Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Checkpoint 156-215.80 Check Point Certified Security Administrator R80 Exam Practice Test

Demo: 77 questions
Total 525 questions

Check Point Certified Security Administrator R80 Questions and Answers

Question 1

All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

Options:

A.

FTP

B.

SMTP

C.

HTTP

D.

RLOGIN

Question 2

You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?

Options:

A.

SmartView Tracker and SmartView Monitor

B.

SmartLSM and SmartUpdate

C.

SmartDashboard and SmartView Tracker

D.

SmartView Monitor and SmartUpdate

Question 3

Which of the following is NOT an option for internal network definition of Anti-spoofing?

Options:

A.

Specific – derived from a selected object

B.

Route-based – derived from gateway routing table

C.

Network defined by the interface IP and Net Mask

D.

Not-defined

Question 4

Match the following commands to their correct function. Each command has one function only listed.

Options:

A.

C1>F6; C2>F4; C3>F2; C4>F5

B.

C1>F2; C2>F1; C3>F6; C4>F4

C.

C1>F2; C2>F4; C3>F1; C4>F5

D.

C1>F4; C2>F6; C3>F3; C4>F5

Question 5

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities sh you do first?

Options:

A.

Create a new logical-server object to represent your partner's CA

B.

Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA)

C.

Manually import your partner's Certificate Revocation List.

D.

Manually import your partner's Access Control List.

Question 6

If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?

Options:

A.

Nothing

B.

TCP FIN

C.

TCP RST

D.

ICMP unreachable

Question 7

Which of the following actions do NOT take place in IKE Phase 1?

Options:

A.

Peers agree on encryption method.

B.

Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.

C.

Peers agree on integrity method.

D.

Each side generates a session key from its private key and peer's public key.

Question 8

Which of these attributes would be critical for a site-to-site VPN?

Options:

A.

Scalability to accommodate user groups

B.

Centralized management

C.

Strong authentication

D.

Strong data encryption

Question 9

The WebUI offers three methods for downloading Hotfixes via CPUSE. One of them is Automatic method. How many times per day will CPUSE agent check for hotfixes and automatically download them?

Options:

A.

Six times per day

B.

Seven times per day

C.

Every two hours

D.

Every three hours

Question 10

Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?

Options:

A.

SandBlast Threat Emulation

B.

SandBlast Agent

C.

Check Point Protect

D.

SandBlast Threat Extraction

Question 11

An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).

Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.

If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.

Which of the following is the BEST explanation for this behavior?

Options:

A.

The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.

B.

The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation.

C.

The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.

D.

The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.

Question 12

Where does the security administrator activate Identity Awareness within SmartDashboard?

Options:

A.

Gateway Object > General Properties

B.

Security Management Server > Identity Awareness

C.

Policy > Global Properties > Identity Awareness

D.

LDAP Server Object > General Properties

Question 13

A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?

Options:

A.

Secure Internal Communications (SIC) not configured for the object.

B.

A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.

C.

Anti-spoofing not configured on the interfaces on the Gateway object.

D.

A Gateway object created using the Check Point > Secure Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.

Question 14

Which of the following is a hash algorithm?

Options:

A.

3DES

B.

IDEA

C.

DES

D.

MD5

Question 15

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?

Options:

A.

Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.

B.

Select Block intruder from the Tools menu in SmartView Tracker.

C.

Create a Suspicious Activity Rule in Smart Monitor.

D.

Add a temporary rule using SmartDashboard and select hide rule.

Question 16

A digital signature:

Options:

A.

Guarantees the authenticity and integrity of a message.

B.

Automatically exchanges shared keys.

C.

Decrypts data to its original form.

D.

Provides a secure key exchange mechanism over the Internet.

Question 17

Identify the API that is not supported by Check Point currently.

Options:

A.

R80 Management API-

B.

Identity Awareness Web Services API

C.

Open REST API

D.

OPSEC SDK

Question 18

Review the rules. Assume domain UDP is enabled in the implied rules.

What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

Options:

A.

can connect to the Internet successfully after being authenticated.

B.

is prompted three times before connecting to the Internet successfully.

C.

can go to the Internet after Telnetting to the client authentication daemon port 259.

D.

can go to the Internet, without being prompted for authentication.

Question 19

Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?

Options:

A.

Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

B.

Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.

C.

Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.

D.

Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.

