10 Tips For 156-215.80 client
Proper study guides for Up to the minute Check Point Check Point Certified Security Administrator certified begins with Check Point 156-215.80 preparation products which designed to deliver the Pinpoint 156-215.80 questions by making you pass the 156-215.80 test at your first time. Try the free 156-215.80 demo right now.
Q1. In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
A. Pentagon
B. Combined
C. Meshed
D. Star
Answer: D
Explanation:
VPN communities are based on Star and Mesh topologies. In a Mesh community, there are VPN connections between each Security Gateway. In a Star community, satellites have a VPN connection with the center Security Gateway, but not to each other.
Q2. Which Check Point software blade provides protection from zero-day and undiscovered threats?
A. Firewall
B. Threat Emulation
C. Application Control
D. Threat Extraction
Answer: D
Explanation:
SandBlast Threat Emulation
As part of the Next Generation Threat Extraction software bundle (NGTX), the SandBlast Threat Emulation capability prevents infections from undiscovered exploits zero-day and targeted attacks. This innovative solution quickly inspects files and runs them in a virtual sandbox to discover malicious behavior. Discovered malware is prevented from entering the network.
Q3. What is the purpose of Captive Portal?
A. It provides remote access to SmartConsole
B. It manages user permission in SmartConsole
C. It authenticates users, allowing them access to the Internet and corporate resources
D. It authenticates users, allowing them access to the Gaia OS
Answer: C
Explanation:
Reference :https://www.checkpoint.com/products/identity-awareness-software-blade/
Q4. Which of the following is NOT a VPN routing option available in a star community?
A. To satellites through center only
B. To center, or through the center to other satellites, to Internet and other VPN targets
C. To center and to other satellites throughcenter
D. To center only
Answer: A,D
Explanation:
SmartConsoleFor simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 SmartConsole:
The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address.
Q5. Which of the following Automatically Generated Rules NAT rules have the lowest implementation priority?
A. Machine Hide NAT
B. Address Range Hide NAT
C. Network Hide NAT
D. Machine Static NAT
Answer: B,C
Explanation:
SmartDashboard organizes the automatic NAT rules in thisorder:
Q6. The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is _____.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Answer: D
Q7. Choose what BEST describes a Session.
A. Starts when an Administratorpublishes all the changes made on SmartConsole.
B. Starts when an Administrator logs in to the Security Management Server through SmartConsole and ends when it is published.
C. Sessions ends when policy is pushed to the Security Gateway.
D. Sessions locksthe policy package for editing.
Answer: B
Explanation:
Administrator Collaboration
More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that isindependent of the other administrators.
When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session
are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited.
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
Q8. What are the three conflict resolution rules in the Threat Prevention Policy Layers?
A. Conflict on action, conflict on exception, and conflict on settings
B. Conflict on scope, conflict on settings, and conflict on exception
C. Conflict on settings, conflict on address, and conflict on exception
D. Conflict on action, conflict on destination, and conflict on settings
Answer: C
Q9. The most important part of a site-to-site VPN deployment is the _____ .
A. Internet
B. Remote users
C. Encrypted VPN tunnel
D. VPN gateways
Answer: C
Explanation:
Site to Site VPNThe basis of Site to Site VPN is the encrypted VPN tunnel. Two Security Gateways negotiate a link and create a VPN tunnel and each tunnel can contain more than one VPN connection. One Security Gateway can maintain more than one VPN tunnel at the same time.
Q10. Fill in the blank: Each cluster has _____ interfaces.
A. Five
B. Two
C. Three
D. Four
Answer: C
Explanation:
Each cluster member has three interfaces: one external interface, oneinternal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch.