DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare Confidently for the Check Point CCSE 156-315.80 Exam with Practice Questions

SPOTO's Check Point CCSE 156-315.80 practice questions are an invaluable resource for candidates preparing for the Check Point Certified Security Expert R80 exam. These practice tests feature a comprehensive array of exam questions and answers meticulously crafted to mirror the actual exam format. By consistently engaging with SPOTO's practice questions and mock exams, candidates can enhance their understanding of Check Point security concepts and boost their exam readiness. SPOTO's study materials and exam resources provide additional support, offering a structured approach to mastering the exam objectives. With SPOTO's effective exam preparation tools, candidates can approach the CCSE 156-315.80 exam confidently and significantly increase their chances of passing successfully.
Take other online exams

Question #1
You want to store the GAIA configuration in a file for later reference. What command should you use?
A. rite mem
B. how config –f
C. ave config –o
D. ave configuration
View answer
Correct Answer: D
Question #2
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. etects and blocks malware by correlating multiple detection engines before users are affected
B. onfigure rules to limit the available network bandwidth for specified users or groups
C. se UserCheck to help users understand that certain websites are against the company’s security policy
D. ake rules to allow or block applications and Internet sites for individual applications, categories, and risk levels
View answer
Correct Answer: A
Question #3
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
A. w ctl sdstat
B. w ctl affinity –l –a –r –v
C. w ctl multik stat
D. pinfo
View answer
Correct Answer: B
Question #4
Which features are only supported with R80.10 Gateways but not R77.x?
A. ccess Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies
B. imits the upload and download throughput for streaming media in the company to 1 Gbps
C. he rule base can be built of layers, each containing a set of the security rules
D. ime object to a rule to make the rule active only during specified times
View answer
Correct Answer: C
Question #5
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?
A. ou can assign only one profile per gateway and a profile can be assigned to one rule Only
B. ou can assign multiple profiles per gateway and a profile can be assigned to one rule only
C. ou can assign multiple profiles per gateway and a profile can be assigned to one or more rules
D. ou can assign only one profile per gateway and a profile can be assigned to one or more rules
View answer
Correct Answer: C
Question #6
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:
A. reate new dashboards to manage 3rd party task
B. reate products that use and enhance 3rd party solutions
C. xecute automated scripts to perform common tasks
D. reate products that use and enhance the Check Point Solution
View answer
Correct Answer: A
Question #7
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
A. w ctl set int fwha vmac global param enabled
B. w ctl get int vmac global param enabled; result of command should return value 1
C. phaprob-a if
D. w ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
View answer
Correct Answer: D
Question #8
What are the main stages of a policy installations?
A. erification & Compilation, Transfer and Commit
B. erification & Compilation, Transfer and Installation
C. erification, Commit, Installation
D. erification, Compilation & Transfer, Installation
View answer
Correct Answer: B
Question #9
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active- Active cluster.
A. ymmetric routing
B. ailovers
C. symmetric routing
D. nti-Spoofing
View answer
Correct Answer: C
Question #10
What kind of information would you expect to see using the sim affinity command?
A. he VMACs used in a Security Gateway cluster
B. he involved firewall kernel modules in inbound and outbound packet chain
C. verview over SecureXL templated connections
D. etwork interfaces and core distribution used for CoreXL
View answer
Correct Answer: D
Question #11
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down.What command do you run to determine the cause?
A. phaprob –f register
B. phaprob –d –s report
C. pstat –f all
D. phaprob –a list
View answer
Correct Answer: D
Question #12
Which of the following describes how Threat Extraction functions?
A. etect threats and provides a detailed report of discovered threats
B. roactively detects threats
C. elivers file with original content
D. elivers PDF versions of original files with active content removed
View answer
Correct Answer: B
Question #13
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
A. ccept Template
B. eny Template
C. rop Template
D. AT Template
View answer
Correct Answer: B
Question #14
Which of these statements describes the Check Point ThreatCloud?
A. locks or limits usage of web applications
B. revents or controls access to web sites based on category
C. revents Cloud vulnerability exploits
D. worldwide collaborative security network
View answer
Correct Answer: D
Question #15
Which command lists all tables in Gaia?
A. w tab –t
B. w tab –list
C. w-tab –s
D. w tab -1
View answer
Correct Answer: C
Question #16
What command can you use to have cpinfo display all installed hotfixes?
