CheckPoint Checkpoint Certifications 156-215.80 Questions & Answers

• Question 201:

  Fill in the blank: A _________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.

  A. Clientless remote access

  B. Clientless direct access

  C. Client-based remote access

  D. Direct access

  Correct Answer: A

  Clientless - Users connect through a web browser and use HTTPS connections. Clientless solutions usually supply access to web-based corporate resources.

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_Firewall/html_frameset.htm? topic=documents/R80/CP_R80BC_Firewall/92704

• Question 202:

  Which of the following statements is TRUE about R80 management plug-ins?

  A. The plug-in is a package installed on the Security Gateway.

  B. Installing a management plug-in requires a Snapshot, just like any upgrade process.

  C. A management plug-in interacts with a Security Management Server to provide new features and support for new products.

  D. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.

  Correct Answer: C

• Question 203:

  Fill in the blank: Gaia can be configured using the _______ or ______ .

  A. Gaia; command line interface

  B. WebUI; Gaia Interface

  C. Command line interface; WebUI

  D. Gaia Interface; GaiaUI

  Correct Answer: C

  Configuring Gaia for the First Time In This Section: Running the First Time Configuration Wizard in WebUI Running the First Time Configuration Wizard in CLI After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system and the Check Point products on it.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/ html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/112568

• Question 204:

  Which Check Point feature enables application scanning and the detection?

  A. Application Dictionary

  B. AppWiki

  C. Application Library

  D. CPApp

  Correct Answer: B

  AppWiki Application Classification Library AppWiki enables application scanning and detection of more than 5,000 distinct applications and over 300,000 Web 2.0 widgets including instant messaging, social networking, video streaming, VoIP, games and more. Reference: https://www.checkpoint.com/products/application-control-software-blade/

• Question 205:

  DLP and Geo Policy are examples of what type of Policy?

  A. Standard Policies

  B. Shared Policies

  C. Inspection Policies

  D. Unified Policies

  Correct Answer: B

  The Shared policies are installed with the Access Control Policy.

  

  Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm? topic=documents/R80/CP_R80_SecMGMT/126197

• Question 206:

  In which deployment is the security management server and Security Gateway installed on the same appliance?

  A. Bridge Mode

  B. Remote

  C. Standalone

  D. Distributed

  Correct Answer: C

  Installing Standalone Standalone Deployment - The Security Management Server and the Security Gateway are installed on the same computer or appliance.

  

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/89230.htm#o98246

• Question 207:

  In R80 spoofing is defined as a method of:

  A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

  B. Hiding your firewall from unauthorized users.

  C. Detecting people using false or wrong authentication logins

  D. Making packets appear as if they come from an authorized IP address.

  Correct Answer: D

  IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.

  Reference:

  http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/ CP_R80_SecurityManagement_AdminGuide.pdf? HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2andxtn=.pdf

• Question 208:

  Fill in the blank: The __________ is used to obtain identification and security information about network users.

  A. User Directory

  B. User server

  C. UserCheck

  D. User index

  Correct Answer: A

  Reference: https://www.checkpoint.com/downloads/product-related/datasheets/DS_UserDirectorySWB.pdf

• Question 209:

  Fill in the blanks: VPN gateways authenticate using ___________ and ___________ .

  A. Passwords; tokens

  B. Certificates; pre-shared secrets

  C. Certificates; passwords

  D. Tokens; pre-shared secrets

  Correct Answer: B

  VPN gateways authenticate using Digital Certificates and Pre-shared secrets.

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/85469.htm

• Question 210:

  Which of the following Automatically Generated Rules NAT rules have the lowest implementation priority?

  A. Machine Hide NAT

  B. Address Range Hide NAT

  C. Network Hide NAT

  D. Machine Static NAT

  Correct Answer: BC

  SmartDashboard organizes the automatic NAT rules in this order:

  1.

  Static NAT rules for Firewall, or node (computer or server) objects

  2.

  Hide NAT rules for Firewall, or node objects

  3.

  Static NAT rules for network or address range objects

  4.

  Hide NAT rules for network or address range objects

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm