1. Home
  2. CheckPoint
  3. 156-915.80

Check Point Certified Security Expert Update - R80.10

Exam Details

  • Exam Code
    :156-915.80
  • Exam Name
    :Check Point Certified Security Expert Update - R80.10
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :536 Q&As
  • Last Updated
    :Mar 11, 2025

CheckPoint Checkpoint Certifications 156-915.80 Questions & Answers

  • Question 491:

    You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.

    A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.

    B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).

    C. Yes, there are always as many active NAT rules as there are connections.

    D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

  • Question 492:

    You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.

    What is TRUE about the new package's NAT rules?

    A. Rules 1, 2, 3 will appear in the new package.

    B. Only rule 1 will appear in the new package.

    C. NAT rules will be empty in the new package.

    D. Rules 4 and 5 will appear in the new package.

  • Question 493:

    You are a Security Administrator who has installed Security Gateway R80 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP

    only, you did the following:

    1) Created manual Static NAT rules for the Web server.

    2) Cleared the following settings in the Global Properties > Network Address Translation screen:

    -Allow bi-directional NAT

    -

    Translate destination on client side Do the above settings limit the partner's access?

    A.

    Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

    B.

    No. The first setting is not applicable. The second setting will reduce performance.

    C.

    Yes. Both of these settings are only applicable to automatic NAT rules.

    D.

    No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.

  • Question 494:

    You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R80 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

    A. o=outbound kernel, before the virtual machine

    B. I=inbound kernel, after the virtual machine

    C. O=outbound kernel, after the virtual machine

    D. i=inbound kernel, before the virtual machine

  • Question 495:

    You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

    A. No extra configuration is needed.

    B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.

    C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.

    D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

  • Question 496:

    Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

    A. This is an example of Hide NAT.

    B. There is not enough information provided in the Wireshark capture to determine the NAT settings.

    C. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.

    D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

  • Question 497:

    In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:

    A. It is not necessary to add a static route to the Gateway's routing table.

    B. It is necessary to add a static route to the Gateway's routing table.

    C. The Security Gateway's ARP file must be modified.

    D. VLAN tagging cannot be defined for any hosts protected by the Gateway.

  • Question 498:

    You are MegaCorp's Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer.

    A. The Administrator decides the rule order by shifting the corresponding rules up and down.

    B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

    C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

    D. The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.

  • Question 499:

    After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?

    A. The packet has been sent out through a VPN tunnel unencrypted.

    B. An IPSO ACL has blocked the packet's outbound passage.

    C. A SmartDefense module has blocked the packet.

    D. It is due to NAT.

  • Question 500:

    Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R80 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?

    A. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

    B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.

    C. Use automatic Static NAT for network 10.1.1.0/24.

    D. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-915.80 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.