DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Updated Check Point 156-215.80 Exam Dumps – Your Path to Success

Preparing for the Check Point 156-215.80 Certified Security Administrator (CCSA R80) exam with SPOTO's comprehensive exam questions and answers is the key to success. Their meticulously crafted test questions accurately reflect the exam content, allowing you to assess your knowledge and identify areas for improvement. SPOTO's study materials and exam resources, including mock exams, provide a realistic testing environment, enabling you to develop effective time management strategies and build confidence. With SPOTO's extensive exam questions and guidance, you'll be well-equipped to tackle the CCSA R80 exam confidently and pass successfully. Don't leave your certification journey to chance – leverage SPOTO's expertise to achieve your professional goals and validate your Check Point security expertise.
Take other online exams

Question #1
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the following except:
A. reate new dashboards to manage 3rd party task
B. reate products that use and enhance 3rd party solutions
C. xecute automated scripts to perform common tasks
D. reate products that use and enhance the Check Point Solution
View answer
Correct Answer: A
Question #2
Which of the following statements is TRUE about R80 management plug-ins?
A. he plug-in is a package installed on the Security Gateway
B. nstalling a management plug-in requires a Snapshot, just like any upgrade process
C. management plug-in interacts with a Security Management Server to provide new features and support for new products
D. sing a plug-in offers full central management only if special licensing is applied to specific features of the plug-in
View answer
Correct Answer: C
Question #3
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
A. 8210
B. 8184
C. 57
D. 8191
View answer
Correct Answer: B
Question #4
Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
A. martView Monitor
B. martEvent
C. martUpdate
D. martDashboard
View answer
Correct Answer: B
Question #5
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?
A. ecurity Gateways is not part of the Domain
B. martConsole machine is not part of the domain
C. ecurity Management Server is not part of the domain
D. dentity Awareness is not enabled on Global properties
View answer
Correct Answer: B
Question #6
R80 Security Management Server can be installed on which of the following operating systems?
A. aia only
B. aia, SPLAT, Windows Server only
C. aia, SPLAT, Windows Server and IPSO only
D. aia and SPLAT only
View answer
Correct Answer: A
Question #7
___________information is included in the “Full Log” tracking option, but is not included in the “Log” tracking option?
A. ile attributes
B. pplication
C. estination port
D. ata type
View answer
Correct Answer: D
Question #8
What CLI utility allows an administrator to capture traffic along the firewall inspection chain?
A. how interface (interface) –chain
B. cpdump
C. cpdump /snoop
D. w monitor
View answer
Correct Answer: D
Question #9
Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?
A. et web ssl-port
B. et Gaia-portal port
C. et Gaia-portal https-port
D. et web https-port
View answer
Correct Answer: A
Question #10
Which type of the Check Point license ties the package license to the IP address of the Security Management Server?
A. ocal
B. entral
C. orporate
D. ormal
View answer
Correct Answer: B
Question #11
A new license should be generated and installed in all of the following situations EXCEPT when ______________ .
A. he license is attached to the wrong Security Gateway
B. he existing license expires
C. he license is upgraded
D. he IP address of the Security Management or Security Gateway has changed
View answer
Correct Answer: A
Question #12
What is the mechanism behind Threat Extraction?
A. his is a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender
B. his is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient
C. his is a new mechanism to identify the IP address of the sender of malicious codes and to put it into the SAM database (Suspicious Activity Monitoring)
D. ny active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast
View answer
Correct Answer: D
Question #13
Can a Check Point gateway translate both source IP address and destination IP address in a given packet?
A. es
B. o
C. es, but only when using Automatic NAT
D. es, but only when using Manual NAT
View answer
Correct Answer: A
Question #14
Harriet wants to protect sensitive information from intentional loss when users browse to a specific URL: https://personal.mymail.com, which blade will she enable to achieve her goal?
A. LP
B. SL Inspection
C. pplication Control
D. RL Filtering
View answer
Correct Answer: A
Question #15
Browser-based Authentication sends users to a web page to acquire identities using ______________ .
A. ser Directory
B. aptive Portal and Transparent Kerberos Authentication
C. aptive Portal
D. serCheck
View answer
Correct Answer: B
Question #16
Which feature in R77 permits blocking specific IP addresses for a specified time period?
A. uspicious Activity Monitoring
B. TTP Methods
C. ocal Interface Spoofing
D. lock Port Overflow
View answer
Correct Answer: A
Question #17
Which one of the following is the preferred licensing model?
A. ocal licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server
B. entral licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway
C. ocal licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency
D. entral licensing because it ties the package license to the MAC-address of the Security Management Server Mgmt-interface and has no dependency of the gateway
View answer
Correct Answer: B
Question #18
Licenses can be added to the License and Contract repository ______________ .
