Professional Documents
Culture Documents
80
Question #:1
Answer: A
Question #:2
A. IDA
B. RAD
C. PDP
D. VPN
Answer: C
Question #:3
Check point Central Deployment Tool (CDT) communication with the Security Gateway /
Answer: D
1 of 34
Checkpoint - 156-315.80
Question #:4
What makes Anti-Bot unique compared to gather Threate Prevention mechanisms, Such as URL Filtering
Anti-Virus, IPS and Threat Emulation?
B. Anti-Bot is the only protection mechanism which startsacounter-attack against known Command &
Control Centers
Answer: B
Question #:5
Answer: C
Question #:6
B. fw tab-tab connections
C. fw tab-t connection
D. fw tab connections
Answer: D
2 of 34
Checkpoint - 156-315.80
Question #:7
D. OPSEC SDK
Answer: A
Question #:8
How many images are included with check point TE appliance in Recommended Mode?
A. 2(OS) images
Answer: A
Question #:9
Full synchronization between cluster members is handled by Firewall kernel. Which port is used for this?
Answer: B
Question #:10
3 of 34
Checkpoint - 156-315.80
A. fwd
B. fwm
C. cpwd
D. cpd
Answer: D
Question #:11
A. api stat
B. api status
C. show api_status
D. api_get_status
Answer: A
Question #:12
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session
without employing Stateful Inspection?
A. Stateful Mode
C. Wire Mode
D. Stateless Mode
Answer: C
Question #:13
Which of the following Check point process within the security Management server is responsible for the
receiving log records from Security Gateway?
A.
4 of 34
Checkpoint - 156-315.80
A. logd
B. fwd
C. fwm
D. cpd
Answer: D
Question #:14
What are different command sources that allow you to communication with the API server?
Answer: B
Question #:15
B. cphaprob_admin down
C. clusterXL_admin down -p
Answer: A
Question #:16
CPM process stores objects, policies, users, administrators, licenses and management data in a database, This
database is:
A. MYSQL
B.
5 of 34
Checkpoint - 156-315.80
B. Postgres SQL
C. MarisD6
D. SOLR
Answer: C
Question #:17
There are 4 ways to use the management API for creating host object with R80 Management APL. Which one
is NOT correct?
C. Using CLISH
Answer: B
Question #:18
A. System administrator know when their cluster has failed over an can also see why filled over by using
the cphaprob -f it command.
B. CliusterXL offers three different load Sharing solution uncast, Broadcast, and multicast.
D. Both ClusterXL and VBRP are fully Supported by Gala and available to all Check Point appliances,
open servers, and virtualized environments.
Answer: A
Question #:19
A. This is a new mechanism which extracts malicious files from a document to use it as a counter-attack
against its sender
6 of 34
Checkpoint - 156-315.80
B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy
it prior to sending it to the intended recipient
C. This is a new mechanism to identify the IP address of the sender of malicious codes and to put it into the
SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the
document and forwarded to the intended recipient, which makes this solution very fast
Answer: D
Question #:20
A. fwd
B. cpwd
C. fwm
D. cpd
Answer: A
Question #:21
Which the following type of authentication on Mobile Access can NOT be used as the first authentication
method?
A. Dynamic ID
B. Radius
D. Certificate
Answer: A
Question #:22
7 of 34
Checkpoint - 156-315.80
3.Manual/pre-Automatic NAT
A. 1,2,3,4
B. 1,4,2,3
C. 3,1,2,4
D. 4,3,1,2
Answer: A
Question #:23
Answer: D
Explanation
https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/84627.htm
Question #:24
B. A log entry becomes an event when it matches any rule defined in Event Policy
8 of 34
Checkpoint - 156-315.80
Answer: B
Question #:25
You want to gather data analysis threats to your mobile device. It has to lightweight app. Which application
would you use?
B. Securemode
Answer: D
Question #:26
Which feature are only supported with R80.10 Getaways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Date Awareness, and
Mobile Access Software Blade policies.
B. Limits the upload and download throughput for sharing media in the company to 1 GBPS.
C. The rule base can be but of the layers, each containing a set of the security rules. Layer are inspected in
the order in which they are defined, allowing control over the bas flow and which security
functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Answer: A
Question #:27
Communication to the Check point R80 Web API use what protocol?
