B. Allow GUI Client and management server to communicate via TCP Port 18191 C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy. D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation. Answer: C 39.Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method? A. Dynamic ID 9 / 13
The safer , easier way to help you pass any IT exams. B. RADIUS C. Username and Password D. Certificate Answer: A Explanation: Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_Admin Guide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_A dminGuide/41587 40.Which of the SecureXL templates are enabled by default on Security Gateway? A. Accept B. Drop C. NAT D. None Answer: D 41.What happen when IPS profile is set in Detect Only Mode for troubleshooting? A. It will generate Geo-Protection traffic B. Automatically uploads debugging logs to Check Point Support Center C. It will not block malicious traffic D. Bypass licenses requirement for Geo-Protection control Answer: C Explanation: It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic. During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12750.htm 42.What is true about VRRP implementations? A. VRRP membership is enabled in cpconfig B. VRRP can be used together with ClusterXL, but with degraded performance C. You cannot have a standalone deployment D. You cannot have different VRIDs in the same physical network Answer: C Explanation: Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm 43.The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______. A. TCP 18211 B. TCP 257 C. TCP 4433 D. TCP 443 Answer: D 10 / 13
The safer , easier way to help you pass any IT exams. 44.Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specified time period. A. Block Port Overflow B. Local Interface Spoofing C. Suspicious Activity Monitoring D. Adaptive Threat Prevention Answer: C Explanation: Suspicious Activity Rules Solution Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access). The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewMonitor_AdminGuide/17670.htm 45.In a Client to Server scenario, which represents that the packet has already checked against the tables and the Rule Base? A. Big l B. Little o C. Little i D. Big O Answer: D 46.What is the mechanism behind Threat Extraction? A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender. B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient. C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring). D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast. Answer: D 47.You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use? A. SmartEvent Client Info B. SecuRemote 11 / 13
The safer , easier way to help you pass any IT exams. C. Check Point Protect D. Check Point Capsule Cloud Answer: C Explanation: Reference: https://www.insight.com/content/dam/insight-web/en_US/pdfs/check-point/mobile-threat- prevention-behavioral-risk-analysis.pdf 48.Which view is NOT a valid CPVIEW view? A. IDA B. RAD C. PDP D. VPN Answer: C 49.Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older? A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. B. Limits the upload and download throughput for streaming media in the company to 1 Gbps. C. Time object to a rule to make the rule active only during specified times. D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule. Answer: D Explanation: Reference: http://dl3.checkpoint.com/paid/1f/1f850d1640792cf885336cc6ae8b2743/CP_R80_ReleaseNotes.pdf?Ha shKey=1517092603_dd917544d92dccc060e5b25d28a46f79&xtn=.pdf 50.fwssd is a child process of which of the following Check Point daemons? A. fwd B. cpwd C. fwm D. cpd Answer: A 51.Sticky Decision Function (SDF) is required to prevent which of the following?Assume you set up an Active-Active cluster. A. Symmetric routing B. Failovers C. Asymmetric routing D. Anti-Spoofing Answer: C 12 / 13
The safer , easier way to help you pass any IT exams. 52.CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is: A. MySQL B. Postgres SQL C. MarisDB D. SOLR Answer: B Explanation: Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_MultiDomainSecurity/html_frameset.htm?topic=doc uments/R80/CP_R80_MultiDomainSecurity/15420 53.If you needed the Multicast MAC address of a cluster, what command would you run? A. cphaprob –a if B. cphaconf ccp multicast C. cphaconf debug data D. cphaprob igmp Answer: D 54.Which is NOT an example of a Check Point API? A. Gateway API B. Management API C. OPSC SDK D. Threat Prevention API Answer: A Explanation: Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20 55.What are the three components for Check Point Capsule? A. Capsule Docs, Capsule Cloud, Capsule Connect B. Capsule Workspace, Capsule Cloud, Capsule Connect C. Capsule Workspace, Capsule Docs, Capsule Connect D. Capsule Workspace, Capsule Docs, Capsule Cloud Answer: D Explanation: Reference: https://www.checkpoint.com/products-solutions/mobile-security/check-point-capsule/ 56.Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway? A. logd B. fwd C. fwm D. cpd Answer: B 13 / 13