PDF Archive

Easily share your PDF documents with your contacts, on the Web and Social Networks.

Share a file Manage my documents Convert Recover PDF Search Help Contact



Updated 156 215.80 Study Guide V10.02 For Check Point CCSA R80 Exam .pdf


Original filename: Updated 156-215.80 Study Guide V10.02 For Check Point CCSA R80 Exam.pdf
Title: Exam :
Author: Sky123.Org

This PDF 1.7 document has been generated by Microsoft® Word 2016, and has been sent on pdf-archive.com on 30/06/2020 at 08:38, from IP address 149.248.x.x. The current document download page has been viewed 35 times.
File size: 1.2 MB (30 pages).
Privacy: public file




Download original PDF file









Document preview


The safer , easier way to help you pass any IT exams.

oi

nt

C

C

S

A

R
80

E
xa
m

1.Which of the following is NOT an integral part of VPN communication within a network?
A. VPN key
B. VPN community
C. VPN trust entities
D. VPN domain
Answer: A
Explanation:
- VPN key (to not be confused with pre-shared key that is used for authentication).
- VPN trust entities, such as a Check Point Internal Certificate Authority (ICA). The ICA is part of the
Check Point suite used for creating SIC trusted connection between Security Gateways, authenticating
administrators and third party servers. The ICA provides certificates for internal Security Gateways and
remote access clients which negotiate the VPN link.
- VPN Domain - A group of computers and networks connected to a VPN tunnel by one VPN gateway that
handles encryption and protects the VPN Domain members.
- VPN Community - A named collection of VPN domains, each protected by a VPN gateway.
Reference: http://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13868.htm

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

2.Two administrators Dave and Jon both manage R80 Management as administrators for ABC Corp. Jon
logged into the R80 Management and then shortly after Dave logged in to the same server. They are both
in the Security Policies view.
From the screenshots below, why does Dave not have the rule no.6 in his SmartConsole view even
though Jon has it his in his SmartConsole view?

A. Jon is currently editing rule no.6 but has Published part of his changes.
B. Dave is currently editing rule no.6 and has marked this rule for deletion.
C. Dave is currently editing rule no.6 and has deleted it from his Rule Base.

2 / 29

The safer , easier way to help you pass any IT exams.

E
xa
m

D. Jon is currently editing rule no.6 but has not yet Published his changes.
Answer: D
Explanation:
When an administrator logs in to the Security Management Server through SmartConsole, a new editing
session starts. The changes that the administrator makes during the session are only available to that
administrator. Other administrators see a lock icon on object and rules that are being edited. To make
changes available to all administrators, and to unlock the objects and rules that are being edited, the
administrator must publish the session.
Reference:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_SecurityManagement
_AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_Security
Management_AdminGuide/162331

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

3.Vanessa is firewall administrator in her company; her company is using Check Point firewalls on central
and remote locations, which are managed centrally by R80 Security Management Server. One central
location has an installed R77.30 Gateway on Open server. Remote location is using Check Point UTM-1
570 series appliance with R71.
Which encryption is used in Secure Internal Communication (SIC) between central management and
firewall on each location?
A. On central firewall AES128 encryption is used for SIC, on Remote firewall 3DES encryption is used for
SIC.
B. On both firewalls, the same encryption is used for SIC. This is AES-GCM-256.
C. The Firewall Administrator can choose which encryption suite will be used by SIC.
D. On central firewall AES256 encryption is used for SIC, on Remote firewall AES128 encryption is used
for SIC.
Answer: A
Explanation:
Gateways above R71 use AES128 for SIC. If one of the gateways is R71 or below, the gateways use
3DES.
Reference:
http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement
_AdminGuide.pdf?HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
4.Review the following screenshot and select the BEST answer.

3 / 29

E
xa
m

The safer , easier way to help you pass any IT exams.

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

A. Data Center Layer is an inline layer in the Access Control Policy.
B. By default all layers are shared with all policies.
C. If a connection is dropped in Network Layer, it will not be matched against the rules in Data Center
Layer.
D. If a connection is accepted in Network-layer, it will not be matched against the rules in Data Center
Layer.
Answer: C

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

5.Which of the following is NOT a SecureXL traffic flow?
A. Medium Path
B. Accelerated Path
C. High Priority Path
D. Slow Path
Answer: C
Explanation:
SecureXL is an acceleration solution that maximizes performance of the Firewall and does not
compromise security. When SecureXL is enabled on a Security Gateway, some CPU intensive operations
are processed by virtualized software instead of the Firewall kernel. The Firewall can inspect and process
connections more efficiently and accelerate throughput and connection rates. These are the SecureXL
traffic flows: Slow path - Packets and connections that are inspected by the Firewall and are not
processed by SecureXL. Accelerated path - Packets and connections that are offloaded to SecureXL and
are not processed by the Firewall. Medium path - Packets that require deeper inspection cannot use the
accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and
do not use the slow path. For example, packets that are inspected by IPS cannot use the accelerated
path and can be offloaded to the IPS PSL (Passive Streaming Library). SecureXL processes these
packets more quickly than packets on the slow path.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92711.htm
6.Which of the following Automatically Generated Rules NAT rules have the lowest implementation
priority?
A. Machine Hide NAT

4 / 29

The safer , easier way to help you pass any IT exams.

E
xa
m

B. Address Range Hide NAT
C. Network Hide NAT
D. Machine Static NAT
Answer: BC
Explanation:
SmartDashboard organizes the automatic NAT rules in this order:
1. Static NAT rules for Firewall, or node (computer or server) objects
2. Hide NAT rules for Firewall, or node objects
3. Static NAT rules for network or address range objects
4. Hide NAT rules for network or address range objects
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

7.VPN gateways authenticate using ___________ and ___________ .
A. Passwords; tokens
B. Certificates; pre-shared secrets
C. Certificates; passwords
D. Tokens; pre-shared secrets
Answer: B
Explanation:
VPN gateways authenticate using Digital Certificates and Pre-shared secrets.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/85469.htm

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

8.In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Answer: D
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to
your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute
DoS attacks, or to gain unauthorized access.
Reference:
http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement
_AdminGuide.pdf?HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
9.The __________ is used to obtain identification and security information about network users.
A. User Directory
B. User server
C. UserCheck
D. User index
Answer: A
Explanation:
Reference:

5 / 29

The safer , easier way to help you pass any IT exams.

https://www.checkpoint.com/downloads/product-related/datasheets/DS_UserDirectorySWB.pdf

C
C
nt
oi
P

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

11.DLP and Geo Policy are examples of what type of Policy?
A. Standard Policies
B. Shared Policies
C. Inspection Policies
D. Unified Policies
Answer: B
Explanation:

S

A

R
80

E
xa
m

10.Which Check Point feature enables application scanning and the detection?
A. Application Dictionary
B. AppWiki
C. Application Library
D. CPApp
Answer: B
Explanation:
AppWiki Application Classification Library
AppWiki enables application scanning and detection of more than 5,000 distinct applications and over
300,000 Web 2.0 widgets including instant messaging, social networking, video streaming, VoIP, games
and more.
Reference: https://www.checkpoint.com/products/application-control-software-blade/

Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R

6 / 29

The safer , easier way to help you pass any IT exams.

80/CP_R80_SecMGMT/126197

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

12.In which deployment is the security management server and Security Gateway installed on the same
appliance?
A. Bridge Mode
B. Remote
C. Standalone
D. Distributed
Answer: C
Explanation:
Installing StandaloneStandalone Deployment - The Security Management Server and the Security
Gateway are installed on the same computer or appliance.

V

10
.0
2

Fo
r

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/89230.htm#o98246

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

13.A _________ VPN deployment is used to provide remote users with secure access to internal
corporate resources by authenticating the user through an internet browser.
A. Clientless remote access
B. Clientless direct access
C. Client-based remote access
D. Direct access
Answer: A
Explanation:
Clientless - Users connect through a web browser and use HTTPS connections. Clientless solutions
usually supply access to web-based corporate resources.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80BC_Firewall/html_frameset.htm?topic=documents/R
80/CP_R80BC_Firewall/92704
14.Which of the following statements is TRUE about R80 management plug-ins?
A. The plug-in is a package installed on the Security Gateway.
B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and
support for new products.
D. Using a plug-in offers full central management only if special licensing is applied to specific features of
the plug-in.

7 / 29

The safer , easier way to help you pass any IT exams.

