Questions 156-315.80

Checkpoint 156-315.
80 Exam
Exam Checkpoint 156-315.80 Exam
Check Point Certified Security Expert -

Title
R80 Exam
Version 8.0
Product
100 Q&A with explanations
Type
“Best Material, Great Results”. www.certkingdom.com 1 of 25

Checkpoint 156-315.80 Exam
QUESTION 1
In a Client to Server scenario, which represents that the packet has already checked against the tables and the Rule Base?
A. Big l
B. Little o
C. Little i
D. Big O
Answer: D
QUESTION 2
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
A. 15 sec
B. 60 sec
C. 5 sec
D. 30 sec
Answer: B
QUESTION 3
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
A. Secure Internal Communication (SIC)

B. Restart Daemons if they fail
C. Transfers messages between Firewall processes
D. Pulls application monitoring status
Answer: D
QUESTION 4
Which command is used to set the CCP protocol to Multicast?
A. cphaprob set_ccp multicast

B. cphaconf set_ccp multicast
C. cphaconf set_ccp no_broadcast
D. cphaprob set_ccp no_broadcast
Answer: B
QUESTION 5
What is true about the IPS-Blade?
A. In R80, IPS is managed by the Threat Prevention Policy

B. In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. In R80, IPS Exceptions cannot be attached to “all rules”
D. In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Answer: A
QUESTION 6
What Factor preclude Secure XL Templating?
A. Source Port Ranges/Encrypted Connections

B. IPS
C. ClusterXL in load sharing Mode
D. CoreXL
Answer: A
QUESTION 7
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API
command can he use in the script to achieve the requirement?
A. add host name <New HostName> ip-address <ip address>

B. add hostname <New HostName> ip-address <ip address>
C. set host name <New HostName> ip-address <ip address>
D. set hostname <New HostName> ip-address <ip address>
Answer: A
QUESTION 8
Which command will allow you to see the interface status?
A. cphaprob interface
B. cphaprob –I interface
C. cphaprob –a if
D. cphaprob stat
Answer: C
QUESTION 9
Fill in the blank: The R80 utilityfw monitoris used to troubleshoot ________.
A. User data base corruption

B. LDAP conflicts
C. Traffic issues
D. Phase two key negotiations
Answer: C
Explanation
Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor

utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets
can be inspected later using the WireShark
QUESTION 10
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk
space is less than or equal to?
A. 50%
B. 75%
C. 80%
D. 15%
Answer: D
QUESTION 11
How can SmartView application accessed?
A. http://<Security Management IP Address>/smartview

B. http://<Security Management IP Address>:4434/smartview
C. https://<Security Management IP Address>/smartview/
D. https://<Security Management host name>:4434/smartview
Answer: C
QUESTION 12
What are the three components for Check Point Capsule?
A. Capsule Docs, Capsule Cloud, Capsule Connect

B. Capsule Workspace, Capsule Cloud, Capsule Connect
C. Capsule Workspace, Capsule Docs, Capsule Connect
D. Capsule Workspace, Capsule Docs, Capsule Cloud
Answer: D
QUESTION 13
On R80.10 when configuring Third-Party devices o read the logs using the LEA (Log Export API) the default Log
Server uses port:
A. 18210
B. 18184
C. 257
D. 18191
Answer: B
QUESTION 14
Which of these statements describes the Check Point ThreatCloud?
A. Blocks or limits usage of web applications

B. Prevents or controls access to web sites based on category
C. Prevents Cloud vulnerability exploits
D. A worldwide collaborative security network
Answer: D
QUESTION 15
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description
pane. Which is NOT an option to adjust or configure?
A. Severity
B. Automatic reactions
C. Policy
D. Threshold
Answer: C
QUESTION 16
Which method below is NOT one of the ways to communicate using the Management API’s?
A. Typing API commands using the “mgmt_cli” command

B. Typing API commands from a dialog box inside the SmartConsole GUI application
C. Typing API commands using Gaia’s secure shell(clish)19+
D. Sending API commands over an http connection using web-services
Answer: D
QUESTION 17
What is the correct command to observe the Sync traffic in a VRRP environment?
A. fw monitor –e “accept[12:4,b]=224.0.0.18;”
B. fw monitor –e “accept(6118;”
C. fw monitor –e “accept proto=mcVRRP;”
D. fw monitor –e “accept dst=224.0.0.18;”
Answer: D
QUESTION 18
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would
you use?
A. SmartEvent Client Info