Question 20

Which command is used to add users to or from existing roles?

Options:

A.

Add rba user roles

B.

Add rba user

C.

Add user roles

D.

Add user

Question 21

Choose what BEST describes the Policy Layer Traffic Inspection.

Options:

A.

If a packet does not match any of the inline layers, the matching continues to the next Layer.

B.

If a packet matches an inline layer, it will continue matching the next layer.

C.

If a packet does not match any of the inline layers, the packet will be matched against the Implicit Clean-up Rule.

D.

If a packet does not match a Network Policy Layer, the matching continues to its inline layer.

Question 22

Fill in the blanks: The _________ collects logs and sends them to the _________ .

Options:

A.

Log server; security management server

B.

Log server; Security Gateway

C.

Security management server; Security Gateway

D.

Security Gateways; log server

Question 23

With which command can you view the running configuration of Gaia-based system.

Options:

A.

show conf-active

B.

show configuration active

C.

show configuration

D.

show running-configuration

Question 24

Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

Options:

A.

One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

B.

One machine

C.

Two machines

D.

Three machines

Question 25

What does the “unknown” SIC status shown on SmartConsole mean?

Options:

A.

The SMS can contact the Security Gateway but cannot establish Secure Internal Communication.

B.

SIC activation key requires a reset.

C.

The SIC activation key is not known by any administrator.

D.

There is no connection between the Security Gateway and SMS.

Question 26

Which of the following is NOT a SecureXL traffic flow?

Options:

A.

Medium Path

B.

Accelerated Path

C.

Fast Path

D.

Slow Path

Question 27

Which of the following statements is TRUE about R80 management plug-ins?

Options:

A.

The plug-in is a package installed on the Security Gateway.

B.

Installing a management plug-in requires a Snapshot, just like any upgrade process.

C.

A management plug-in interacts with a Security Management Server to provide new features and support for new products.

D.

Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.

Question 28

Fill in the blank: The __________ is used to obtain identification and security information about network users.

Options:

A.

User Directory

B.

User server

C.

UserCheck

D.

User index

Question 29

By default, which port does the WebUI listen on?

Options:

A.

80

B.

4434

C.

443

D.

8080

Question 30

Packages and licenses are loaded from all of these sources EXCEPT

Options:

A.

Download Center Web site

B.

UserUpdate

C.

User Center

D.

Check Point DVD

Question 31

Fill in the blank: The tool _______ generates a R80 Security Gateway configuration report.

Options:

A.

infoCP

B.

infoview

C.

cpinfo

D.

fw cpinfo

Question 32

In R80 spoofing is defined as a method of:

Options:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Question 33

Which feature is NOT provided by all Check Point Mobile Access solutions?

Options:

A.

Support for IPv6

B.

Granular access control

C.

Strong user authentication

D.

Secure connectivity

Question 34

Fill in the blank: With the User Directory Software Blade, you can create R80 user definitions on a(an) ___________ Server.

Options:

A.

NT domain

B.

SMTP

C.

LDAP

D.

SecurID

Question 35

Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

Options:

A.

SmartView Monitor

B.

SmartEvent

C.

SmartUpdate

D.

SmartDashboard

Question 36

In R80, Unified Policy is a combination of

Options:

A.

Access control policy, QoS Policy, Desktop Security Policy and endpoint policy.

B.

Access control policy, QoS Policy, Desktop Security Policy and Threat Prevention Policy.

C.

Firewall policy, address Translation and application and URL filtering, QoS Policy, Desktop Security Policy and Threat Prevention Policy.

D.

Access control policy, QoS Policy, Desktop Security Policy and VPN policy.

Question 37

What is the default time length that Hit Count Data is kept?

Options:

A.

3 month

B.

4 weeks

C.

12 months

D.

6 months

Question 38

Which type of the Check Point license ties the package license to the IP address of the Security Management Server?

Options:

A.

Local

B.

Central

C.

Corporate

D.

Formal

Question 39

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Options:

A.

None, Security Management Server would be installed by itself.

B.

SmartConsole

C.

SecureClient

D.

Security Gateway

Question 40

Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?

Options:

A.

A star community requires Check Point gateways, as it is a Check Point proprietary technology.

B.

In a star community, satellite gateways cannot communicate with each other.

C.

In a mesh community, member gateways cannot communicate directly with each other.

D.

