156-215.80 dumps pdf, 156-215.80 exam, 156-215.80 exam dumps, 156-215.80 pdf, 156-215.80 practice test, CheckPoint

[2021.4] Study | Free CheckPoint 156-215.80 Practice Test + 156-215.80 PDF

Want to pass your CheckPoint 156-215.80 exam on the first try? Download Pass4itsure latest CheckPoint 156-215.80 exam dumps https://www.pass4itsure.com/156-215-80.html (156-215.80 exam questions) Pls keep enough time to practice! Looking for the latest 156-215.80 exam questions, 156-215.80 practice exam? Pass4itsure have!

CheckPoint 156-215.80 PDF – free download

[latest google drive pdf] 156-215.80 pdf download https://drive.google.com/file/d/1JpMEOjC2oIqLVlA49nqO0VBLfY5Vh2Xg/view?usp=sharing

CheckPoint 156-215.80 practice test (q1-q13)

Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of security rules. Layers are inspected in the order in
which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will
continue in the sub-policy attached to it rather than in the next rule.
Correct Answer: D
Reference: http://dl3.checkpoint.com/paid/1f/1f850d1640792cf885336cc6ae8b2743/CP_R80_ReleaseNotes.pdf?HashKey=1517092603_dd917544d92dccc060e5b25d28a46f79andxtn=.pdf

Which of the following is NOT a VPN routing option available in a star community?
A. To satellites through center only
B. To center, or through the center to other satellites, to Internet and other VPN targets
C. To center and to other satellites through center
D. To center only
Correct Answer: AD
For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80
1. On the Star Community window, in the:
Center Gateways section, select the Security Gateway that functions as the “Hub”.
Satellite Gateways section, select Security Gateways as the “spokes”, or satellites.
2. On the VPN Routing page, Enable VPN routing for satellites section, select one of these options:
To center and to other Satellites through center – This allows connectivity between the Security Gateways, for example
if the spoke Security Gateways are DAIP Security Gateways, and the Hub is a Security Gateway with a static IP
To center, or through the center to other satellites, to internet and other VPN targets – This allows connectivity between
the Security Gateways as well as the ability to inspect all communication passing through the Hub to the Internet.
Create an appropriate Access Control Policy rule.
NAT the satellite Security Gateways on the Hub if the Hub is used to route connections from Satellites to the Internet.
The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway
with the static IP address.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_VPN/html_frameset.htm

Where can administrator edit a list of trusted SmartConsole clients in R80?
A. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.
B. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
C. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in
SmartConsole: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients.
D. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and
Administrators>Advanced>Trusted Clients, via cpconfig on a Security Gateway.
Correct Answer: C

Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia
A. Blue > add local backup
B. ExpertandBlue#add local backing
C. Blue > set backup local
D. Blue > add backup local
Correct Answer: D

Fill in the blank: A(n) _____ rule is created by an administrator and is located before the first and before last rules in the
Rule Base.
A. Firewall drop
B. Explicit
C. Implicit accept
D. Implicit drop
E. Implied
Correct Answer: E
This is the order that rules are enforced:
First Implied Rule: You cannot edit or delete this rule and no explicit rules can be placed before it.
Explicit Rules: These are rules that you create.
Before Last Implied Rules: These implied rules are applied before the last explicit rule.
Last Explicit Rule: We recommend that you use the Cleanup rule as the last explicit rule.
Last Implied Rules: Implied rules that are configured as Last in Global Properties.
Implied Drop Rule: Drops all packets without logging.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92703.htm

Which Check Point software blade provides protection from zero-day and undiscovered threats?
A. Firewall
B. Threat Emulation
C. Application Control
D. Threat Extraction
Correct Answer: B

When should you generate new licenses?
A. Before installing contract files.
B. After an RMA procedure when the MAC address or serial number of the appliance changes.
C. When the existing license expires, license is upgraded or the IP-address where the license is tied changes.
D. Only when the license is upgraded.
Correct Answer: B
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk84802

