156-915.80 Exam Dumps - Check Point Certified Security Expert Update - R80.10

When migrating the SmartEvent data base from one server to another, the last step is to save the files on the new server. Which of thefollowing commands should you run to save the SmartEvent data base files on the new server?

Fill in the blank.

In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings itsCluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member’s IP address?

Which three of the following are ClusterXL member requirements?

1) same operating systems

2) same Check Point version

3) same appliance model

4) same policy

Fill in the blank. To verify the SecureXL status, you would enter command _____________ .

In a zero downtime firewall cluster environment, what command syntax do you run to avoid switching problems around the cluster for command cphaconf?

Which two processes are responsible on handling Identity Awareness?

Which Check Point tool allows you to open a debug file and see the VPN packet exchange details.

If your firewall is performing a lot of IPS inspection and the CPUs assigned tofw_worker_thread are at or near 100%, which of the following could you do to improve performance?

What is the command to check the status ofthe SmartEvent Correlation Unit?

To bind a NIC to a single processor when using CoreXL on GAiA, you would use the command

Fill in the blank. To enter the router shell, use command __________ .

How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?

Fill in the blank. What is the correct command and syntax used to view a connection table summary on a Check Point Firewall?

MegaCorp is using SmartCenter Server with several gateways. Their requirements result in a heavy log load. Would it be feasible to add the SmartEvent Correlation Unit and SmartEvent Server to their SmartCenter Server?

Which CLI tool helps on verifying proper ClusterXL sync?

Match the VPN-related terms with their definitions. Each correct term is only used once.

Exhibit:

What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with aWindows 2003 or 2008 server?

Type the command and syntax that you would use to view thevirtual cluster interfaces of a ClusterXL environment.

What is the purpose of the pre-defined exclusions included with SmartEvent R80?

What givesadministrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?

How many pre-defined exclusions are included by default in SmartEvent R80 as part of the product installation?

Which of the following is the preferred method for adding static routes in GAiA?

MultiCorp is located in Atlanta. It has a branch office in Europe, Asia, and Africa. Each location has its own AD controller for local user login. How many ADqueries have to be configured?

Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member.

When do modifications to the Event Policy take effect?

Can you implement a complete IPv6 deployment without IPv4 addresses?

You find that Users are not prompted for authentication when they access their Web servers, even though you havecreated an HTTP rule via User Authentication. Choose the BEST reason why.

You are running a R80 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?

Which of the following tools is used to generate a Security Gateway R80 configuration report?

You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?

Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?

What happens if the identity of a user is known?

Your company is running Security Management Server R80 on GAiA, which has been migrated through each version starting from CheckPoint 4.1. How do you add a new administrator account?

You are a Security Administrator who has installed Security Gateway R80 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:

1)Created manual Static NAT rules for the Web server.

2) Cleared the following settings in the Global Properties > Network Address Translation screen:

- Allow bi-directional NAT

- Translate destination on client side

Do the above settings limit the partner’s access?

Study the Rule base and Client Authentication Action properties screen -

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:

You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some ofthem use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer.

How can you check whether IP forwarding is enabled on an IP Security Appliance?

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

Johnplugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

When simulating a problem on CLusterXL cluster with cphaprob –d STOP –s problem –t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

To findrecords in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was blocked, what would be the query syntax?

Fill in the blank: The tool___________ generates a R80 Security Gateway configuration report.

Which command will allow you to see the interface status?

Identify the API that is not supported by Check Point currently.

How many images are included with Check Point TE appliance in Recommended Mode?

John is using Management HA. Which Smartcenter should be connected to for marking changes?

There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?

When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called, and what are you defining?

What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

NAT rules are prioritized in which order?

1. Automatic Static NAT

2. Automatic Hide NAT

3. Manual/Pre-Automatic NAT

4. Post-Automatic/Manual NAT rules

What command would show the API server status?

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

What Shell is required in Gaia to use WinSCP?

The Check Point installation history feature in R80 provides the following:

What is the proper CLISH syntax to configure a default route via 192.168.255.1 in Gaia?

SmartEvent provides a convenient way to run common command line executables that can assist ininvestigating events. Right-clicking the IP address, source or destination, in a event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:

What are types of Check Point APIs available currently as part of R80.10 code?

Return oriented programming (ROP) exploits are detected by which security blade?

Fill in the blank: The R80 utility fw monitor is used to troubleshoot __________.

Check Point recommends configuring Disk Space Management parameters to delete old log entities when available disk space is less than or equal to?

What happens if the identity of a user is known?

Which command allows you to view the contents of an R80 table?

Match the followingcommands to their correct function.

Each command has one function only listed.

When using AD Query to authenticate users for IdentityAwareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?

Where can you find the Check Point’s SNMP MIB file?

In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:

In the Rule Base displayed, user authentication in Rule 4 isconfigured as fully automatic. Eric is a member of the LDAP group, MSD_Group.

What happens when Eric tries to connect to a server on the Internet?

Jennifer McHanry is CEO of ACME. Sherecently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R80 Firewall Rule Base.

To make this scenario work, the IT administrator must:

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.

2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry accessnetwork destinations. Select accept as the Action.

Ms. McHanry tries to access the resource but is unable. What should she do?

You have three servers located in a DMZ, using private IP addresses. You wantinternal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.

What is the best configuration for 10.10.10.x users to access the DMZservers, using the DMZ servers’ public IP addresses?

Captive Portal is a __________ that allows the gateway to request login information from the user.

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?

The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lockhimself out of his account. How can you unlock this account?