CheckPoint 156-215.80 Online Practice Questions and Exam Preparation

CheckPoint 156-215.80 Online Questions & Answers

• Question 311:

  Which of the following is NOT a role of the SmartCenter:

  A. Status monitoring
  B. Policy configuration
  C. Certificate authority
  D. Address translation
  C. Certificate authority

• Question 312:

  Message digests use which of the following?

  A. DES and RC4
  B. IDEA and RC4
  C. SSL and MD4
  D. SHA-1 and MD5
  D. SHA-1 and MD5

• Question 313:

  Which firewall daemon is responsible for the FW CLI commands?

  A. fwd
  B. fwm
  C. cpm
  D. cpd
  A. fwd

• Question 314:

  SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

  A. Smart Cloud Services
  B. Load Sharing Mode Services
  C. Threat Agent Solution
  D. Public Cloud Services
  A. Smart Cloud Services

• Question 315:

  You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

  

  A. Right click Accept in the rule, select "More", and then check "Enable Identity Captive Portal"
  B. On the firewall object, Legacy Authentication screen, check "Enable Identity Captive Portal"
  C. In the Captive Portal screen of Global Properties, check "Enable Identity Captive Portal"
  D. On the Security Management Server object, check the box "Identity Logging"
  A. Right click Accept in the rule, select "More", and then check "Enable Identity Captive Portal"

• Question 316:

  In R80 spoofing is defined as a method of:

  A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
  B. Hiding your firewall from unauthorized users.
  C. Detecting people using false or wrong authentication logins
  D. Making packets appear as if they come from an authorized IP address.
  D. Making packets appear as if they come from an authorized IP address.

• Question 317:

  Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?

  A. The firewall topologies
  B. NAT Rules
  C. The Rule Base
  D. The VPN Domains
  C. The Rule Base

• Question 318:

  When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?

  A. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
  B. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field (conf :(conns :(conn :hwaddr ("00:0C:29:12:34:56")
  C. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56
  D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
  C. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56

• Question 319:

  The most important part of a site-to-site VPN deployment is the ________ .

  A. Internet
  B. Remote users
  C. Encrypted VPN tunnel
  D. VPN gateways
  C. Encrypted VPN tunnel

• Question 320:

  The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?

  A. There is a virus found. Traffic is still allowed but not accelerated
  B. The connection required a Security server
  C. Acceleration is not enabled
  D. The traffic is originating from the gateway itself
  D. The traffic is originating from the gateway itself