Fill in the blank: The tool _______ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Correct Answer: C
CPInfo is an auto-updatable utility that collects diagnostics data on a customer\\’s machine at the time of execution and
uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point
The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can
open the CPinfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the indepth
analysis of customer\\’s configuration and environment settings.
When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security
Gateways involved in your case. Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk92739

On the following picture an administrator configures Identity Awareness:

156-215.80 exam questions-q9

After clicking “Next” the above configuration is supported by:
A. Kerberos SSO which will be working for Active Directory integration
B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and
machines to IP addresses in a method that is completely transparent to the user
C. Obligatory usage of Captive Portal
D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication
Correct Answer: B
To enable Identity Awareness:
Log in to R80 SmartConsole.
From the Gateways and Servers view, double-click the Security Gateway on which to enable Identity Awareness.
On the Network Security tab, select Identity Awareness. The Identity Awareness Configuration wizard opens.
Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
AD Query – Lets the Security Gateway seamlessly identifies Active Directory users and computers.
Browser-Based Authentication – Sends users to a Web page to acquire identities from unidentified users. If Transparent
Kerberos Authentication is configured, AD users may be identified transparently.
Terminal Servers – Identify users in a Terminal Server environment (originating from one IP address).
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_IdentityAwareness/html_frameset.htm?topic=documents/R80/CP_R80BC_IdentityAwareness/62050

Which of the below is the MOST correct process to reset SIC from SmartDashboard?
A. Run cpconfig, and click Reset.
B. Click the Communication button for the firewall object, then click Reset. Run cpconfig on the gateway and type a new
activation key.
C. Run cpconfig, and select Secure Internal Communication > Change One Time Password.
D. Click Communication > Reset on the Gateway object, and type a new activation key.
Correct Answer: B

Which of the following commands is used to monitor cluster members?
A. cphaprob state
B. cphaprob status
C. cphaprob
D. cluster state
Correct Answer: A
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7298.htm

Which of the following is NOT an option for internal network definition of Anti-spoofing?
A. Specific ?derived from a selected object
B. Route-based ?derived from gateway routing table
C. Network defined by the interface IP and Net Mask
D. Not-defined
Correct Answer: B

Access roles allow the firewall administrator to configure network access according to:
A. a combination of computer groups and network
B. users and user groups
C. all of above
D. remote access clients
Correct Answer: C
To create an access role:
Select Users and Administrators in the Objects Tree.
Right-click Access Roles > New Access Role.
The Access Role window opens.
Enter a Name and Comment (optional) for the access role.
In the Networks tab, select one of these:
Any network
Specific networks – Click the plus sign and select a network.
Your selection is shown in the Networks node in the Role Preview pane.
In the Users tab, select one of these:
Any user
All identified users – Includes users identified by a supported authentication method (internal users, AD users or LDAP
Specific users – Click the plus sign.
A window opens. You can search for Active Directory entries or select them from the list.
In the Machines tab, select one of these:
Any machine
All identified machines – Includes machines identified by a supported authentication method (AD).
Specific machines – Click the plus sign.
You can search for AD entries or select them from the list.
Optional: For computers that use Full Identity Agents, from the Machines tab select Enforce IP spoofing protection.
Click OK.
The access role is added to the Users and Administrators tree.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92705.htm

156-215.80 exam questions video

Share CheckPoint dumps Pass4itsure discount code


This blog collected actual CheckPoint 156-215.80 questions and answers, 156-215.80 pdf, 156-215.80 exam video. Get the latest complete 156-215.80 exam dumps https://www.pass4itsure.com/156-215-80.html (Q&As: 159 156-215.80 dumps). Please allow me enough time to practice.

100% free CheckPoint 156-215.80 pdf https://drive.google.com/file/d/1JpMEOjC2oIqLVlA49nqO0VBLfY5Vh2Xg/view?usp=sharing