B. SecuRemote
C. Check Point Protect
D. Check Point Capsule Cloud
Answer: C
QUESTION 19
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and
Mobile Access Software Blade policies
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the
order in which they are defined, allowing control over the rule base flow and which security functionalities
take precedence.
D. Time object to a rule to make the rule active only during specified times.
Answer: C
QUESTION 20
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall can run the same policy on all cores.
Answer: D
Explanation
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or
instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and
independent inspection kernel. When CoreXL is enabled, all the kernel instances in the Security Gateway process traffic
through the same interfaces and apply the same security policy.
QUESTION 21
Identify the API that is not supported by Check Point currently.
A. R80 Management API

B. Identity Awareness Web Services API
C. Open REST API
D. OPSEC SDK
Answer: C
QUESTION 22
The Security Gateway is installed on GAIA R80. The default port for the Web User interface is ______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Answer: D
QUESTION 23
Which is NOT an example of a Check Point API?
A. Gateway API
B. Management API
C. OPSC SDK
D. Threat Prevention API
Answer: A
QUESTION 24
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
B. fw ctl pstat
C. show all connections
D. show connections
Answer: B
QUESTION 25
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Answer: A
Explanation
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and
uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point
servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can
open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-
depth analysis of customer's configuration and environment settings.
QUESTION 26
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way,
how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Answer: C
Explanation
One for Security Management Server and the other one for the Security Gateway.
QUESTION 27
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specific time period.
A. Block Port Overflow

B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
Answer: C
Explanation
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon
detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are
Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the
currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately
without the need to perform anInstall Policyoperation
QUESTION 28
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept
B. Drop
C. NAT
D. None
Answer: D
QUESTION 29
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS) images
B. images are chosen by administrator during installation
C. as many as licensed for
D. the most new image
Answer: A
QUESTION 30
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security
administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Answer: B
QUESTION 31
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
A. It will generate Geo-Protection traffic

B. Automatically uploads debugging logs to Check Point Support Center
C. It will not block malicious traffic
D. Bypass licenses requirement for Geo-Protection control
Answer: C
Explanation
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS.
This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding
any impact on the flow of traffic.
QUESTION 32
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in
which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will
continue in the sub policy attached to it rather than in the next rule.
Answer: D
QUESTION 33
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Answer: A
QUESTION 34
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has
four dedicated components that constantly work together to protect mobile devices and their data.
Which component is NOT part of the SandBlast Mobile solution?
A. Management Dashboard
B. Gateway
C. Personal User Storage
D. Behavior Risk Engine
Answer: C
QUESTION 35
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical
Severity. Which of those hosts should you try to remediate first?
A. Host having a Critical event found by Threat Emulation

B. Host having a Critical event found by IPS
C. Host having a Critical event found by Antivirus
D. Host having a Critical event found by Anti-Bot
Answer: D
QUESTION 36
What is the limitation of employing Sticky Decision Function?
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C. With SDF enabled, only ClusterXL in legacy mode is supported
D. With SDF enabled, you can only have three Sync interfaces at most
Answer: B
QUESTION 37
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. UDP port 265

B. TCP port 265
C. UDP port 256
D. TCP port 256
Answer: D
Explanation
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by
the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security
Gateway kernel using UDP connections on port 8116.

QUESTION 38
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
A. Dynamic ID
B. RADIUS
C. Username and Password
D. Certificate
Answer: A
QUESTION 39
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following,
Username and Password, RADIUS or _______.
A. SecureID
B. SecurID
C. Complexity
D. TacAcs
Answer: B
QUESTION 40
What is true about VRRP implementations?
A. VRRP membership is enabled in cpconfig

B. VRRP can be used together with ClusterXL, but with degraded performance
C. You cannot have a standalone deployment
D. You cannot have different VRIDs in the same physical network
Answer: C
QUESTION 41
CoreXL is supported when one of the following features is enabled:
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Answer: B
Explanation
CoreXL does not support Check Point Suite with these features:
Check Point QoS (Quality of Service)
Route-based VPN
IPv6 on IPSO
Overlapping NAT

QUESTION 42
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n)
_____ or ______ action for the file types.
A. Inspect/Bypass
B. Inspect/Prevent
C. Prevent/Bypass
D. Detect/Bypass
Answer: A
QUESTION 43
Connections to the Check Point R80 Web API use what protocol?
A. HTTPS
B. RPC
C. VPN
D. SIC
Answer: A
QUESTION 44
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUS server
B. Username and password (internal, LDAP)
C. SecurID
D. TACACS+
Answer: D
QUESTION 45
What is the least amount of CPU cores required to enable CoreXL?
A. 2
B. 1
C. 4
D. 6
Answer: B
QUESTION 46
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
Answer: A
QUESTION 47
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which
2 processes?
A. fwd via cpm

B. fwm via fwd
C. cpm via cpd
D. fwd via cpd
Answer: A
QUESTION 48
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT
correct?
A. Using Web Services

B. Using Mgmt_cli tool
C. Using CLISH
D. Using SmartConsole GUI console
E. Events are collected with SmartWorkflow from Trouble Ticket systems
Answer: E
QUESTION 49
Which two of these Check Point Protocols are used by SmartEvent Processes?
A. ELA and CPD

B. FWD and LEA
C. FWD and CPLOG
D. ELA and CPLOG
Answer: D
QUESTION 50
Check Point Management (cpm) is the main management process in that it provides the architecture for a
consolidates management console. CPM allows the GUI client and management server to communicate via web services
using ___________.
A. TCP port 19009

B. TCP Port 18190

C. TCP Port 18191
D. TCP Port 18209
Answer: A
QUESTION 51
What is the difference between an event and a log?
A. Events are generated at gateway according to Event Policy

B. A log entry becomes an event when it matches any rule defined in Event Policy
C. Events are collected with SmartWorkflow form Trouble Ticket systems
D. Log and Events are synonyms
Answer: B
QUESTION 52
Which view is NOT a valid CPVIEW view?
A. IDA
B. RAD
C. PDP
D. VPN
Answer: C
QUESTION 53
What command verifies that the API server is responding?
A. api stat
B. api status
C. show api_status
D. app_get_status
Answer: B
QUESTION 54
To help SmartEvent determine whether events originated internally you must define using the Initial Settings under
General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
A. 5 Network; Host; Objects; Services; API

B. 3 Incoming; Outgoing; Network
C. 2 Internal; External
D. 4 Incoming; Outgoing; Internal; Other
Answer: D

QUESTION 55
What has to be taken into consideration when configuring Management HA?
A. The Database revisions will not be synchronized between the management servers
B. SmartConsole must be closed prior to synchronized changes in the objects database
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to
pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ
Virtual Routers instead, you have to reconsider your design.
Answer: A
QUESTION 56
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of
log records from Security Gateway?
A. logd
B. fwd
C. fwm
D. cpd
Answer: B
QUESTION 57
Advanced Security Checkups can be easily conducted within:
A. Reports
B. Advanced
C. Checkups
D. Views
Answer: A
QUESTION 58
Which statement is NOT TRUE about Delta synchronization?
A. Using UDP Multicast or Broadcast on port 8161

B. Using UDP Multicast or Broadcast on port 8116
C. Quicker than Full sync
D. Transfers changes in the Kernel tables between cluster members.
Answer: A
QUESTION 59
Which CLI command will reset the IPS pattern matcher statistics?
A. ips reset pmstat

B. ips pstats reset

C. ips pmstats refresh
D. ips pmstats reset
Answer: D
QUESTION 60
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were
dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use
Priorities Queues and fully enable Dynamic Dispatcher. How can you enable them?
A. fw ctl multik dynamic_dispatching on

B. fw ctl multik dynamic_dispatching set_mode 9
C. fw ctl multik set_mode 9
D. fw ctl multik pq enable
Answer: C
QUESTION 61
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command
in Expert mode then reboot:
A. fw ctl multik set_mode 1

B. fw ctl Dynamic_Priority_Queue on
C. fw ctl Dynamic_Priority_Queue enable
D. fw ctl multik set_mode 9
Answer: D
QUESTION 62
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
A. Source address, Destination address, Source port, Destination port, Protocol

B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
C. Source address, Destination address, Source port, Destination port
D. Source address, Destination address, Destination port, Protocol
Answer: A
QUESTION 63
What SmartEvent component creates events?
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI

Answer: B
QUESTION 64
fwssd is a child process of which of the following Check Point daemons?
A. fwd
B. cpwd
C. fwm
D. cpd
Answer: A
QUESTION 65
Which TCP-port does CPM process listen to?
A. 18191
B. 18190
C. 8983
D. 19009
Answer: D
QUESTION 66
Which packet info is ignored with Session Rate Acceleration?
A. source port ranges