A. rom the User Center, from a file, or manually
B. rom a file, manually, or from SmartView Monitor
C. anually, from SmartView Monitor, or from the User Center
D. rom SmartView Monitor, from the User Center, or from a file
View answer
Correct Answer: A
Question #19
Which of the completed statements is NOT true? The WebUI can be used to manage Operating System user accounts and:
A. ssign privileges to users
B. dit the home directory of the user
C. dd users to your Gaia system
D. ssign user rights to their home directory in the Security Management Server
View answer
Correct Answer: D
Question #20
You want to define a selected administrator's permission to edit a layer. However, when you click the + sign in the “Select additional profile that will be able edit this layer” you do not see anything. What is the most likely cause of this problem? Choose the BEST answer.
A. Edit layers by Software Blades” is unselected in the Administrator Permission Profile
B. here are no Administrator Permission Profiles available and you need to create one first
C. ll Administrator Permission Profiles are in use
D. here are no Administrator Permission Profiles defined with limited access privileges
View answer
Correct Answer: B
Question #21
Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment. Which details she need to fill in System Restore window before she can click OK button and test the backup?
A. erver, SCP, Username, Password, Path, Comment, Member
B. erver, TFTP, Username, Password, Path, Comment, All Members
C. erver, Protocol, Username, Password, Path, Comment, All Members
D. erver, Protocol, Username, Password, Path, Comment, Member
View answer
Correct Answer: C
Question #22
Identify the API that is not supported by Check Point currently.
A. 80 Management API-
B. dentity Awareness Web Services API
C. pen REST API
D. PSEC SDK
View answer
Correct Answer: C
Question #23
ALPHA Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes that even though he has logged in as an administrator, he is unable to make any changes because all configuration options are greyed out as shown in the screenshot image below. What is the likely cause for this?
A. he Gaia /bin/confd is locked by another administrator from a SmartConsole session
B. he database is locked by another administrator SSH session
C. he Network address of his computer is in the blocked hosts
D. he IP address of his computer is not in the allowed hosts
View answer
Correct Answer: B
Question #24
What are the three components for Check Point Capsule?
A. apsule Docs, Capsule Cloud, Capsule Connect
B. apsule Workspace, Capsule Cloud, Capsule Connect
C. apsule Workspace, Capsule Docs, Capsule Connect
D. apsule Workspace, Capsule Docs, Capsule Cloud
View answer
Correct Answer: D
Question #25
A digital signature:
A. uarantees the authenticity and integrity of a message
B. utomatically exchanges shared keys
C. ecrypts data to its original form
D. rovides a secure key exchange mechanism over the Internet
View answer
Correct Answer: A
Question #26
The Captive Portal tool:
A. cquires identities from unidentified users
B. s only used for guest user authentication
C. llows access to users already identified
D. s deployed from the Identity Awareness page in the Global Properties settings
View answer
Correct Answer: A
Question #27
You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?
A. lateDst
B. lateSPort
C. lateDPort
D. lateSrc
View answer
Correct Answer: B
Question #28
DLP and Geo Policy are examples of what type of Policy?
A. tandard Policies
B. hared Policies
C. nspection Policies
D. nified Policies
View answer
Correct Answer: B
Question #29
What component of R80 Management is used for indexing?
A. BSync
B. PI Server
C. wm
D. OLR
View answer
Correct Answer: D
Question #30
Study the Rule base and Client Authentication Action properties screen. After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site. What happens when the user tries to FTP to another site using the command line? The:
A. ser is prompted for authentication by the Security Gateways again
B. TP data connection is dropped after the user is authenticated successfully
C. ser is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication
D. TP connection is dropped by Rule 2
View answer
Correct Answer: C
Question #31
Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia CLI?
A. lue > add local backup
B. xpert&Blue#add local backing
C. lue > set backup local
D. lue > add backup local
View answer
Correct Answer: D
Question #32
Which of these attributes would be critical for a site-to-site VPN?
A. calability to accommodate user groups
B. entralized management
C. trong authentication
D. trong data encryption
View answer
Correct Answer: D
Question #33
Joey wants to configure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct IP address and default port to access the Web UI for Gaia platform via browser?
A. ttps://
B. ttps://:443
C. ttps://:10000
D. ttps://:4434
View answer
Correct Answer: B
Question #34
Which of the following uses the same key to decrypt as it does to encrypt?
A. symmetric encryption
B. ynamic encryption
C. ertificate-based encryption
D. ymmetric encryption
View answer
Correct Answer: D
Question #35
What is the benefit of Manual NAT over Automatic NAT?
