156-915.80 Free Certification Exam Material from RealExamFree with 500 Questions [Q198-Q223]

156-915.80 Free Certification Exam Material from RealExamFree with 500 Questions

Use Real 156-915.80 - 100% Cover Real Exam Questions 

NEW QUESTION 198
Select the right answer to export IPS profiles to copy to another management server?

• A. SmartDashboard - IPS tab - Profiles - select profile + right click and select "export profile"
• B. ips_export_import export <profile-name>
• C. IPS profile export is not allowed
• D. fwm dbexport -p <profile-name>

Answer: B

 

NEW QUESTION 199
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members?

• A. cphaprob -a if
• B. fw ctl set int fwha vmac global param enabled
• C. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
• D. fw ctl get int fwha vmac global param enabled; result of command should return value 1

Answer: C

 

NEW QUESTION 200
Which of the following describes how Threat Extraction functions?

• A. Proactively detects threats
• B. Delivers PDF versions of original files with active content removed
• C. Detect threats and provides a detailed report of discovered threats
• D. Delivers file with original content

Answer: B

 

NEW QUESTION 201
How can SmartView Web application be accessed?

• A. Error! Hyperlink reference not valid. <Management IP Address>:4434/smartview/
• B. Error! Hyperlink reference not valid. < Management host name>/smartview/
• C. Error! Hyperlink reference not valid. <Management IP Address>/smartview
• D. Error! Hyperlink reference not valid. <Management host name>:4434/smartview/

Answer: C

 

NEW QUESTION 202
The Regulatory Compliance pane shows compliance statistics for selected regulatory standards, based on the Security Best Practice scan. Which of the following does NOT show in this pane?

• A. The Average compliance score for each regulation shown
• B. The total number of Regulatory Requirements that are monitored
• C. The Number of Regulatory Requirements for each Regulation
• D. The average number of Regulatory Requirements that are monitored

Answer: D

Explanation:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Compliance_WebAdminGuide/96026.htm

 

NEW QUESTION 203
How many confidence levels are there for IPS?

• A. two
• B. three
• C. four
• D. five

Answer: D

 

NEW QUESTION 204
Which statement is correct about the Sticky Decision Function?

• A. Does not support SPI's when configured for Load Sharing
• B. It is not supported with either the Performance pack or a hardware based accelerator card
• C. It is not required L2TP traffic
• D. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

Answer: B

Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7290.htm

 

NEW QUESTION 205
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

• A. mgmt_ cli add object-host "Server_ 1" ip-address "10.15.123.10" - format json
• B. mgmt_ cli add host name "Server_ 1" ip-address "10.15.123.10" - format json
• C. mgmt_cli add-host "Server_1" ip_ address "10.15.123.10" - format txt
• D. mgmt_cli add object "Server_ 1" ip-address "10.15.123.10" - format json

Answer: B

Explanation:
Explanation
Example:
mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json
* "--format json" is optional. By default the output is presented in plain text.
References:

 

NEW QUESTION 206
When simulating a problem on CLusterXL cluster with cphaprob -d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

• A. cphaprob -d STOP unregister
• B. cphaprob unregister STOP
• C. cphaprob STOP unregister
• D. cphaprob -d unregister STOP
  esting a failover in a controlled manner using following command;
  # cphaprob -d STOP -s problem -t 0 register
  This will register a problem state on the cluster member this was entered on;If you then run;
  # cphaprob list
  this will show an entry named STOP.
  to remove this problematic register run following;
  # cphaprob -d STOP unregister

Answer: A

 

NEW QUESTION 207
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

• A. Port Address Translation
• B. Hide Address Translation
• C. Static Destination Address Translation
• D. Dynamic Source Address Translation

Answer: C

 

NEW QUESTION 208
You are trying to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. You see the following window.

What must you enable to see the Directional Match?

