1. Home
  2. CheckPoint
  3. 156-915.80

Check Point Certified Security Expert Update - R80.10

Exam Details

  • Exam Code
    :156-915.80
  • Exam Name
    :Check Point Certified Security Expert Update - R80.10
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :536 Q&As
  • Last Updated
    :May 03, 2025

CheckPoint Checkpoint Certifications 156-915.80 Questions & Answers

  • Question 331:

    The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

    A. add host name ip-address

    B. add hostname ip-address

    C. set host name ip-address

    D. set hostname ip-address

  • Question 332:

    You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.

    What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers'public IP addresses?

    A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.

    B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.

    C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.

    D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ's interface.

  • Question 333:

    The Regulatory Compliance pane shows compliance statistics for selected regulatory standards, based on the Security Best Practice scan. Which of the following does NOT show in this pane?

    A. The total number of Regulatory Requirements that are monitored

    B. The Average compliance score for each regulation shown

    C. The average number of Regulatory Requirements that are monitored

    D. The Number of Regulatory Requirements for each Regulation

  • Question 334:

    In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

    A. Basic, Optimized, Strict

    B. Basic, Optimized, Severe

    C. General, Escalation, Severe

    D. General, purposed, Strict

  • Question 335:

    Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?

    A. Manual NAT rules are not configured correctly.

    B. Allow bi-directional NAT is not checked in Global Properties.

    C. Routing is not configured correctly.

    D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.

  • Question 336:

    You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface.

    You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network.

    How many log entries do you see for that connection in SmartView Tracker?

    A. Two, one for outbound, one for inbound

    B. Only one, outbound

    C. Two, both outbound, one for the real IP connection and one for the NAT IP connection

    D. Only one, inbound

  • Question 337:

    Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?

    A. Hide

    B. Static Destination

    C. Static Source

    D. Dynamic Destination

  • Question 338:

    Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

    A. Dynamic Source Address Translation

    B. Hide Address Translation

    C. Port Address Translation

    D. Static Destination Address Translation

  • Question 339:

    You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your

    Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.

    What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

    A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.

    B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

    C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

    D. Place a static host route on the firewall for the valid IP address to the internal Web server.

  • Question 340:

    After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Which of the following is the MOST LIKELY cause?

    A. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.

    B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.

    C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.

    D. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-915.80 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.