156-915.80 | All About Realistic 156-915.80 exam question

Question No: 3

What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

A. Anti-Bot is the only countermeasure against unknown malware

B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers

C. Anti-Bot is the only signature-based method of malware protection

D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center

Answer: D

Question No: 4

What is the responsibility of SOLR process on R80.10 management server?

A. Validating all data before itu2021s written into the database

B. It generates indexes of data written to the database

C. Communication between SmartConsole applications and the Security Management Server

D. Writing all information into the database

Answer: B

Question No: 5

What happen when IPS profile is set in Detect-Only Mode for troubleshooting?

A. It will generate Geo-Protection traffic

B. Automatically uploads debugging logs to Check Point Support Center

C. It will not block malicious traffic

D. Bypass licenses requirement for Geo-Protection control

Answer: C

Explanation:

It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic. During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

Question No: 6

If you need strong protection for the encryption of user data, what option would be the BEST choice?

A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.

B. When you need strong encryption, IPsec is not the best choice. SSL VPNu2021s are a better choice.

C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.

D. Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.

Answer: C

Question No: 7

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

A. No extra configuration is needed.

B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.

C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.

D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Answer: D

Question No: 8

John detected high load on sync interface. Which is most recommended solution?

A. For short connections like http service u2013 delay sync for 2 seconds

B. Add a second interface to handle sync traffic

C. For short connections like http service u2013 do not sync

D. For short connections like icmp service u2013 delay sync for 2 seconds

Answer: A

Question No: 9

What are you required to do before running the command upgrade_export?

A. Run a cpstop on the Security Gateway.

B. Run a cpstop on the Security Management Server.

C. Close all GUI clients.

D. Run cpconfig and set yourself up as a GUI client.

Answer: C

Question No: 10

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)

When you run fw monitor on the R80 Security Gateway and then start a new HTTP connection from host

10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

A. o=outbound kernel, before the virtual machine

B. I=inbound kernel, after the virtual machine

C. O=outbound kernel, after the virtual machine

D. i=inbound kernel, before the virtual machine

Answer: B

Question No: 11

Your companyu2021s Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:

A. Client Authentication rule using the manual sign-on method, using HTTP on port 900

B. Client Authentication rule, using partially automatic sign on

C. Client Authentication for fully automatic sign on

D. Session Authentication rule

Answer: A

Question No: 12

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.

What is TRUE about the new packageu2021s NAT rules?

A. Rules 1, 2, 3 will appear in the new package.

B. Only rule 1 will appear in the new package.

C. NAT rules will be empty in the new package.

D. Rules 4 and 5 will appear in the new package.

Answer: A