Checkpoint - 156-315.

80

Question #:1

How can SmartView Web application accessed?

A. https://<Security Management IP address>/ smartview

B. https://<Security Management IP address>:4434/smartview/

C. https://<Security Management IP address>/smartview/

D. https://<Security Management IP address>/smartview/

Answer: A

Question #:2

Which view is NOT a valid CPVIEW view?

A. IDA

B. RAD

C. PDP

D. VPN

Answer: C

Question #:3

Check point Central Deployment Tool (CDT) communication with the Security Gateway /

Cluster Members over check point SIC________

A. TCP port 18190

B. TCP port 18209

C. TCP port 19009

D. TCP port 18191

Answer: D

1 of 34
 Checkpoint - 156-315.80

Question #:4

What makes Anti-Bot unique compared to gather Threate Prevention mechanisms, Such as URL Filtering
Anti-Virus, IPS and Threat Emulation?

A. Anti-Bot is the only countermeasure against unknown malware

B. Anti-Bot is the only protection mechanism which startsacounter-attack against known Command &
Control Centers

C. Anti-Bot is the only signature based method of mature protection

D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a

Command & Control Center

Answer: B

Question #:5

Which statement is not TRUE about Default synchronization?

A. Using UDP Multicast Broadcast on port 8161

B. Using UDP Multicast on port 8116

C. Quicker than Full sync

D. Transfer changes in the kernel tables between cluster members

Answer: C

Question #:6

Which command shows actual connection in state table?

A. fw tab-t state Table

B. fw tab-tab connections

C. fw tab-t connection

D. fw tab connections

Answer: D

2 of 34
 Checkpoint - 156-315.80

Question #:7

Identify the API that is not supported by Check Point currently.

A. R80 Management API-

B. Identity Awareness Web Services API

C. Open REST API

D. OPSEC SDK

Answer: A

Question #:8

How many images are included with check point TE appliance in Recommended Mode?

A. 2(OS) images

B. Images are chosen by administrator during installation

C. as many as licensed for

D. the most new images

Answer: A

Question #:9

Full synchronization between cluster members is handled by Firewall kernel. Which port is used for this?

A. UDP port 265

B. TCP port 265

C. UDP port 256

D. TCP port 256

Answer: B

Question #:10

Which of the following process pulls application monitoring status?

3 of 34
 Checkpoint - 156-315.80

A. fwd

B. fwm

C. cpwd

D. cpd

Answer: D

Question #:11

What command refers that the API server is responding?

A. api stat

B. api status

C. show api_status

D. api_get_status

Answer: A

Question #:12

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session
without employing Stateful Inspection?

A. Stateful Mode

B. VPN Routing Mode

C. Wire Mode

D. Stateless Mode

Answer: C

Question #:13

Which of the following Check point process within the security Management server is responsible for the
receiving log records from Security Gateway?

A.

4 of 34
 Checkpoint - 156-315.80

A. logd

B. fwd

C. fwm

D. cpd

Answer: D

Question #:14

What are different command sources that allow you to communication with the API server?

A. SmartView Monoter, API_cli Tool, Gala CLI. Web Services

B. SmartConsole GUI Console,MGMT_Cli Tool,Gala CLI, Web Services

C. SmartConsole GUI Console API Console _cli Tool,CLI,Web Services

D. API_cli Tool Gala CLI, Web Services

Answer: B

Question #:15

Which command would disable a Cluster Member permanently?

A. clusterXL_ adimn down

B. cphaprob_admin down

C. clusterXL_admin down -p

D. set clusterXL down-p

Answer: A

Question #:16

CPM process stores objects, policies, users, administrators, licenses and management data in a database, This
database is:

A. MYSQL

B.

5 of 34
 Checkpoint - 156-315.80

B. Postgres SQL

C. MarisD6

D. SOLR

Answer: C

Question #:17

There are 4 ways to use the management API for creating host object with R80 Management APL. Which one
is NOT correct?

A. Using web Services

B. Using Mgml_cli tool

C. Using CLISH

D. Using SmartConsole GUI console

Answer: B

Question #:18

Which statement is true regarding redundancy?

A. System administrator know when their cluster has failed over an can also see why filled over by using
the cphaprob -f it command.

B. CliusterXL offers three different load Sharing solution uncast, Broadcast, and multicast.

C. Machines In a Clutter XL High Availability configuration must be synchronized.

D. Both ClusterXL and VBRP are fully Supported by Gala and available to all Check Point appliances,
open servers, and virtualized environments.

Answer: A

Question #:19

What is the mechanism behind Threat Extraction?

A. This is a new mechanism which extracts malicious files from a document to use it as a counter-attack
against its sender

6 of 34
 Checkpoint - 156-315.80

B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy
it prior to sending it to the intended recipient

C. This is a new mechanism to identify the IP address of the sender of malicious codes and to put it into the
SAM database (Suspicious Activity Monitoring).

D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the
document and forwarded to the intended recipient, which makes this solution very fast

Answer: D

Question #:20

Fwssd is a child process of which of the following Check point daemons?

A. fwd

B. cpwd

C. fwm

D. cpd

Answer: A

Question #:21

Which the following type of authentication on Mobile Access can NOT be used as the first authentication
method?

A. Dynamic ID

B. Radius

C. Username and password

D. Certificate

Answer: A

Question #:22

NAT rules are prioritized in which order?

7 of 34
 Checkpoint - 156-315.80

1.Automatic Static NAT

2.Automatic Hide NAT

3.Manual/pre-Automatic NAT

4.Post Automatic/Manual NAT rules

A. 1,2,3,4

B. 1,4,2,3

C. 3,1,2,4

D. 4,3,1,2

Answer: A

Question #:23

What CLI will reset the IPS pattern matcher statistics?

A. Ips reset pmstat

B. ips pstats reset

C. ips pmstats refresh

D. ips pmstats reset

Answer: D

Explanation
https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/84627.htm

Question #:24

What is the difference between an event and a log?

A. Events are generated at gateway according to Event Policy

B. A log entry becomes an event when it matches any rule defined in Event Policy

C. Events are collected with SmartWorkflow from Trouble Ticket systems

D. Logs and Events are synonyms

8 of 34
 Checkpoint - 156-315.80

Answer: B

Question #:25

You want to gather data analysis threats to your mobile device. It has to lightweight app. Which application
would you use?

A. SmartEvent client info

B. Securemode

C. Check point protect

D. check point capture Cloud

Answer: D

Question #:26

Which feature are only supported with R80.10 Getaways but not R77.x?

A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Date Awareness, and
Mobile Access Software Blade policies.

B. Limits the upload and download throughput for sharing media in the company to 1 GBPS.

C. The rule base can be but of the layers, each containing a set of the security rules. Layer are inspected in
the order in which they are defined, allowing control over the bas flow and which security
functionalities take precedence.

D. Time object to a rule to make the rule active only during specified times.

Answer: A

Question #:27

Communication to the Check point R80 Web API use what protocol?

A. HTTPS

B. RPC

C. VPN

D. SIC

9 of 34
 Checkpoint - 156-315.80

Answer: A

Question #:28

Which command will allow you to see the interface status?

A. cphaprob interface

B. cphaprob interface

C. cphaprob -a if

D. cphaprob strat

Answer: C

Question #:29

The process on the Security Gateway sends logs to the fwd process on the Management Server via which 2
processes?

A. fwd via cpm

B. fwm via fwd

C. cpm via cpd

D. fwd via cpd

Answer: B

Question #:30

Which command collects diagnostic data for analyzing customer setup remotely?

A. cpinfo

B. migrate export

C. sysinfo

D. cpview

Answer: A

10 of 34
 Checkpoint - 156-315.80

Explanation
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk9273

Question #:31

In order to get about assignment (FW,SND) of all CPUSs in your SGW, what is the most accurate CLI
command?

