What Virtual 156-315.80 Training Tools Is

NEW QUESTION 1
What happen when IPS profile is set in Detect Only Mode for troubleshooting?

• A. It will generate Geo-Protection traffic
• B. Automatically uploads debugging logs to Check Point Support Center
• C. It will not block malicious traffic
• D. Bypass licenses requirement for Geo-Protection control

Answer: C

Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of
IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

NEW QUESTION 2
What is the default shell of Gaia CLI?

• A. Monitor
• B. CLI.sh
• C. Read-only
• D. Bash

Answer: B

NEW QUESTION 3
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?

• A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
• B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
• C. Nothing - Check Point control connections function regardless of Geo-Protection policy
• D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Answer: C

NEW QUESTION 4
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ______ .

• A. Sent to the Internal Certificate Authority.
• B. Sent to the Security Administrator.
• C. Stored on the Security Management Server.
• D. Stored on the Certificate Revocation List.

Answer: D

NEW QUESTION 5
When setting up an externally managed log server, what is one item that will not be configured on the R80 Security Management Server?

• A. IP
• B. SIC
• C. NAT
• D. FQDN

Answer: C

NEW QUESTION 6
Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.

• A. Better understand the behavior of the Access Control Policy
• B. Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base
• C. Automatically rearrange Access Control Policy based on Hit Count Analysis
• D. Analyze a Rule Base - You can delete rules that have no matching connections

Answer: C

NEW QUESTION 7
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

• A. fw ctl sdstat
• B. fw ctl affinity –l –a –r –v
• C. fw ctl multik stat
• D. cpinfo

Answer: B

NEW QUESTION 8
What Factor preclude Secure XL Templating?

• A. Source Port Ranges/Encrypted Connections
• B. IPS
• C. ClusterXL in load sharing Mode
• D. CoreXL

Answer: A

NEW QUESTION 9
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?

• A. Kerberos Ticket Renewed
• B. Kerberos Ticket Requested
• C. Account Logon
• D. Kerberos Ticket Timed Out

Answer: D

NEW QUESTION 10
You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task.
What is the first step to run management API commands on GAIA’s shell?

• A. mgmt_admin@teabag > id.txt
• B. mgmt_login
• C. login user admin password teabag
• D. mgmt_cli login user “admin” password “teabag” > id.txt

Answer: B

NEW QUESTION 11
Which command gives us a perspective of the number of kernel tables?

• A. fw tab -t
• B. fw tab -s
• C. fw tab -n
• D. fw tab -k

Answer: B

NEW QUESTION 12
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-m ail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?

• A. SandBlast Threat Emulation
• B. SandBlast Agent
• C. Check Point Protect
• D. SandBlast Threat Extraction

Answer: D

NEW QUESTION 13
What are types of Check Point APIs available currently as part of R80.10 code?

• A. Security Gateway API Management API, Threat Prevention API and Identity Awareness Web Services API
• B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
• C. OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API
• D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API

Answer: B

NEW QUESTION 14
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

• A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
• B. Create a separate Security Policy package for each remote Security Gateway.
• C. Create network objects that restricts all applicable rules to only certain networks.
• D. Run separate SmartConsole instances to login and configure each Security Gateway directly.

Answer: B

NEW QUESTION 15
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

• A. $FWDIR/database/fwauthd.conf
• B. $FWDIR/conf/fwauth.conf
• C. $FWDIR/conf/fwauthd.conf
• D. $FWDIR/state/fwauthd.conf

Answer: C

NEW QUESTION 16
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?

• A. Host having a Critical event found by Threat Emulation
• B. Host having a Critical event found by IPS
• C. Host having a Critical event found by Antivirus
• D. Host having a Critical event found by Anti-Bot

Answer: D

NEW QUESTION 17
......