Rebirth Check Point Certified Security Administrator 156-215.80 Real Exam

NEW QUESTION 1

Which of the following is TRUE about the Check Point Host object?

• A. Check Point Host has no routing ability even if it has more than one interface installed.
• B. When you upgrade to R80 from R77.30 or earlier versions, Check Point Host objects are converted to gateway objects.
• C. Check Point Host is capable of having an IP forwarding mechanism.
• D. Check Point Host can act as a firewall.

Answer: A

Explanation:
A Check Point host is a host with only one interface, on which Check Point software has been installed, and which is managed by the Security Management server. It is not a routing mechanism and is not capable of IP forwarding.

NEW QUESTION 2

You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

• A. A group with generic user
• B. All users
• C. LDAP Account Unit Group
• D. Internal user Group

Answer: A

NEW QUESTION 3

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

• A. Security Gateway IP-address cannot be changed without re-establishing the trust
• B. The Security Gateway name cannot be changed in command line without re-establishing trust
• C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust
• D. The Security Management Server IP-address cannot be changed without re-establishing the trust

Answer: A

NEW QUESTION 4

Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?

• A. Firewall
• B. Identity Awareness
• C. Application Control
• D. URL Filtering

Answer: B

Explanation:
Check Point Identity Awareness Software Blade provides granular visibility of users, groups and machines, providing unmatched application and access control through the creation of accurate, identity-based policies. Centralized management and monitoring allows for policies to be managed from a single, unified console.

NEW QUESTION 5

You are unable to login to SmartDashboard. You log into the management server and run #cpwd_admin list with the following output:

What reason could possibly BEST explain why you are unable to connect to SmartDashboard?

• A. CDP is down
• B. SVR is down
• C. FWM is down
• D. CPSM is down

Answer: C

Explanation:
The correct answer would be FWM (is the process making available communication between SmartConsole applications and Security Management Server.). STATE is T (Terminate = Down)
Symptoms
SmartDashboard fails to connect to the Security Management server.
Verify if the FWM process is running. To do this, run the command:
[Expert@HostName:0]# ps -aux | grep fwm
If the FWM process is not running, then try force-starting the process with the following command: [Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm" [Expert@HostName:0]# ps -aux | grep fwm
[Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"

NEW QUESTION 6

Review the following screenshot and select the BEST answer.

• A. Data Center Layer is an inline layer in the Access Control Policy.
• B. By default all layers are shared with all policies.
• C. If a connection is dropped in Network Layer, it will not be matched against the rules in Data Center Layer.
• D. If a connection is accepted in Network-layer, it will not be matched against the rules in Data Center Layer.

Answer: C

NEW QUESTION 7

What are the two high availability modes?

• A. Load Sharing and Legacy
• B. Traditional and New
• C. Active and Standby
• D. New and Legacy

Answer: D

Explanation:
ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages.
Load Sharing Multicast Mode
Load Sharing Unicast Mode
New High Availability Mode
High Availability Legacy Mode

NEW QUESTION 8

When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?

• A. Any size
• B. Less than 20GB
• C. More than 10GB and less than 20 GB
• D. At least 20GB

Answer: D

NEW QUESTION 9

Choose what BEST describes the reason why querying logs now is very fast.

• A. New Smart-1 appliances double the physical memory install
• B. Indexing Engine indexes logs for faster search results
• C. SmartConsole now queries results directly from the Security Gateway
• D. The amount of logs been store is less than the usual in older versions

Answer: B

NEW QUESTION 10

Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.

What is the possible Explanation: for this?

• A. DNS Rule is using one of the new feature of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important.
• B. Another administrator is logged into the Management and currently editing the DNS Rule.
• C. DNS Rule is a placeholder rule for a rule that existed in the past but was deleted.
• D. This is normal behavior in R80 when there are duplicate rules in the Rule Base.

Answer: B

NEW QUESTION 11

What is the Manual Client Authentication TELNET port?

• A. 23
• B. 264
• C. 900
• D. 259

Answer: D

NEW QUESTION 12

Which of the following statements accurately describes the command snapshot?

• A. snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway.
• B. snapshot creates a Security Management Server full system-level backup on any OS
• C. snapshot stores only the system-configuration settings on the Gateway
• D. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server

Answer: A

NEW QUESTION 13

There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically?