A. f you create a new Security Policy, the Manual NAT rules will be transferred to this new policy
B. here is no benefit since Automatic NAT has in any case higher priority over Manual NAT
C. ou have the full control about the priority of the NAT rules
D. n IPSO and GAIA Gateways, it is handled in a Stateful manner
View answer
Correct Answer: C
Question #36
Where can administrator edit a list of trusted SmartConsole clients in R80?
A. pconfig on a Security Management Server, in the WebUI logged into a Security Management Server
B. nly using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients
C. n cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients
D. ebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients, via cpconfig on a Security Gateway
View answer
Correct Answer: C
Question #37
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret, the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre- shared secret?
A. Psec VPN blade should be enabled on both Security Gateway
B. re-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway
C. ertificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
D. he Security Gateways are pre-R75
View answer
Correct Answer: C
Question #38
According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):
A. ateway
B. nteroperable Device
C. xternally managed gateway
D. etwork Node
View answer
Correct Answer: C
Question #39
The IT Management team is interested in the new features of the Check Point R80.x Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80.x because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?
A. 80
B. 80
C. 80
D. 80
View answer
Correct Answer: A
Question #40
A Cleanup rule:
A. ogs connections that would otherwise be dropped without logging by default
B. rops packets without logging connections that would otherwise be dropped and logged by default
C. ogs connections that would otherwise be accepted without logging by default
D. rops packets without logging connections that would otherwise be accepted and logged by default
View answer
Correct Answer: A
Question #41
Which of the following statements accurately describes the command snapshot?
A. napshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway
B. napshot creates a Security Management Server full system-level backup on any OS
C. napshot stores only the system-configuration settings on the Gateway
D. Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server
View answer
Correct Answer: A
Question #42
A _____________VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.
A. lientless remote access
B. lientless direct access
C. lient-based remote access
D. irect access
View answer
Correct Answer: A
Question #43
In a Network policy with Inline layers, the default action for the Implied last rule is __________all traffic. However, in the Application Control policy layer, the default action is ____________all traffic.
A. ccept; redirect
B. ccept; drop
C. edirect; drop
D. rop; accept
View answer
Correct Answer: D
Question #44
The following graphic shows:
A. iew from SmartLog for logs initiated from source address 10
B. iew from SmartView Tracker for logs of destination address 10
C. iew from SmartView Tracker for logs initiated from source address 10
D. iew from SmartView Monitor for logs initiated from source address 10
View answer
Correct Answer: C
Question #45
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. DP port 265
B. CP port 265
C. DP port 256
D. CP port 256
View answer
Correct Answer: B
Question #46
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities sh you do first?
A. reate a new logical-server object to represent your partner's CA
B. xchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA)
C. anually import your partner's Certificate Revocation List
D. anually import your partner's Access Control List
View answer
Correct Answer: B
Question #47
A security Policy is created in ______________, stored in the ______________, and Distributed to the various ______________ .
A. ule base, Security Management Server, Security Gateways
B. martConsole, Security Gateway, Security Management Servers
C. martConsole, Security Management Server, Security Gateways
D. he Check Point database, SmartConsole, Security Gateways
View answer
Correct Answer: C
Question #48
Which Check Point feature enables application scanning and the detection?
A. pplication Dictionary
B. ppWiki
C. pplication Library
D. PApp
View answer
Correct Answer: B
Question #49
You want to reset SIC between smberlin and sgosaka.In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the menu. When trying to establish a connection, instead of a working connection, you receive this error message: What is the reason for this behavior?
A. he Gateway was not rebooted, which is necessary to change the SIC key
B. ou must first initialize the Gateway object in SmartDashboard (i
C. he check Point services on the Gateway were not restarted because you are still in the cpconfig utility
D. he activation key contains letters that are on different keys on localized keyboards
View answer
Correct Answer: C
Question #50
MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway.How do you apply the license?
A. sing the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate
B. sing your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate
C. sing the remote Gateway's IP address, and applying the license locally with command cplic put
D. sing each of the Gateway's IP addresses, and applying the licenses on the Security Management Server with the command cprlic put
View answer
Correct Answer: B
Question #51
NAT can NOT be configured on which of the following objects?
A. TTP Logical Server
B. ateway
C. ddress Range
D. ost
View answer
Correct Answer: A
Question #52
Message digests use which of the following?
A. ES and RC4
B. DEA and RC4
C. SL and MD4
D. HA-1 and MD5
View answer
Correct Answer: D
Question #53
Which application should you use to install a contract file?
A. martView Monitor
B. ebUI
C. martUpdate
D. martProvisioning
View answer
Correct Answer: C
Question #54
VPN gateways authenticate using __________and ____________.