A. fw ctl sdstat

B. fw ctl affinity-i-a-r-v

C. fw ctl multiple stat

D. cpinfo

Answer: B

Question #:32

Which two of these Check point protection are used by SmartEvent processes?

A. ELA and CPD

B. FWD and LEA

C. FWD and CPLOG

D. ELA and CPLOG

Answer: A

Question #:33

Sticky Decision Function (SDF) is required which to prevent which of the following? Assume you set up an
Active cluster.

A. Symmetric routing

B. Failovers

C. Asymmetric routing

D. Anti-spoofing

11 of 34
 Checkpoint - 156-315.80

Answer: B

Question #:34

Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?

A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in
the order in which they are defined, allowing control over the rule base flow and which security
functionalities take precedence.

B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C. Time object to a rule to make the rule active only during specified times.

D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched,
inspection will continue in the sub policy attached to it rather than in the next rule.

Answer: D

Question #:35

What are the attributes that secureXL will after the connection is allowed by Secure policy?

A. Secure address, Destination address, Source port, Destination port, protocol

B. Source MAC address, Destination MAC address, Source port, Destination port, protocol

C. Source address, Destination address, Source port, Destination port.

D. Source address, Destination address port protocol

Answer: A

Question #:36

What is the limitation of Employing Stickly Function?

A. With SDF enable, the involved VPN Gateways only supports BCEv1

B. Acceleration technologies, such as Secure XL and CoreXL are disabled when activating SDF

C. With SDF enabled, only ClusterXL in legacy mode is supported

D. With SDF enabled, you can only have three sync interfaces at most

12 of 34
 Checkpoint - 156-315.80

Answer: B

Question #:37

Which command to used set the CCP protocol to Multicast?

A. cphaprob set_ccp multicast

B. cphaconf set_ccp multicast

C. cphaconf set_ccp no broardcast

D. cphaprob set_ccp no_broadcast

Answer: B

Explanation
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk2057

Question #:38

The Firewall kernel is replicated multiple times, therefore:

A. The Firewall kernel only touches the packet if the connection is accelerated

B. The Firewall can run different policies per core

C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times
out

D. The Firewall can run the same policy on all cores

Answer: D

Question #:39

To verify enable Dynamic Dispatcher on a Security Gateway:

A. run fw multik set_mode 9 in Expert mode then reboot

B. Using spoofing update the Dynamic Dispatcher value to “full” under the CoreXl menu.

C. Edit/proc/interrupts to include multik mode 1 at the bottom of the file save and reboot.

D. run fw clt multik _mode 1 in Expert mode and then reboot.

13 of 34
 Checkpoint - 156-315.80

Answer: A

Question #:40

Which TCP-port does CPM process listen to?

A. 18191

B. 18190

C. 8983

D. 19009

Answer: B

Question #:41

Which commands can you use to verify the member of active concurrent connections?

A. fw conn all

B. fw ctl pstat

C. show all connections

D. show connections

Answer: B

Question #:42

What SmartEvent component creates events?

A. Consolidation Policy

B. Correlation Unit

C. SmartEvent Policy

D. SmartEvent GUI

Answer: B

14 of 34
 Checkpoint - 156-315.80

Question #:43

Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset
every

A. 15 sec

B. 60 sec

C. 5 sec

D. 30 sec

Answer: B

Question #:44

You are working with multiple Security enforcing an extensive number of rules. To simplify security
administration, which action you chose?

A. Eliminate all possible contradirectory rules such as the Stealth or Cleanup rules.

B. Create a separate Security policy package for each remote Security Gateway.

C. Create network objects that restrict all applicable rules to only certain networks.

D. Run separate SmartConsole Instances to login and each configure each Security Gateway.

Answer: A

Question #:45

Which is NOT example of a check point API?

A. Gateway API

B. Management API

C. OpSEF SDK

D. Threat perversion API

Answer: A

15 of 34
 Checkpoint - 156-315.80

Question #:46

What Factors preclude Secure XL Templating?

A. Source port Ranges/Encrypted Connections

B. IPS

C. ClusterXL in load sharing Mode

D. CoreXL

Answer: A

Question #:47

Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems
this way, how many machines will he need if he does NOT include a SmartConsole machine in his
calculations?

A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

B. One machine

C. Two machines

D. Three machines

Answer: C

Question #:48

Which packet info is ignored with Session Rate Acceleration?

A. source port ranges

B. source ip

C. source port

D. same info from Packet Acceleration is used

Answer: C

Question #:49

16 of 34
 Checkpoint - 156-315.80

CoreXL is supported when one of the following features is enabled:

A. Route-based VPN

B. IPS

C. IPv6

D. Overlapping NAT

Answer: B

Question #:50

To full enable Dynamic Dispatcher with priority Quesues on a Security Gateway, run the following command
in Expert mode then reboot:

A. fw ctl multik set_mode 1.

B. fw ctl Dynamic _priority_Queue on

C. fw clt Dynamic _priority_ Quenue enable

D. Fw clt multik_mode 9

Answer: D

Question #:51

Which of the SecureXL template are enabled by default on Security Gateway?

A. Accept

B. Drop

C. NAT

D. None

Answer: A

Question #:52

Which command lists all tables in Gaia?

17 of 34
 Checkpoint - 156-315.80

A. Fw tab-t

B. fw tab -list

C. fw tab-s

D. fw tab-I

Answer: A

Question #:53

Check Point Management (cpm) is the main management process in that it provides the architecture for a
consolidated management console. CPM allows the GUI client and management server to communicate via
web services using ________.

A. TCP port 19009

B. TCP Port 18190

C. TCP Port 18191

D. TCP Port 18209

Answer: A

Question #:54

In R80.10, how do you manage your Mobile Access policy?

A. Through the unified policy

B. Through the Mobile Console

C. From SmartDashboard

D. From the Dedicated Mobility Tab

Answer: C

Question #:55

Fill in the blank The tool __________ generates a R80 Security Gateway configuration report.

A. infoCP

18 of 34
 Checkpoint - 156-315.80

B. infoview

C. cpinfo

D. fw cpinfo

Answer: C

Question #:56

When requiring certification for Mobile devices, make sure the authentication method is set tone of the
following Username and password RADIUS or ________.

A. Secure ID

B. SecurID

C. Complexity

D. Tacacs

Answer: B

Question #:57

What is the amount CPU cores required to enable CoreXL?

A. 2

B. 1

C. 4

D. 6

Answer: A

Question #:58

Your manager asked you to disk you to check the status of SecureXL, and its enabled templates and feature.
What command will you use to provide such information to manager?

A. fw accel stat

B.

19 of 34
 Checkpoint - 156-315.80

B. fwaccel stat

C. fw access stats

D. fwaccel stats

Answer: A

Question #:59

SanBlast Mobile threats in mobile devices by using on-device, network and cloud-based algorithms and has
four dedicated components that constantly work together to protect mobile devices and their data. Which
components is not part of the SandBlast Mobile solution?

A. Management Dashboard

B. Gateway

C. Personal User Storage

D. Behavior Risk Engine

Answer: A

Question #:60

What has to be taken into consideration when configuring Management HA?

A. The Database revisions will not be synchronized between the management servers

B. SmartConsole must be closed prior to synchronize change in the objects database

C. If you wanted to use full Connectivity Upgrade, you must change the implied Rules to allow
FW!_cpreduntdant to pass before the firewall Control connections.

D. For Management Sever synchronization, only External virtual switches are support, so, if you wanted to
employ virtual Routers instead, you have to reconsider your design.