A. pinfo -hf
B. pinfo –y all
C. pinfo –get hf
D. pinfo installed_jumbo
View answer
Correct Answer: B
Question #17
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
A. 8210
B. 8184
C. 57
D. 8191
View answer
Correct Answer: B
Question #18
The Firewall kernel is replicated multiple times, therefore:
A. he Firewall kernel only touches the packet if the connection is accelerated
B. he Firewall can run different policies per core
C. he Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. he Firewall can run the same policy on all cores
View answer
Correct Answer: D
Question #19
What are the different command sources that allow you to communicate with the API server?
A. martView Monitor, API_cli Tool, Gaia CLI, Web Services
B. martConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services
C. martConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
D. PI_cli Tool, Gaia CLI, Web Services
View answer
Correct Answer: B
Question #20
What is the command to show SecureXL status?
A. waccel status
B. waccel stats -m
C. waccel -s
D. waccel stat
View answer
Correct Answer: D
Question #21
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
A. sing Web Services
B. sing Mgmt_cli tool
C. sing CLISH
D. sing SmartConsole GUI console
E. vents are collected with SmartWorkflow from Trouble Ticket systems
View answer
Correct Answer: E
Question #22
To add a file to the Threat Prevention Whitelist, what two items are needed?
A. ile name and Gateway
B. bject Name and MD5 signature
C. D5 signature and Gateway
D. P address of Management Server and Gateway
View answer
Correct Answer: B
Question #23
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
A. Network; Host; Objects; Services; API
B. Incoming; Outgoing; Network
C. Internal; External
D. Incoming; Outgoing; Internal; Other
View answer
Correct Answer: D
Question #24
Where you can see and search records of action done by R80 SmartConsole administrators?
A. n SmartView Tracker, open active log
B. n the Logs & Monitor view, select “Open Audit Log View”
C. n SmartAuditLog View
D. n Smartlog, all logs
View answer
Correct Answer: B
Question #25
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
A. nstall appliance TE250X on SpanPort on LAN switch in MTA mode
B. nstall appliance TE250X in standalone mode and setup MTA
C. ou can utilize only Check Point Cloud Services for this scenario
D. t is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance
View answer
Correct Answer: C
Question #26
John detected high load on sync interface. Which is most recommended solution?
A. or short connections like http service – delay sync for 2 seconds
B. dd a second interface to handle sync traffic
C. or short connections like http service – do not sync
D. or short connections like icmp service – delay sync for 2 seconds
View answer
Correct Answer: A
Question #27
You need to see which hotfixes are installed on your gateway, which command would you use?
A. pinfo –h all
B. pinfo –o hotfix
C. pinfo –l hotfix
D. pinfo –y all
View answer
Correct Answer: D
Question #28
Which of the following will NOT affect acceleration?
A. onnections destined to or originated from the Security gateway
B. 5-tuple match
C. ulticast packets
D. onnections that have a Handler (ICMP, FTP, H
View answer
Correct Answer: B
Question #29
What is the SandBlast Agent designed to do?
A. erforms OS-level sandboxing for SandBlast Cloud architecture
B. nsure the Check Point SandBlast services is running on the end user’s system
C. f malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
D. lean up email sent with malicious attachments
View answer
Correct Answer: C
Question #30
What is the name of the secure application for Mail/Calendar for mobile devices?
A. apsule Workspace
B. apsule Mail
C. apsule VPN
D. ecure Workspace
View answer
Correct Answer: A
Question #31
What is the mechanism behind Threat Extraction?
A. his a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender
B. his is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient
C. his is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring)
D. ny active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast
View answer
Correct Answer: D
Question #32
Which Check Point daemon monitors the other daemons?
A. wm
B. pd
C. pwd
D. wssd
View answer
Correct Answer: C
Question #33
Which of the following process pulls application monitoring status?
A. wd
B. wm
C. pwd
D. pd
View answer
Correct Answer: D
Question #34
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
A. heck Point Remote User
B. heck Point Capsule Workspace
C. heck Point Mobile Web Portal
D. heck Point Capsule Remote
View answer
Correct Answer: C
Question #35
How can SmartView application accessed?
A. ttp:///smartview
B. ttp://:4434/smartview/
C. ttps:///smartview/
D. ttps://:4434/smartview/
View answer
Correct Answer: C
Question #36
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
A. hreat Emulation
B. TTPS
C. OS
D. oIP
View answer
Correct Answer: D
Question #37
Fill in the blank: The R80 utility fw monitor is used to troubleshoot __________.