A. HTTPS
B. RPC
C. VPN
D. SIC
9 of 34
Checkpoint - 156-315.80
Answer: A
Question #:28
A. cphaprob interface
B. cphaprob interface
C. cphaprob -a if
D. cphaprob strat
Answer: C
Question #:29
The process on the Security Gateway sends logs to the fwd process on the Management Server via which 2
processes?
Answer: B
Question #:30
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Answer: A
10 of 34
Checkpoint - 156-315.80
Explanation
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk9273
Question #:31
In order to get about assignment (FW,SND) of all CPUSs in your SGW, what is the most accurate CLI
command?
A. fw ctl sdstat
B. fw ctl affinity-i-a-r-v
D. cpinfo
Answer: B
Question #:32
Which two of these Check point protection are used by SmartEvent processes?
Answer: A
Question #:33
Sticky Decision Function (SDF) is required which to prevent which of the following? Assume you set up an
Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-spoofing
11 of 34
Checkpoint - 156-315.80
Answer: B
Question #:34
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in
the order in which they are defined, allowing control over the rule base flow and which security
functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched,
inspection will continue in the sub policy attached to it rather than in the next rule.
Answer: D
Question #:35
What are the attributes that secureXL will after the connection is allowed by Secure policy?
B. Source MAC address, Destination MAC address, Source port, Destination port, protocol
Answer: A
Question #:36
A. With SDF enable, the involved VPN Gateways only supports BCEv1
B. Acceleration technologies, such as Secure XL and CoreXL are disabled when activating SDF
D. With SDF enabled, you can only have three sync interfaces at most
12 of 34
Checkpoint - 156-315.80
Answer: B
Question #:37
Answer: B
Explanation
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk2057
Question #:38
A. The Firewall kernel only touches the packet if the connection is accelerated
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times
out
Answer: D
Question #:39
B. Using spoofing update the Dynamic Dispatcher value to “full” under the CoreXl menu.
C. Edit/proc/interrupts to include multik mode 1 at the bottom of the file save and reboot.
13 of 34
Checkpoint - 156-315.80
Answer: A
Question #:40
A. 18191
B. 18190
C. 8983
D. 19009
Answer: B
Question #:41
Which commands can you use to verify the member of active concurrent connections?
A. fw conn all
B. fw ctl pstat
D. show connections
Answer: B
Question #:42
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI
Answer: B
14 of 34
Checkpoint - 156-315.80
Question #:43
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset
every
A. 15 sec
B. 60 sec
C. 5 sec
D. 30 sec
Answer: B
Question #:44
You are working with multiple Security enforcing an extensive number of rules. To simplify security
administration, which action you chose?
A. Eliminate all possible contradirectory rules such as the Stealth or Cleanup rules.
B. Create a separate Security policy package for each remote Security Gateway.
C. Create network objects that restrict all applicable rules to only certain networks.
D. Run separate SmartConsole Instances to login and each configure each Security Gateway.
Answer: A
Question #:45
A. Gateway API
B. Management API
C. OpSEF SDK
Answer: A
15 of 34
Checkpoint - 156-315.80
Question #:46
B. IPS
D. CoreXL
Answer: A
Question #:47
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems
this way, how many machines will he need if he does NOT include a SmartConsole machine in his
calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Answer: C
Question #:48
B. source ip
C. source port
Answer: C
Question #:49
16 of 34
Checkpoint - 156-315.80
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Answer: B
Question #:50
To full enable Dynamic Dispatcher with priority Quesues on a Security Gateway, run the following command
in Expert mode then reboot:
D. Fw clt multik_mode 9
Answer: D
Question #:51
A. Accept
B. Drop
C. NAT
D. None
Answer: A
Question #:52
17 of 34
Checkpoint - 156-315.80
A. Fw tab-t
B. fw tab -list
C. fw tab-s
D. fw tab-I
Answer: A
Question #:53
Check Point Management (cpm) is the main management process in that it provides the architecture for a
consolidated management console. CPM allows the GUI client and management server to communicate via
web services using ________.
Answer: A
Question #:54
C. From SmartDashboard
Answer: C
Question #:55
Fill in the blank The tool __________ generates a R80 Security Gateway configuration report.
A. infoCP
18 of 34
Checkpoint - 156-315.80
B. infoview
C. cpinfo
D. fw cpinfo
Answer: C
Question #:56
When requiring certification for Mobile devices, make sure the authentication method is set tone of the
following Username and password RADIUS or ________.
A. Secure ID
B. SecurID
C. Complexity
D. Tacacs
Answer: B
Question #:57
A. 2
B. 1
C. 4
D. 6
Answer: A
Question #:58
Your manager asked you to disk you to check the status of SecureXL, and its enabled templates and feature.
What command will you use to provide such information to manager?
A. fw accel stat
B.
19 of 34
Checkpoint - 156-315.80
B. fwaccel stat
C. fw access stats
D. fwaccel stats
Answer: A
Question #:59
SanBlast Mobile threats in mobile devices by using on-device, network and cloud-based algorithms and has
four dedicated components that constantly work together to protect mobile devices and their data. Which
components is not part of the SandBlast Mobile solution?
A. Management Dashboard
B. Gateway
Answer: A
Question #:60
A. The Database revisions will not be synchronized between the management servers
C. If you wanted to use full Connectivity Upgrade, you must change the implied Rules to allow
FW!_cpreduntdant to pass before the firewall Control connections.
D. For Management Sever synchronization, only External virtual switches are support, so, if you wanted to
employ virtual Routers instead, you have to reconsider your design.
Answer: B
Question #:61
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUS server
20 of 34
Checkpoint - 156-315.80
C. SecureID
D. TACACS+
Answer: D
Question #:62
A. Report
B. Advanced
C. Checkups
D. Views
Answer: A
Question #:63
What happened when IPs is not set in Detect Only Mobile for troubleshooting?
Answer: A
Question #:64
What is the least ideal Synchronization Status for Security Management Server high Availability deployment?
A. Synchronized
C.
21 of 34
Checkpoint - 156-315.80
C. Lagging
D. Collision
Answer: A
Explanation
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_S
Question #:65
A. Disguising an illegal IP address behind an authorized IP address through port address Translation.
Answer: D
Question #:66
Fill in the blank: The R80 utility fw monitor is used to troubleshoot _____________
B. LDAP conflicts
C. Traffic issues
Answer: C
Explanation
Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW
Monitor utility captures network packets at multiple capture points along the FireWall inspection chains.
These captured packets can be inspected later using the WireShark
Question #:67
What is the correct command to observe the Sync traffic in a VRRP environment?
22 of 34
Checkpoint - 156-315.80
Answer: A
Question #:68
B. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
D. in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Answer: A
Question #:69
A. it is not supported with either the performance pack or a hardware based accelerator card
C. it is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
Answer: D
Question #:70
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal
website, file share and emails?
23 of 34
Checkpoint - 156-315.80
Answer: A
Question #:71
B. the top events, destructions, sources, and uses of the query results, either as a chart or in a tallied list.
Answer: C
Question #:72
During Inspection of your Threat Prevention logs you find four different computers having one event each
with a critical Severity. Which of those host should you try to remediate first?
Answer: A
Question #:73
To help smartEvent determine whether events originated internally or externally you must define using the
initial Settings under General Settings in the Policy tab. How many options are available to calculate the traffic
direction?
24 of 34
Checkpoint - 156-315.80
C. 2 Internal; External
Answer: D
Question #:74
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were
dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to
use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
Answer: C
Question #:75
If you needed the Multicast address of a cluster, what command would you run?
A. cphaprob-a if
D. cphaprob igmp
Answer: B
Question #:76
B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
25 of 34
Checkpoint - 156-315.80
C. A management plug-in interacts with a Security Management Server to provide new features and
support for new products.
D. Using a plug-in offers full central management only if special licensing is applied to specific features of
the plug-in.
Answer: C
Question #:77
A. Threat Emulation
B. Threat Simulation
C. Threat Extraction
D. Threat Cloud
Answer: B
Question #:78
When doing a Stand-Alone Installation, you would install the Security Management Server with which other
Check Point architecture component?
B. SmartConsole
C. SecureClient
D. SmartEvent
Answer: D
Question #:79
Check point Management (cpm) is the management process in that it possible the architecture management
console. It empowers the migration from legacy Client side logic to Server side logic. The cpm process:
A. Allow GUI client management server to communicate via TCP port 19001
B.
26 of 34
Checkpoint - 156-315.80
B. Allow GUI Client and management server to communicate via TCP port 18191
C. Preforms database tasks such as creating deleting, and modifying object and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well policy a
code generation
Answer: D
Question #:80
Selecting event display its configuration properties in the Detail pane and a description of the event in the
Description pane. Which is NOT an option to adjust or configure?
A. Severity
B. Automatic reactions
C. policy
D. Threshold
Answer: C
Explanation
https://sc1.checkpoint.com/documents/R77/CP_R77_SmartEvent_WebAdminGuide/html_frameset.htm?topic=docume
Question #:81
Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.
Answer: C
Explanation
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access
privileges upon detection of any suspicious network activity (for example, several attempts to gain
27 of 34
Checkpoint - 156-315.80
unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity
rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are
not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date),
can be applied immediately without the need to perform an Install Policy operation
Question #:82
Answer: D
Question #:83
B. VRRP can be used together with ClusterXL, but with degrade performance
Answer: D
Question #:84
Which method below is NOT one of the ways to communication using the Management API's?
B. Typing API commands from a dialog box inside the SmartCosole GUI application
28 of 34
Checkpoint - 156-315.80
Answer: C
Question #:85
R80.10 management server can manage gateways with which versions installed?
Answer: B
Question #:86
Which one of the feature is NOT associated with the Check point URL filtering and application Control
Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and
risk levels.
Answer: A
Question #:87
You have successfully backed up your Check Point configurations without the OS information. What
command would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
29 of 34
Checkpoint - 156-315.80
Answer: A
Question #:88
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API
commands can use in the script to achieve the requirement?
Answer: A
Question #:89
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default
Log Server uses port:
A. 18210
B. 18184
C. 257
D. 18191
Answer: B
Question #:90
You select the file type that are sent for emulation for all the Threat prevention profiles. Each profile defines a
(n) _____ or ________ action for the file types.
A. inspection/Bypass
B. Inspection/prevent
C. Prevent/Bypass
D. Detect/Bypass
Answer: A
30 of 34
Checkpoint - 156-315.80
Question #:91
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's
machine via the web browser. What are the two modes of SNX?
Answer: B
Explanation
SSL Network Extender (SNX) is a thin SSL VPN on-demand client installed automatically on the user's
machine via a web browser. It supplies access to all types of corporate resources. SSL Network Extender
(SNX) has two modes:
•Network Mode: Users can access all application types (Native-IP-based and Web-based) in the internal
network. To install the Network Mode client, users must have administrator privileges on the client computer.
•Application Mode: Users can access most application types (Native-IP-based and Web-based) in the internal
network, including most TCP applications. The user does not require administrator privileges on the endpoint
machine.
Question #:92
Here you can see and search records of action done by R80 SmartConsole administrations?
Answer: B
Question #:93
Which command can you use or enable disable multi-queue per interface?
A.
31 of 34
Checkpoint - 156-315.80
A. cpmq set
B. Cpmqueue set
C. Cpmp config
Answer: A
Question #:94
In a Client to Server scenario, which represents that the packet has been checked against the tables and Rule
Base?
A. Big l
B. Little o
C. Little i
D. Big O
Answer: D
Question #:95
Check point recommends configuring Disk Management parameters to delete old log available disk space is
less than or equal to?
A. 50%
B. 75%
C. 80%
D. 45%
Answer: A
Question #:96
The CPD daemon is a firewall kernel process that does NOT do which of the following?
B.
32 of 34
Checkpoint - 156-315.80
Answer: D
Question #:97
The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is _______ .
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Answer: D
Question #:98
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
Answer: C
Question #:99
Full in the blank: the command___________ provides the most complete restoration of a RBO configuration.
A. upgrade_ import
B. cpconfig
33 of 34
Checkpoint - 156-315.80
D. cpinfo -recover
Answer: A
Question #:100
Answer: D
34 of 34