CheckPoint Checkpoint Certifications 156-215.80 Questions & Answers

• Question 161:

  Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

  A. Security questions

  B. Check Point password

  C. SecurID

  D. RADIUS

  Correct Answer: A

  Authentication Schemes :- Check Point Password

  -Operating System Password

  -RADIUS

  -SecurID

  -TACAS

  - Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied. Reference: http://dl3.checkpoint.com/paid/71/ How_to_Configure_Client_Authentication.pdf? HashKey=1479692369_23bc7cdfbeb67c147ec7bb882d557fd4andxtn=.pdf

• Question 162:

  Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

  A. Auditor

  B. Read Only All

  C. Super User

  D. Full Access

  Correct Answer: B

  To create a new permission profile:

  1.

  In SmartConsole, go to Manage and Settings > Permissions and Administrators > Permission Profiles.

  2.

  Click New Profile.

  The New Profile window opens.

  3.

  Enter a unique name for the profile.

  4.

  Select a profile type:

  Read/Write All - Administrators can make changes

  Auditor (Read Only All) - Administrators can see information but cannot make changes

  Customized - Configure custom settings

  5.

  Click OK.

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?

  topic=documents/R80/CP_R80_SecMGMT/124265

• Question 163:

  Which of the following commands can be used to remove site-to-site IPSEC Security Associations (SA)?

  A. vpn tu

  B. vpn ipsec remove -l

  C. vpn debug ipsec

  D. fw ipsec tu

  Correct Answer: A

  vpn tu Description Launch the TunnelUtil tool which is used to control VPN tunnels. Usage vpn tu vpn tunnelutil Example vpn tu Output Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/12467.htm#o12627

  

• Question 164:

  Fill in the blank: The tool _______ generates a R80 Security Gateway configuration report.

  A. infoCP

  B. infoview

  C. cpinfo

  D. fw cpinfo

  Correct Answer: C

  CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers). The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings. When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security Gateways involved in your case. Reference: https://supportcenter.checkpoint.com/supportcenter/ portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk92739

• Question 165:

  Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

  A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

  B. One machine

  C. Two machines

  D. Three machines

  Correct Answer: C

  One for Security Management Server and the other one for the Security Gateway.

• Question 166:

  Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .

  A. The license is attached to the wrong Security Gateway

  B. The existing license expires

  C. The license is upgraded

  D. The IP address of the Security Management or Security Gateway has changed

  Correct Answer: A

  There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.

• Question 167:

  What is the default shell for the command line interface?

  A. Expert

  B. Clish

  C. Admin

  D. Normal

  Correct Answer: B

  The default shell of the CLI is called clish Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm

• Question 168:

  When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored

  A. Security Gateway

  B. Check Point user center

  C. Security Management Server

  D. SmartConsole installed device

  Correct Answer: C

  SmartUpdate installs two repositories on the Security Management server:

  1.

  License and Contract Repository, which is stored on all platforms in the directory $FWDIR\conf\.

  2.

  Package Repository, which is stored: - on Windows machines in C:\SUroot.

  - on UNIX machines in /var/suroot. The Package Repository requires a separate license, in addition to the license for the Security Management server. This license should stipulate the number of nodes that can be managed in the Package Repository. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/13128.htm#o13527

• Question 169:

  Which one of the following is the preferred licensing model? Select the Best answer.

  A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.

  B. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway.

  C. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.

  D. Central licensing because it ties the package license to the MAC-address of the Security Management Server Mgmt-interface and has no dependency of the gateway.

  Correct Answer: B

  Central License A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address. The benefits of a Central License are:

  1.

  Only one IP address is needed for all licenses.

  2.

  A license can be taken from one gateway and given to another.

  3.

  The new license remains valid when changing the gateway IP address. There is no need to create and install a new license. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/13128.htm#o13527

• Question 170:

  What is the default time length that Hit Count Data is kept?

  A. 3 month

  B. 4 weeks

  C. 12 months

  D. 6 months

  Correct Answer: D

  Keep Hit Count data up to - Select one of the time range options. The default is 6 months. Data is kept in the Security Management Server database for this period and is shown in the Hits column.

  Reference: http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/ CP_R80_SecurityManagement_AdminGuide.pdf? HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2andxtn=.pdf