B. source ip
C. source port
D. same info from Packet Acceleration is used
Answer: C
QUESTION 67
Where you can see and search records of action done by R80 SmartConsole administrators?
A. In SmartView Tracker, open active log

B. In the Logs & Monitor view, select “Open Audit Log View”
C. In SmartAuditLog View
D. In Smartlog, all logs
Answer: B
QUESTION 68
Check Point Management (cpm) is the main management process in that it provides the architecture for a
consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The
cpm process:
A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects as well as policy code generation.
Answer: C
QUESTION 69
In R80.10, how do you manage your Mobile Access Policy?
A. Through the Unified Policy

B. Through the Mobile Console
C. From SmartDashboard
D. From the Dedicated Mobility Tab
Answer: C
QUESTION 70
Fill in the blank: The tool ________ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Answer: C
QUESTION 71
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check
Point SIC _____________ .
A. TCP Port 18190

B. TCP Port 18209
C. TCP Port 19009
D. TCP Port 18191
Answer: D
QUESTION 72
Which command shows actual allowed connections in state table?
A. fw tab –t StateTable
B. fw tab –t connections
C. fw tab –t connection
D. fw tab connections

Answer: B
QUESTION 73
Which statement is true regarding redundancy?
A. System Administrators know their cluster has failed over and can also see why it failed over by using the cphaprob –f
if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and
virtualized environments.
Answer: D
QUESTION 74
Your manager asked you to check the status of SecureXL, and its enable templates and features, what command will you
use to provide such information to manager?
A. fw accel stat
B. fwaccel stat
C. fw acces stats
D. fwaccel stats
Answer: B
QUESTION 75
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?
A. Synchronized
B. Never been synchronized
C. Lagging
D. Collision
Answer: D
QUESTION 76
The Event List within the Event tab contains:
A. a list of options available for running a query.
B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.
C. events generated by a query.
D. the details of a selected event.
Answer: C
QUESTION 77
What are the different command sources that allow you to communicate with the API server?
A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B. SmartConsole GUI Console, mgmt._cli Tool, Gaia CLI, Web Services
C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
D. API_cli Tool, Gaia CLI, Web Services
Answer: B
QUESTION 78
In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Answer: D
Explanation
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack
connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute
DoS attacks, or to gain unauthorized access.
QUESTION 79
Which statement is correct about the Sticky Decision Function?
A. It is not supported with either the Performance pack of a hardware based accelerator card
B. Does not support SPI’s when configured for Load Sharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
D. It is not required L2TP traffic
Answer: A
QUESTION 80
If you needed the Multicast MAC address of a cluster, what command would you run?
A. cphaprob –a if
B. cphaconf ccp multicast
C. cphaconf debug data
D. cphaprob igmp
Answer: D
QUESTION 81
You have successfully backed up Check Point configurations without the OS information. What command would you
use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
Answer: C
QUESTION 82
Fill in the blank: The command ___________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file>
D. cpinfo –recover
Answer: A
QUESTION 83
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active
cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Answer: C
QUESTION 84
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
A. fw ctl sdstat
B. fw ctl affinity –l a –r –v
C. fw ctl multik stat
D. cpinfo
Answer: B
QUESTION 85
CPM process stores objects, policies, users, administrators, licenses and management data in a database.
The database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Answer: B
QUESTION 86
Which command would disable a Cluster Member permanently?
A. clusterXL_admin down
B. cphaprob_admin down
C. clusterXL_admin down-p
D. set clusterXL down-p
Answer: C
QUESTION 87
Which command can you use to enable or disable multi-queue per interface?
A. cpmq set
B. Cpmqueue set
C. Cpmq config
D. St cpmq enable
Answer: A
QUESTION 88
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS,
and Threat Emulation?
A. Anti-Bot is the only countermeasure against unknown malware

B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
C. Anti-Bot is the only signature-based method of malware protection.
D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command &
Control Center.
Answer: D
QUESTION 89
Which of the following process pulls application monitoring status?
A. fwd
B. fwm
C. cpwd
D. cpd
Answer: D
QUESTION 90
What is the mechanism behind Threat Extraction?
A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against
its sender.
B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it
prior to sending it to the intended recipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database
(Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the
document and forwarded to the intended recipient, which makes this solution very fast.
Answer: D
QUESTION 91
Which of the following statements is TRUE about R80 management plug-ins?
A. The plug-in is a package installed on the Security Gateway.