A. isguising an illegal IP address behind an authorized IP address through Port Address Translation
B. iding your firewall from unauthorized users
C. etecting people using false or wrong authentication logins
D. aking packets appear as if they come from an authorized IP address
View answer
Correct Answer: B
Question #55
Tina is a new administrator who is currently reviewing the new Check Point R80 Management console interface. In the Gateways view, she is reviewing the Summary screen as in the screenshot below. What as an 'Open Server'?
A. heck Point software deployed on a non-Check Point appliance
B. he Open Server Consortium approved Server Hardware used for the purpose of Security and Availability
C. Check Point Management Server deployed using the Open Systems Interconnection (OSI) Server and Security deployment model
D. Check Point Management Server software using the Open SSL
View answer
Correct Answer: A
Question #56
On the following picture an administrator configures Identity Awareness: After clicking “Next” the above configuration is supported by:
A. erberos SSO which will be working for Active Directory integration
B. ased on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user
C. bligatory usage of Captive Portal
D. he ports 443 or 80 what will be used by Browser-Based and configured Authentication
View answer
Correct Answer: B
Question #57
If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?
A. othing
B. CP FIN
C. CP RST
D. CMP unreachable
View answer
Correct Answer: A
Question #58
After the initial installation the First Time Configuration Wizard should be run.
A. irst Time Configuration Wizard can be run from the Unified SmartConsole
B. irst Time Configuration Wizard can be run from the command line or from the WebUI
C. irst time Configuration Wizard can only be run from the WebUI
D. onnection to the internet is required before running the First Time Configuration wizard
View answer
Correct Answer: B
Question #59
Choose the correct statement regarding Implicit Rules.
A. o edit the Implicit rules you go to: Launch Button > Policy > Global Properties > Firewall
B. mplied rules are fixed rules that you cannot change
C. ou can directly edit the Implicit rules by double-clicking on a specific Implicit rule
D. ou can edit the Implicit rules but only if requested by Check Point support personnel
View answer
Correct Answer: A
Question #60
Web Control Layer has been set up using the settings in the following dialogue:Consider the following policy and select the BEST answer.
A. raffic that does not match any rule in the subpolicy is dropped
B. ll employees can access only Youtube and Vimeo
C. ccess to Youtube and Vimeo is allowed only once a day
D. nyone from internal network can access the internet, expect the traffic defined in drop rules 5
View answer
Correct Answer: D
Question #61
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?
A. here is a virus found
B. he connection required a Security server
C. cceleration is not enabled
D. he traffic is originating from the gateway itself
View answer
Correct Answer: D
Question #62
At what point is the Internal Certificate Authority (ICA) created?
A. pon creation of a certificate
B. uring the primary Security Management Server installation process
C. hen an administrator decides to create one
D. hen an administrator initially logs into SmartConsole
View answer
Correct Answer: B
Question #63
What is the command to see cluster status in cli expert mode?
A. w ctl stat
B. lusterXL stat
C. lusterXL status
D. phaprob stat
View answer
Correct Answer: A
Question #64
Which of the following is NOT a VPN routing option available in a star community?
A. onitor
B. LI
C. ead-only
D. ash
View answer
Correct Answer: AD
Question #65
You have enabled “Extended Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
A. ogging has disk space issues
B. ontent Awareness is not enabled
C. dentity Awareness is not enabled
D. og Trimming is enabled
View answer
Correct Answer: A
Question #66
Which R77 GUI would you use to see number of packets accepted since the last policy install?
A. martView Monitor
B. martView Tracker
C. martDashboard
D. martView Status
View answer
Correct Answer: A
Question #67
What statement is true regarding Visitor Mode?
A. PN authentication and encrypted traffic are tunneled through port TCP 443
B. nly ESP traffic is tunneled through port TCP 443
C. nly Main mode and Quick mode traffic are tunneled on TCP port 443
D. ll VPN traffic is tunneled through UDP port 4500
View answer
Correct Answer: A
Question #68
MyCorp has the following NAT rules. You need to disable the NAT function when Alpha-internal networks try to reach the Google DNS (8.8.8.8) server.What can you do in this case?
A. se manual NAT rule to make an exception
B. se the NAT settings in the Global Properties
C. isable NAT inside the VPN community
D. se network exception in the Alpha-internal network object
View answer
Correct Answer: D
Question #69
Which utility allows you to configure the DHCP service on GAIA from the command line?
A. fconfig
B. hcp_cfg
C. ysconfig
D. pconfig
View answer
Correct Answer: C
Question #70
According to Check Point Best Practice, when adding a 3rd party gateway to a Check Point security solution what object SHOULD be added? A(n):
A. nteroperable Device
B. etwork Node
C. xternally managed gateway
D. ateway
View answer
Correct Answer: A
Question #71
What does the “unknown” SIC status shown on SmartConsole mean?
