Professional Documents
Culture Documents
156-315 80
156-315 80
Version: 19.041
Important Notice
Product
Our Product Manager keeps an eye for Exam updates by Vendors. Free update is available within
150 days after your purchase.
You can login member center and download the latest product anytime. (Product downloaded
from member center is always the latest.)
PS: Ensure you can pass the exam, please check the latest product in 2-3 days before the exam
again.
Feedback
We devote to promote the product quality and the grade of service to ensure customers interest.
If you have any questions about our product, please provide Exam Number, Version, Page
Number, Question Number, and your Login Account to us, please contact us at
technology@lead2pass.com and our technical experts will provide support in 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently.
If anyone who share the file we will disable the free update and account access.
Any unauthorized changes will be inflicted legal punishment. We will reserve the right of final
explanation for this statement.
Answer: A
QUESTION 2
Which command is used to set the CCP protocol to Multicast?
Answer: B
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk20576
QUESTION 3
Which packet info is ignored with Session Rate Acceleration?
Answer: C
Explanation:
http://trlj.blogspot.com/2015/10/check-point-acceleration.html
QUESTION 4
Which is the least ideal Synchronization Status for Security Management Server High Availability
deployment?
A. Synchronized
B. Never been synchronized
C. Lagging
D. Collision
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=docu
ments/R80/CP_R80_SecMGMT/120712
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 2
http://www.lead2pass.com
QUESTION 5
During inspection of your Threat Prevention logs you find four different computers having one
event each with a Critical Severity. Which of those hosts should you try to remediate first?
Answer: D
QUESTION 6
In R80 spoofing is defined as a method of:
Answer: D
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack
connections to your network. Attackers use IP spoofing to send malware and bots to your
protected network, to execute DoS attacks, or to gain unauthorized access.
Reference:
http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityMana
gement_AdminGuide.pdf?
HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
QUESTION 7
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used
for this?
Answer: D
Explanation:
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to
another. It is handled by the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is
handled by the Security Gateway kernel using UDP connections on port 8116.
Reference:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_Ad
minGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/
CP_R80.10_ClusterXL_AdminGuide/7288
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 3
http://www.lead2pass.com
QUESTION 8
Fill in the blank: The command ___________ provides the most complete restoration of a R80
configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file>
D. cpinfo 璻ecover
Answer: A
QUESTION 9
Check Point Management (cpm) is the main management process in that it provides the
architecture for a consolidated management console. It empowers the migration from legacy
Client-side logic to Server-side logic. The cpm process:
A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects as well as policy code
generation.
Answer: C
QUESTION 10
Which of the following type of authentication on Mobile Access can NOT be used as the first
authentication method?
A. Dynamic ID
B. RADIUS
C. Username and Password
D. Certificate
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_
AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/
EN/CP_R80.10_MobileAccess_AdminGuide/41587
QUESTION 11
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept
B. Drop
C. NAT
D. None
Answer: D
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 4
http://www.lead2pass.com
QUESTION 12
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
Answer: C
Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial
installation of IPS. This option overrides any protections that are set to Prevent so that they will
not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network
traffic, while avoiding any impact on the flow of traffic.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12750.htm
QUESTION 13
What is true about VRRP implementations?
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 14
The Security Gateway is installed on GAIA R80. The default port for the Web User interface is
______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Answer: D
QUESTION 15
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specific
time period.
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 5
http://www.lead2pass.com
D. Adaptive Threat Prevention
Answer: C
Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify
access privileges upon detection of any suspicious network activity (for example, several
attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules.
Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block
suspicious connections that are not restricted by the currently enforced security policy. These
rules, once set (usually with an expiration date), can be applied immediately without the need to
perform an Install Policy operation
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewMonitor_AdminGuide/17670.htm
QUESTION 16
In a Client to Server scenario, which represents that the packet has already checked against the
tables and the Rule Base?
A. Big l
B. Little o
C. Little i
D. Big O
Answer: D
QUESTION 17
What is the mechanism behind Threat Extraction?
A. This a new mechanism which extracts malicious files from a document to use it as a counter-
attack against its sender.
B. This is a new mechanism which is able to collect malicious files out of any kind of file types to
destroy it prior to sending it to the intended recipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it
into the SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from
the document and forwarded to the intended recipient, which makes this solution very fast.
Answer: D
QUESTION 18
You want to gather and analyze threats to your mobile device. It has to be a lightweight app.
Which application would you use?
Answer: C
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 6
http://www.lead2pass.com
Explanation:
https://www.insight.com/content/dam/insight-web/en_US/pdfs/check-point/mobile-threat-
prevention-behavioral-risk-analysis.pdf
QUESTION 19
Which view is NOT a valid CPVIEW view?
A. IDA
B. RAD
C. PDP
D. VPN
Answer: C
QUESTION 20
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and
older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are
inspected in the order in which they are defined, allowing control over the rule base flow and
which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is
matched, inspection will continue in the sub policy attached to it rather than in the next rule.
Answer: D
Explanation:
http://dl3.checkpoint.com/paid/1f/1f850d1640792cf885336cc6ae8b2743/CP_R80_ReleaseNotes.
pdf?HashKey=1517092603_dd917544d92dccc060e5b25d28a46f79&xtn=.pdf
QUESTION 21
fwssd is a child process of which of the following Check Point daemons?
A. fwd
B. cpwd
C. fwm
D. cpd
Answer: A
QUESTION 22
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up
an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 7
http://www.lead2pass.com
Answer: C
QUESTION 23
CPM process stores objects, policies, users, administrators, licenses and management data in a
database.
The database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_MultiDomainSecurity/html_frameset.htm?to
pic=documents/R80/CP_R80_MultiDomainSecurity/15420
QUESTION 24
If you needed the Multicast MAC address of a cluster, what command would you run?
A. cphaprob -a if
B. cphaconf ccp multicast
C. cphaconf debug data
D. cphaprob igmp
Answer: D
QUESTION 25
Which is NOT an example of a Check Point API?
A. Gateway API
B. Management API
C. OPSC SDK
D. Threat Prevention API
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 26
What are the three components for Check Point Capsule?
Answer: D
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 8
http://www.lead2pass.com
Explanation:
https://www.checkpoint.com/products-solutions/mobile-security/check-point-capsule/
QUESTION 27
Which of the following Check Point processes within the Security Management Server is
responsible for the receiving of log records from Security Gateway?
A. logd
B. fwd
C. fwm
D. cpd
Answer: B
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk97638
QUESTION 28
The fwd process on the Security Gateway sends logs to the fwd process on the Management
Server via which 2 processes?
Answer: A
QUESTION 29
You have successfully backed up Check Point configurations without the OS information. What
command would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
Answer: C
QUESTION 30
The Firewall Administrator is required to create 100 new host objects with different IP addresses.
What API command can he use in the script to achieve the requirement?
Answer: A
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 9
http://www.lead2pass.com
Explanation:
https://sc1.checkpoint.com/documents/R80/APIs/#intro_gui_cli%20
QUESTION 31
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs
the systems this way, how many machines will he need if he does NOT include a SmartConsole
machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Answer: C
Explanation:
One for Security Management Server and the other one for the Security Gateway.
QUESTION 32
You can select the file types that are sent for emulation for all the Threat Prevention profiles.
Each profile defines a(n) _____ or ______ action for the file types.
A. Inspect/Bypass
B. Inspect/Prevent
C. Prevent/Bypass
D. Detect/Bypass
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/101703.htm
QUESTION 33
When doing a Stand-Alone Installation, you would install the Security Management Server with
which other Check Point architecture component?
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-
webAdmin/89230.htm
QUESTION 34
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API)
the default Log Server uses port:
A. 18210
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 10
http://www.lead2pass.com
B. 18184
C. 257
D. 18191
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R8Q_LoggingAndMonitorinq/html_frameset.htm?
topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
QUESTION 35
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS) images
B. images are chosen by administrator during installation
C. as many as licensed for
D. the most new image
Answer: A
QUESTION 36
What is the least amount of CPU cores required to enable CoreXL?
A. 2
B. 1
C. 4
D. 6
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 37
You are working with multiple Security Gateways enforcing an extensive number of rules. To
simplify security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Answer: B
QUESTION 38
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUS server
B. Username and password (internal, LDAP)
C. SecurID
D. TACACS+
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 11
http://www.lead2pass.com
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587.htm
QUESTION 39
What is the correct command to observe the Sync traffic in a VRRP environment?
A. fw monitor -e "accept[12:4,b]=224.0.0.18;"
B. fw monitor -e "accept(6118;"
C. fw monitor -e "accept proto=mcVRRP;"
D. fw monitor -e "accept dst=224.0.0.18;"
Answer: D
QUESTION 40
What has to be taken into consideration when configuring Management HA?
A. The Database revisions will not be synchronized between the management servers
B. SmartConsole must be closed prior to synchronized changes in the objects database
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow
FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you
wanted to employ Virtual Routers instead, you have to reconsider your design.
Answer: A
QUESTION 41
What is the difference between an event and a log?
Answer: B
QUESTION 42
What are the attributes that SecureXL will check after the connection is allowed by Security
Policy?
Answer: A
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 12
http://www.lead2pass.com
QUESTION 43
Which statement is NOT TRUE about Delta synchronization?
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7288.htm
QUESTION 44
The Event List within the Event tab contains:
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?t
opic=documents/R80/CP_R80_LoggingAndMonitoring/131915
QUESTION 45
Which statement is correct about the Sticky Decision Function?
A. It is not supported with either the Performance pack of a hardware based accelerator card
B. Does not support SPI's when configured for Load Sharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
D. It is not required L2TP traffic
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7290.htm
QUESTION 46
Which statement is true regarding redundancy?
A. System Administrators know their cluster has failed over and can also see why it failed over by
using the cphaprob 璮 if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point
appliances, open servers, and virtualized environments.
Answer: D
Explanation:
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 13
http://www.lead2pass.com
https://www.checkpoint.com/download/public-files/gaia-technical-brief.pdf
QUESTION 47
NAT rules are prioritized in which order?
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
Answer: A
QUESTION 48
In R80.10, how do you manage your Mobile Access Policy?
Answer: C
QUESTION 49
R80.10 management server can manage gateways with which versions installed?
Answer: C
Explanation:
http://dl3.checkpoint.com/paid/88/88e25b652f62aa6f59dc955e34f98d5c/CP_R80.10_ReleaseNot
es.pdf?HashKey=1538443232_ff63052c2c5a68c42c47eae9e15273c8&xtn=.pdf
QUESTION 50
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
B. fw ctl pstat
C. show all connections
D. show connections
Answer: B
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 14
http://www.lead2pass.com
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk103496
QUESTION 51
Which of the following statements is TRUE about R80 management plug-ins?
Answer: C
QUESTION 52
How can SmartView application accessed?
Answer: C
QUESTION 53
What command verifies that the API server is responding?
A. api stat
B. api status
C. show api_status
D. app_get_status
Answer: B
Explanation:
https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10
QUESTION 54
Where you can see and search records of action done by R80 SmartConsole administrators?
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMo
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 15
http://www.lead2pass.com
nitoring_AdminGuide/html_frameset.htm?topic=documents/R80.10/
WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/188029
QUESTION 55
Fill in the blank: The R80 utility fw monitor is used to troubleshoot ________.
Answer: C
Explanation:
Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet
level. The FW Monitor utility captures network packets at multiple capture points along the
FireWall inspection chains. These captured packets can be inspected later using the WireShark
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk30583
QUESTION 56
What SmartEvent component creates events?
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 57
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Answer: A
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the
time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader
utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point
support engineers can open the CPInfo file in a demo mode, while viewing actual customer
Security Policies and Objects. This allows the in-depth analysis of customer's configuration and
environment settings.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 16
http://www.lead2pass.com
=&solutionid=sk92739
QUESTION 58
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness,
and Mobile Access Software Blade policies
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are
inspected in the order in which they are defined, allowing control over the rule base flow and
which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Answer: C
Explanation:
http://slideplayer.com/slide/12183998/
QUESTION 59
Which CLI command will reset the IPS pattern matcher statistics?
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/84627.htm
QUESTION 60
When requiring certificates for mobile devices, make sure the authentication method is set to one
of the following, Username and Password, RADIUS or _______.
