We provide 156-215.80 Exam Questions which are the best for clearing 156-215.80 test, and to get certified by Check Point Certified Security Administrator. The 156-215.80 Dumps Questions covers all the knowledge points of the real 156-215.80 exam. Crack your 156-215.80 Exam with latest dumps, guaranteed!

Online 156-215.80 free questions and answers of New Version:

NEW QUESTION 1
What is the purpose of Priority Delta in VRRP?

  • A. When a box is up, Effective Priority = Priority + Priority Delta
  • B. When an Interface is up, Effective Priority = Priority + Priority Delta
  • C. When an Interface fails, Effective Priority = Priority - Priority Delta
  • D. When a box fails, Effective Priority = Priority - Priority Delta

Answer: C

NEW QUESTION 2
Which of the following is NOT an advantage to using multiple LDAP servers?

  • A. You achieve a faster access time by placing LDAP servers containing the database at remote sites
  • B. Information on a user is hidden, yet distributed across several servers
  • C. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
  • D. You gain High Availability by replicating the same information on several servers

Answer: B

NEW QUESTION 3
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?

  • A. Pentagon
  • B. Combined
  • C. Meshed
  • D. Star

Answer: D

Explanation: VPN communities are based on Star and Mesh topologies. In a Mesh community, there are VPN connections between each Security Gateway. In a Star community, satellites have a VPN connection with the center Security Gateway, but not to each other.

NEW QUESTION 4
Which of the following is NOT an option to calculate the traffic direction?

  • A. Incoming
  • B. Internal
  • C. External
  • D. Outgoing

Answer: D

NEW QUESTION 5
Which of the following commands is used to monitor cluster members?

  • A. cphaprob state
  • B. cphaprob status
  • C. cphaprob
  • D. cluster state

Answer: A

NEW QUESTION 6
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

  • A. John should install the identity Awareness Agent
  • B. The firewall admin should install the Security Policy
  • C. John should lock and unlock the computer
  • D. Investigate this as a network connectivity issue

Answer: C

NEW QUESTION 7
What will be the effect of running the following command on the Security Management Server?
156-215.80 dumps exhibit

  • A. Remove the installed Security Policy.
  • B. Remove the local ACL lists.
  • C. No effect.
  • D. Reset SIC on all gateways.

Answer: A

Explanation: This command uninstall actual security policy (already installed) References:

NEW QUESTION 8
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his desktop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
3) Changes from static IP address to DHCP for the client PC.
What should John request when he cannot access the web server from his laptop?

  • A. John should lock and unlock his computer
  • B. Investigate this as a network connectivity issue
  • C. The access should be changed to authenticate the user instead of the PC
  • D. John should install the Identity Awareness Agent

Answer: C

NEW QUESTION 9
Which deployment adds a Security Gateway to an existing environment without changing IP routing?

  • A. Distributed
  • B. Bridge Mode
  • C. Remote
  • D. Standalone

Answer: B

NEW QUESTION 10
You are the administrator for ABC Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.
156-215.80 dumps exhibit
What does this mean?

  • A. The rule No.6 has been marked for deletion in your Management session.
  • B. The rule No.6 has been marked for deletion in another Management session.
  • C. The rule No.6 has been marked for editing in your Management session.
  • D. The rule No.6 has been marked for editing in another Management session.

Answer: C

NEW QUESTION 11
What are the three essential components of the Check Point Security Management Architecture?

  • A. SmartConsole, Security Management Server, Security Gateway
  • B. SmartConsole, SmartUpdate, Security Gateway
  • C. Security Management Server, Security Gateway, Command Line Interface
  • D. WebUI, SmartConsole, Security Gateway

Answer: A

Explanation: Standalone deployment - Security Gateway and the Security Management server are installed on the same machine.
Distributed deployment - Security Gateway and the Security Management server are installed on different machines.
Deployments
Basic deployments:
156-215.80 dumps exhibit
Assume an environment with gateways on different sites. Each Security Gateway connects to the Internet on one side, and to a LAN on the other.
You can create a Virtual Private Network (VPN) between the two Security Gateways, to secure all communication between them.
The Security Management server is installed in the LAN, and is protected by a Security Gateway. The Security Management server manages the Security Gateways and lets remote users connect securely to the corporate network. SmartDashboard can be installed on the Security Management server or another computer.
There can be other OPSEC-partner modules (for example, an Anti-Virus Server) to complete the network security with the Security Management server and its Security Gateways.

NEW QUESTION 12
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer.

  • A. fw ctl set int fwha vmac global param enabled
  • B. fw ctl get int fwha vmac global param enabled; result of command should return value 1
  • C. cphaprob –a if
  • D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Answer: B

NEW QUESTION 13
What is the difference between SSL VPN and IPSec VPN?

  • A. IPSec VPN does not require installation of a resident VPN client
  • B. SSL VPN requires installation of a resident VPN client
  • C. SSL VPN and IPSec VPN are the same
  • D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser

Answer: D

NEW QUESTION 14
Which method below is NOT one of the ways to communicate using the Management API’s?

  • A. Typing API commands using the “mgmt_cli” command
  • B. Typing API commands from a dialog box inside the SmartConsole GUI application
  • C. Typing API commands using Gaia’s secure shell (clash)19+
  • D. Sending API commands over an http connection using web-services

Answer: D

NEW QUESTION 15
Which one of the following is the preferred licensing model? Select the Best answer.

  • A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
  • B. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway.
  • C. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
  • D. Central licensing because it ties the package license to the MAC-address of the Security Management Server Mgmt-interface and has no dependency of the gateway.

Answer: B

Explanation: Central License
A Central License is a license attached to the Security Management server IP address, rather than the gatewa IP address. The benefits of a Central License are:
Only one IP address is needed for all licenses.
A license can be taken from one gateway and given to another.
The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.

NEW QUESTION 16
To enforce the Security Policy correctly, a Security Gateway requires:

  • A. a routing table
  • B. awareness of the network topology
  • C. a Demilitarized Zone
  • D. a Security Policy install

Answer: B

Explanation: The network topology represents the internal network (both the LAN and the DMZ) protected by the gateway. The gateway must be aware of the layout of the network topology to:
Correctly enforce the Security Policy.
Ensure the validity of IP addresses for inbound and outbound traffic.
Configure a special domain for Virtual Private Networks.

NEW QUESTION 17
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

  • A. Dropped without sending a negative acknowledgment
  • B. Dropped without logs and without sending a negative acknowledgment
  • C. Dropped with negative acknowledgment
  • D. Dropped with logs and without sending a negative acknowledgment

Answer: D

NEW QUESTION 18
Study the Rule base and Client Authentication Action properties screen.
156-215.80 dumps exhibit
156-215.80 dumps exhibit
After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site. What happens when the user tries to FTP to another site using the command line? The:

  • A. user is prompted for authentication by the Security Gateways again.
  • B. FTP data connection is dropped after the user is authenticated successfully.
  • C. user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication
  • D. FTP connection is dropped by Rule 2.

Answer: C

Thanks for reading the newest 156-215.80 exam dumps! We recommend you to try the PREMIUM Certleader 156-215.80 dumps in VCE and PDF here: https://www.certleader.com/156-215.80-dumps.html (440 Q&As Dumps)