A. he SMS can contact the Security Gateway but cannot establish Secure Internal Communication
B. IC activation key requires a reset
C. he SIC activation key is not known by any administrator
D. here is no connection between the Security Gateway and SMS
View answer
Correct Answer: D
Question #72
What are the three tabs available in SmartView Tracker?
A. etwork & Endpoint, Management, and Active
B. etwork, Endpoint, and Active
C. redefined, All Records, Custom Queries
D. ndpoint, Active, and Custom Queries
View answer
Correct Answer: C
Question #73
If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?
A. og Implied Rule was not selected on Global Properties
B. og Implied Rule was not set correctly on the track column on the rules base
C. rack log column is set to none
D. rack log column is set to Log instead of Full Log
View answer
Correct Answer: A
Question #74
What is the purpose of Priority Delta in VRRP?
A. hen a box is up, Effective Priority = Priority + Priority Delta
B. hen an Interface is up, Effective Priority = Priority + Priority Delta
C. hen an Interface fails, Effective Priority = Priority - Priority Delta
D. hen a box fails, Effective Priority = Priority - Priority Delta
View answer
Correct Answer: C
Question #75
What happens if the identity of a user is known?
A. f the user credentials do not match an Access Role, the system displays the Captive Portal
B. f the user credentials do not match an Access Role, the system displays a sandbox
C. f the user credentials do not match an Access Role, the traffic is automatically dropped
D. f the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action
View answer
Correct Answer: D
Question #76
To fully enable Dynamic Dispatcher on a Security Gateway:
A. un fw ctl multik set_mode 9 in Expert mode and then reboot
B. sing cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu
C. dit /proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot
D. un fw ctl multik set_mode 1 in Expert mode and then reboot
View answer
Correct Answer: A
Question #77
In R80, Unified Policy is a combination of
A. ccess control policy, QoS Policy, Desktop Security Policy and endpoint policy
B. ccess control policy, QoS Policy, Desktop Security Policy and Threat Prevention Policy
C. irewall policy, address Translation and application and URL filtering, QoS Policy, Desktop Security Policy and Threat Prevention Policy
D. ccess control policy, QoS Policy, Desktop Security Policy and VPN policy
View answer
Correct Answer: D
Question #78
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?
A. he needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account
B. he needs to run sysconfig and restart the SSH process
C. he needs to edit /etc/scpusers and add the Standard Mode account
D. he needs to run cpconfig to enable the ability to SCP files
View answer
Correct Answer: C
Question #79
Which remote Access Solution is clientless?
A. heckpoint Mobile
B. ndpoint Security Suite
C. ecuRemote
D. obile Access Portal
View answer
Correct Answer: D
Question #80
Which of the following is NOT an integral part of VPN communication within a network?
A. PN key
B. PN community
C. PN trust entities
D. PN domain
View answer
Correct Answer: A
Question #81
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
A. ADIUS
B. emote Access and RADIUS
C. D Query
D. D Query and Browser-based Authentication
View answer
Correct Answer: D
Question #82
A Check Point software license consists of a ______________ and ______________ .
A. oftware container; software package
B. oftware blade; software container
C. oftware package; signature
D. ignature; software blade
View answer
Correct Answer: B
Question #83
Which of the following is NOT an advantage to using multiple LDAP servers?
A. ou achieve a faster access time by placing LDAP servers containing the database at remote sites
B. nformation on a user is hidden, yet distributed across several servers
C. ou achieve compartmentalization by allowing a large number of users to be distributed across several servers
D. ou gain High Availability by replicating the same information on several servers
View answer
Correct Answer: B
Question #84
Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?
A. martView Tracker
B. martPortal
C. martUpdate
D. martDashboard
View answer
Correct Answer: C
Question #85
The ___________ software blade enables Application Security policies to allow, block, or limit website access based on user, group, and machine identities.
A. pplication Control
B. ata Awareness
C. RL Filtering
D. hreat Emulation
View answer
Correct Answer: A
Question #86
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?1. Run cpconfig on the Gateway, select Secure Internal Communication, enter the activation key, and reconfirm.2. Initialize Internal Certificate Authority (IC
A. , 3, 4, 1, 5
B. , 1, 3, 4, 5
C. , 3, 2, 4, 5
D. , 3, 4, 5, 1
View answer
Correct Answer: B
Question #87
To build an effective Security Policy, use a _____________and ___________rule.
A. leanup; stealth
B. tealth; implicit
C. leanup; default
D. mplicit; explicit
View answer
Correct Answer: A
Question #88
What is also referred to as Dynamic NAT?
A. utomatic NAT
B. tatic NAT
C. anual NAT
D. ide NAT
View answer
Correct Answer: D
Question #89
Which Check Point supported authentication scheme typically requires a user to possess a token?
A. ACACS
B. ecurID
C. heck Point password
D. ADIUS
View answer
Correct Answer: B
Question #90
View the rule below. What does the lock-symbol in the left column mean?
A. he current administrator has read-only permissions to Threat Prevention Policy
B. nother user has locked the rule for editing
C. onfiguration lock is present
D. he current administrator is logged in as read-only because someone else is editing the policy
View answer
Correct Answer: B
Question #91
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm's business partners. Which SmartConsole application should you use to confirm your suspicious?
A. martDashboard
B. martUpdate
C. martView Status
D. martView Tracker
View answer
Correct Answer: D
Question #92
By default, which port does the WebUI listen on?
A. 0
B. 434
C. 43
D. 080
View answer
Correct Answer: C
Question #93
Which of the below is the MOST correct process to reset SIC from SmartDashboard?
A. un cpconfig, and click Reset
B. lick the Communication button for the firewall object, then click Reset
C. un cpconfig, and select Secure Internal Communication > Change One Time Password
D. lick Communication > Reset on the Gateway object, and type a new activation key
View answer
Correct Answer: B
Question #94
What is Consolidation Policy?
A. he collective name of the Security Policy, Address Translation, and IPS Policies
B. he specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database
C. he collective name of the logs generated by SmartReporter
D. global Policy used to share a common enforcement policy for multiple Security Gateways
View answer
Correct Answer: B
Question #95
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A. ail, Block Source, Block Event Activity, External Script, SNMP Trap
B. ail, Block Source, Block Destination, Block Services, SNMP Trap
C. ail, Block Source, Block Destination, External Script, SNMP Trap
D. ail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
View answer
Correct Answer: A
Question #96
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
A. TP
B. MTP
C. TTP
D. LOGIN
View answer
Correct Answer: B
Question #97
Which feature is NOT provided by all Check Point Mobile Access solutions?
A. upport for IPv6
B. ranular access control
C. trong user authentication
D. ecure connectivity
View answer
Correct Answer: A
Question #98
Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
A. ditor
B. ead Only All
C. uper User
D. ull Access
View answer
Correct Answer: B
Question #99
The Firewall kernel is replicated multiple times, therefore:
A. he Firewall kernel only touches the packet if the connection is accelerated
B. he Firewall can run different policies per core
C. he Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. he Firewall can run the same policy on all cores
View answer
Correct Answer: D
Question #100
Choose what BEST describes users on Gaia Platform.
A. here is one default user that cannot be deleted
B. here are two default users and one cannot be deleted
C. here is one default user that can be deleted
D. here are two default users and neither can be deleted
View answer
Correct Answer: B
Question #101
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
A. entagon
B. ombined
C. eshed
D. tar
View answer
Correct Answer: D
Question #102
The _________is used to obtain identification and security information about network users.
A. ser Directory
B. ser server
C. serCheck
D. ser index
View answer
Correct Answer: A
Question #103
Where can you trigger a failover of the cluster members?1. Log in to Security Gateway CLI and run command clusterXL_admin down.2. In SmartView Monitor right-click the Security Gateway member and select Cluster member stop.3. Log into Security Gateway CLI and run command cphaprob down.
A. , 2, and 3
B. and 3
C. and 2
D. and 3
View answer
Correct Answer: C
Question #104
Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in:
A. hen Joe logs in, Bob will be logged out automatically
B. ince they both are logged in on different interfaces, they both will be able to make changes
C. he database will be locked by Bob and Joe will not be able to make any changes
D. ob will receive a prompt that Joe logged in
View answer
Correct Answer: C
Question #105
Which set of objects have an Authentication tab?
A. emplates, Users
B. sers, Networks
C. sers, User Group
D. etworks, Hosts
View answer
Correct Answer: A
Question #106
Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?
A. ridge
B. oad Sharing
C. igh Availability
D. ail Open
View answer
Correct Answer: A
Question #107
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
A. un fwm dbexport -1 filename
B. un fwm_dbexport to export the user database
C. estore the entire database, except the user database, and then create the new user and user group
D. estore the entire database, except the user database
View answer
Correct Answer: D
Question #108
The CDT utility supports which of the following?
A. ajor version upgrades to R77
B. nly Jumbo HFA’s and hotfixes
C. nly major version upgrades to R80
D. ll upgrades
View answer
Correct Answer: D
Question #109
Which of the following is NOT an element of VPN Simplified Mode and VPN Communities?
A. Encrypt” action in the Rule Base
B. ermanent Tunnels
C. VPN” column in the Rule Base
D. onfiguration checkbox “Accept all encrypted traffic”
View answer
Correct Answer: A
Question #110
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?