A. SecureID
B. SecurID
C. Complexity
D. TacAcs
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587.htm
QUESTION 61
Check Point recommends configuring Disk Space Management parameters to delete old log
entries when available disk space is less than or equal to?
A. 50%
B. 75%
C. 80%
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 17
http://www.lead2pass.com
D. 15%
Answer: D
QUESTION 62
SmartEvent has several components that function together to track security threats. What is the
function of the Correlation Unit as a component of this architecture?
A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a
threat pattern is identified, an event is forwarded to the SmartEvent Server.
B. Correlates all the identified threats with the consolidation policy.
C. Collects syslog data from third party devices and saves them to the database.
D. Connects with the SmartEvent Client when generating threat reports.
Answer: A
QUESTION 63
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic
throughput.
Answer: C
Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic
throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long
duration connections.
Reference:
https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/10001/FILE/SecureXL_and_Noki
a_IPSO_White_Paper_20080401.pdf
QUESTION 64
Which command gives us a perspective of the number of kernel tables?
A. fw tab -t
B. fw tab -s
C. fw tab -n
D. fw tab -k
Answer: B
QUESTION 65
When simulating a problem on ClusterXL cluster with cphaprob -d STOP -s problem -t 0 register,
to initiate a failover on an active cluster member, what command allows you remove the
problematic state?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 18
http://www.lead2pass.com
B. cphaprob STOP unregister
C. cphaprob unregister STOP
D. cphaprob -d unregister STOP
Answer: A
Explanation:
esting a failover in a controlled manner using following command; # cphaprob -d STOP -s
problem -t 0 register
This will register a problem state on the cluster member this was entered on; If you then run; #
cphaprob list
this will show an entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister
Reference:
https://fwknowledge.wordpress.com/2013/04/04/manual-failover-of-the-fw-cluster/
QUESTION 66
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode
without a Check Point Security Gateway?
Answer: C
QUESTION 67
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
B. Threat Extraction always delivers a file and takes less than a second to complete.
C. Threat Emulation never delivers a file that takes less than a second to complete.
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
Answer: B
QUESTION 68
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception
of:
A. Threat Emulation
B. HTTPS
C. QOS
D. VoIP
Answer: D
QUESTION 69
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 19
http://www.lead2pass.com
SandBlast offers flexibility in implementation based on their individual business needs. What is an
option for deployment of Check Point SandBlast Zero-Day Protection?
Answer: A
QUESTION 70
Which of the following is NOT a component of Check Point Capsule?
A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace
Answer: C
QUESTION 71
What is the purpose of Priority Delta in VRRP?
Answer: C
Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other
interfaces.
The monitored interfaces do not have to be running VRRP.
If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by
the specified delta value and then will send out a new VRRP HELLO packet. If the new effective
priority is less than the priority a backup platform has, then the backup platform will beging to
send out its own HELLO packet.
Once the master sees this packet with a priority greater than its own, then it releases the VIP.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk38524
QUESTION 72
Which statements below are CORRECT regarding Threat Prevention profiles in
SmartDashboard?
A. You can assign only one profile per gateway and a profile can be assigned to one rule Only.
B. You can assign multiple profiles per gateway and a profile can be assigned to one rule only.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.
D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 20
http://www.lead2pass.com
Answer: D
QUESTION 73
Using ClusterXL, what statement is true about the Sticky Decision Function?
Answer: A
QUESTION 74
What is the name of the secure application for Mail/Calendar for mobile devices?
A. Capsule Workspace
B. Capsule Mail
C. Capsule VPN
D. Secure Workspace
Answer: A
Explanation:
https://www.checkpoint.com/products/mobile-secure-workspace/
QUESTION 75
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint
D. SmartDashboard
Answer: A
QUESTION 76
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090,22
B. 19190,22
C. 18190,80
D. 19009,443
Answer: D
QUESTION 77
Which configuration file contains the structure of the Security Server showing the port numbers,
corresponding protocol name, and status?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 21
http://www.lead2pass.com
A. $FWDIR/database/fwauthd.conf
B. $FWDIR/conf/fwauth.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/state/fwauthd.conf
Answer: C
QUESTION 78
What API command below creates a new host with the name "New Host" and IP address of
"192.168.0.10"?
Answer: D
QUESTION 79
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. That is used to deploy the mobile device as a generator of one-time passwords for authenticating
to an RSA Authentication Manager.
B. Fill Layer4 VPN -SSL VPN that gives users network access to all mobile applications.
C. Full Layer3 VPN -IPSec VPN that gives users network access to all mobile applications.
D. You can make sure that documents are sent to the intended recipients only.
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/82201.htm
QUESTION 80
You find one of your cluster gateways showing "Down" when you run the "cphaprob stat"
command. You then run the "clusterXL_admin up" on the down member but unfortunately the
member continues to show down. What command do you run to determine the cause?
A. cphaprob -f register
B. cphaprob -d -s report
C. cpstat -f all
D. cphaprob -a list
Answer: D
QUESTION 81
In SmartEvent, what are different types of automatic reactions that the administrator can
configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 22
http://www.lead2pass.com
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 82
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
Answer: B
Explanation:
mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json ?;--format jso"; is
optional. By default the output is presented in plain text.
Reference:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1%20
QUESTION 83
What are the steps to configure the HTTPS Inspection Policy?
Answer: A
QUESTION 84
You want to store the GAIA configuration in a file for later reference. What command should you
use?
Answer: D
QUESTION 85
How do Capsule Connect and Capsule Workspace differ?
A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable
applications.
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 23
http://www.lead2pass.com
B. Capsule Workspace can provide access to any application.
C. Capsule Connect provides Business data isolation.
D. Capsule Connect does not require an installed application at client.
Answer: A
QUESTION 86
John detected high load on sync interface. Which is most recommended solution?
A. For short connections like http service ?delay sync for 2 seconds
B. Add a second interface to handle sync traffic
C. For short connections like http service ?do not sync
D. For short connections like icmp service ?delay sync for 2 seconds
Answer: A
QUESTION 87
Which of these is an implicit MEP option?
A. Primary-backup
B. Source address based
C. Round robin
D. Load Sharing
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13812.htm
QUESTION 88
You have existing dbedit scripts from R77. Can you use them with R80.10?