In a mesh community, all members can create a tunnel with any other member.

Question 41

Which policy type is used to enforce bandwidth and traffic control rules?

Options:

A.

Threat Emulation

B.

Access Control

C.

QoS

D.

Threat Prevention

Question 42

Study the Rule base and Client Authentication Action properties screen.

After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site. What happens when the user tries to FTP to another site using the command line? The:

Options:

A.

user is prompted for authentication by the Security Gateways again.

B.

FTP data connection is dropped after the user is authenticated successfully.

C.

user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication

D.

FTP connection is dropped by Rule 2.

Question 43

Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment. Which details she need to fill in System Restore window before she can click OK button and test the backup?

Options:

A.

Server, SCP, Username, Password, Path, Comment, Member

B.

Server, TFTP, Username, Password, Path, Comment, All Members

C.

Server, Protocol, Username, Password, Path, Comment, All Members

D.

Server, Protocol, Username, Password, Path, Comment, Member

Question 44

How many users can have read/write access in Gaia at one time?

Options:

A.

Infinite

B.

One

C.

Three

D.

Two

Question 45

When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

Options:

A.

RADIUS

B.

Remote Access and RADIUS

C.

AD Query

D.

AD Query and Browser-based Authentication

Question 46

Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .

Options:

A.

Firewall policy install

B.

Threat Prevention policy install

C.

Anti-bot policy install

D.

Access Control policy install

Question 47

The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?

Options:

A.

R80 Management contains compatibility packages for managing earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.

B.

R80 Management requires the separate installation of compatibility hotfix packages for managing the earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.

C.

R80 Management was designed as a completely different Management system and so can only monitor Check Point Gateways prior to R80.

D.

R80 Management cannot manage earlier versions of Check Point Gateways prior to R80. Only R80 and above Gateways can be managed. Consult the R80 Release Notes for more information.

Question 48

To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?

Options:

A.

Full HA Cluster

B.

High Availability

C.

Standalone

D.

Distributed

Question 49

Which of the following statements accurately describes the command snapshot?

Options:

A.

snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway.

B.

snapshot creates a Security Management Server full system-level backup on any OS

C.

snapshot stores only the system-configuration settings on the Gateway

D.

A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server

Question 50

If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?

Options:

A.

Log Implied Rule was not selected on Global Properties.

B.

Log Implied Rule was not set correctly on the track column on the rules base.

C.

Track log column is set to none.

D.

Track log column is set to Log instead of Full Log.

Question 51

Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

Options:

A.

Full

B.

Light

C.

Custom

D.

Complete

Question 52

Fill in the blank: A(n) _____ rule is created by an administrator and is located before the first and before last rules in the Rule Base.

Options:

A.

Firewall drop

B.

Explicit

C.

Implicit accept

D.

Implicit drop

E.

Implied

Question 53

Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as _______

Options:

A.

UserCheck

B.

User Directory

C.

User Administration

D.

User Center

Question 54

Look at the screenshot below. What CLISH command provides this output?

Options:

A.

show configuration all

B.

show confd configuration

C.

show confd configuration all

D.

show configuration

Question 55

Choose what BEST describes users on Gaia Platform.

Options:

A.

There is one default user that cannot be deleted.

B.

There are two default users and one cannot be deleted.

C.

There is one default user that can be deleted.

D.

There are two default users that cannot be deleted and one SmartConsole Administrator.

Question 56

Fill in the blanks: The Application Layer Firewalls inspect traffic through the ________ layer(s) of the TCP/IP model and up to and including the ________ layer.

Options:

A.

Lower; Application

B.

First two; Internet

C.

First two; Transport

D.

Upper; Application

Question 57

Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

Options:

A.

Firewall

B.

Application Control

C.

Anti-spam and Email Security

D.

Antivirus

Question 58

Where can administrator edit a list of trusted SmartConsole clients in R80?

Options:

A.

cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.

B.

Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

C.

In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients.

D.

WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients, via cpconfig on a Security Gateway.

Question 59

Joey is using the computer with IP address 192.168.20.13. He wants to access web page “www.CheckPoint.com”, which is hosted on Web server with IP address 203.0.113.111. How many rules on Check Point Firewall are required for this connection?

Options:

A.

Two rules – first one for the HTTP traffic and second one for DNS traffic.

B.

Only one rule, because Check Point firewall is a Packet Filtering firewall

C.

Two rules – one for outgoing request and second one for incoming replay.

D.

Only one rule, because Check Point firewall is using Stateful Inspection technology.

Question 60

An administrator wishes to enable Identity Awareness on the Check Point firewalls. However they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?

Options:

A.

AD Query

B.

Browser-Based Authentication

C.

Identity Agents

D.

Terminal Servers Agent

Question 61

In which scenario is it a valid option to transfer a license from one hardware device to another?

Options:

A.

From a 4400 Appliance to an HP Open Server

B.

From an IBM Open Server to an HP Open Server

C.

From an 4400 Appliance to a 2200 Appliance

D.

From an IBM Open Server to a 2200 Appliance

Question 62

Which Check Point software blade provides Application Security and identity control?

Options:

A.

Identity Awareness

B.

Data Loss Prevention

C.

URL Filtering

D.

Application Control

Question 63

Which of the following is an authentication method used for Identity Awareness?

Options:

A.

SSL

B.

Captive Portal

C.

PKI

D.

RSA

Question 64

The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?

Options:

A.

Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with any UID and assign role to the user.

B.

Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with UID 0 and assign role to the user.

C.

Create a new access role.Add expert-mode access to the role.Create new user with UID 0 and assign role to the user.

D.

Create a new access role.Add expert-mode access to the role.Create new user with any UID and assign role to the user.

Question 65

You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?

Options:

A.

show unsaved

B.

show save-state

C.

show configuration diff

D.

show config-state

Question 66

Fill in the blank: The position of an implied rule is manipulated in the __________________ window.

Options:

A.

NAT

B.

Firewall

C.

Global Properties

D.

Object Explorer

Question 67

Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?

Options:

A.

Microsoft Publisher

B.

JSON

C.

Microsoft Word

D.

RC4 Encryption

Question 68

Fill in the blank: An Endpoint identity agent uses a ___________ for user authentication.

Options:

A.

Shared secret

B.

Token

C.

Username/password or Kerberos Ticket

D.

Certificate

Question 69

What is the best sync method in the ClusterXL deployment?

Options:

A.

Use 1 cluster + 1st sync

B.

Use 1 dedicated sync interface

C.

Use 3 clusters + 1st sync + 2nd sync + 3rd sync

D.

Use 2 clusters + 1st sync + 2nd sync

Question 70

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway

Options:

A.

True, CLI is the prefer method for Licensing

B.

False, Central License are handled via Security Management Server

C.

False, Central License are installed via Gaia on Security Gateways

D.

True, Central License can be installed with CPLIC command on a Security Gateway

Question 71

When using Monitored circuit VRRP, what is a priority delta?

Options:

A.

When an interface fails the priority changes to the priority delta

B.

When an interface fails the delta claims the priority

C.

When an interface fails the priority delta is subtracted from the priority

D.

When an interface fails the priority delta decides if the other interfaces takes over

Question 72

You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?

Options:

A.

Open SmartLog and connect remotely to the wireless controller

B.

Open SmartEvent to see why they are being blocked

C.

Open SmartDashboard and review the logs tab

D.

From SmartConsole, go to the Log & Monitor and filter for the IP address of the tablet.

Question 73

What data MUST be supplied to the SmartConsole System Restore window to restore a backup?

Options:

A.

Server, Username, Password, Path, Version

B.

Username, Password, Path, Version

C.

Server, Protocol, Username, Password, Destination Path

D.

Server, Protocol, Username, Password, Path

Question 74

Which of the following is NOT an identity source used for Identity Awareness?

Options:

A.

Remote Access

B.

UserCheck

C.

AD Query

D.

RADIUS

Question 75

What is the most recommended installation method for Check Point appliances?

Options:

A.

SmartUpdate installation

B.

DVD media created with Check Point ISOMorphic

C.

USB media created with Check Point ISOMorphic

D.

Cloud based installation

Question 76

In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

Options:

A.

SND is a feature to accelerate multiple SSL VPN connections

B.

SND is an alternative to IPSec Main Mode, using only 3 packets

C.

SND is used to distribute packets among Firewall instances

D.

SND is a feature of fw monitor to capture accelerated packets

Question 77

You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?

Options:

A.

restore_backup

B.

import backup

C.

cp_merge

D.

migrate import

Demo: 77 questions
Total 525 questions