• A. No, since “maintain current active cluster member” option on the cluster object properties is enabled by default
• B. No, since “maintain current active cluster member” option is enabled by default on the Global Properties
• C. Yes, since “Switch to higher priority cluster member” option on the cluster object properties is enabled by default
• D. Yes, since “Switch to higher priority cluster member” option is enabled by default on the Global Properties

Answer: A

Explanation:
What Happens When a Security Gateway Recovers?
In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are redistributed among all active members. High Availability and Load Sharing in ClusterXL ClusterXL Administration Guide R77 Versions | 31 In a High Availability configuration, when the failed Security Gateway in a cluster recovers, the recovery method depends on the configured cluster setting. The options are:
• Maintain Current Active Security Gateway means that if one member passes on control to a lower priority member, control will be returned to the higher priority member only if the lower priority member fails. This mode is recommended if all members are equally capable of processing traffic, in order to minimize the number of failover events.
• Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher priority member is restored, then control will be returned to the higher priority member. This mode is recommended if one member is better equipped for handling connections, so it will be the default Security Gateway.

NEW QUESTION 14

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

• A. Go to clash-Run cpstop | Run cpstart
• B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway
• C. Administrator does not need to perform any tas
• D. Check Point will make use of the newly installed CPU and Cores
• E. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy

Answer: B

NEW QUESTION 15

Fill the blank. IT is Best Practice to have a _____ rule at the end of each policy layer.

• A. Explicit Drop
• B. Implied Drop
• C. Explicit Cleanup
• D. Implicit Drop

Answer: A

NEW QUESTION 16

Which of the following commands is used to verify license installation?

• A. Cplic verify license
• B. Cplic print
• C. Cplic show
• D. Cplic license

Answer: B

NEW QUESTION 17

Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitor displays ____ for the given VPN tunnel.

• A. Down
• B. No Response
• C. Inactive
• D. Failed

Answer: A

NEW QUESTION 18

On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

• A. 18210
• B. 18184
• C. 257
• D. 18191

Answer: B

NEW QUESTION 19

The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

• A. Secure Internal Communication (SIC)
• B. Restart Daemons if they fail
• C. Transfer messages between Firewall processes
• D. Pulls application monitoring status

Answer: D

NEW QUESTION 20

Which of the following is NOT a SecureXL traffic flow?

• A. Medium Path
• B. Accelerated Path
• C. Fast Path
• D. Slow Path

Answer: C

Explanation:
SecureXL is an acceleration solution that maximizes performance of the Firewall and does not compromise security. When SecureXL is enabled on a Security Gateway, some CPU intensive operations are processed by virtualized software instead of the Firewall kernel. The Firewall can inspect and process connections more efficiently and accelerate throughput and connection rates. These are the SecureXL traffic flows:
Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the
Firewall.
Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path. For example, packets that are inspected by IPS cannot use the accelerated path and can be offloaded to the IPS PSL (Passive Streaming Library). SecureXL processes these packets more quickly than packets on the slow path.

NEW QUESTION 21

If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?

• A. Nothing
• B. TCP FIN
• C. TCP RST
• D. ICMP unreachable

Answer: A

NEW QUESTION 22

ABC Corp., and have recently returned from a training course on Check Point's new advanced R80 management platform. You are presenting an in-house R80 Management to the other administrators in ABC Corp.

How will you describe the new “Publish” button in R80 Management Console?

• A. The Publish button takes any changes an administrator has made in their management session, publishes a copy to the Check Point of R80, and then saves it to the R80 database.
• B. The Publish button takes any changes an administrator has made in their management session and publishes a copy to the Check Point Cloud of R80 and but does not save it to the R80
• C. The Publish button makes any changes an administrator has made in their management session visible to all other administrator sessions and saves it to the Database.
• D. The Publish button makes any changes an administrator has made in their management session visible to the new Unified Policy session and saves it to the Database.

Answer: C

Explanation:
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.

NEW QUESTION 23

How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?

• A. Change the gateway settings to allow Captive Portal access via an external interface.
• B. No action is necessar
• C. This access is available by default.
• D. Change the Identity Awareness settings under Global Properties to allow Captive Policy access on all interfaces.
• E. Change the Identity Awareness settings under Global Properties to allow Captive Policy access for an external interface.

Answer: A

NEW QUESTION 24
......