A. NX modifies the routing table to forward VPN traffic to the Security Gateway
B. n office mode address must be obtained by the client
C. he SNX client application must be installed on the client
D. ctive-X must be allowed on the client
View answer
Correct Answer: A
Question #111
On the following graphic, you will find layers of policies.What is a precedence of traffic inspection for the defined polices?
A. packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if Implicit Drop Rule drops the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer
B. packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer
C. packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to Threat Prevention layer and then after accepting the packet it passes to IPS layer
D. packet arrives at the gateway, it is checked against the rules in IPS policy layer and then if it is accepted then it comes next to the Network policy layer and then after accepting the packet it passes to Threat Prevention layer
View answer
Correct Answer: B
Question #112
What is the order of NAT priorities?
A. tatic NAT, IP pool NAT, hide NAT
B. P pool NAT, static NAT, hide NAT
C. tatic NAT, automatic NAT, hide NAT
D. tatic NAT, hide NAT, IP pool NAT
View answer
Correct Answer: A
Question #113
In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?
A. isplay policies and logs on the administrator's workstation
B. erify and compile Security Policies
C. rocessing and sending alerts such as SNMP traps and email notifications
D. tore firewall logs to hard drive storage
View answer
Correct Answer: A
Question #114
Assuming you have a Distributed Deployment, what will be the effect of running the following command on the Security Management Server?
A. emove the installed Security Policy
B. emove the local ACL lists
C. o effect
D. eset SIC on all gateways
View answer
Correct Answer: A
Question #115
Which of the following is NOT defined by an Access Role object?
A. ource Network
B. ource Machine
C. ource User
D. ource Server
View answer
Correct Answer: D
Question #116
To optimize Rule Base efficiency the most hit rules should be where?
A. emoved from the Rule Base
B. owards the middle of the Rule Base
C. owards the top of the Rule Base
D. owards the bottom of the Rule Base
View answer
Correct Answer: C
Question #117
What happens when you run the command: fw sam -J src [Source IP Address]?
A. onnections from the specified source are blocked without the need to change the Security Policy
B. onnections to the specified target are blocked without the need to change the Security Policy
C. onnections to and from the specified target are blocked without the need to change the Security Policy
D. onnections to and from the specified target are blocked with the need to change the Security Policy
View answer
Correct Answer: A
Question #118
Choose what BEST describes the Policy Layer Traffic Inspection.
A. f a packet does not match any of the inline layers, the matching continues to the next Layer
B. f a packet matches an inline layer, it will continue matching the next layer
C. f a packet does not match any of the inline layers, the packet will be matched against the Implicit Clean-up Rule
D. f a packet does not match a Network Policy Layer, the matching continues to its inline layer
View answer
Correct Answer: B
Question #119
With which command can you view the running configuration of Gaia Operating system.
A. how conf-active
B. how configuration active
C. how configuration
D. how running-configuration
View answer
Correct Answer: C
Question #120
What command would show the API server status?
A. pm status
B. pi restart
C. pi status
D. how api status
View answer
Correct Answer: C
Question #121
Which one of the following is true about Threat Extraction?
A. lways delivers a file to user
B. orks on all MS Office, Executables, and PDF files
C. an take up to 3 minutes to complete
D. elivers file only if no threats found
View answer
Correct Answer: B
Question #122
Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?
A. irewall
B. dentity Awareness
C. pplication Control
D. RL Filtering
View answer
Correct Answer: B
Question #123
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
A. igh Availability
B. oad Sharing Multicast
C. oad Sharing Pivot
D. aster/Backup
View answer
Correct Answer: B
Question #124
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
A. ropped without sending a negative acknowledgment
B. ropped without logs and without sending a negative acknowledgment
C. ropped with negative acknowledgment
D. ropped with logs and without sending a negative acknowledgment
View answer
Correct Answer: D
Question #125
Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?
A. xternal-user group
B. DAP group
C. group with a genetic user
D. ll Users
View answer
Correct Answer: B
Question #126
The ______________ feature allows administrators to share a policy with other policy packages.
A. lobal Policies
B. hared policies
C. oncurrent policy packages
D. oncurrent policies
View answer
Correct Answer: B
Question #127
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.
A. ou checked the cache password on desktop option in Global Properties
B. nother rule that accepts HTTP without authentication exists in the Rule Base
C. ou have forgotten to place the User Authentication Rule before the Stealth Rule
D. sers must use the SecuRemote Client, to use the User Authentication Rule
View answer
Correct Answer: B
Question #128
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
A. ull
B. ight
C. ustom
D. omplete
View answer
Correct Answer: A
Question #129
You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how many often the particular rules match. Where can you see it? Give the BEST answer.
