156-315.80 : Check Point Certified Security Expert – R80 : Part 17

  1. What is the default shell of Gaia CLI?

    • Monitor
    • CLI.sh
    • Read-only
    • Bash
  2. You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

    156-315.80 Check Point Certified Security Expert – R80 Part 17 Q02 007
    156-315.80 Check Point Certified Security Expert – R80 Part 17 Q02 007
    •  Right click Accept in the rule, select “More”, and then check ‘Enable Identity Captive Portal’.
    • On the firewall object, Legacy Authentication screen, check ‘Enable Identity Captive Portal’.
    • In the Captive Portal screen of Global Properties, check ‘Enable Identity Captive Portal’.
    • On the Security Management Server object, check the box ‘Identity Logging’.
  3. Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .

    • The license is attached to the wrong Security Gateway.
    • The existing license expires.
    • The license is upgraded.
    • The IP address of the Security Management or Security Gateway has changed.
  4. Which Check Point software blade provides protection from zero-day and undiscovered threats?

    • Firewall
    • Threat Emulation
    • Application Control
    • Threat Extraction
  5. If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available or other administrators? (Choose the BEST answer.)

    • Publish or discard the session.
    • Revert the session.
    • Save and install the Policy.
    • Delete older versions of database.
  6. Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a ________ license is automatically attached to a Security Gateway.

    • Formal; corporate
    • Local; formal
    • Local; central
    • Central; local
  7. An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.

    Why does it not allow him to specify the pre-shared secret?

    • IPsec VPN blade should be enabled on both Security Gateway.
    • Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
    • Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
    • The Security Gateways are pre-R75.40.
  8. Fill in the blank: Authentication rules are defined for ________ .

    • User groups
    • Users using UserCheck
    • Individual users
    • All users in the database
  9. How is communication between different Check Point components secured in R80? As with all questions, select the BEST answer.

    • By using IPSEC
    • By using SIC
    • By using ICA
    • By using 3DES
  10. You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.

    Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?

    • IPS AND Application Control
    • IPS, anti-virus and anti-bot
    • IPS, anti-virus and e-mail security
    • SandBlast
  11. You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

    • Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.
    • Data Awareness is not enabled.
    • Identity Awareness is not enabled.
    • Logs are arriving from Pre-R80 gateways.
  12. What are the two high availability modes?

    • Load Sharing and Legacy
    • Traditional and New
    • Active and Standby
    • New and Legacy
    Explanation:

    ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages.
    – Load Sharing Multicast Mode
    – Load Sharing Unicast Mode
    – New High Availability Mode
    – High Availability Legacy Mode

  13. Which feature is NOT provided by all Check Point Mobile Access solutions?

    • Support for IPv6
    • Granular access control
    • Strong user authentication
    • Secure connectivity
    Explanation:

    Types of Solutions
    All of Check Point’s Remote Access solutions provide:
    – Enterprise-grade, secure connectivity to corporate resources.
    – Strong user authentication.
    – Granular access control.

  14. Which of the following is NOT a type of Endpoint Identity Agent?

    • Terminal
    • Light
    • Full
    • Custom
  15. What can we infer about the recent changes made to the Rule Base?

    156-315.80 Check Point Certified Security Expert – R80 Part 17 Q15 008
    156-315.80 Check Point Certified Security Expert – R80 Part 17 Q15 008
    • Rule 7 was created by the ‘admin’ administrator in the current session
    • 8 changes have been made by administrators since the last policy installation
    • The rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator
    • Rule 1 and object webserver are locked by another administrator
  16. In the R80 SmartConsole, on which tab are Permissions and Administrators defined?

    • Security Policies
    • Logs and Monitor
    • Manage and Settings
    • Gateways and Servers
  17. Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.

    • Clientless remote access
    • Clientless direct access
    • Client-based remote access
    • Direct access
  18. What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?

    • A host route to route to the destination IP.
    • Use the file local.arp to add the ARP entries for NAT to work.
    • Nothing, the Gateway takes care of all details necessary.
    • Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.
  19. At what point is the Internal Certificate Authority (ICA) created?

    • Upon creation of a certificate.
    • During the primary Security Management Server installation process.
    • When an administrator decides to create one.
    • When an administrator initially logs into SmartConsole.
  20. Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

    • Auditor
    • Read Only All
    • Super User
    • Full Access
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments