Abreast Of The Times 156-215.80 Testing Software For Check Point Certified Security Administrator Certification
Exambible 156-215.80 Questions are updated and all 156-215.80 answers are verified by experts. Once you have completely prepared with our 156-215.80 exam prep kits you will be ready for the real 156-215.80 exam without a problem. We have Replace Check-Point 156-215.80 dumps study guide. PASSED 156-215.80 First attempt! Here What I Did.
Free demo questions for Check-Point 156-215.80 Exam Dumps Below:
NEW QUESTION 1
Fill in the blank; The position of an Implied rule is manipulated in the _____ window
- A. NAT
- B. Firewall
- C. Global Properties
- D. Object Explorer
Answer: C
NEW QUESTION 2
What needs to be configured if the NAT property ‘Translate destination on client side’ is not enabled in Global properties?
- A. A host route to route to the destination IP
- B. Use the file local.arp to add the ARP entries for NAT to work
- C. Nothing, the Gateway takes care of all details necessary
- D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly
Answer: C
NEW QUESTION 3
Choose what BEST describes a Session.
- A. Starts when an Administrator publishes all the changes made on SmartConsole.
- B. Starts when an Administrator logs in to the Security Management Server through SmartConsole and ends when it is published.
- C. Sessions ends when policy is pushed to the Security Gateway.
- D. Sessions locks the policy package for editing.
Answer: B
Explanation:
Administrator Collaboration
More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that is independent of the other administrators.
When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited.
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
NEW QUESTION 4
Which of the following is NOT an advantage to using multiple LDAP servers?
- A. You achieve a faster access time by placing LDAP servers containing the database at remote sites
- B. Information on a user is hidden, yet distributed across several servers
- C. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
- D. You gain High Availability by replicating the same information on several servers
Answer: B
NEW QUESTION 5
Fill in the blank: The tool ____ generates a R80 Security Gateway configuration report.
- A. infoCP
- B. infoview
- C. cpinfo
- D. fw cpinfo
Answer: C
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.
When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security Gateways involved in your case.
NEW QUESTION 6
The organization's security manager wishes to back up just the Gaia operating system parameters. Which command can be used to back up only Gaia operating system parameters like interface details, Static routes and Proxy ARP entries?
- A. show configuration
- B. backup
- C. migrate export
- D. upgrade export
Answer: B
Explanation:
3. System Backup (and System Restore)
System Backup can be used to backup current system configuration. A backup creates a compressed file that contains the Check Point configuration including the networking and operating system parameters, such as routing and interface configuration etc., but unlike a snapshot, it does not include the operating system, product binaries, and hotfixes.
NEW QUESTION 7
Which of the following actions do NOT take place in IKE Phase 1?
- A. Peers agree on encryption method.
- B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.
- C. Peers agree on integrity method.
- D. Each side generates a session key from its private key and peer's public key.
Answer: B
NEW QUESTION 8
Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages.
- A. Shared policy packages
- B. Shared policies
- C. Concurrent policy packages
- D. Concurrent policies
Answer: A
NEW QUESTION 9
What is the command to see cluster status in cli expert mode?
- A. fw ctl stat
- B. clusterXL stat
- C. clusterXL status
- D. cphaprob stat
Answer: A
NEW QUESTION 10
Kofi, the administrator of the ABC Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?
- A. set web ssl-port <new port number>
- B. set Gaia-portal <new port number>
- C. set Gaia-portal https-port <new port number>
- D. set web https-port <new port number>
Answer: A
Explanation:
In Clish
Connect to command line on Security Gateway / each
Log in to Clish.
Set the desired port (e.g., port 4434):
Cluster member.
HostName> set web ssl-port <Port_Number>
Save the changes:
HostName> save config
Verify that the configuration was saved:
[Expert@HostName]# grep 'httpd:ssl_port' /config/db/initial References:
NEW QUESTION 11
What is the default shell of Gaia CLI?