A. n the SmartView Tracker, if you activate the column Matching Rate
B. n SmartReporter, in the section Firewall Blade – Activity > Network Activity with information concerningTop Matched Logged Rules
C. martReporter provides this information in the section Firewall Blade – Security > Rule Base Analysiswith information concerning Top Matched Logged Rules
D. t is not possible to see it directly
View answer
Correct Answer: C
Question #130
When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?
A. ny size
B. ess than 20GB
C. ore than 10GB and less than 20 GB
D. t least 20GB
View answer
Correct Answer: D
Question #131
Which of the following Automatically Generated Rules NAT rules have the lowest implementation priority?
A. asswords; tokens
B. ertificates; pre-shared secrets
C. ertificates; passwords
D. okens; pre-shared secrets
View answer
Correct Answer: BC
Question #132
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?
A. DES and MD5
B. ertificates and IPsec
C. ertificates and pre-shared secret
D. Psec and VPN Domains
View answer
Correct Answer: C
Question #133
Where do you verify that UserDirectory is enabled?
A. erify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
B. erify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
C. erify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
D. erify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
View answer
Correct Answer: D
Question #134
When LDAP is integrated with Check Point Security Management, it is then referred to as ______________
A. serCheck
B. ser Directory
C. ser Administration
D. ser Center
View answer
Correct Answer: B
Question #135
A High Availability deployment is referred to as a ______________ cluster and a Load Sharing deployment is referred to as a ______________ cluster.
A. tandby/standby; active/active
B. ctive/active; standby/standby
C. ctive/active; active/standby
D. ctive/standby; active/active
View answer
Correct Answer: D
Question #136
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
A. serCheck
B. ctive Directory Query
C. ccount Unit Query
D. ser Directory Query
View answer
Correct Answer: B
Question #137
Which of the following is TRUE about the Check Point Host object?
A. heck Point Host has no routing ability even if it has more than one interface installed
B. hen you upgrade to R80 from R77
C. heck Point Host is capable of having an IP forwarding mechanism
D. heck Point Host can act as a firewall
View answer
Correct Answer: A
Question #138
The R80 SmartConsole, SmartEvent GUI client, and ______________ consolidate billions of logs and shows them as prioritized security events.
A. martMonitor
B. martView Web Application
C. martReporter
D. martTracker
View answer
Correct Answer: B
Question #139
Which of the following actions do NOT take place in IKE Phase 1?
A. eers agree on encryption method
B. iffie-Hellman key is combined with the key material to produce the symmetrical IPsec key
C. eers agree on integrity method
D. ach side generates a session key from its private key and peer's public key
View answer
Correct Answer: B
Question #140
RADIUS Accounting gets ______________ data from requests generated by the accounting client
A. estination
B. dentity
C. ayload
D. ocation
View answer
Correct Answer: B
Question #141
Once a license is activated, a ______________ should be installed.
A. icense Management file
B. ecurity Gateway Contract file
C. ervice Contract file
D. icense Contract file
View answer
Correct Answer: C
Question #142
There are two R80.X0 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational. When it re-joins the c
A. o, since “maintain current active cluster member” option on the cluster object properties is enabled by default
B. o, since “maintain current active cluster member” option is enabled by default on the Global Properties
C. es, since “Switch to higher priority cluster member” option on the cluster object properties is enabled by default
D. es, since “Switch to higher priority cluster member” option is enabled by default on the Global Properties
View answer
Correct Answer: A
Question #143
Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?
A. entral
B. orporate
C. ormal
D. ocal
View answer
Correct Answer: D
Question #144
What is true about the IPS-Blade?
A. n R80, IPS is managed by the Threat Prevention Policy
B. n R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. n R80, IPS Exceptions cannot be attached to “all rules”
D. n R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
View answer
Correct Answer: A
Question #145
When using LDAP as an authentication method for Identity Awareness, the query:
A. equires client and server side software
B. rompts the user to enter credentials
C. equires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway
D. s transparent, requiring no client or server side software, or client intervention
View answer
Correct Answer: D
Question #146
You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?
A. anual copies of the directory $FWDIR/conf
B. pgrade_export command
C. atabase Revision Control
D. AiA backup utilities
View answer
Correct Answer: C
Question #147
Which of the following is a hash algorithm?
A. DES
B. DEA
C. ES
D. D5
View answer
Correct Answer: D
Question #148
Look at the following screenshot and select the BEST answer.
A. lients external to the Security Gateway can download archive files from FTP_Ext server using FTP
B. nternal clients can upload and download any-files to FTP_Ext-server using FTP
C. nternal clients can upload and download archive-files to FTP_Ext server using FTP
D. lients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP
View answer
Correct Answer: A
Question #149
The IPS policy for pre-R80 gateways is installed during the ______________ .
A. irewall policy install
B. hreat Prevention policy install
C. nti-bot policy install
D. ccess Control policy install
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: