1. Home
  2. CheckPoint
  3. 156-915.80

Check Point Certified Security Expert Update - R80.10

Exam Details

  • Exam Code
    :156-915.80
  • Exam Name
    :Check Point Certified Security Expert Update - R80.10
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :536 Q&As
  • Last Updated
    :May 03, 2025

CheckPoint Checkpoint Certifications 156-915.80 Questions & Answers

  • Question 401:

    You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that? Exhibit:

    1) fw2 is a member in a VPN community. 2) ClusterXL software blade is not enabled on fw2. 3) fw2 is a DAIP Gateway.

    A. 2 or 3

    B. 1 or 2

    C. 1 or 3

    D. All

  • Question 402:

    Your expanding network currently includes ClusterXL running Multicast mode on two members, as shown in this topology:

    Exhibit:

    You need to add interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for these interfaces is 10.10.10.3/24. Both cluster gateways have a Quad card with an available eth3 interface. What is the

    correct procedure to add these interfaces?

    A. 1. Disable "Cluster membership" from one Gateway via cpconfig.2. Configure the new interface via sysconfig from the "non-member" Gateway.3. Re-enable "Cluster membership" on the Gateway.4. Perform the same steps on the other Gateway.5. Update the topology in the cluster object.6. Install the Security Policy.

    B. 1. Configure the new interface on both members using WebUI.2. Update the new topology in the cluster object from SmartDashboard.3. Define virtual IP in the Dashboard4. Install the Security Policy.

    C. 1. Use WebUI to configure the new interfaces on both member.2. Update the topology in the cluster object.3. Reboot both gateways.4. Install the Security Policy.

    D. 1. Use the command ifconfig to configure and enable the new interface on both members.2. Update the topology in the cluster object for the cluster and both members.3. Install the Security Policy.4. Reboot the gateway.

  • Question 403:

    Which command will erase all CRL's?

    A. vpn crladmin

    B. cpstop/cpstart

    C. vpn crl_zap

    D. vpn flush

  • Question 404:

    Match the VPN-related terms with their definitions. Each correct term is only used once. Exhibit:

    A. A-3, B-4, C-1, D-5

    B. A-4, B-3, C-5, D-2

    C. A-2, B-5, C-4, D-1

    D. A-3, B-2, C-1, D-4

  • Question 405:

    You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window.

    What must you enable to see the Directional Match?

    A. directional_match(true) in the objects_5_0.C file on Security Management Server

    B. VPN Directional Match on the Gateway object's VPN tab

    C. VPN Directional Match on the VPN advanced window, in Global Properties

    D. Advanced Routing on each Security Gateway

  • Question 406:

    Which Check Point tool allows you to open a debug file and see the VPN packet exchange details.

    A. PacketDebug.exe

    B. VPNDebugger.exe

    C. IkeView.exe

    D. IPSECDebug.exe

  • Question 407:

    When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered?

    1) Each member must have a unique source IP address.

    2) Every interface on each member requires a unique IP address.

    3) All VTI's going to the same remote peer must have the same name.

    4) Cluster IP addresses are required.

    A. 1, 2, and 4

    B. 2 and 3

    C. 1, 2, 3 and 4

    D. 1, 3, and 4

  • Question 408:

    You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

    A. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA).

    B. Create a new logical-server object to represent your partner's CA.

    C. Manually import your partner's Access Control List.

    D. Manually import your partner's Certificate Revocation List.

  • Question 409:

    You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?

    A. internal_clear > All_communities

    B. Internal_clear > External_Clear

    C. Communities > Communities

    D. internal_clear > All_GwToGw

  • Question 410:

    If you need strong protection for the encryption of user data, what option would be the BEST choice?

    A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.

    B. When you need strong encryption, IPsec is not the best choice. SSL VPN's are a better choice.

    C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.

    D. Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-915.80 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.