- A. Monitor
- B. CLI.sh
- C. Read-only
- D. Bash
Answer: B
Explanation:
This chapter gives an introduction to the Gaia command line interface (CLI). The default shell of the CLI is called clish.
NEW QUESTION 12
On the following picture an administrator configures Identity Awareness:
After clicking “Next” the above configuration is supported by:
- A. Kerberos SSO which will be working for Active Directory integration
- B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user
- C. Obligatory usage of Captive Portal
- D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication
Answer: B
Explanation:
To enable Identity Awareness:
Log in to R80 SmartConsole.
From the Awareness.
Gateway&s
Servers
view, double-click the Security Gateway on which to enable Identity
On the Network Security tab, select Identity Awareness.
The Identity Awareness
Configuration wizard opens.
Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers
Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.
Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address).
NEW QUESTION 13
Where can administrator edit a list of trusted SmartConsole clients in R80?
- A. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.
- B. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
- C. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients.
- D. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients, via cpconfig on a Security Gateway.
Answer: C
NEW QUESTION 14
Which command shows the installed licenses?
- A. cplic print
- B. print cplic
- C. fwlic print
- D. show licenses
Answer: A
NEW QUESTION 15
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ____ .
- A. User Directory
- B. Captive Portal and Transparent Kerberos Authentication
- C. Captive Portal
- D. UserCheck
Answer: B
Explanation:
To enable Identity Awareness:
Log in to SmartDashboard.
From the Network Objects tree, expand the Check Point branch.
Double-click the Security Gateway on which to enable Identity Awareness.
In the Software Blades section, select Identity Awareness on the Network Security tab.
The Identity Awareness
Configuration wizard opens.
Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers
Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.
NEW QUESTION 16
Where would an administrator enable Implied Rules logging?
- A. In Smart Log Rules View
- B. In SmartDashboard on each rule
- C. In Global Properties under Firewall
- D. In Global Properties under log and alert
Answer: B
NEW QUESTION 17
What key is used to save the current CPView page in a filename format cpview_"cpview process ID".cap"number of captures"?
- A. S
- B. W
- C. C
- D. Space bar
Answer: B
NEW QUESTION 18
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
- A. None, Security Management Server would be installed by itself.
- B. SmartConsole
- C. SecureClient
- D. SmartEvent
Answer: D
Explanation:
There are different deployment scenarios for Check Point software products.
Standalone Deployment - The Security Management Server and the Security Gateway are installed on the same computer or appliance.
NEW QUESTION 19
What is the benefit of Manual NAT over Automatic NAT?
- A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy
- B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
- C. You have the full control about the priority of the NAT rules
- D. On IPSO and GAIA Gateways, it is handled in a Stateful manner
Answer: C
NEW QUESTION 20
Harriet wants to protect sensitive information from intentional loss when users browse to a specific URL: https://personal.mymail.com, which blade will she enable to achieve her goal?
- A. DLP
- B. SSL Inspection
- C. Application Control
- D. URL Filtering
Answer: A
Explanation:
Check Point revolutionizes DLP by combining technology and processes to move businesses from passive detection to active Data Loss Prevention. Innovative MultiSpect™ data classification combines user, content and process information to make accurate decisions, while UserCheck™ technology empowers users to remediate incidents in real time. Check Point’s self-educating network-based DLP solution frees IT/security personnel from incident handling and educates users on proper data handling policies—protecting sensitive corporate information from both intentional and unintentional loss.
NEW QUESTION 21
Fill in the blanks: VPN gateways authenticate using _____ and ______.
- A. Passwords; tokens
- B. Certificates; pre-shared secrets
- C. Certificates; passwords
- D. Tokens; pre-shared secrets
Answer: B
Explanation:
VPN gateways authenticate using Digital Certificates and Pre-shared secrets.
NEW QUESTION 22
......
100% Valid and Newest Version 156-215.80 Questions & Answers shared by Certshared, Get Full Dumps HERE: https://www.certshared.com/exam/156-215.80/ (New 485 Q&As)