Refined 156-215.80 Dumps 2021

NEW QUESTION 1
MyCorp has the following NAT rules. You need to disable the NAT function when Alpha-internal networks try to reach the Google DNS (8.8.8.8) server.
What can you do in this case?

• A. Use manual NAT rule to make an exception
• B. Use the NAT settings in the Global Properties
• C. Disable NAT inside the VPN community
• D. Use network exception in the Alpha-internal network object

Answer: D

NEW QUESTION 2
The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?

• A. R80 Management contains compatibility packages for managing earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.
• B. R80 Management requires the separate installation of compatibility hotfix packages for managing the earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.
• C. R80 Management was designed as a completely different Management system and so can only monitor Check Point Gateways prior to R80.
• D. R80 Management cannot manage earlier versions of Check Point Gateways prior to R80. Only R80 and above Gateways can be manage
• E. Consult the R80 Release Notes for more information.

Answer: A

NEW QUESTION 3
In R80 spoofing is defined as a method of:

• A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
• B. Hiding your firewall from unauthorized users.
• C. Detecting people using false or wrong authentication logins
• D. Making packets appear as if they come from an authorized IP address.

Answer: D

Explanation: IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.

NEW QUESTION 4
Which of these components does NOT require a Security Gateway R77 license?

• A. Security Management Server
• B. Check Point Gateway
• C. SmartConsole
• D. SmartUpdate upgrading/patching

Answer: C

NEW QUESTION 5
Which identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?

• A. ADQuery
• B. Terminal Servers Endpoint Identity Agent
• C. Endpoint Identity Agent and Browser-Based Authentication
• D. RADIUS and Account Logon

Answer: D

NEW QUESTION 6
Provide very wide coverage for all products and protocols, with noticeable performance impact.

How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

• A. Set High Confidence to Low and Low Confidence to Inactive.
• B. Set the Performance Impact to Medium or lower.
• C. The problem is not with the Threat Prevention Profil
• D. Consider adding more memory to the appliance.
• E. Set the Performance Impact to Very Low Confidence to Prevent.

Answer: B

NEW QUESTION 7
Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _____ consolidate billions of logs and shows them as prioritized security events.

• A. SmartMonitor
• B. SmartView Web Application
• C. SmartReporter
• D. SmartTracker

Answer: B

Explanation: Event Analysis with SmartEvent
The SmartEvent Software Blade is a unified security event management and analysis solution that delivers real-time, graphical threat management information. SmartConsole, SmartView Web Application, and the SmartEvent GUI client consolidate billions of logs and show them as prioritized security events so you can immediately respond to security incidents, and do the necessary actions to prevent more attacks. You can customize the views to monitor the events that are most important to you. You can move from a high level view to detailed forensic analysis in a few clicks. With the free-text search and suggestions, you can quickly run data analysis and identify critical security events.

NEW QUESTION 8
If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer.

• A. Publish or discard the session.
• B. Revert the session.
• C. Save and install the Policy.
• D. Delete older versions of database.

Answer: A

Explanation: To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.
When you select Install Policy, you are prompted to publish all unpublished changes. You cannot install a policy if the included changes are not published.

NEW QUESTION 9
Review the rules. Assume domain UDP is enabled in the implied rules.

What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

• A. can connect to the Internet successfully after being authenticated.
• B. is prompted three times before connecting to the Internet successfully.
• C. can go to the Internet after Telnetting to the client authentication daemon port 259.
• D. can go to the Internet, without being prompted for authentication.

Answer: D

NEW QUESTION 10
Choose what BEST describes the Policy Layer Traffic Inspection.

• A. If a packet does not match any of the inline layers, the matching continues to the next Layer.
• B. If a packet matches an inline layer, it will continue matching the next layer.
• C. If a packet does not match any of the inline layers, the packet will be matched against the Implicit Clean-up Rule.
• D. If a packet does not match a Network Policy Layer, the matching continues to its inline layer.

Answer: B

NEW QUESTION 11
Office mode means that:

• A. SecureID client assigns a routable MAC addres
• B. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
• C. Users authenticate with an Internet browser and use secure HTTPS connection.
• D. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
• E. Allows a security gateway to assign a remote client an IP addres
• F. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Answer: D

Explanation: Office Mode enables a Security Gateway to assign internal IP addresses to SecureClient users. This IP address will not be exposed to the public network, but is encapsulated inside the VPN tunnel between the client and the Gateway. The IP to be used externally should be assigned to the client in the usual way by the Internet Service provider used for the Internet connection. This mode allows a Security Administrator to control which addresses are used by remote clients inside the local network and makes them part of the local network. The mechanism is based on an IKE protocol extension through which the Security Gateway can send an internal IP address to the client.

NEW QUESTION 12
You are the administrator for ABC Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

What does this mean?

• A. The rule No.6 has been marked for deletion in your Management session.
• B. The rule No.6 has been marked for deletion in another Management session.
• C. The rule No.6 has been marked for editing in your Management session.
• D. The rule No.6 has been marked for editing in another Management session.

Answer: C

NEW QUESTION 13
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

• A. Smart Cloud Services
• B. Load Sharing Mode Services
• C. Threat Agent Solution
• D. Public Cloud Services

Answer: A

NEW QUESTION 14
When connected to the Check Point R80 Management Server using the SmartConsole the first administrator to connect has a lock on:

• A. Only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.
• B. The entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.
• C. The entire Management Database and all sessions and other administrators can connect only as Read-only.
• D. Only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.

Answer: D

NEW QUESTION 15
What needs to be configured if the NAT property ‘Translate destination on client side’ is not enabled in Global properties?

• A. A host route to route to the destination IP
• B. Use the file local.arp to add the ARP entries for NAT to work
• C. Nothing, the Gateway takes care of all details necessary
• D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly

Answer: C

NEW QUESTION 16
The Firewall kernel is replicated multiple times, therefore:

• A. The Firewall kernel only touches the packet if the connection is accelerated
• B. The Firewall can run different policies per core
• C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
• D. The Firewall can run the same policy on all cores

Answer: D