It is impossible to pass Check Point 156-915.80 exam without any help in the short term. Come to Passleader soon and find the most advanced, correct and guaranteed Check Point 156-915.80 practice questions. You will get a surprising result by our Abreast of the times Check Point Certified Security Expert Update - R80 practice guides.
P.S. 100% Guarantee 156-915.80 testing bible are available on Google Drive, GET MORE: https://drive.google.com/open?id=1UHtXnNXw0Sz3rmLlziAf9CI0FDZ1fvFf
New Check Point 156-915.80 Exam Dumps Collection (Question 6 - Question 15)
Question No: 6
As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:
A. in the user object's Authentication screen.
B. in the Gateway object's Authentication screen.
C. in the Limit tab of the Client Authentication Action Properties screen.
D. in the Global Properties Authentication screen.
Answer: C
Question No: 7
Your companyu2021s Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:
A. Client Authentication rule using the manual sign-on method, using HTTP on port 900
B. Client Authentication rule, using partially automatic sign on
C. Client Authentication for fully automatic sign on
D. Session Authentication rule
Answer: A
Question No: 8
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
A. 20 minutes
B. 15 minutes
C. Admin account cannot be unlocked automatically
D. 30 minutes at least
Answer: D
Question No: 9
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.
What is TRUE about the new packageu2021s NAT rules?
A. Rules 1, 2, 3 will appear in the new package.
B. Only rule 1 will appear in the new package.
C. NAT rules will be empty in the new package.
D. Rules 4 and 5 will appear in the new package.
Answer: A
Question No: 10
MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R80 installation. You must propose a plan that meets the following required and desired objectives:
Required: Security Policy repository must be backed up no less frequently than every 24 hours. Desired: Back up R80 components enforcing the Security Policies at least once a week. Desired: Back up R80 logs at least once a week.
You develop a disaster recovery plan proposing the following:
* Use the utility cron to run the command upgrade_export each night on the Security Management Servers.
* Configure the organization's routine backup software to back up files created by the command upgrade_export.
* Configure GAiA back up utility to back up Security Gateways every Saturday night.
* Use the utility cron to run the command upgrade_export each Saturday night on the log servers.
* Configure an automatic, nightly logswitch.
* Configure the organization's routine back up software to back up the switched logs every night. The corporate IT change review committee decides your plan:
A. meets the required objective and only one desired objective.
B. meets the required objective and both desired objectives.
C. meets the rquired objective but does not meet either deisred objective.
D. does not meet the required objective.
Answer: B
Question No: 11
You have three Gateways in a mesh community. Each gatewayu2021s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?
A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gatewayu2021s VPN Domain
C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.
Answer: B
Question No: 12
Which of the following commands can provide the most complete restoration of a R80 configuration?
A. upgrade_import
B. cpinfo -recover
C. cpconfig
D. fwm dbimport -p <export file>
Answer: A
Question No: 13
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Question No: 14
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?
A. John should install the Identity Awareness Agent
B. The firewall admin should install the Security Policy
C. John should lock and unlock the computer
D. Investigate this as a network connectivity issue
Answer: B
Question No: 15
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Answer: C
Recommend!! Get the 100% Guarantee 156-915.80 dumps in VCE and PDF From Certleader, Welcome to download: https://www.certleader.com/156-915.80-dumps.html (New Q&As Version)