Answer: D
Explanation:
https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf
QUESTION 89
Which remote Access Solution is clientless?
A. Checkpoint Mobile
B. Endpoint Security Suite
C. SecuRemote
D. Mobile Access Portal
Answer: D
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 24
http://www.lead2pass.com
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/92708.htm
QUESTION 90
What is the command to see cluster status in cli expert mode?
A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat
Answer: D
QUESTION 91
Which Check Point daemon monitors the other daemons?
A. fwm
B. cpd
C. cpwd
D. fwssd
Answer: C
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk97638
QUESTION 92
Which command is used to display status information for various components?
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_framese
t.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/120709
QUESTION 93
What are the blades of Threat Prevention?
Answer: A
Explanation:
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 25
http://www.lead2pass.com
https://www.checkpoint.com/products/next-generation-threat-prevention/
QUESTION 94
For Management High Availability, which of the following is NOT a valid synchronization status?
A. Collision
B. Down
C. Lagging
D. Never been synchronized
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?to
pic=documents/R76/CP_R76_SecMan_WebAdmin/13132
QUESTION 95
Can multiple administrators connect to a Security Management Server at the same time?
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_Smart
Provisioning_AdminGuide/html_frameset.htm?topic=documents/R80.20_M1/
WebAdminGuides/EN/CP_R80.20_M1_SmartProvisioning_AdminGuide/16727
QUESTION 96
Which process is available on any management product and on products that require direct GUI
access, such as SmartEvent and provides GUI client communications, database manipulation,
policy compilation and Management HA synchronization?
A. cpwd
B. fwd
C. cpd
D. fwm
Answer: D
Explanation:
Firewall Management (fwm) is available on any management product, including Multi-Domain and
on products that requite direct GUI access, such as SmartEvent, It provides the following:
?GUI Client communication
?Database manipulation
?Policy Compilation
?Management HA sync
QUESTION 97
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 26
http://www.lead2pass.com
To add a file to the Threat Prevention Whitelist, what two items are needed?
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?to
pic=documents/R80/CP_R80BC_ThreatPrevention/101703
QUESTION 98
Under which file is the proxy arp configuration stored?
Answer: D
QUESTION 99
What information is NOT collected from a Security Gateway in a Cpinfo?
A. Firewall logs
B. Configuration and database files
C. System message logs
D. OS and network statistics
Answer: A
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk92739
QUESTION 100
SandBlast appliances can be deployed in the following modes:
Answer: C
QUESTION 101
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on
the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the
traffic?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 27
http://www.lead2pass.com
A. Slow Path
B. Medium Path
C. Fast Path
D. Accelerated Path
Answer: A
QUESTION 102
The Correlation Unit performs all but the following actions:
A. Marks logs that individually are not events, but may be part of a larger pattern to be identified
later.
B. Generates an event based on the Event policy.
C. Assigns a severity level to the event.
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it
to an ongoing event.
Answer: C
QUESTION 103
What is the difference between SSL VPN and IPSec VPN?
Answer: D
QUESTION 104
Which of the following will NOT affect acceleration?
Answer: B
QUESTION 105
The following command is used to verify the CPUSE version:
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 28
http://www.lead2pass.com
Answer: A
Explanation:
http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
QUESTION 106
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
Answer: C
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk50840
QUESTION 107
To accelerate the rate of connection establishment, SecureXL groups all connection that match a
particular service and whose sole differentiating element is the source port. The type of grouping
enables even the very first packets of a TCP handshake to be accelerated. The first packets of
the first connection on the same service will be forwarded to the Firewall kernel which will then
create a template of the connection. Which of the these is NOT a SecureXL template?
A. Accept Template
B. Deny Template
C. Drop Template
D. NAT Template
Answer: B
Explanation:
https://community.checkpoint.com/thread/7894-nat-templates-securexl
QUESTION 108
Which of the following is NOT a type of Check Point API available in R80.10?
Answer: C
QUESTION 109
When an encrypted packet is decrypted, where does this happen?
A. Security policy
B. Inbound chain
C. Outbound chain
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 29
http://www.lead2pass.com
D. Decryption is not supported
Answer: A
QUESTION 110
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondary Smartcenter
B. active Smartenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter
Answer: B
QUESTION 111
You are asked to check the status of several user-mode processes on the management server
and gateway. Which of the following processes can only be seen on a Management Server?
A. fwd
B. fwm
C. cpd
D. cpwd
Answer: B
QUESTION 112
What scenario indicates that SecureXL is enabled?
Answer: C
QUESTION 113
What processes does CPM control?
Answer: D
QUESTION 114
Which encryption algorithm is the least secured?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 30
http://www.lead2pass.com
A. AES-128
B. AES-256
C. DES
D. 3DES
Answer: C
QUESTION 115
What is the command to check the status of the SmartEvent Correlation Unit?
Answer: B
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk113265
QUESTION 116
You need to see which hotfixes are installed on your gateway, which command would you use?
A. cpinfo -h all
B. cpinfo -o hotfix
C. cpinfo -I hotfix
D. cpinfo -y all
Answer: D
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk72800
QUESTION 117
VPN Link Selection will perform the following when the primary VPN link goes down?
Answer: B
QUESTION 118
Which of the following links will take you to the SmartView web application?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 31
http://www.lead2pass.com
C. https://<Security Management Server host name>smartviewweb
D. https://<Security Management Server IP Address>/smartview
Answer: B
Explanation:
https://community.checkpoint.com/thread/5212-smartview-accessing-check-point-logs-from-web
QUESTION 119
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Answer: C
QUESTION 120
Which GUI client is supported in R80?
A. SmartProvisioning
B. SmartView Tracker
C. SmartView Monitor
D. SmartLog
Answer: C
QUESTION 121
From SecureXL perspective, what are the tree paths of traffic flow:
Answer: D
QUESTION 122
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the
following command in Expert mode and reboot:
A. fw ctl Dyn_Dispatch on
B. fw ctl Dyn_Dispatch enable
C. fw ctl multik set_mode 4
D. fw ctl multik set_mode 1
Answer: C
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 32
http://www.lead2pass.com
=&solutionid=sk105261#Confiquration%20R80.10
QUESTION 123
Which command line interface utility allows the administrator to verify the Security Policy name
and timestamp currently installed on a firewall module?
A. fw stat
B. fw ctl pstat
C. fw ver
D. cpstat fwd
Answer: A
QUESTION 124
Which command displays the installed Security Gateway version?
A. fw ver
B. fw stat
C. fw printver
D. cpstat -gw
Answer: A
QUESTION 125
Which command will erase all CRL's?
A. vpn crladmin
B. cpstop/cpstart
C. vpn crl_zap
D. vpn flush
Answer: C
QUESTION 126
What is the supported ClusterXL configuration when configuring a cluster synchronization
network on a VLAN interface?
Answer: A
QUESTION 127
Which SmartConsole component can Administrators use to track changes to the Rule Base?
A. SmartView Monitor
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 33
http://www.lead2pass.com
B. SmartReporter
C. WebUI
D. SmartView Tracker
Answer: D
QUESTION 128
UDP packets are delivered if they are ___________.
Answer: B
QUESTION 129
Choose the BEST sequence for configuring user management in Smart Dashboard, using an
LDAP server.
A. Configure a workstation object for the LDAP server, configure a server object for the LDAP
Account Unit, and enable LDAP in Global Properties.
B. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and
configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and
create an LDAP resource object.
Answer: C
QUESTION 130
Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the
organization. Which gateway process is responsible for the authentication?
A. vpnd
B. cpvpnd
C. fwm
D. fwd
Answer: A
QUESTION 131
Remote clients are using SSL VPN to authenticate via LDAP server to connect to the
organization. Which gateway process is responsible for the authentication?
A. vpnd
B. cpvpnd
C. fwm
D. fwd
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 34
http://www.lead2pass.com
Answer: B
QUESTION 132
Which of the following is NOT a LDAP server option in Smart Directory?
A. Novell_DS
B. Netscape_DS
C. OPSEC_DS
D. Standard_DS
Answer: D
QUESTION 133
An Account Unit is the interface between the __________ and the __________.
A. Users, Domain
B. Gateway, Resources
C. System, Database
D. Clients, Server
Answer: D
QUESTION 134
Which of the following is a valid Active Directory designation for user John Doe in the Sales
department of AcmeCorp.com?
A. Cn=john_doe,ou=Sales,ou=acmecorp,dc=com
B. Cn=john_doe,ou=Sales,ou=acme,ou=corp,dc=com
C. Cn=john_doe,dc=Sales,dc=acmecorp,dc=com
D. Cn=john_doe,ou=Sales,dc=acmecorp,dc=com
Answer: D
QUESTION 135
Which of the following is a valid Active Directory designation for user Jane Doe in the MIS
department of AcmeCorp.com?
A. Cn= jane_doe,ou=MIS,DC=acmecorp,dc=com
B. Cn= jane_doe,ou=MIS,cn=acmecorp,dc=com
C. Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com
D. Cn= jane_doe,ou=MIS,cn=acme,cn=corp,dc=com
Answer: C
QUESTION 136
Which utility or command is useful for debugging by capturing packet information, including
verifying LDAP authentication?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 35
http://www.lead2pass.com
A. fw monitor
B. ping
C. um_core enable
D. fw debug fwm
Answer: A
QUESTION 137
You can NOT use Smart Dashboard's Smart Directory features to connect to the LDAP server.
What should you investigate?
1. Verify you have read-only permissions as administrator for the operating system.
2. Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to
the LDAP server.
3. Check that the Login Distinguished Name configured has root (Administrator) permission (or at
least write permission) in the access control configuration of the LDAP server.
A. 1 and 3
B. 2 and 3
C. 1 and 2
D. 1, 2, and 3
Answer: B
QUESTION 138
When, during policy installation, does the atomic load task run?
Answer: B
QUESTION 139
What process is responsible for transferring the policy file from Smart Center to the Gateway?
A. FWD
B. FWM
C. CPRID
D. CPD
Answer: D
QUESTION 140
What firewall kernel table stores information about port allocations for Hide NAT connections?
A. NAT_dst_any_list
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 36
http://www.lead2pass.com
B. host_ip_addrs
C. NAT_src_any_list
D. fwx_alloc
Answer: D
QUESTION 141
Where do you define NAT properties so that NAT is performed either client side or server side?
Answer: B
QUESTION 142
The process ___________ is responsible for all other security server processes run on the
Gateway.
A. FWD
B. CPLMD
C. FWM
D. CPD
Answer: A
QUESTION 143
The process ________ is responsible for GUI Client communication with the Smart Center.
A. FWD
B. FWM
C. CPD
D. CPLMD
Answer: B
QUESTION 144
Which command would you use to save the interface information before upgrading a Windows
Gateway?
A. cp /etc/sysconfig/network.C [location]
B. ipconfig -a > [filename].txt
C. ifconfig > [filename].txt
D. netstat -m > [filename].txt
Answer: B
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 37
http://www.lead2pass.com
QUESTION 145
When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster
members have the same products installed. Which command should you run?
A. fw fcu
B. cphaprob fcustat
C. cpconfig
D. fw ctl conn -a
Answer: D
QUESTION 146
Check Point recommends that you back up systems running Check Point products. Run your
back ups during maintenance windows to limit disruptions to services, improve CPU usage, and
simplify time allotment. Which back up method does Check Point recommend before major
changes, such as upgrades?
A. snapshot
B. upgrade export
C. backup
D. migrate export
Answer: A
QUESTION 147
Check Point recommends that you back up systems running Check Point products. Run your
back ups during maintenance windows to limit disruptions to services, improve CPU usage, and
simplify time allotment. Which back up method does Check Point recommend every couple of
months, depending on how frequently you make changes to the network or policy?
A. backup
B. migrate export
C. upgrade export
D. snapshot
Answer: A
QUESTION 148
Check Point recommends that you back up systems running Check Point products. Run your
back ups during maintenance windows to limit disruptions to services, improve CPU usage, and
simplify time allotment.
Which back up method does Check Point recommend anytime outside a maintenance window?
A. backup
B. migrate export
C. backup export
D. snapshot
Answer: B
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 38
http://www.lead2pass.com
QUESTION 149
Snapshot is available on which Security Management Server and Security Gateway platforms?