Answer: B

Question #:61

Which of the following authentication methods ARE NOT used for Mobile Access?

A. RADIUS server

20 of 34
 Checkpoint - 156-315.80

B. Username password (internal, LDAP)

C. SecureID

D. TACACS+

Answer: D

Question #:62

Advance Security Checkups can easily conducted with:

A. Report

B. Advanced

C. Checkups

D. Views

Answer: A

Question #:63

What happened when IPs is not set in Detect Only Mobile for troubleshooting?

A. It will generate Geo-protection traffic

B. Authentically upload debugging logs to check port support Center

C. It will not block malicious traffic

D. Bypass licenses requirement for Geo-protection control

Answer: A

Question #:64

What is the least ideal Synchronization Status for Security Management Server high Availability deployment?

A. Synchronized

B. Never been synchronized

C.

21 of 34
 Checkpoint - 156-315.80

C. Lagging

D. Collision

Answer: A

Explanation
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_S

Question #:65

In R80 spoofing is defined as a method of :

A. Disguising an illegal IP address behind an authorized IP address through port address Translation.

B. Hiding your firewall from unauthorized users.

C. Detecting people using false or wrong authentication logins.

D. Making packets appears as if they come from an authorized IP address.

Answer: D

Question #:66

Fill in the blank: The R80 utility fw monitor is used to troubleshoot _____________

A. User data base corruption

B. LDAP conflicts

C. Traffic issues

D. Phase two key negotiation

Answer: C

Explanation
Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW
Monitor utility captures network packets at multiple capture points along the FireWall inspection chains.
These captured packets can be inspected later using the WireShark

Question #:67

What is the correct command to observe the Sync traffic in a VRRP environment?

22 of 34
 Checkpoint - 156-315.80

A. fw monitor –e “accept [12:4,b]=224,0.0,18

B. fw monitor –e “accept port(16118

C. fw monitor –e “accept proto=mcVRRp;”

D. fw monitor –e “accept dst=224.0.0.18;”

Answer: A

Question #:68

What is true about the IPS-Blade?

A. in R80, IPS is managed by the Threat Prevention Policy

B. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

C. in R80, IPS Exceptions cannot be attached to “all rules”

D. in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

Answer: A

Question #:69

Which statement is correct about the sticky Decision function?

A. it is not supported with either the performance pack or a hardware based accelerator card

B. Does not support SPt’s when configured for Load sharing

C. it is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

D. it is not required L2TP traffic

Answer: D

Question #:70

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal
website, file share and emails?

A. Check point Remote User

23 of 34
 Checkpoint - 156-315.80

B. Check point Capsule Workspace

C. Check point Mobile web portal

D .Check point Capsule Remote

Answer: A

Question #:71

The event list within the Event tab contains:

A. a list of options available for running a query.

B. the top events, destructions, sources, and uses of the query results, either as a chart or in a tallied list.

C. events generated by a query.

D. the details of a selected event.

Answer: C

Question #:72

During Inspection of your Threat Prevention logs you find four different computers having one event each
with a critical Severity. Which of those host should you try to remediate first?

A. Host having critical event found by Threat Emulation IS.

B. Host having critical event found by IPS

C. Host having critical event found by Antivirus

D. Host having critical event found by Anti-Bot

Answer: A

Question #:73

To help smartEvent determine whether events originated internally or externally you must define using the
initial Settings under General Settings in the Policy tab. How many options are available to calculate the traffic
direction?

A. 5 Network; Outgoing; Objects: Services: API

24 of 34
 Checkpoint - 156-315.80

B. 3 incoming; Outgoing; Network

C. 2 Internal; External

D. 4. Incoming; Outgoing; internal; Other

Answer: D

Question #:74

You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were
dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to
use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

A. fw cti multik dynamic_dispatching on

B. fw cti multik dynamic_dispatching set_mode 9

C. fw cti multik set_mode 9

D. fw cti multik pq enable

Answer: C

Question #:75

If you needed the Multicast address of a cluster, what command would you run?

A. cphaprob-a if

B. cphaconf ccp multicast

C. cphaconf debug data

D. cphaprob igmp

Answer: B

Question #:76

Which of the following statements is TRUE about R80 management plug-ins?

A. The plug-in is a package installed on the Security Gateway.

B. Installing a management plug-in requires a Snapshot, just like any upgrade process.

25 of 34
 Checkpoint - 156-315.80

C. A management plug-in interacts with a Security Management Server to provide new features and
support for new products.

D. Using a plug-in offers full central management only if special licensing is applied to specific features of
the plug-in.

Answer: C

Question #:77

What is not component of check point SandBlast?

A. Threat Emulation

B. Threat Simulation

C. Threat Extraction

D. Threat Cloud

Answer: B

Question #:78

When doing a Stand-Alone Installation, you would install the Security Management Server with which other
Check Point architecture component?

A. None, Security Management Server would be installed by itself.

B. SmartConsole

C. SecureClient

D. SmartEvent

Answer: D

Question #:79

Check point Management (cpm) is the management process in that it possible the architecture management
console. It empowers the migration from legacy Client side logic to Server side logic. The cpm process:

A. Allow GUI client management server to communicate via TCP port 19001

B.

26 of 34
 Checkpoint - 156-315.80

B. Allow GUI Client and management server to communicate via TCP port 18191

C. Preforms database tasks such as creating deleting, and modifying object and compiling policy.

D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well policy a
code generation

Answer: D

Question #:80

Selecting event display its configuration properties in the Detail pane and a description of the event in the
Description pane. Which is NOT an option to adjust or configure?

A. Severity

B. Automatic reactions

C. policy

D. Threshold

Answer: C

Explanation
https://sc1.checkpoint.com/documents/R77/CP_R77_SmartEvent_WebAdminGuide/html_frameset.htm?topic=docume

Question #:81

Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.

A. Block Port Overflow

B. Local Interface Spoofing

C. Suspicious Activity Monitoring

D. Adaptive Threat Prevention

Answer: C

Explanation
Suspicious Activity Rules Solution

Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access
privileges upon detection of any suspicious network activity (for example, several attempts to gain

27 of 34
 Checkpoint - 156-315.80

unauthorized access).

The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity
rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are
not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date),
can be applied immediately without the need to perform an Install Policy operation

Question #:82

What are the three components for Check Point Capsule?

A. Capsule Docs, Capsule Cloud, Capsule Connect

B. Capsule Workspace, Capsule Cloud, Capsule Connect

C. Capsule Workspace, Capsule Docs, Capsule Connect

D. Capsule Workspace, Capsule Docs, Capsule Cloud

Answer: D

Question #:83

What is true VRRP implementation?

A. VRRP membership is enabling in cpcofig

B. VRRP can be used together with ClusterXL, but with degrade performance

C. You cannot have standalone deployment

D. You cannot have different VRIDs in the same physical network

Answer: D

Question #:84

Which method below is NOT one of the ways to communication using the Management API's?

A. Typing API commands using the "mgmt_cli" command

B. Typing API commands from a dialog box inside the SmartCosole GUI application

C. Typing API commands using Gala's secure shell (clish) 19+

D. Sending API commands over an http connection using web-services

28 of 34
 Checkpoint - 156-315.80

Answer: C

Question #:85

R80.10 management server can manage gateways with which versions installed?

A. Versions R77 and higher

B. Versions R76 and higher

C. Versions R75.20 and higher

D. Version R75 and higher

Answer: B

Question #:86

Which one of the feature is NOT associated with the Check point URL filtering and application Control
Blade?

A. Detects and blocks malware by correlating multiple detection engines before users are affected.

B. Configure rules to limit the available network bandwidth for specified users or groups.

C. Use UserCheck to help users understand that certain websites are against the company’s security policy.

D. Make rules to allow or block applications and Internet sites for individual applications, categories, and
risk levels.

Answer: A

Question #:87

You have successfully backed up your Check Point configurations without the OS information. What
command would you use to restore this backup?

A. restore_backup

B. import backup

C. cp_merge

D. migrate import

29 of 34
 Checkpoint - 156-315.80

Answer: A

Question #:88

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API
commands can use in the script to achieve the requirement?

A. Add host name <New HOStNAME> ip-address <ip address>

B. Add hostname <New HOStNAME> ip-address <ip address>

C. set host name <New HOStNAME> ip-address <ip address>

D. set hostname <New HOStNAME> ip-address <ip address>

Answer: A

Question #:89

On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default
Log Server uses port:

A. 18210

B. 18184

C. 257

D. 18191

Answer: B

Question #:90

You select the file type that are sent for emulation for all the Threat prevention profiles. Each profile defines a
(n) _____ or ________ action for the file types.

A. inspection/Bypass

B. Inspection/prevent

C. Prevent/Bypass

D. Detect/Bypass

Answer: A

30 of 34
 Checkpoint - 156-315.80

Question #:91

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's
machine via the web browser. What are the two modes of SNX?

A. Application and Client service

B. Network and Application

C. Network and Layers

D. Virtual Adapter and Mobile App

Answer: B

Explanation
SSL Network Extender (SNX) is a thin SSL VPN on-demand client installed automatically on the user's
machine via a web browser. It supplies access to all types of corporate resources. SSL Network Extender
(SNX) has two modes:

•Network Mode: Users can access all application types (Native-IP-based and Web-based) in the internal
network. To install the Network Mode client, users must have administrator privileges on the client computer.

•Application Mode: Users can access most application types (Native-IP-based and Web-based) in the internal
network, including most TCP applications. The user does not require administrator privileges on the endpoint
machine.

Question #:92

Here you can see and search records of action done by R80 SmartConsole administrations?

A. In Smartview Tracker, open action log

B. In the Logs $ Monitor view select:”open Adult Log view”

C. In SmartAdult Log view

D. In Smartlog all logs

Answer: B

Question #:93

Which command can you use or enable disable multi-queue per interface?

A.

31 of 34
 Checkpoint - 156-315.80

A. cpmq set

B. Cpmqueue set

C. Cpmp config

D. Set cpmp enable

Answer: A

Question #:94

In a Client to Server scenario, which represents that the packet has been checked against the tables and Rule
Base?

A. Big l

B. Little o

C. Little i

D. Big O

Answer: D

Question #:95

Check point recommends configuring Disk Management parameters to delete old log available disk space is
less than or equal to?

A. 50%

B. 75%

C. 80%

D. 45%

Answer: A

Question #:96

The CPD daemon is a firewall kernel process that does NOT do which of the following?

A. Secure internal Communication (SIC)

B.

32 of 34
 Checkpoint - 156-315.80

B. Restart Daemon if they fail

C. Transfers messages between Firewall process

D. Pulls application monitoring status

Answer: D

Question #:97

The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is _______ .

A. TCP 18211

B. TCP 257

C. TCP 4433

D. TCP 443

Answer: D

Question #:98

Session unique identifiers are passed to the web api using which http header option?

A. X-chkp-sid

B. Accept-Charset

C. Proxy-Authorization

D. Application

Answer: C

Question #:99

Full in the blank: the command___________ provides the most complete restoration of a RBO configuration.

A. upgrade_ import

B. cpconfig

C. fwm dbimport –p <export file>

33 of 34
 Checkpoint - 156-315.80

D. cpinfo -recover

Answer: A

Question #:100

Which of these statement describes the Check Point ThreatCloud?

A. Blocks or limits usage of web applications

B. Prevents or controls access to web sites based on category

C. prevents cloud vulnerability exploits

D. A worldwide collaborative Security network

Answer: D

34 of 34