• A. directional_match(true) in the objects_5_0.C file on Security Management Server
• B. VPN Directional Match on the VPN advanced window, in Global Properties
• C. VPN Directional Match on the Gateway object's VPN tab
• D. Advanced Routing on each Security Gateway

Answer: B

 

NEW QUESTION 209
Complete this statement. To save interface information before upgrading a Windows Gateway, use command

Answer:

Explanation:
ipconfig -a > [filename].txt

 

NEW QUESTION 210
What command syntax would you use to see accounts the gateway suspects are service accounts?

• A. pdp show service
• B. adlog check_accounts
• C. pdp check_log
• D. adlog a service_accounts

Answer: D

 

NEW QUESTION 211
The Firewall kernel is replicated multiple times, therefore:

• A. The Firewall can run the same policy on all cores
• B. The Firewall kernel only touches the packet if the connection is accelerated
• C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
• D. The Firewall can run different policies per core

Answer: A

Explanation:
Section: (none)
Explanation/Reference:
Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the Security Gateway process traffic through the same interfaces and apply the same security policy.
Reference: https://sc1.checkpoint.com/documents/R77/
CP_R77_PerformanceTuning_WebAdmin/6731.htm

 

NEW QUESTION 212
Which is the lowest Gateway version manageable by SmartCenter R80?

• A. S71
• B. R65
• C. R55
• D. R60A

Answer: B

 

NEW QUESTION 213
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members?

• A. cphaprob -a if
• B. fw ctl set int fwha vmac global param enabled
• C. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
• D. fw ctl get int fwha vmac global param enabled; result of command should return value 1

Answer: C

Explanation:
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm

 

NEW QUESTION 214
When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?

• A. To** AND 10.0.4.210 NOT 10.0.4.76
• B. Toni? AND 10.0.4.210 NOT 10.0.4.76
• C. "Toni" AND 10.0.4.210 NOT 10.0.4.76
• D. Ton* AND 10.0.4.210 NOT 10.0.4.75

Answer: A

 

NEW QUESTION 215
MegaCorp is running Smartcenter R70, some Gateways at R65 and some other Gateways with R60. Management wants to upgrade to the most comprehensive IPv6 support. What should the administrator do first?

• A. Upgrade every unit directly to R80.
• B. Upgrade R60-Gateways to R65.
• C. Check the ReleaseNotes to verify that every step is supported.
• D. Upgrade Smartcenter to R80 first.

Answer: C

 

NEW QUESTION 216
CORRECT TEXT
Complete this statement. To save interface information before upgrading a Windows Gateway, use command

Answer:

Explanation:
ipconfig -a >
[filename].txt

 

NEW QUESTION 217
In R80 spoofing is defined as a method of:

• A. Hiding your firewall from unauthorized users.
• B. Making packets appear as if they come from an authorized IP address.
• C. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
• D. Detecting people using false or wrong authentication logins

Answer: B

Explanation:
Explanation
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
References:

 

NEW QUESTION 218
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?

• A. 1 interface - an interface leading to the organization and the Internet, and configure for synchronization
• B. 2 interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization
• C. 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization
• D. 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.

Answer: C

 

NEW QUESTION 219
To provide full connectivity upgrade status, use command

Answer:

Explanation:
cphaprob fcustat

 

NEW QUESTION 220
To verify that a VPN Tunnel is properly established, use the command _________

Answer:

Explanation:
vpn tunnelutil

 

NEW QUESTION 221
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections.
Which of the following is the MOST LIKELY cause?

• A. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.
• B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.
• C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.
• D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.

Answer: D

 

NEW QUESTION 222
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules

• A. 1, 4, 2, 3
• B. 3, 1, 2, 4
• C. 1, 2, 3, 4
• D. 4, 3, 1, 2

Answer: B

Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm

 

NEW QUESTION 223
......

Dumps Brief Outline Of The 156-915.80 Exam: https://www.realexamfree.com/156-915.80-real-exam-dumps.html