How Does Ucertify Check Point 156-915.80 latest exam Work?

Actualtests offers free demo for 156-915.80 exam. "Check Point Certified Security Expert Update - R80", also known as 156-915.80 exam, is a Check Point Certification. This set of posts, Passing the Check Point 156-915.80 exam, will help you answer those questions. The 156-915.80 Questions & Answers covers all the knowledge points of the real exam. 100% real Check Point 156-915.80 exams and revised by experts!

P.S. Pinpoint 156-915.80 training tools are available on Google Drive, GET MORE:

New Check Point 156-915.80 Exam Dumps Collection (Question 1 - Question 10)

Q1. What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?

A. Captive Portal is more secure than standard LDAP

B. Nothing, LDAP query is required when configuring Captive Portal

C. Captive Portal works with both configured users and guests

D. Captive Portal is more transparent to the user

Answer: C

Q2. What happen when IPS profile is set in Detect-Only Mode for troubleshooting?

A. It will generate Geo-Protection traffic

B. Automatically uploads debugging logs to Check Point Support Center

C. It will not block malicious traffic

D. Bypass licenses requirement for Geo-Protection control

Answer: C


It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic. During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

Q3. You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You donu2019t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to

use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

A. fw cti multik dynamic_dispatching on

B. fw cti multik dynamic_dispatching set_mode 9

C. fw cti multik set_mode 9

D. fw cti multik pq enable

Answer: C


To fully enable the CoreXL Dynamic Dispatcher on Security Gateway:

1. Run in Expert mode:

[Expert@HostName]# fw ctl multik set_mode 9 Example output:

[Expert@R77.30:0]# fw ctl multik set_mode 9

Please reboot the system [Expert@R77.30:0]#

Q4. You intend to upgrade a Check Point Gateway from R71 to R80. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?

A. database revision

B. snapshot

C. upgrade_export

D. backup

Answer: D

Q5. Fill in the blank. To save your OSPF configuration in GAiA, enter the command .


save config

Q6. You have three Gateways in a mesh community. Each gatewayu2019s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.

You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.

What is the problem and how do you make the VPN use the VTI tunnels?

A. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community

B. Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gatewayu2019s VPN Domain

C. Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes

D. Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.

Answer: B

Q7. You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

A. A group with generic user

B. All users

C. LDAP Account Unit Group

D. Internal user Group

Answer: A

Q8. Which file defines the fields for each object used in the file objects.C (color, num/string, default valueu2026)?

A. $FWDIR/conf/classes.C

B. $FWDIR/conf/scheam.C

C. $FWDIR/conf/fields.C

D. $FWDIR/conf/table.C

Answer: A

Q9. You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

A. No extra configuration is needed.

B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.

C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.

D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Answer: D

Q10. You are responsible for the configuration of MegaCorpu2019s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.

A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.

B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT

(bidirectional NAT).

C. Yes, there are always as many active NAT rules as there are connections.

D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

Answer: D

P.S. Easily pass 156-915.80 Exam with Thedumpscentre Pinpoint Dumps & pdf vce, Try Free: ( New Questions)