156-915.80 | The Secret of Check Point 156-915.80 dumps

New Questions 8

Which features are only supported with R80.10 Gateways but not R77.x?

A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.

B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

D. Time object to a rule to make the rule active only during specified times.

Answer: C

New Questions 9

Which directory below contains log files?

A. /opt/CPSmartlog-R80/log

B. /opt/CPshrd-R80/log

C. /opt/CPsuite-R80/fw1/log

D. /opt/CPsuite-R80/log

Answer: C

New Questions 10

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

A. Dynamic Source Address Translation

B. Hide Address Translation

C. Port Address Translation

D. Static Destination Address Translation

Answer: D

New Questions 11

To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

A. Source

B. Track

C. User

D. Action

Answer: A

New Questions 12

What command with appropriate switches would you use to test Identity Awareness connectivity?

A. test_ldap

B. test_ad_connectivity

C. test_ldap_connectivity

D. test_ad

Answer: B

New Questions 13

You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gatewayu2021s external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ serversu2021 public IP addresses?

A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.

B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.

C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.

D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZu2021s interface.

Answer: B

New Questions 14

John is configuring a new R80 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.

Whatu2021s happening?

A. ClusterXL needs to be unselected to permit third party clustering configuration.

B. Third Party Clustering is not available for R80 Security Gateways.

C. John has an invalid ClusterXL license.

D. John is not using third party hardware as IP Clustering is part of Check Pointu2021s IP Appliance.

Answer: A

New Questions 15

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.

B. Configure Automatic Static NAT on network 10.10.20.0/24.

C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.

D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.

Answer: C

New Questions 16

Use the table to match the BEST Management High Availability synchronication-status descriptions for your Security Management Server (SMS).

Exhibit:

A. A-5, B-3, C-1, D-2

B. A-3, B-1, C-4, D-2

C. A-3, B-5, C-2, D-4

D. A-3, B-1, C-5, D-4

Answer: D

New Questions 17

The command useful for debugging by capturing packet information, including verifying LDAP authentication on all Check Point platforms is

Answer:

fw monitor