CheckPoint Checkpoint Certifications 156-215.80 Questions & Answers

• Question 471:

  Which deployment adds a Security Gateway to an existing environment without changing IP routing?

  A. Distributed

  B. Bridge Mode

  C. Remote

  D. Standalone

  Correct Answer: B

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide

  webAdmin/86429.htm

• Question 472:

  Fill in the blank: An identity server uses a ___________ for user authentication.

  A. Shared secret

  B. Certificate

  C. One-time password

  D. Token

  Correct Answer: A

  Reference: https://sc1.checkpoint.com/documents/R76/ CP_R76_IdentityAwareness_AdminGuide/62050.htm

• Question 473:

  You can see the following graphic:

  

  What is presented on it?

  A. Properties of personal .p12 certificate file issued for user John.

  B. Shared secret properties of John's password.

  C. VPN certificate properties of the John's gateway.

  D. Expired .p12 certificate properties for user John.

  Correct Answer: A

• Question 474:

  True or False: In R80, more than one administrator can login to the Security Management Server with write permission at the same time.

  A. False, this feature has to be enabled in the Global Properties.

  B. True, every administrator works in a session that is independent of the other administrators.

  C. True, every administrator works on a different database that is independent of the other administrators.

  D. False, only one administrator can login with write permission.

  Correct Answer: B

  More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that is independent of the other administrators. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/ html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265

• Question 475:

  After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

  A. Security Gateway IP-address cannot be changed without re-establishing the trust

  B. The Security Gateway name cannot be changed in command line without re-establishing trust

  C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust

  D. The Security Management Server IP-address cannot be changed without re-establishing the trust

  Correct Answer: A

• Question 476:

  Which two Identity Awareness commands are used to support identity sharing?

  A. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

  B. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)

  C. Policy Manipulation Point (PMP) and Policy Activation Point (PAP)

  D. Policy Activation Point (PAP) and Policy Decision Point (PDP)

  Correct Answer: A

  Reference: https://sc1.checkpoint.com/documents/R76/ CP_R76_IdentityAwareness_AdminGuide/66477.htm

• Question 477:

  Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?

  A. AES-GCM-256

  B. AES-CBC-256

  C. AES-GCM-128

  Correct Answer: B

  Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm? topic=documents/R77/CP_R77_VPN_AdminGuide/13847

• Question 478:

  Fill in the blank: To create policy for traffic to or from a particular location, use the _____________.

  A. DLP shared policy

  B. Geo policy shared policy

  C. Mobile Access software blade

  D. HTTPS inspection

  Correct Answer: B

  Shared Policies

  The Shared Policies section in the Security Policies shows the policies that are not in a Policy package.

  They are shared between all Policy packages.

  Shared policies are installed with the Access Control Policy.

  Software Blade Description

  Mobile Access Launch Mobile Access policy in a SmartConsole. Configure how your

  remote users access internal resources, such as their email accounts,

  when they are mobile.

  Launch Data Loss Prevention policy in a SmartConsole. Configure

  DLP

  advanced tools to automatically identify data that must not go outside

  the network, to block the leak, and to educate users.

  Geo Policy Create a policy for traffic to or from specific geographical or political

  locations.

  Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/

  CP_R80.10_NexGenSecurityGateway_Guide/html_frameset.htm?topic=documents/R80.10/

  WebAdminGuides/EN/ CP_R80.10_NexGenSecurityGateway_Guide/137006

• Question 479:

  You have discovered suspicious activity in your network. What is the BEST immediate action to take?

  A. Create a policy rule to block the traffic.

  B. Create a suspicious action rule to block that traffic.

  C. Wait until traffic has been identified before making any changes.

  D. Contact ISP to block the traffic.

  Correct Answer: B

  Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/ CP_R80.10_LoggingAndMonitoring_AdminGuide/html_frameset.htm?topic=documents/R80.10/ WebAdminGuides/EN/ CP_R80.10_LoggingAndMonitoring_AdminGuide/118300

• Question 480:

  Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made:

  A. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of this work.

  B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.

  C. Tom's changes will be lost since he lost connectivity and he will have to start again.

  D. Tom will have to reboot his SmartConsole computer, clear the cache and restore changes.

  Correct Answer: A