Check Point 156-315.80 Check Point Certified Security Expert – R80 Online Training
Check Point 156-315.80 Online Training
The questions for 156-315.80 were last updated at Nov 26,2024.
- Exam Code: 156-315.80
- Exam Name: Check Point Certified Security Expert - R80
- Certification Provider: Check Point
- Latest update: Nov 26,2024
How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?
- A . By dropping traffic from websites identified through ThreatCloud Verification and URL Caching
- B . By dropping traffic that is not proven to be from clean websites in the URL Filtering blade
- C . By allowing traffic from websites that are known to run Antivirus Software on servers regularly
- D . By matching logs against ThreatCloud information about the reputation of the website
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
- A . Dynamic ID
- B . RADIUS
- C . Username and Password
- D . Certificate
Packet acceleration (SecureXL) identifies connections by several attributes- Which of the attributes is NOT used for identifying connection?
- A . Source Address
- B . Destination Address
- C . TCP Acknowledgment Number
- D . Source Port
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information .
What is the MOST likely reason?
- A . Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.
- B . Data Awareness is not enabled.
- C . Identity Awareness is not enabled.
- D . Logs are arriving from Pre-R80 gateways.
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
- A . ping, traceroute, netstat, and route
- B . ping, nslookup, Telnet, and route
- C . ping, whois, nslookup, and Telnet
- D . ping, traceroute, netstat, and nslookup
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
- A . cvpnd_restart
- B . cvpnd_restart
- C . cvpnd restart
- D . cvpnrestart
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
- A . That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.
- B . Fill Layer4 VPN CSSL VPN that gives users network access to all mobile applications.
- C . Full Layer3 VPN CIPSec VPN that gives users network access to all mobile applications.
- D . You can make sure that documents are sent to the intended recipients only.
Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R80.X The Network Security Developer Team is having an issue testing the API with a newly deployed R80.X Security Management Server Aaron wants to confirm API services are working properly .
What should he do first?
- A . Aaron should check API Server status with "fwm api status" from Expert mode If services are stopped, he should start them with "fwm api start".
- B . Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start"
- C . Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start"
- D . Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start".
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
- A . Secure Internal Communication (SIC)
- B . Restart Daemons if they fail
- C . Transfers messages between Firewall processes
- D . Pulls application monitoring status
Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.
- A . Accept; redirect
- B . Accept; drop
- C . Redirect; drop
- D . Drop; accept
Latest 156-315.80 Dumps Valid Version with 375 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Answer: fw accel stat = wrong.
fw ctl multik set_mode 9 does not work in R80.10 any more, correct answer is fw ctl multik dynamic_dispatching on for R80 and up.
cphaprob set_ccp multicast = wrong
Which is the *least ideal* Synchronization Status for Security Management Server High Availability deployment? => never been synchronized is the only correct answer. Other statuses are ofcourse not good, too. But Never been Synched is the worst: if something happens to the active SMS, the configuration is lost and you need to go back to backups. (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk54160#1.5)
fw tab Ct = wrong. fw tab -t doesn’t work either. Did you mean fw tab?
fw-tab Cs = wrong. fw-tab is not a known command
fw ctl affinity Cl a Cr Cv = fw ctl affinity -l -a -r -v (instead of C there should be – signs. And the – in front of a was missing).