DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Achieve Success in the Check Point CCSE 156-315.80 Exam with Practice Tests

SPOTO's Check Point CCSE 156-315.80 practice questions are an essential tool for candidates aiming to pass the Check Point Certified Security Expert R80 exam. These practice tests feature a comprehensive set of exam questions and answers designed to simulate the actual exam environment. By consistently engaging with SPOTO's practice questions and mock exams, candidates can enhance their understanding of Check Point security concepts and improve their exam readiness. SPOTO's study materials and exam resources provide additional support, offering a structured approach to mastering the exam objectives. With SPOTO's effective exam preparation tools, candidates can approach the CCSE 156-315.80 exam confidently and significantly increase their chances of passing successfully.
Take other online exams

Question #1
SandBlast appliances can be deployed in the following modes:
A. sing a SPAN port to receive a copy of the traffic only
B. etect only
C. nline/prevent or detect
D. s a Mail Transfer Agent and as part of the traffic flow only
View answer
Correct Answer: C
Question #2
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
A. dd host name ip-address
B. dd hostname ip-address
C. et host name ip-address
D. et hostname ip-address
View answer
Correct Answer: A
Question #3
Which command can you use to enable or disable multi-queue per interface?
A. pmq set
B. pmqueue set
C. pmq config
D. t cpmq enable
View answer
Correct Answer: A
Question #4
Which statement is true about ClusterXL?
A. upports Dynamic Routing (Unicast and Multicast)
B. upports Dynamic Routing (Unicast Only)
C. upports Dynamic Routing (Multicast Only)
D. oes not support Dynamic Routing
View answer
Correct Answer: A
Question #5
Under which file is the proxy arp configuration stored?
A. FWDIR/state/proxy_arp
B. FWDIR/conf/local
C. FWDIR/state/_tmp/proxy
D. FWDIR/conf/local
View answer
Correct Answer: D
Question #6
Which statement is correct about the Sticky Decision Function?
A. t is not supported with either the Performance pack of a hardware based accelerator card
B. oes not support SPI’s when configured for Load Sharing
C. t is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
D. t is not required L2TP traffic
View answer
Correct Answer: A
Question #7
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
A. CP and 18190
B. CP and 257
C. CP and 8116
D. PC and 8116
View answer
Correct Answer: C
Question #8
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
A. 0 minutes
B. 5 minutes
C. dmin account cannot be unlocked automatically
D. 0 minutes at least
View answer
Correct Answer: D
Question #9
Identify the API that is not supported by Check Point currently.
A. 80 Management API-
B. dentity Awareness Web Services API
C. pen REST API
D. PSEC SDK
View answer
Correct Answer: C
Question #10
SandBlast has several functional components that work together to ensure that attacks are prevented in real- time. Which the following is NOT part of the SandBlast component?
A. hreat Emulation
B. obile Access
C. ail Transfer Agent
D. hreat Cloud
View answer
Correct Answer: C
Question #11
In R80.10, how do you manage your Mobile Access Policy?
A. hrough the Unified Policy
B. hrough the Mobile Console
C. rom SmartDashboard
D. rom the Dedicated Mobility Tab
View answer
Correct Answer: A
Question #12
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
A. his statement is true because SecureXL does improve all traffic
B. his statement is false because SecureXL does not improve this traffic but CoreXL does
C. his statement is true because SecureXL does improve this traffic
D. his statement is false because encrypted traffic cannot be inspected
View answer
Correct Answer: C
Question #13
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
A. phaprob –d STOP unregister
B. phaprob STOP unregister
C. phaprob unregister STOP
D. phaprob –d unregister STOP
View answer
Correct Answer: A
Question #14
Using ClusterXL, what statement is true about the Sticky Decision Function?
A. an only be changed for Load Sharing implementations
B. ll connections are processed and synchronized by the pivot
C. s configured using cpconfig
D. s only relevant when using SecureXL
View answer
Correct Answer: A
Question #15
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
A. liminate all possible contradictory rules such as the Stealth or Cleanup rules
B. reate a separate Security Policy package for each remote Security Gateway
C. reate network objects that restricts all applicable rules to only certain networks
D. un separate SmartConsole instances to login and configure each Security Gateway directly
View answer
Correct Answer: B
Question #16
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
A. ost having a Critical event found by Threat Emulation
B. ost having a Critical event found by IPS
C. ost having a Critical event found by Antivirus
D. ost having a Critical event found by Anti-Bot
View answer
Correct Answer: D
Question #17
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. one, Security Management Server would be installed by itself
B. martConsole
C. ecureClient
D. ecurity Gateway
E. martEvent
View answer
Correct Answer: D
Question #18
Which two of these Check Point Protocols are used by SmartEvent Processes?
A. LA and CPD
B. WD and LEA
C. WD and CPLOG
D. LA and CPLOG
View answer
Correct Answer: D
Question #19
The SmartEvent R80 Web application for real-time event monitoring is called:
A. martView Monitor
B. martEventWeb
C. here is no Web application for SmartEvent
D. martView
View answer
Correct Answer: B
Question #20
Which command shows actual allowed connections in state table?
A. w tab –t StateTable
B. w tab –t connections
C. w tab –t connection
D. w tab connections
View answer
Correct Answer: B
Question #21
What is the command to see cluster status in cli expert mode?
A. w ctl stat
B. lusterXL stat
C. lusterXL status
D. phaprob stat
View answer
Correct Answer: D
Question #22
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
A. wm compile
B. wm load
C. wm fetch
D. wm install
View answer
Correct Answer: B
Question #23
In a Client to Server scenario, which represents that the packet has already checked against the tables and the Rule Base?
A. ig l
B. ittle o
C. ittle i
D. ig O
View answer
Correct Answer: D
Question #24
When installing a dedicated R80 SmartEvent server. What is the recommended size of the root partition?
A. ny size
B. ess than 20GB
C. ore than 10GB and less than 20GB
D. t least 20GB
View answer
Correct Answer: D
Question #25
The Event List within the Event tab contains:
A. list of options available for running a query
B. he top events, destinations, sources, and users of the query results, either as a chart or in a tallied list
C. vents generated by a query
D. he details of a selected event
View answer
Correct Answer: C
Question #26
What command would show the API server status?
A. pm status
B. pi restart
C. pi status
D. how api status
View answer
Correct Answer: C
Question #27
What is the purpose of a SmartEvent Correlation Unit?
A. he SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server
B. he SmartEvent Correlation Unit’s task it to assign severity levels to the identified events
C. he Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events
D. he SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server
View answer
Correct Answer: C
Question #28
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation.Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved
A. amela should check SecureXL status on DMZ Security gateway and if it’s turned ON
B. amela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF
C. amela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic
D. amela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic
View answer
Correct Answer: A
Question #29
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot _________ .
A. V issues
B. PN errors
C. etwork issues
D. uthentication issues
View answer
Correct Answer: C
Question #30
What is considered Hybrid Emulation Mode?
A. anual configuration of file types on emulation location
B. oad sharing of emulation between an on premise appliance and the cloud
C. oad sharing between OS behavior and CPU Level emulation
D. igh availability between the local SandBlast appliance and the cloud
View answer
Correct Answer: B
Question #31
Connections to the Check Point R80 Web API use what protocol?
A. TTPS
B. PC
C. PN
D. IC
View answer
Correct Answer: A
Question #32
What are the three components for Check Point Capsule?
A. apsule Docs, Capsule Cloud, Capsule Connect
B. apsule Workspace, Capsule Cloud, Capsule Connect
C. apsule Workspace, Capsule Docs, Capsule Connect
D. apsule Workspace, Capsule Docs, Capsule Cloud
View answer
Correct Answer: D
Question #33
Fill in the blank: The R80 feature _________ permits blocking specific IP addresses for a specified time period.
A. lock Port Overflow
B. ocal Interface Spoofing
C. uspicious Activity Monitoring
D. daptive Threat Prevention
View answer
Correct Answer: C
Question #34
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
A. e can use the fw accel stat command on the gateway
B. e can use the fw accel statistics command on the gateway
C. e can use the fwaccel stat command on the Security Management Server
D. e can use the fwaccel stat command on the gateway
View answer
Correct Answer: D
Question #35
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
A. nalyzes each log entry as it arrives at the log server according to the Event Policy
B. orrelates all the identified threats with the consolidation policy
C. ollects syslog data from third party devices and saves them to the database
D. onnects with the SmartEvent Client when generating threat reports
View answer
Correct Answer: A
Question #36
Which of the following is NOT a component of Check Point Capsule?
A. apsule Docs
B. apsule Cloud
C. apsule Enterprise
D. apsule Workspace
View answer
Correct Answer: C
Question #37
SandBlast agent extends 0 day prevention to what part of the network?
A. eb Browsers and user devices
B. MZ server
C. loud
D. mail servers
View answer
Correct Answer: A
Question #38
Which web services protocol is used to communicate to the Check Point R80 Identity Awareness Web API?
A. OAP
B. EST
C. LANG
D. ML-RPC
View answer
Correct Answer: B
Question #39
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. he rule base can be built of layers, each containing a set of the security rules
B. imits the upload and download throughput for streaming media in the company to 1 Gbps
C. ime object to a rule to make the rule active only during specified times
D. ub Policies ae sets of rules that can be created and attached to specific rules
View answer
Correct Answer: D
Question #40
What is the responsibility of SOLR process on R80.10 management server?
A. alidating all data before it’s written into the database
B. t generates indexes of data written to the database
C. ommunication between SmartConsole applications and the Security Management Server
D. riting all information into the database
View answer
Correct Answer: B
Question #41
NAT rules are prioritized in which order?1. Automatic Static NAT2. Automatic Hide NAT3. Manual/Pre-Automatic NAT4. Post-Automatic/Manual NAT rules
A. , 2, 3, 4
B. , 4, 2, 3
C. , 1, 2, 4
D. , 3, 1, 2
View answer
Correct Answer: A
Question #42
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A. ail, Block Source, Block Event Activity, External Script, SNMP Trap
B. ail, Block Source, Block Destination, Block Services, SNMP Trap
C. ail, Block Source, Block Destination, External Script, SNMP Trap
D. ail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
View answer
Correct Answer: A
Question #43
Which is NOT a SmartEvent component?
A. martEvent Server
B. orrelation Unit
C. og Consolidator
D. og Server
View answer
Correct Answer: C
Question #44
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti- Virus, IPS, and Threat Emulation?
A. nti-Bot is the only countermeasure against unknown malware
B. nti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
C. nti-Bot is the only signature-based method of malware protection
D. nti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center
View answer
Correct Answer: D
Question #45
What is the most recommended way to install patches and hotfixes?
A. PUSE Check Point Update Service Engine
B. pm -Uv
C. oftware Update Service
D. nixinstallScript
View answer
Correct Answer: A
Question #46
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
A. CP port 19009
B. CP Port 18190
C. CP Port 18191
D. CP Port 18209
View answer
Correct Answer: A
Question #47
What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven solution?
A. ecurity Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure
B. ecurity Gateway failover as well as Security Management Server failover is a manual procedure
C. ecurity Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure
D. ecurity Gateway failover as well as Security Management Server failover is an automatic procedure
View answer
Correct Answer: A
Question #48
What is the purpose of Priority Delta in VRRP?
A. hen a box up, Effective Priority = Priority + Priority Delta
B. hen an Interface is up, Effective Priority = Priority + Priority Delta
C. hen an Interface fail, Effective Priority = Priority – Priority Delta
D. hen a box fail, Effective Priority = Priority – Priority Delta
View answer
Correct Answer: C
Question #49
On what port does the CPM process run?
A. CP 857
B. CP 18192
C. CP 900
D. CP 19009
View answer
Correct Answer: D
Question #50
What will SmartEvent automatically define as events?
A. irewall
B. PN
C. PS
D. TTPS
View answer
Correct Answer: C
Question #51
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. econdary Smartcenter
B. ctive Smartenter
C. onnect virtual IP of Smartcenter HA
D. rimary Smartcenter
View answer
Correct Answer: B
Question #52
Which of the following statements is TRUE about R80 management plug-ins?
A. he plug-in is a package installed on the Security Gateway
B. nstalling a management plug-in requires a Snapshot, just like any upgrade process
C. management plug-in interacts with a Security Management Server to provide new features and support for new products
D. sing a plug-in offers full central management only if special licensing is applied to specific features of the plug-in
View answer
Correct Answer: C
Question #53
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
A. nable DLP and select
B. nable
C. reate FW rule for particular protocol
D. ecli advanced attributes set prohibited_file_types exe
View answer
Correct Answer: A
Question #54
Which command collects diagnostic data for analyzing customer setup remotely?
A. pinfo
B. igrate export
C. ysinfo
D. pview
View answer
Correct Answer: A
Question #55
How many images are included with Check Point TE appliance in Recommended Mode?
A. (OS) images
B. mages are chosen by administrator during installation
C. s many as licensed for
D. he most new image
View answer
Correct Answer: A
Question #56
Which statement is true regarding redundancy?
A. ystem Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command
B. lusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast
C. achines in a ClusterXL High Availability configuration must be synchronized
D. oth ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments
View answer
Correct Answer: D
Question #57
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
A. ne machine, but it needs to be installed using SecurePlatform for compatibility purposes
B. ne machine
C. wo machines
D. hree machines
View answer
Correct Answer: C
Question #58
What is the correct command to observe the Sync traffic in a VRRP environment?
A. w monitor –e “accept[12:4,b]=224
B. w monitor –e “accept port(6118;”
C. w monitor –e “accept proto=mcVRRP;”
D. w monitor –e “accept dst=224
View answer
Correct Answer: D
Question #59
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
A. mart Cloud Services
B. oad Sharing Mode Services
C. hreat Agent Solution
D. ublic Cloud Services
View answer
Correct Answer: A
Question #60
The following command is used to verify the CPUSE version:
A. ostName:0>show installer status build
B. Expert@HostName:0]#show installer status
C. Expert@HostName:0]#show installer status build
D. ostName:0>show installer build
View answer
Correct Answer: A
Question #61
Which command gives us a perspective of the number of kernel tables?
A. w tab -t
B. w tab -s
C. w tab -n
D. w tab -k
View answer
Correct Answer: B
Question #62
What is the command to check the status of the SmartEvent Correlation Unit?
A. w ctl get int cpsead_stat
B. pstat cpsead
C. w ctl stat cpsemd
D. p_conf get_stat cpsemd
View answer
Correct Answer: B
Question #63
What cloud-based SandBlast Mobile application is used to register new devices and users?
A. heck Point Protect Application
B. anagement Dashboard
C. ehavior Risk Engine
D. heck Point Gateway
View answer
Correct Answer: D
Question #64
From SecureXL perspective, what are the tree paths of traffic flow:
A. nitial Path; Medium Path; Accelerated Path
B. ayer Path; Blade Path; Rule Path
C. irewall Path; Accept Path; Drop Path
D. irewall Path; Accelerated Path; Medium Path
View answer
Correct Answer: D
Question #65
Security Checkup Summary can be easily conducted within:
A. ummary
B. iews
C. eports
D. heckups
View answer
Correct Answer: C
Question #66
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
A. anagement Dashboard
B. ateway
C. ersonal User Storage
D. ehavior Risk Engine
View answer
Correct Answer: C
Question #67
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
A. w ctl Dyn_Dispatch on
B. w ctl Dyn_Dispatch enable
C. w ctl multik set_mode 4
D. w ctl multik set_mode 1
View answer
Correct Answer: C
Question #68
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
A. w accel stat
B. waccel stat
C. w acces stats
D. waccel stats
View answer
Correct Answer: B
Question #69
In R80 spoofing is defined as a method of:
A. isguising an illegal IP address behind an authorized IP address through Port Address Translation
B. iding your firewall from unauthorized users
C. etecting people using false or wrong authentication logins
D. aking packets appear as if they come from an authorized IP address
View answer
Correct Answer: D
Question #70
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
A. ource address, Destination address, Source port, Destination port, Protocol
B. ource MAC address, Destination MAC address, Source port, Destination port, Protocol
C. ource address, Destination address, Source port, Destination port
D. ource address, Destination address, Destination port, Protocol
View answer
Correct Answer: A
Question #71
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:
A. TTPS for web-based applications and 3DES or RC4 algorithm for native applications
B. TTPS for web-based applications and AES or RSA algorithm for native applications
C. TTPS for web-based applications and 3DES or RC4 algorithm for native applications
D. TTPS for web-based applications and AES or RSA algorithm for native applications
View answer
Correct Answer: A
Question #72
What is true about VRRP implementations?
A. RRP membership is enabled in cpconfig
B. RRP can be used together with ClusterXL, but with degraded performance
C. ou cannot have a standalone deployment
D. ou cannot have different VRIDs in the same physical network
View answer
Correct Answer: C
Question #73
Which of the following is NOT a type of Check Point API available in R80.10?
A. dentity Awareness Web Services
B. PSEC SDK
C. obile Access
D. anagement
View answer
Correct Answer: C
Question #74
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
A. wd
B. wm
C. pd
D. pwd
View answer
Correct Answer: B
Question #75
What is the port used for SmartConsole to connect to the Security Management Server?
A. PMI port 18191/TCP
B. PM port/TCP port 19009
C. IC port 18191/TCP
D. ttps port 4434/TCP
View answer
Correct Answer: B
Question #76
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?
A. PS, Anti-Bot, URL Filtering, Application Control, Threat Emulation
B. irewall, IPS, Threat Emulation, Application Control
C. PS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction
D. irewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation
View answer
Correct Answer: C
Question #77
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
A. ost name myHost12 ip-address 10
B. gmt: add host name ip-address 10
C. dd host name emailserver1 ip-address 10
D. gmt: add host name emailserver1 ip-address 10
View answer
Correct Answer: D
Question #78
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. DP port 265
B. CP port 265
C. DP port 256
D. CP port 256
View answer
Correct Answer: D
Question #79
Session unique identifiers are passed to the web api using which http header option?
A. -chkp-sid
B. ccept-Charset
C. roxy-Authorization
D. pplication
View answer
Correct Answer: C
Question #80
Which view is NOT a valid CPVIEW view?
A. DA
B. AD
C. DP
D. PN
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: