Practice CCSE Update 156-915.80 exam. Online Exam Practice Tests with detailed explanations! Pass 156-915.80 with confidence!
156-915.80 - Check Point Certified Security Expert Update - R80 Practice Tests 2021 | Prep4pass
NEW QUESTION 33
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of
- A. Threat Emulation
- B. HTTPS
- C. VolP
- D. QOS
Answer: C
Explanation:
Explanation
The following types of traffic are not load-balanced by the CoreXL Dynamic Dispatcher (this traffic will always be handled by the same CoreXL FW instance):
* VoIP
* VPN encrypted packets
NEW QUESTION 34
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
- A. Never been synchronized
- B. Lagging
- C. Synchronized
- D. Collision
Answer: C
Explanation:
Explanation
The possible synchronization statuses are:
* Never been synchronized - immediately after the Secondary Security Management server has been installed, it has not yet undergone the first manual synchronization that brings it up to date with the Primary Security Management server.
* Synchronized - the peer is properly synchronized and has the same database information and installed Security Policy.
* Lagging - the peer SMS has not been synchronized properly.
For instance, on account of the fact that the Active SMS has undergone changes since the previous synchronization (objects have been edited, or the Security Policy has been newly installed), the information on the Standby SMS is lagging.
* Advanced - the peer SMS is more up-to-date.
For instance, in the above figure, if a system administrators logs into Security Management server B before it has been synchronized with the Security Management server A, the status of the Security Management server A is Advanced, since it contains more up-to-date information which the former does not have.
In this case, manual synchronization must be initiated by the system administrator by changing the Active SMS to a Standby SMS. Perform a operation from the more advanced server to the Standby SMS.
Change the Standby SMS to the Active SMS.
* Collision - the Active SMS and its peer have different installed policies and databases. The administrator must perform manual synchronization and decide which of the SMSs to overwrite.
NEW QUESTION 35
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
- A. Never been synchronized
- B. Lagging
- C. Synchronized
- D. Collision
Answer: C
Explanation:
The possible synchronization statuses are:
Never been synchronized - immediately after the Secondary Security Management server has been installed, it has not yet undergone the first manual synchronization that brings it up to date with the Primary Security Management server.
Synchronized - the peer is properly synchronized and has the same database information and installed Security Policy.
Lagging - the peer SMS has not been synchronized properly.
For instance, on account of the fact that the Active SMS has undergone changes since the previous synchronization (objects have been edited, or the Security Policy has been newly installed), the information on the Standby SMS is lagging.
Advanced - the peer SMS is more up-to-date.
For instance, in the above figure, if a system administrators logs into Security Management server B before it has been synchronized with the Security Management server A, the status of the Security Management server A is Advanced, since it contains more up-to-date information which the former does not have.
In this case, manual synchronization must be initiated by the system administrator by changing the Active SMS to a Standby SMS. Perform a synch me operation from the more advanced server to the Standby SMS. Change the Standby SMS to the Active SMS.
Collision - the Active SMS and its peer have different installed policies and databases. The administrator must perform manual synchronization and decide which of the SMSs to overwrite.
NEW QUESTION 36
What are you required to do before running the command upgrade_export?
- A. Run a cpstop on the Security Gateway.
- B. Run cpconfig and set yourself up as a GUI client.
- C. Close all GUI clients.
- D. Run a cpstop on the Security Management Server.
Answer: C
NEW QUESTION 37
What command would show the API server status?
- A. show api status
- B. api restart
- C. cpm status
- D. api status
Answer: D
Explanation:
Section: (none)
Explanation/Reference:
Reference: https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10
NEW QUESTION 38
Which of the following is NOT an internal/native Check Point command?
- A. tcpdump
- B. cphaprob
- C. fw ct1 debug
- D. fwaccel on
Answer: A
NEW QUESTION 39
CORRECT TEXT
Fill in the blank. To save your OSPF configuration in GAiA, enter the command ___________ .
Answer:
Explanation:
save config
NEW QUESTION 40
Fill in the blank. To verify the SecureXL status, you would enter command _____________ .
Answer:
Explanation:
fwaccel stat
NEW QUESTION 41
The Event List within the Events tab contains:
- A. the details of a selected event.
- B. a list of options available for running a query.
- C. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.
- D. events generated by a query.
Answer: D
Explanation:
Explanation
These are the components of the Events tab:
References:
NEW QUESTION 42
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
- A. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
- B. Anti-Bot is the only signature-based method of malware protection
- C. Anti-Bot is the only countermeasure against unknown malware
- D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center
Answer: D
Explanation:
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AntiBotAntiVirus_AdminGuide/index.html
NEW QUESTION 43
Which file defines the fields for each object used in the file objects.C (color, num/string, default value...)?
- A. $FWDIR/conf/classes.C
- B. $FWDIR/conf/table.C
- C. $FWDIR/conf/fields.C
- D. $FWDIR/conf/scheam.C
Answer: A
NEW QUESTION 44
The command that typically generates the firewall application, operating system, and hardware specific drivers is _________ .
Answer:
Explanation:
snapshot
NEW QUESTION 45
In which formats can Threat Emulation forensics reports be viewed in?
- A. PDF and TXT
- B. PDF, HTML, and XML
- C. PDF and HTML
- D. TXT, XML and CSV
Answer: C
NEW QUESTION 46
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
- A. It is not necessary to add a static route to the Gateway's routing table.
- B. VLAN tagging cannot be defined for any hosts protected by the Gateway.
- C. It is necessary to add a static route to the Gateway's routing table.
- D. The Security Gateway's ARP file must be modified.
Answer: A
NEW QUESTION 47
What command would show the API server status?
- A. show api status
- B. api restart
- C. cpm status
- D. api status
Answer: D
Explanation:
Reference: https://www.hurricanelabs.com/blog/check-point-api-merging-management- servers-with-r80-10
NEW QUESTION 48
The "MAC magic" value must be modified under the following condition:
- A. There are more than two members in a firewall cluster
- B. A firewall cluster is configured to use Multicast for CCP traffic
- C. There is more than one cluster connected to the same VLAN
- D. A firewall cluster is configured to use Broadcast for CCP traffic
Answer: D
Explanation:
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
NEW QUESTION 49
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
- A. This statement is false because SecureXL does not improve this traffic but CoreXL does
- B. This statement is true because SecureXL does improve all traffic
- C. This statement is true because SecureXL does improve this traffic
- D. This statement is false because encrypted traffic cannot be inspected SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long duration connections.
Answer: C
NEW QUESTION 50
Jack has finished building his new SMS server, Red, on new hardware. He used SCP to move over the Red-old.tgzexport of his old SMS server. What is the command he will use to import this into the new server?
- A. Expert@Red# ./upgrade import Red-old.tgz
- B. Expert@Red# ./migrate import Red-old.tgz
- C. Red> ./upgrade import Red-old.tgz
- D. Red> ./migrate import Red-old.tgz
Answer: D
Explanation:
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide- webAdmin/16535.htm
NEW QUESTION 51
Your organization maintains several IKE VPN's. Executives in your organization want to know which mechanism Security Gateway R80 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?
- A. Key-exchange protocols
- B. Digital signatures
- C. Application Intelligence
- D. Certificate Revocation Lists
Answer: B
NEW QUESTION 52
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.
- A. destination on server side
- B. source on server side
- C. destination on client side
- D. source on client side
Answer: C
NEW QUESTION 53
......
The best 156-915.80 exam study material and preparation tool is here: https://www.prep4pass.com/156-915.80_exam-braindumps.html