A. Solaris
B. Windows 2003 Server
C. Windows XP Server
D. Secure Platform
Answer: D
QUESTION 150
The file snapshot generates is very large, and can only be restored to:
Answer: D
QUESTION 151
Smart Reporterreports can be used to analyze data from a penetration-testing regimen in all of
the following examples, EXCEPT:
Answer: C
QUESTION 152
What is the best tool to produce a report which represents historical system information?
A. Smart ViewTracker
B. Smart viewMonitor
C. Smart Reporter-Standard Reports
D. Smart Reporter-Express Reports
Answer: D
QUESTION 153
If Jack was concerned about the number of log entries he would receive in the SmartReporter
system, which policy would he need to modify?
A. Consolidation Policy
B. Log Consolidator Policy
C. Log Sequence Policy
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 39
http://www.lead2pass.com
D. Report Policy
Answer: A
QUESTION 154
Identify the API that is not supported by Check Point currently.
Answer: C
QUESTION 155
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-
based algorithms and has four dedicated components that constantly work together to protect
mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
A. Management Dashboard
B. Gateway
C. Personal User Storage
D. Behavior Risk Engine
Answer: C
Explanation:
https://community.checkpoint.com/docs/DOC-3072-sandblast-mobile-architecture-overview
QUESTION 156
What are the different command sources that allow you to communicate with the API server?
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 157
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL
Filtering, Anti-Virus, IPS, and Threat Emulation?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 40
http://www.lead2pass.com
a Command & Control Center.
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_AntiBotAntiVirus_AdminGuide/index.html
QUESTION 158
Which TCP-port does CPM process listen to?
A. 18191
B. 18190
C. 8983
D. 19009
Answer: D
Explanation:
https://www.checkpoint.com/downloads/products/r80.10-security-management-architecture-
overview.pdf
QUESTION 159
Which method below is NOT one of the ways to communicate using the Management API's?
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 160
Your manager asked you to check the status of SecureXL, and its enable templates and features,
what command will you use to provide such information to manager?
A. fw accel stat
B. fwaccel stat
C. fw acces stats
D. fwaccel stats
Answer: B
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk41397
QUESTION 161
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote
user's machine via the web browser. What are the two modes of SNX?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 41
http://www.lead2pass.com
B. Network and Application
C. Network and Layers
D. Virtual Adapter and Mobile App
Answer: B
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk67820
QUESTION 162
Which command would disable a Cluster Member permanently?
A. clusterXL_admin down
B. cphaprob_admin down
C. clusterXL_admin down-p
D. set clusterXL down-p
Answer: C
QUESTION 163
Which file defines the fields for each object used in the file objects.C (color, num/string, default
value...)?
A. $FWDIR/conf/classes.C
B. $FWDIR/conf/scheam.C
C. $FWDIR/conf/table.C
D. $FWDIR/conf/fields.C
Answer: A
QUESTION 164
Which procedure creates a new administrator in Smart Workflow?
Answer: D
QUESTION 165
When you check Web Server in a host-node object, what happens to the host?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 42
http://www.lead2pass.com
B. More granular controls are added to the host, in addition to Web Intelligence tab settings.
C. You can specify allowed ports in the Web server's node-object properties.
You then do not need to list all allowed ports in the Rule Base.
D. IPS Web Intelligence is enabled to check on the host.
Answer: B
QUESTION 166
Which external user authentication protocols are supported in SSL VPN?
Answer: B
QUESTION 167
Which of the following commands can be used to stop Management portal services?
A. fw stopportal
B. cpportalstop
C. cpstop / portal
D. smartportalstop
Answer: D
QUESTION 168
Which command would you use to save the interface information before upgrading
aGAiAGateway?
Answer: C
QUESTION 169
Which command would you use to save the routing information before upgrading a Secure
Platform Gateway?
A. cp /etc/sysconfig/network.C [location]
B. netstat -m > [filename].txt
C. ifconfig > [filename].txt
D. ipconfig -a > [filename].txt
Answer: A
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 43
http://www.lead2pass.com
QUESTION 170
Which command would you use to save the routing information before upgrading a Windows
Gateway?
Answer: D
QUESTION 171
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection
times out
D. The Firewall can run the same policy on all cores.
Answer: D
Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times.
Each replicated copy, or instance, runs on one processing core. These instances handle traffic
concurrently, and each instance is a complete and independent inspection kernel. When CoreXL
is enabled, all the kernel instances in the Security Gateway process traffic through the same
interfaces and apply the same security policy.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_PerformanceTuning_WebAdmin/6731.htm
QUESTION 172
Selecting an event displays its configurable properties in the Detail pane and a description of the
event in the Description pane. Which is NOT an option to adjust or configure?
A. Severity
B. Automatic reactions
C. Policy
D. Threshold
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 173
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the
following command in Expert mode then reboot:
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 44
http://www.lead2pass.com
C. fw ctl Dynamic_Priority_Queue enable
D. fw ctl multik set_mode 9
Answer: D
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk105762
QUESTION 174
Advanced Security Checkups can be easily conducted within:
A. Reports
B. Advanced
C. Checkups
D. Views
E. Summary
Answer: A
QUESTION 175
What is the limitation of employing Sticky Decision Function?
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C. With SDF enabled, only ClusterXL in legacy mode is supported
D. With SDF enabled, you can only have three Sync interfaces at most
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7290.htm
QUESTION 176
Which Mobile Access Application allows a secure container on Mobile devices to give users
access to internal website, file share and emails?
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/41723.htm
QUESTION 177
Which of the following process pulls application monitoring status?
A. fwd
B. fwm
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 45
http://www.lead2pass.com
C. cpwd
D. cpd
Answer: D
QUESTION 178
To fully enable Dynamic Dispatcher on a Security Gateway:
Answer: A
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk105261
QUESTION 179
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
Answer: C
QUESTION 180
Which command shows actual allowed connections in state table?
A. fw tab -t StateTable
B. fw tab -t connections
C. fw tab -t connection
D. fw tab connections
Answer: B
QUESTION 181
Connections to the Check Point R80 Web API use what protocol?
A. HTTPS
B. RPC
C. VPN
D. SIC
Answer: A
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 46
http://www.lead2pass.com
QUESTION 182
Which command lists all tables in Gaia?
A. fw tab -t
B. fw tab -list
C. fw-tab -s
D. fw tab -1
Answer: C
Explanation:
http://dl3.checkpoint.com/paid/c7/c76b823d81bab77e1e40ac086fa81411/
CP_R77_versions_CLI_ReferenceGuide.pdf?
HashKey=1538418170_96def40f213f24a8b273cc77b408dd3f&xtn=.pdf
QUESTION 183
What is true about the IPS-Blade?
Answer: A
QUESTION 184
Which one of these features is NOT associated with the Check Point URL Filtering and
Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company's
security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories,
and risk levels.
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_AppControl_WebAdmin/60902.htm
QUESTION 185
What is a feature that enables VPN connections to successfully maintain a private and secure
VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Answer: C
Explanation:
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 47
http://www.lead2pass.com
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over,
bypassing Security Gateway enforcement. This improves performance and reduces downtime.
Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN
Communities to maintain a private and secure VPN session, without employing Stateful
Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not
survive state verification in non-Wire Mode configurations can now be deployed. The VPN
connection is no different from any other connections along a dedicated wire, thus the meaning of
"Wire Mode".
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk30974
QUESTION 186
What Factor preclude Secure XL Templating?
Answer: A
QUESTION 187
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most
accurate CLI command?
A. fw ctl sdstat
B. fw ctl affinity -l a -r -v
C. fw ctl multik stat
D. cpinfo
Answer: B
QUESTION 188
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster
Members over Check Point SIC _____________ .
Answer: D
QUESTION 189
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 48
http://www.lead2pass.com
C. Transfers messages between Firewall processes
D. Pulls application monitoring status
Answer: D
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk97638
QUESTION 190
What is not a component of Check Point SandBlast?
A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud
Answer: B
QUESTION 191
How does Check Point recommend that you secure the sync interface between gateways?
Answer: C
QUESTION 192
How would you set the debug buffer size to 1024?
Answer: C
QUESTION 193
Steve is troubleshooting a connection problem with an internal application. If he knows the source
IP address is 192.168.4.125, how could he filter this traffic?
Answer: D
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 49
http://www.lead2pass.com
QUESTION 194
Check Point support has asked Tony for a firewall capture of accepted packets. What would be
the correct syntax to create a capture file to a filename calledmonitor. out?
Answer: C
QUESTION 195
What is NOT a valid LDAP use in Check PointSmart Directory?
Answer: C
QUESTION 196
There are several Smart Directory(LDAP) features that can be applied to further enhance Smart
Directory(LDAP) functionality, which of the following is NOT one of those features?
A. High Availability, where user information can be duplicated across several servers
B. Support multiple Smart Directory(LDAP) servers on which many user databases are distributed
C. Encrypted or non-encrypted Smart Directory(LDAP) Connections usage
D. Support many Domains under the same account unit
Answer: D
QUESTION 197
Which two of these Check Point Protocols are used by SmartEvent Processes?
Answer: D
QUESTION 198
Fill in the blank: The tool ________ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 50
http://www.lead2pass.com
D. fw cpinfo
Answer: C
QUESTION 199
Which of these statements describes the Check Point ThreatCloud?
Answer: D
QUESTION 200
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically
reset every
A. 15 sec
B. 60 sec
C. 5 sec
D. 30 sec
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 201
Which command will allow you to see the interface status?
A. cphaprob interface
B. cphaprob -I interface
C. cphaprob -a if
D. cphaprob stat
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7298.htm
QUESTION 202
Which command can you use to enable or disable multi-queue per interface?
A. cpmq set
B. Cpmqueue set
C. Cpmq config
D. St cpmq enable
Answer: A
Explanation:
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 51
http://www.lead2pass.com
https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm
QUESTION 203
To help SmartEvent determine whether events originated internally you must define using the
Initial Settings under General Settings in the Policy Tab. How many options are available to
calculate the traffic direction?
Answer: D
Explanation:
http://dl3.checkpoint.com/paid/21/CP_R76_SmartEventIntro_AdminGuide.pdf?HashKey=153841
7023_7cb74dfe0e109c21f130f556d419faaf&xtn=.pdf
QUESTION 204
There are 4 ways to use the Management API for creating host object with R80 Management
API. Which one is NOT correct?
Answer: E
Explanation:
https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 205
CoreXL is supported when one of the following features is enabled:
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Answer: B
QUESTION 206
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many
packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To
optimize drops you decide to use Priorities Queues and fully enable Dynamic Dispatcher. How
can you enable them?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 52
http://www.lead2pass.com
C. fw ctl multik set_mode 9
D. fw ctl multik pq enable
Answer: C
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk105261
QUESTION 207
By default the R80 web API uses which content-type in its response?
A. Java Script
B. XML
C. Text
D. JSON
Answer: D
QUESTION 208
What are the main stages of a policy installation?
Answer: A
QUESTION 209
When using CPSTAT, what is the default port used by the AMON server?
A. 18191
B. 18192
C. 18194
D. 18190
Answer: B
QUESTION 210
What is the command perform a manual full-sync?
Answer: A
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 53
http://www.lead2pass.com
QUESTION 211
What is the SOLR database for?
A. Used for full text search and enables powerful matching capabilities.
B. Writes data to the database and full text search
C. Servers GUI responsible to transfer to the DLEserver
D. Enables power matching capabilities and writes data to the database
Answer: D
QUESTION 212
Due to high CPU workload on the Security Gateway, the administrator decided to purchase a new
multicore CPU top replace the existing single core CPU, After installatin, is the administrator
required to perform any additional tasks?
Answer: D
QUESTION 213
What is the protocol and port used for Health Check and State Synchronization ClusterXL?
Answer: C
QUESTION 214
You have a Geo-Protection policy blocking Australia and a number of the countries. You network
now requires a Check point Firewall to be installed in Sydney, Australi
Answer: B
QUESTION 215
Which of to the following is true about Capsule Connect?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 54
http://www.lead2pass.com
A. It is a full layer 3 VPN client
B. It offers full enterprise mobility management
C. It is supported only on IOS phones and Windows PCs
D. It does not support all VPN authentication methods
Answer: B
QUESTION 216
What is a best practice before starting to troubleshooting using the `'fw monitor'' tool?