B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and support
for new products.
D. Using a plug-in offers full central management only if special licensing is applied to specific features of the
plug-in.
Answer: C
QUESTION 92
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without
employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Answer: C
Explanation
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security
Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination,
Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure
VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamicrouting
protocols that do not survive state verification in non-Wire Mode configurations can now be deployed.
The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire
Mode".
QUESTION 93
What is not a component of Check Point SandBlast?
A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud
Answer: B
QUESTION 94
When doing a Stand-Alone Installation, you would install the Security Management Server with which other
Check Point architecture component?
A. None, Security Management Server would be installed by itself.

B. SmartConsole
C. SecureClient
D. Security Gateway
Answer: D
QUESTION 95
To fully enable Dynamic Dispatcher on a Security Gateway:
A. run fw ctl multik set_mode 9 in Expert mode and then Reboot.

B. Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.
C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
D. run fw multik set_mode 1 in Expert mode and then reboot.
Answer: A
QUESTION 96
Which command lists all tables in Gaia?
A. fw tab –t
B. fw tab –list
C. fw-tab –s
D. fw tab -1
Answer: C
QUESTION 97
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the
web browser. What are the two modes of SNX?
A. Application and Client Service

B. Network and Application
C. Network and Layers
D. Virtual Adapter and Mobile App
Answer: B

QUESTION 98
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
Answer: C
QUESTION 99
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website,
file share and emails?
A. Check Point Remote User

B. Check Point Capsule Workspace
C. Check Point Mobile Web Portal
D. Check Point Capsule Remote
Answer: C
QUESTION 100
R80.10 management server can manage gateways with which versions installed?
A. Versions R77 and higher

B. Versions R76 and higher
C. Versions R75.20 and higher
D. Versions R75 and higher
Answer: C

Questions 156-315.80

Uploaded by

Copyright:

Available Formats

Questions 156-315.80

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Questions 156-315.80

Uploaded by

Copyright:

Available Formats

Checkpoint 156-315.

Exam Checkpoint 156-315.80 Exam

Check Point Certified Security Expert -

“Best Material, Great Results”. www.certkingdom.com 1 of 25

A. Secure Internal Communication (SIC)

A. cphaprob set_ccp multicast

A. In R80, IPS is managed by the Threat Prevention Policy

A. Source Port Ranges/Encrypted Connections

A. add host name <New HostName> ip-address <ip address>

A. User data base corruption

“Best Material, Great Results”. www.certkingdom.com 3 of 25

A. http://<Security Management IP Address>/smartview

A. Capsule Docs, Capsule Cloud, Capsule Connect

A. Blocks or limits usage of web applications

A. Typing API commands using the “mgmt_cli” command

A. SmartEvent Client Info

A. R80 Management API

A. Block Port Overflow

A. It will generate Geo-Protection traffic

A. Host having a Critical event found by Threat Emulation

A. UDP port 265

“Best Material, Great Results”. www.certkingdom.com 10 of 25

A. VRRP membership is enabled in cpconfig

“Best Material, Great Results”. www.certkingdom.com 11 of 25

A. fwd via cpm

A. Using Web Services

A. ELA and CPD

A. TCP port 19009

B. TCP Port 18190

A. Events are generated at gateway according to Event Policy

A. 5 Network; Host; Objects; Services; API

“Best Material, Great Results”. www.certkingdom.com 14 of 25

A. Using UDP Multicast or Broadcast on port 8161

A. ips reset pmstat

B. ips pstats reset

A. fw ctl multik dynamic_dispatching on

A. fw ctl multik set_mode 1

A. Source address, Destination address, Source port, Destination port, Protocol

“Best Material, Great Results”. www.certkingdom.com 16 of 25

A. source port ranges

A. In SmartView Tracker, open active log

A. Through the Unified Policy

A. TCP Port 18190

“Best Material, Great Results”. www.certkingdom.com 18 of 25

A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

A. Anti-Bot is the only countermeasure against unknown malware

A. The plug-in is a package installed on the Security Gateway.

A. None, Security Management Server would be installed by itself.

A. run fw ctl multik set_mode 9 in Expert mode and then Reboot.

A. Application and Client Service

“Best Material, Great Results”. www.certkingdom.com 24 of 25

A. Check Point Remote User

A. Versions R77 and higher

“Best Material, Great Results”. www.certkingdom.com 25 of 25

You might also like