156-315.80 | Top Tips Of Up To Date 156-315.80 Pdf

NEW QUESTION 1
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

• A. 50%
• B. 75%
• C. 80%
• D. 15%

Answer: D

NEW QUESTION 2
At what point is the Internal Certificate Authority (ICA) created?

• A. Upon creation of a certificate.
• B. During the primary Security Management Server installation process.
• C. When an administrator decides to create one.
• D. When an administrator initially logs into SmartConsole.

Answer: B

NEW QUESTION 3
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

• A. ThreatWiki
• B. Whitelist Files
• C. AppWiki
• D. IPS Protections

Answer: B

NEW QUESTION 4
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

• A. Includes the registry
• B. Gets information about the specified Virtual System
• C. Does not resolve network addresses
• D. Output excludes connection table

Answer: B

NEW QUESTION 5
What is the purpose of the CPCA process?

• A. Monitoring the status of processes.
• B. Sending and receiving logs.
• C. Communication between GUI clients and the SmartCenter server.
• D. Generating and modifying certificates.

Answer: D

NEW QUESTION 6
What is the SandBlast Agent designed to do?

• A. Performs OS-level sandboxing for SandBlast Cloud architecture
• B. Ensure the Check Point SandBlast services is running on the end user’s system
• C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
• D. Clean up email sent with malicious attachments

Answer: C

NEW QUESTION 7
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.
Which phase of the VPN negotiations has failed?

• A. IKE Phase 1
• B. IPSEC Phase 2
• C. IPSEC Phase 1
• D. IKE Phase 2

Answer: A

NEW QUESTION 8
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R80.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R80?

• A. Missing an installed R77.20 Add-on on Security Management Server
• B. Unsupported firmware on UTM-1 Edge-W appliance
• C. Unsupported version on UTM-1 570 series appliance
• D. Unsupported appliances on remote locations

Answer: A

NEW QUESTION 9
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

• A. Accept Template
• B. Deny Template
• C. Drop Template
• D. NAT Template

Answer: B

NEW QUESTION 10
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?

• A. You can assign only one profile per gateway and a profile can be assigned to one rule Only.
• B. You can assign multiple profiles per gateway and a profile can be assigned to one rule only.
• C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.
• D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Answer: C

NEW QUESTION 11
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?

• A. ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data
• B. ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments
• C. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud
• D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

Answer: D

NEW QUESTION 12
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?

• A. 5 Network; Host; Objects; Services; API
• B. 3 Incoming; Outgoing; Network
• C. 2 Internal; External
• D. 4 Incoming; Outgoing; Internal; Other

Answer: D

NEW QUESTION 13
Which of the following commands shows the status of processes?

• A. cpwd_admin -l
• B. cpwd -l
• C. cpwd admin_list
• D. cpwd_admin list

Answer: D

NEW QUESTION 14
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?

• A. There is a virus foun
• B. Traffic is still allowed but not accelerated.
• C. The connection required a Security server.
• D. Acceleration is not enabled.
• E. The traffic is originating from the gateway itself.

Answer: D

NEW QUESTION 15
Both ClusterXL and VRRP are fully supported by Gaia R80.10 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?

• A. cphaprob stat
• B. cphaprob –a if
• C. cphaprob –l list
• D. cphaprob all show stat

Answer: D

NEW QUESTION 16
From SecureXL perspective, what are the tree paths of traffic flow:

• A. Initial Path; Medium Path; Accelerated Path
• B. Layer Path; Blade Path; Rule Path
• C. Firewall Path; Accept Path; Drop Path
• D. Firewall Path; Accelerated Path; Medium Path

Answer: D

NEW QUESTION 17
Fill in the blank: Authentication rules are defined for ________.

• A. User groups
• B. Users using UserCheck
• C. Individual users
• D. All users in the database

Answer: A

NEW QUESTION 18
What Factor preclude Secure XL Templating?

• A. Source Port Ranges/Encrypted Connections
• B. IPS
• C. ClusterXL in load sharing Mode
• D. CoreXL

Answer: A

NEW QUESTION 19
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ______ .

• A. Sent to the Internal Certificate Authority.
• B. Sent to the Security Administrator.
• C. Stored on the Security Management Server.
• D. Stored on the Certificate Revocation List.

Answer: D

NEW QUESTION 20
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

• A. This statement is true because SecureXL does improve all traffic.
• B. This statement is false because SecureXL does not improve this traffic but CoreXL does.
• C. This statement is true because SecureXL does improve this traffic.
• D. This statement is false because encrypted traffic cannot be inspected.

Answer: C

Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long duration connections.

NEW QUESTION 21
The SmartEvent R80 Web application for real-time event monitoring is called:

• A. SmartView Monitor
• B. SmartEventWeb
• C. There is no Web application for SmartEvent
• D. SmartView

Answer: B

NEW QUESTION 22
Which statement is correct about the Sticky Decision Function?

• A. It is not supported with either the Performance pack of a hardware based accelerator card
• B. Does not support SPI’s when configured for Load Sharing
• C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
• D. It is not required L2TP traffic

Answer: A

NEW QUESTION 23
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

• A. Logging has disk space issue
• B. Change logging storage options on the logging server or Security Management Server properties and install database.
• C. Data Awareness is not enabled.
• D. Identity Awareness is not enabled.
• E. Logs are arriving from Pre-R80 gateways.

Answer: A

NEW QUESTION 24
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

• A. Go to clash-Run cpstop | Run cpstart
• B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway
• C. Administrator does not need to perform any tas
• D. Check Point will make use of the newly installed CPU and Cores
• E. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy

Answer: B

NEW QUESTION 25
Which component is NOT required to communicate with the Web Services API?

• A. API key
• B. session ID token
• C. content-type
• D. Request payload

Answer: A

NEW QUESTION 26
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?

• A. Host having a Critical event found by Threat Emulation
• B. Host having a Critical event found by IPS
• C. Host having a Critical event found by Antivirus
• D. Host having a Critical event found by Anti-Bot

Answer: D

NEW QUESTION 27
......