Real Exam Questions 156-315.80 Dumps Exam Questions in here [Oct-2021]
Get Latest Oct-2021 Conduct effective penetration tests using 156-315.80
NEW QUESTION 219
SmartEvent does NOT use which of the following procedures to identify events:
- A. Matching a log against each event definition
- B. Create an event candidate
- C. Matching a log against global exclusions
- D. Matching a log against local exclusions
Answer: D
Explanation:
Explanation
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
* Matching a Log Against Global Exclusions
* Matching a Log Against Each Event Definition
* Creating an Event Candidate
* When a Candidate Becomes an Event
References:
NEW QUESTION 220
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
- A. 1, 2, 3, 4
- B. 1, 4, 2, 3
- C. 3, 1, 2, 4
- D. 4, 3, 1, 2
Answer: A
NEW QUESTION 221
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
- A. fw ctl affinity -l a -r -v
- B. fw ctl multik stat
- C. cpinfo
- D. fw ctl sdstat
Answer: A
NEW QUESTION 222
Check point recommends configuring Disk Management parameters to delete old log available disk space is less than or equal to?
- A. 45%
- B. 75%
- C. 50%
- D. 80%
Answer: C
NEW QUESTION 223
If the Active Security Management Server fails or if it becomes necessary to change the active to standby, the following steps must be taken to prevent data loss. Providing the active Security management server is responsive, which if these steps should NOT be performed:
- A. Manually synchronize the active and standby security Management servers.
- B. Change the Standby Security Management server to Active.
- C. Rename the hostname the hostname of the Standby member exactly the hostname of the Active member.
- D. Change the Active security Management server to standby.
Answer: C
NEW QUESTION 224
At what point is the Internal Certificate Authority (ICA) created?
- A. When an administrator decides to create one.
- B. When an administrator initially logs into SmartConsole.
- C. Upon creation of a certificate.
- D. During the primary Security Management Server installation process.
Answer: D
NEW QUESTION 225
Which of the following is a task of the CPD process?
- A. Transfers messages between Firewall processes
- B. Log forwarding
- C. Invoke and monitor critical processes and attempts to restart them if they fail
- D. Responsible for processing most traffic on a security gateway
Answer: C
Explanation:
Explanation
https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/12496.htm
NEW QUESTION 226
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
- A. Symmetric routing
- B. Asymmetric routing
- C. Failovers
- D. Anti-Spoofing
Answer: B
NEW QUESTION 227
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were
dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to
use Priorities Queues and fully enable Dynamic Dispatcher. How can you enable them?
- A. fw ctl multik dynamic_dispatching set_mode 9
- B. fw ctl multik set_mode 9
- C. fw ctl multik dynamic_dispatching on
- D. fw ctl multik pq enable
Answer: B
NEW QUESTION 228
Which command collects diagnostic data for analyzing customer setup remotely?
- A. cpinfo
- B. sysinfo
- C. cpview
- D. migrate export
Answer: A
Explanation:
Explanation
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of
execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading
files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support
engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and
Objects. This allows the in-depth analysis of customer's configuration and environment settings.
NEW QUESTION 229
: 19
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
- A. fw ctl multik dynamic_dispatching set_mode 9
- B. fw ctl multik set_mode 9
- C. fw ctl multik dynamic_dispatching on
- D. fw ctl multik pq enable
Answer: B
NEW QUESTION 230
How many layers make up the TCP/IP model?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 231
In what way is Secure Distribute (SND) a relevant feature if the security gateway?
- A. SDN is an alternative to IPSec Main Mode, using only 3 packets
- B. SDN is a feature fw monitor to capture accelerated packets
- C. SDN is used to distribute packets firewall instances
- D. SDN is a feature to accelerate multiple SSL VPN connections
Answer: C
NEW QUESTION 232
One of major features in R80 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
- A. AdminA and AdminB are editing the same rule at the same time.
- B. A lock icon shows that a rule or an object is locked and will be available.
- C. AdminA, AdminB and AdminC are editing three different rules at the same time.
- D. A lock icon next to a rule informs that any Administrator is working on this particular rule.
Answer: D
NEW QUESTION 233
The WebUI offers several methods for downloading hotfixes via CPUSE except:
- A. Scheduled
- B. Automatic
- C. Manually
- D. Force override
Answer: D
NEW QUESTION 234
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
- A. 15 minutes
- B. Admin account cannot be unlocked automatically
- C. 30 minutes at least
- D. 20 minutes
Answer: C
NEW QUESTION 235
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
- A. cphaprob-a if
- B. fw ctl set int fwha vmac global param enabled
- C. fw ctl get int vmac global param enabled; result of command should return value 1
- D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
Answer: D
Explanation:
References:
NEW QUESTION 236
When requiring certificates for mobile devices, make sure the authentication method is set to one of the
following, Username and Password, RADIUS or _______.
- A. SecureID
- B. TacAcs
- C. SecurID
- D. Complexity
Answer: C
NEW QUESTION 237
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
- A. 1 Interface - an interface leading to the organization and the Internet, and configure for synchronization.
- B. 3 Interfaces - an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.
- C. 2 Interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization.
- D. 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.
Answer: B
Explanation:
References:
NEW QUESTION 238
Which of the following commands shows the status of processes?
- A. cpwd_admin list
- B. cpwd admin_list
- C. cpwd -l
- D. cpwd_admin -l
Answer: A
NEW QUESTION 239
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
- A. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
- B. Anti-Bot is the only signature-based method of malware protection.
- C. Anti-Bot is the only countermeasure against unknown malware
- D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.
Answer: D
Explanation:
References:
NEW QUESTION 240
Fill in the blank: The R80 feature _____ permits blocking specific IP addresses for a specified time period.
- A. Local Interface Spoofing
- B. Suspicious Activity Monitoring
- C. Adaptive Threat Prevention
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation. - D. Block Port Overflow
Answer: B
NEW QUESTION 241
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
- A. fwd via cpd
- B. fwm via fwd
- C. fwd via cpm
- D. cpm via cpd
Answer: C
NEW QUESTION 242
......
Authentic Best resources for 156-315.80 Online Practice Exam: https://www.exam-killer.com/156-315.80-valid-questions.html
Get the superior quality 156-315.80 Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1P64LycYRHuaEgd_Z4K4LFhUc2cgR5e5I
