Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Checkpoint 156-215.80

Checkpoint 156-215.80 Exam Practice Questions (P. 3)

  • Full Access (536 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret, the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?
  1. A
    IPsec VPN blade should be enabled on both Security Gateway.
  2. B
    Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
  3. C
    Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
  4. D
    The Security Gateways are pre-R75.40.

Correct Answer:
C

Question #22
You are the senior Firewall administrator for Alpha Corp, and have recently returned from a training course on Check Point's new advanced management platform.
You are presenting an in-house overview of the new features of Check Point Management to the other administrators in Alpha Corp.

How will you describe the new `Publish` button in Management Console?
  1. A
    The Publish button takes any changes an administrator has made in their management session, publishes a copy to the Check Point Cloud, and then saves it to the database.
  2. B
    The Publish button takes any changes an administrator has made in their management session and publishes a copy to the Check Point Cloud but does not save it to the database.
  3. C
    The Publish button saves any changes an administrator has made in their management session. After saving to the database, any changes are now visible to all other administrator sessions.
  4. D
    The Publish button saves any changes an administrator has made in their management session. After saving to the database, any changes are now visible to any new Unified Policy sessions.

Correct Answer:
C
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197

Question #23
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
  1. A
    High Availability
  2. B
    Load Sharing Multicast
  3. C
    Load Sharing Pivot
  4. D
    Master/Backup

Correct Answer:
B
Explanation :
ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluster.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm

Question #24
With the User Directory Software Blade, you can create user definitions on a(an) ___________ Server.
  1. A
    NT domain
  2. B
    SMTP
  3. C
    LDAP
  4. D
    SecurID

Correct Answer:
C
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197

Question #25
Which of the following is NOT a component of a Distinguished Name?
  1. A
    Organizational Unit
  2. B
    Country
  3. C
    Common Name
  4. D
    User container

Correct Answer:
D
Distinguished Name Components -
CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/
CP_R76_SecMan_WebAdmin/71950

Question #26
What are the three authentication methods for SIC?
  1. A
    Passwords, Users, and standards-based SSL for the creation of secure channels
  2. B
    Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption
  3. C
    Packet Filtering, certificates, and 3DES or AES128 for encryption
  4. D
    Certificates, Passwords, and Tokens

Correct Answer:
B
Secure Internal Communication (SIC)
Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between gateways, management servers and other Check Point components. SIC is required to install polices on gateways and to send logs between gateways and management servers.
These security measures make sure of the safety of SIC:
✑ Certificates for authentication
✑ Standards-based SSL for the creation of the secure channel
✑ 3DES for encryption
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/
CP_R76_SecMan_WebAdmin/71950

Question #27
You have enabled `Extended Log` as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
  1. A
    Logging has disk space issues.
  2. B
    Content Awareness is not enabled.
  3. C
    Identity Awareness is not enabled.
  4. D
    Log Trimming is enabled.

Correct Answer:
A
The most likely reason for the logs data to stop is the low disk space on the logging device, which can be the Management Server or the Gateway Server.

Question #28
What is the order of NAT priorities?
  1. A
    Static NAT, IP pool NAT, hide NAT
  2. B
    IP pool NAT, static NAT, hide NAT
  3. C
    Static NAT, automatic NAT, hide NAT
  4. D
    Static NAT, hide NAT, IP pool NAT

Correct Answer:
A
The order of NAT priorities is:
1. Static NAT
2. IP Pool NAT
3. Hide NAT
Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority than the other NAT methods.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm#o6919

Question #29
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
  1. A
    UserCheck
  2. B
    Active Directory Query
  3. C
    Account Unit Query
  4. D
    User Directory Query

Correct Answer:
B
Explanation :
AD Query extracts user and computer identity information from the Active Directory Security Event Logs. The system generates a Security Event log entry when a user or computer accesses a network resource. For example, this occurs when a user logs in, unlocks a screen, or accesses a network drive.
Reference :
https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htm

Question #30
Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server Operating System. He can do this via WebUI or via CLI.
Which command should he use in CLI?
  1. A
    remove database lock
  2. B
    The database feature has one command: lock database override.
  3. C
    override database lock
  4. D
    The database feature has two commands: lock database override and unlock database. Both will work.

Correct Answer:
D
Use the database feature to obtain the configuration lock. The database feature has two commands:
✑ lock database [override].
✑ unlock database
The commands do the same thing: obtain the configuration lock from another administrator.

Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm#o73091

Previous Questions Next Questions

All Pages