CheckPoint 156-215.80 Online Practice Questions and Exam Preparation

CheckPoint 156-215.80 Online Questions & Answers

• Question 201:

  What is the default shell of Gaia CLI?

  A. Monitor
  B. CLI.sh
  C. Read-only
  D. Bash
  B. CLI.sh

• Question 202:

  Which option in a firewall rule would only match and allow traffic to VPN gateways for one Community in common?

  A. All Connections (Clear or Encrypted)
  B. Accept all encrypted traffic
  C. Specific VPN Communities
  D. All Site-to-Site VPN Communities
  C. Specific VPN Communities

• Question 203:

  What is the most recommended installation method for Check Point appliances?

  A. SmartUpdate installation
  B. DVD media created with Check Point ISOMorphic
  C. USB media created with Check Point ISOMorphic
  D. Cloud based installation
  C. USB media created with Check Point ISOMorphic

• Question 204:

  What is the purpose of a Clean-up Rule?

  A. Clean-up Rules do not server any purpose.
  B. Provide a metric for determining unnecessary rules.
  C. To drop any traffic that is not explicitly allowed.
  D. Used to better optimize a policy.
  C. To drop any traffic that is not explicitly allowed.

• Question 205:

  Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

  A. Go to clash-Run cpstop | Run cpstart
  B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway
  C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
  D. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy
  B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway

• Question 206:

  What is the benefit of Manual NAT over Automatic NAT?

  A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy
  B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
  C. You have the full control about the priority of the NAT rules
  D. On IPSO and GAIA Gateways, it is handled in a Stateful manner
  C. You have the full control about the priority of the NAT rules

• Question 207:

  Choose what BEST describes the reason why querying logs now is very fast.

  A. New Smart-1 appliances double the physical memory install
  B. Indexing Engine indexes logs for faster search results
  C. SmartConsole now queries results directly from the Security Gateway
  D. The amount of logs been store is less than the usual in older versions
  B. Indexing Engine indexes logs for faster search results

• Question 208:

  John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only

  from John's desktop which is assigned a static IP address 10.0.0.19.

  John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a

  rule that lets John Adams access the HR Web Server from his desktop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

  To make this scenario work, the IT administrator:

  1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

  2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

  3) Changes from static IP address to DHCP for the client PC.

  What should John request when he cannot access the web server from his laptop?

  A. John should lock and unlock his computer
  B. Investigate this as a network connectivity issue
  C. The access should be changed to authenticate the user instead of the PC
  D. John should install the Identity Awareness Agent
  C. The access should be changed to authenticate the user instead of the PC

• Question 209:

  Vanessa is attempting to log into the Gaia Web Portal. She is able to login successfully. Then she tries the same username and password for SmartConsole but gets the message in the screenshot image below. She has checked that the IP address of the Server is correct and the username and password she used to login into Gaia is also correct.

  

  What is the most likely reason?

  A. Check Point R80 SmartConsole authentication is more secure than in previous versions and Vanessa requires a special authentication key for R80 SmartConsole. Check that the correct key details are used.
  B. Check Point Management software authentication details are not automatically the same as the Operating System authentication details. Check that she is using the correct details.
  C. SmartConsole Authentication is not allowed for Vanessa until a Super administrator has logged in first and cleared any other administrator sessions.
  D. Authentication failed because Vanessa's username is not allowed in the new Threat Prevention console update checks even though these checks passed with Gaia.
  B. Check Point Management software authentication details are not automatically the same as the Operating System authentication details. Check that she is using the correct details.

• Question 210:

  What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?

  A. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
  B. Install the View Implicit Rules package using SmartUpdate.
  C. Define two log servers on the R77 Gateway object. Lof Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
  D. Check the Log Implied Rules Globally box on the R77 Gateway object.
  A. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.