A. ser data base corruption
B. DAP conflicts
C. raffic issues
D. hase two key negotiations
View answer
Correct Answer: C
Question #38
In ClusterXL Load Sharing Multicast Mode:
A. nly the primary member received packets sent to the cluster IP address
B. nly the secondary member receives packets sent to the cluster IP address
C. ackets sent to the cluster IP address are distributed equally between all members of the cluster
D. very member of the cluster received all of the packets sent to the cluster IP address
View answer
Correct Answer: D
Question #39
Which statement is NOT TRUE about Delta synchronization?
A. sing UDP Multicast or Broadcast on port 8161
B. sing UDP Multicast or Broadcast on port 8116
C. uicker than Full sync
D. ransfers changes in the Kernel tables between cluster members
View answer
Correct Answer: A
Question #40
What is the purpose of extended master key extension/session hash?
A. DP VOIP protocol extension
B. n case of TLS1
C. pecial TCP handshaking extension
D. upplement DLP data watermark
View answer
Correct Answer: B
Question #41
What is the benefit of “tw monitor” over “tcpdump”?
A. fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3
B. fw monitor” is also available for 64-Bit operating systems
C. ith “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”
D. fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways
View answer
Correct Answer: C
Question #42
What has to be taken into consideration when configuring Management HA?
A. he Database revisions will not be synchronized between the management servers
B. martConsole must be closed prior to synchronized changes in the objects database
C. f you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections
D. or Management Server synchronization, only External Virtual Switches are supported
View answer
Correct Answer: A
Question #43
Which command is used to display status information for various components?
A. how all systems
B. how system messages
C. ysmess all
D. how sysenv all
View answer
Correct Answer: D
Question #44
What command verifies that the API server is responding?
A. pi stat
B. pi status
C. how api_status
D. pp_get_status
View answer
Correct Answer: B
Question #45
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
A. w ctl multik dynamic_dispatching on
B. w ctl multik dynamic_dispatching set_mode 9
C. w ctl multik set_mode 9
D. w ctl multik pq enable
View answer
Correct Answer: C
Question #46
Can multiple administrators connect to a Security Management Server at the same time?
A. o, only one can be connected
B. es, all administrators can modify a network object at the same time
C. es, every administrator has their own username, and works in a session that is independent of other administrators
D. es, but only one has the right to write
View answer
Correct Answer: C
Question #47
What component of R80 Management is used for indexing?
A. BSync
B. PI Server
C. wm
D. OLR
View answer
Correct Answer: D
Question #48
What are the steps to configure the HTTPS Inspection Policy?
A. o to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard
B. o to Application&url filtering blade > Advanced > Https Inspection > Policy
C. o to Manage&Settings > Blades > HTTPS Inspection > Policy
D. o to Application&url filtering blade > Https Inspection > Policy
View answer
Correct Answer: A
Question #49
Which command would disable a Cluster Member permanently?
A. lusterXL_admin down
B. phaprob_admin down
C. lusterXL_admin down-p
D. et clusterXL down-p
View answer
Correct Answer: C
Question #50
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
A. ew host name “New Host” ip-address “192
B. et host name “New Host” ip-address “192
C. reate host name “New Host” ip-address “192
D. dd host name “New Host” ip-address “192
View answer
Correct Answer: D
Question #51
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?
A. ynchronized
B. ever been synchronized
C. agging
D. ollision
View answer
Correct Answer: D
Question #52
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
A. hreat Cloud Intelligence
B. hreat Prevention Software Blade Package
C. ndpoint Total Protection
D. raffic on port 25
View answer
Correct Answer: B
Question #53
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
A. pplication and Client Service
B. etwork and Application
C. etwork and Layers
D. irtual Adapter and Mobile App
View answer
Correct Answer: B
Question #54
When setting up an externally managed log server, what is one item that will not be configured on the R80 Security Management Server?
A. P
B. IC
C. AT
D. QDN
View answer
Correct Answer: C
Question #55
Which of the following authentication methods ARE NOT used for Mobile Access?
A. ADIUS server
B. sername and password (internal, LDAP)
C. ecurID
D. ACACS+
View answer
Correct Answer: D
Question #56
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC __________.
A. CP Port 18190
B. CP Port 18209
C. CP Port 19009
D. CP Port 18191
View answer
Correct Answer: D
Question #57
Both ClusterXL and VRRP are fully supported by Gaia R80.10 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?
A. phaprob stat
B. phaprob –a if
C. phaprob –l list
D. phaprob all show stat
View answer
Correct Answer: D
Question #58
Which is NOT an example of a Check Point API?
A. ateway API
B. anagement API
C. PSC SDK
D. hreat Prevention API
View answer
Correct Answer: A
Question #59
What is not a component of Check Point SandBlast?
A. hreat Emulation
B. hreat Simulator
C. hreat Extraction
D. hreat Cloud
View answer
Correct Answer: B
Question #60
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
A. pwd
B. wd
C. pd
D. wm
View answer
Correct Answer: D
Question #61
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. hat is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager
B. ill Layer4 VPN –SSL VPN that gives users network access to all mobile applications
C. ull Layer3 VPN –IPSec VPN that gives users network access to all mobile applications
D. ou can make sure that documents are sent to the intended recipients only
View answer
Correct Answer: C
Question #62
In the Firewall chain mode FFF refers to:
A. tateful Packets
B. o Match
C. ll Packets
D. tateless Packets
View answer
Correct Answer: C
Question #63
Which of these is an implicit MEP option?
A. rimary-backup
B. ource address based
C. ound robin
D. oad Sharing
View answer
Correct Answer: A
Question #64
What is a best practice before starting to troubleshoot using the “fw monitor” tool?
A. un the command: fw monitor debug on
B. lear the connections table
C. isable CoreXL
D. isable SecureXL
View answer
Correct Answer: D
Question #65
SmartEvent does NOT use which of the following procedures to identify events:
A. atching a log against each event definition
B. reate an event candidate
C. atching a log against local exclusions
D. atching a log against global exclusions
View answer
Correct Answer: C
Question #66
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
A. ogd
B. wd
C. wm
D. pd
View answer
Correct Answer: B
Question #67
VPN Link Selection will perform the following when the primary VPN link goes down?
A. he Firewall will drop the packets
B. he Firewall can update the Link Selection entries to start using a different link for the same tunnel
C. he Firewall will send out the packet on all interfaces
D. he Firewall will inform the client that the tunnel is down
View answer
Correct Answer: B
Question #68
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
A. Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server
B. Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization
C. Interface – an interface leading to the organization and the Internet, and configure for synchronization
D. Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization
View answer
Correct Answer: B
Question #69
What is the limitation of employing Sticky Decision Function?
A. ith SDF enabled, the involved VPN Gateways only supports IKEv1
B. cceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C. ith SDF enabled, only ClusterXL in legacy mode is supported
D. ith SDF enabled, you can only have three Sync interfaces at most
View answer
Correct Answer: B
Question #70
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
A. he CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses
B. he CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
C. he CoreXL FW instances assignment mechanism is based on IP Protocol type
D. he CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type
View answer
Correct Answer: B
Question #71
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
A. estore_backup
B. mport backup
C. p_merge
D. igrate import
View answer
Correct Answer: D
Question #72
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
A. dit fwaffinity
B. pconfig; reboot required
C. dit fwaffinity
D. pconfig; reboot not required
View answer
Correct Answer: B
Question #73
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
A. ll UDP packets
B. ll IPv6 Traffic
C. ll packets that match a rule whose source or destination is the Outside Corporate Network
D. IFS packets
View answer
Correct Answer: D
Question #74
What is mandatory for ClusterXL to work properly?
A. he number of cores must be the same on every participating cluster node
B. he Magic MAC number must be unique per cluster node
C. he Sync interface must not have an IP address configured
D. f you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members
View answer
Correct Answer: B
Question #75
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?
A. xport R80 configuration, clean install R80
B. PUSE offline upgrade
C. PUSE online upgrade
D. martUpdate upgrade
View answer
Correct Answer: B
Question #76
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
A. ySQL
B. ostgres SQL
C. arisDB
D. OLR
View answer
Correct Answer: B
Question #77
Which of the following commands shows the status of processes?
A. pwd_admin -l
B. pwd -l
C. pwd admin_list
D. pwd_admin list
View answer
Correct Answer: D
Question #78
Which remote Access Solution is clientless?
A. heckpoint Mobile
B. ndpoint Security Suite
C. ecuRemote
D. obile Access Portal
View answer
Correct Answer: D
Question #79
What information is NOT collected from a Security Gateway in a Cpinfo?
A. irewall logs
B. onfiguration and database files
C. ystem message logs
D. S and network statistics
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: