What Pinpoint 156-215.80 Exam Guide Is

NEW QUESTION 1

What are the three components for Check Point Capsule?

• A. Capsule Docs, Capsule Cloud, Capsule Connect
• B. Capsule Workspace, Capsule Cloud, Capsule Connect
• C. Capsule Workspace, Capsule Docs, Capsule Connect
• D. Capsule Workspace, Capsule Docs, Capsule Cloud

Answer: D

NEW QUESTION 2

Which firewall daemon is responsible for the FW CLI commands?

• A. fwd
• B. fwm
• C. cpm
• D. cpd

Answer: A

NEW QUESTION 3

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

• A. Check Point Password
• B. TACACS
• C. LDAP
• D. Windows password

Answer: C

NEW QUESTION 4

In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?

• A. Pentagon
• B. Combined
• C. Meshed
• D. Star

Answer: D

Explanation:
VPN communities are based on Star and Mesh topologies. In a Mesh community, there are VPN connections between each Security Gateway. In a Star community, satellites have a VPN connection with the center Security Gateway, but not to each other.

NEW QUESTION 5

Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?

• A. A star community requires Check Point gateways, as it is a Check Point proprietary technology.
• B. In a star community, satellite gateways cannot communicate with each other.
• C. In a mesh community, member gateways cannot communicate directly with each other.
• D. In a mesh community, all members can create a tunnel with any other member.

Answer: D

NEW QUESTION 6

The SIC Status “Unknown” means

• A. There is connection between the gateway and Security Management Server but it is not trusted.
• B. The secure communication is established.
• C. There is no connection between the gateway and Security Management Server.
• D. The Security Management Server can contact the gateway, but cannot establish SIC.

Answer: CExplanation:SICStatus

Explanation:
After the gateway receives the certificate issued by the ICA, the SIC status shows if the Security Management Server can communicate securely with this gateway:
Communicating - The secure communication is established.
Unknown - There is no connection between the gateway and Security Management Server.
Not Communicating - The Security Management Server can contact the gateway, but cannot establish SIC. A message shows more information.

NEW QUESTION 7

Which of these attributes would be critical for a site-to-site VPN?

• A. Scalability to accommodate user groups
• B. Centralized management
• C. Strong authentication
• D. Strong data encryption

Answer: D

NEW QUESTION 8

Which Check Point feature enables application scanning and the detection?

• A. Application Dictionary
• B. AppWiki
• C. Application Library
• D. CPApp

Answer: B

Explanation:
AppWiki Application Classification Library
AppWiki enables application scanning and detection of more than 5,000 distinct applications and over 300,000 Web 2.0 widgets including instant messaging, social networking, video streaming, VoIP, games and more.

NEW QUESTION 9

Fill in the blank: An identity server uses a ____ for user authentication.

• A. Shared secret
• B. Certificate
• C. One-time password
• D. Token

Answer: A

NEW QUESTION 10

What is the SOLR database for?

• A. Used for full text search and enables powerful matching capabilities
• B. Writes data to the database and full text search
• C. Serves GUI responsible to transfer request to the DLE server
• D. Enables powerful matching capabilities and writes data to the database

Answer: A

NEW QUESTION 11

Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

• A. Security questions
• B. Check Point password
• C. SecurID
• D. RADIUS

Answer: A

Explanation:
Authentication Schemes :- Check Point Password
- Operating System Password
- RADIUS
- SecurID
- TACAS
- Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied.

NEW QUESTION 12

How would you determine the software version from the CLI?

• A. fw ver
• B. fw stat
• C. fw monitor
• D. cpinfo

Answer: A

NEW QUESTION 13

Which set of objects have an Authentication tab?

• A. Templates, Users
• B. Users, Networks
• C. Users, User Group
• D. Networks, Hosts

Answer: A

NEW QUESTION 14

Which of the following is NOT an integral part of VPN communication within a network?

• A. VPN key
• B. VPN community
• C. VPN trust entities
• D. VPN domain

Answer: A

Explanation:
VPN key (to not be confused with pre-shared key that is used for authentication).
VPN trust entities, such as a Check Point Internal Certificate Authority (ICA). The ICA is part of the Check Point suite used for creating SIC trusted connection between Security Gateways, authenticating administrators and third party servers. The ICA provides certificates for internal Security Gateways and remote access clients which negotiate the VPN link.
VPN Domain - A group of computers and networks connected to a VPN tunnel by one VPN gateway that handles encryption and protects the VPN Domain members.
VPN Community - A named collection of VPN domains, each protected by a VPN gateway. References: http://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13868.htm

NEW QUESTION 15

What is the best sync method in the ClusterXL deployment?

• A. Use 1 cluster + 1st sync
• B. Use 1 dedicated sync interface
• C. Use 3 clusters + 1st sync + 2nd sync + 3rd sync
• D. Use 2 clusters + 1st sync + 2nd sync

Answer: B

NEW QUESTION 16

Office mode means that:

• A. SecureID client assigns a routable MAC addres
• B. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
• C. Users authenticate with an Internet browser and use secure HTTPS connection.
• D. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
• E. Allows a security gateway to assign a remote client an IP addres
• F. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Answer: D

Explanation:
Office Mode enables a Security Gateway to assign internal IP addresses to SecureClient users. This IP address will not be exposed to the public network, but is encapsulated inside the VPN tunnel between the client and the Gateway. The IP to be used externally should be assigned to the client in the usual way by the Internet Service provider used for the Internet connection. This mode allows a Security Administrator to control which addresses are used by remote clients inside the local network and makes them part of the local network. The mechanism is based on an IKE protocol extension through which the Security Gateway can send an internal IP address to the client.

NEW QUESTION 17

What is the Transport layer of the TCP/IP model responsible for?

• A. It transports packets as datagrams along different routes to reach their destination.
• B. It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
• C. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.
• D. It deals with all aspects of the physical components of network connectivity and connects with different network types.

Answer: B

NEW QUESTION 18

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

• A. John should install the identity Awareness Agent
• B. The firewall admin should install the Security Policy
• C. John should lock and unlock the computer
• D. Investigate this as a network connectivity issue

Answer: C

NEW QUESTION 19

The fw monitor utility is used to troubleshoot which of the following problems?

• A. Phase two key negotiation
• B. Address translation
• C. Log Consolidation Engine
• D. User data base corruption

Answer: B

NEW QUESTION 20

Fill in the blanks: VPN gateways authenticate using _____ and ______.

• A. Passwords; tokens
• B. Certificates; pre-shared secrets
• C. Certificates; passwords
• D. Tokens; pre-shared secrets

Answer: B

Explanation:
VPN gateways authenticate using Digital Certificates and Pre-shared secrets.

NEW QUESTION 21

You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?

• A. SmartView Tracker and SmartView Monitor
• B. SmartLSM and SmartUpdate
• C. SmartDashboard and SmartView Tracker
• D. SmartView Monitor and SmartUpdate

Answer: D

NEW QUESTION 22

Which of the following commands can be used to remove site-to-site IPSEC Security Associations (SA)?

• A. vpn tu
• B. vpn ipsec remove -l
• C. vpn debug ipsec
• D. fw ipsec tu

Answer: A

Explanation:
vpn tu
Description Launch the TunnelUtil tool which is used to control VPN tunnels.
Usage vpn tu vpn tunnelutil Example vpn tu Output

NEW QUESTION 23

Fill in the blanks: A _____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.

• A. Format; corporate
• B. Local; formal
• C. Local; central
• D. Central; local

Answer: D

NEW QUESTION 24
......