Answer: D
QUESTION 217
You can access the ThreatCloud Repository form:
Answer: C
QUESTION 218
In what way is Secure Distribute (SND) a relevant feature if the security gateway?
Answer: C
QUESTION 219
Which files below are NOT core dump files when debugging the security Acceleration Module
card?
A. /var/log/messages*
B. /var/logcrash/,date./nmcore/*
C. var/log/sam_log/*
D. /var/crash/,date>/vmcore/*
Answer: D
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 55
http://www.lead2pass.com
QUESTION 220
GAIA Software packets can be imported and installed offline in situation where:
Answer: D
QUESTION 221
The WebUI offers three methods for downloading Hotfixes via CPUSE. One of them is Automatic
method. How many times per day will cpuse agent check for hotfixes and automatically download
them?
Answer: D
QUESTION 222
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster
members? Choose the best answer.
Answer: B
QUESTION 223
Capsule Connect and Capsule EWorkspace both offer secured connection for remote users who
are using their mobile devices, there are differences between the two. Which of the following
statement correctly identify each product's capabilities?
A. Workspace supports operating system, Android, and WP8, where Connect support operating
system and Android only.
B. For compliance/host checking. Workspace offers the MDM cooperative enforcement, whereas
Connect offers both jailbreak/root detection and MDM cooperative enforcement.
C. For credential protection, Connection uses One-time Password Login support and has no support,
whereas Workspace offers both One-Time password and certain SSP login support.
D. Workspace can support any application whereas Connect has a limited number of application
types which it will support.
Answer: B
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 56
http://www.lead2pass.com
QUESTION 224
Which Check point software blades cloud be enforced under Threat Prevention profile using
Point1R80.10 SmartConsole application?
Answer: C
QUESTION 225
If the Active Security Management Server fails or if it becomes necessary to change the active to
standby, the following steps must be taken to prevent data loss. Providing the active Security
management server is responsive, which if these steps should NOT be performed:
A. Rename the hostname the hostname of the Standby member exactly the hostname of the Active
member.
B. Change the Standby Security Management server to Active.
C. Change the Active security Management server to standby.
D. Manually synchronize the active and standby security Management servers.
Answer: A
QUESTION 226
Which of the following will NOT affect acceleration?
Answer: C
QUESTION 227
if a ''ping-packet is dropped by FW1 policy-on how many inspection points do you see this packet
in ''fw monitor''?
Answer: C
QUESTION 228
What are types of Check Point APIs available currently as part of R80.10 code?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 57
http://www.lead2pass.com
A. Security gateway API, Management API, Threat Prevention API and identity Awareness Web
services API
B. Management API, Threat Prevention API, identity Awareness Web services API and OPSEC SDK
API
C. OSE API, OPSEC SDK API, Threat Extraction API and policy Editor API
D. CPMI API, Management API, Threat Prevention API and identity Awareness Web services API
Answer: B
QUESTION 229
Steve is a Cyber Security Engineer working for Global Bank with large scale deployment of
Check point Enterprise Appliances. Steve's Manager-Diana asks him to provide ecommerce
Firewall Connection Table details to Bank's SOC Team as well as Check Point Support Team.
Which command will trigger heavy impact on the ecommerce Firewall performance and should be
avoided by Steve?
A. Fw tab -t connections -s
B. Fw tab -t connections
C. Fw tab -t connections -c
D. Fw tab -t connections -f
Answer: B
QUESTION 230
Which CLI allows you to run connectivity tests from the Security to an AD domain controller?
A. Test_ad_connectivity -d <domain>
B. Ad_test_connectivity -d <domain>
C. Test_connectivity_ad -d <domain>
D. Ad_connectivity-test -d <domain
Answer: A
QUESTION 231
You are investigating issues with to gateway cluster members are not able to establish the first
initial cluster synchronization. What service is used by the FWD deamon to do a Full
synchronization?
Answer: C
QUESTION 232
When deploying Sandblast, how would a Threat Emulation appliance be benefits from the
integration of threatCloud?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 58
http://www.lead2pass.com
A. ThreatCloud is a database-related appliance with is located on-premise to preserve privacy of
company-related data.
B. ThreatCloud is a collaboration platform for Check point customer to benefits from a virtual cloud
consisting of a combination of all on-premise private cloud environments.
C. ThreatCloud is a collaboration platform forCheck Point customer to benefit from VMWare ESXi
infrastructure which supports the Threat Emulation Appliance as virtual machine in the EMC cloud.
D. ThreatCloud is collaborating platforms for all the Check point customer to share information about
malicious and beings files all of the customer can benefits from as it makes emulation of know files
Unnecessary.
Answer: D
QUESTION 233
Which is not a blade option when configuring SmartEvent?
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
Answer: B
QUESTION 234
What command would show the API server status?
A. cpn\ status
B. apl restart
C. api status
D. show apl status
Answer: C
QUESTION 235
Which one of the following is true about Threat Extraction?
Answer: B
QUESTION 236
Check Point APIs allow system engineers and developers to make changes to their
organization's security policy with CLI tools and Web Services for all of the following except?
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 59
http://www.lead2pass.com
D. Create products that use and enhance the Check Point Solution.
Answer: A
QUESTION 237
What command all interface using Multi_queue?
A. Cpng get
B. Show interface all
C. Cpng set
D. Show multiqueue all
Answer: B
QUESTION 238
Which command show the current connection distributd byCoreXL FW instances?
Answer: A
QUESTION 239
After trucking installation admin john likes to use top command in except mode john has to set the
export password and was use top command and A week later john has to use the top command
again. He detected that the expert password is no longer valit. What is the more probable reason
for this behavior?
Answer: A
QUESTION 240
Automation and Orchestration differ in that:
Answer: D
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 60
http://www.lead2pass.com
About Lead2pass.com
Lead2pass.com was founded in 2006. We provide latest & high quality IT Certification Training
Exam Questions, Study Guides, Practice Tests. Lead the way to help you pass any IT Certification
exams, 100% Pass Guaranteed or Full Refund. Especially Cisco, Microsoft, CompTIA, Citrix, EMC,
HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
Sales: sales@lead2pass.com
Support: support@lead2pass.com
Any problems about IT certification or our products, you could rely upon us, we will give you
satisfactory answers in 24 hours.