Answer: C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

15.Gaia can be configured using the _______ or ______ .
A. GaiaUI; command line interface
B. WebUI; Gaia Interface
C. Command line interface; WebUI
D. Gaia Interface; GaiaUI
Answer: C
Explanation:
Configuring Gaia for the First Time
In This Section:
- Running the First Time Configuration Wizard in WebUI
- Running the First Time Configuration Wizard in CLI
After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system
and the Check Point products on it.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?t
opic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/112568

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

16.Where can you trigger a failover of the cluster members?
1. Log in to Security Gateway CLI and run command clusterXL_admin down.
2. In SmartView Monitor right-click the Security Gateway member and select Cluster member stop.
3. Log into Security Gateway CLI and run command cphaprob down.
A. 1, 2, and 3
B. 2 and 3
C. 1 and 2
D. 1 and 3
Answer: C
Explanation:
How to Initiate Failover

8 / 29

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

The safer , easier way to help you pass any IT exams.

15
6-

21

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7298.htm

U

pd
a

te

d

17.Which utility allows you to configure the DHCP service on GAIA from the command line?
A. ifconfig
B. dhcp_cfg
C. sysconfig
D. cpconfig
Answer: C
Explanation:
Sysconfig Configuration Options

9 / 29

S

A

R
80

E
xa
m

The safer , easier way to help you pass any IT exams.

Fo
r

C

he
ck

P

oi

nt

C

C

Refrence: https://sc1.checkpoint.com/documents/R76/CP_R76_Splat_AdminGuide/51548.htm
NOTE: Question must be wrong because no answer is possible for GAIA system, this must be SPLAT
version.
DHCP CLI configuration for GAIA reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73181.htm#o80096

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

18.Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
A. To satellites through center only
B. To center only
C. To center and to other satellites through center
D. To center, or through the center to other satellites, to internet and other VPN targets
Answer: D
Explanation:
On the VPN Routing page, enable the VPN routing for satellites section, by selecting one of these
options:
- To center and to other Satellites through center; this allows connectivity between Gateways; for example,
if the spoke Gateways are DAIP Gateways, and the hub is a Gateway with a static IP address
- To center, or through the center to other satellites, to Internet and other VPN targets; this allows
connectivity between the Gateways, as well as the ability to inspect all communication passing through
the hub to the Internet.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut
ionid=sk31021
19.Which product correlates logs and detects security threats, providing a centralized display of potential
attack patterns from all network devices?
A. SmartView Monitor
B. SmartEvent
C. SmartUpdate

10 / 29

The safer , easier way to help you pass any IT exams.

D. SmartDashboard
Answer: B
Explanation:
SmartEvent correlates logs from all Check Point enforcement points, including end-points, to identify
suspicious activity from the clutter. Rapid data analysis and custom event logs immediately alert
administrators to anomalous behavior such as someone attempting to use the same credential in multiple
geographies simultaneously.
Reference: https://www.checkpoint.com/products/smartevent/

P

oi

nt

C

C

S

A

R
80

E
xa
m

20.Assuming you have a Distributed Deployment, what will be the effect of running the following
command on the Security Management Server?

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

A. Remove the installed Security Policy.
B. Remove the local ACL lists.
C. No effect.
D. Reset SIC on all gateways.
Answer: A
Explanation:
This command uninstall actual security policy (already installed)
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/6751.htm

U

pd
a

te

d

15
6-

21

21.An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office.
Both offices are protected by Check Point Security Gateway managed by the same Security Management
Server. While configuring the VPN community to specify the pre-shared secret, the administrator found
that the check box to enable pre-shared secret is shared and cannot be enabled.
Why does it not allow him to specify the pre-shared secret?
A. IPsec VPN blade should be enabled on both Security Gateway.
B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point
Security Gateway.
C. Certificate based Authentication is the only authentication method available between two Security
Gateway managed by the same SMS.
D. The Security Gateways are pre-R75.40.
Answer: C
22.You are the senior Firewall administrator for ABC Corp., and have recently returned from a training
course on Check Point's new advanced R80 management platform. You are presenting an in-house
overview of the new features of Check Point R80 Management to the other administrators in ABC Corp.

11 / 29

The safer , easier way to help you pass any IT exams.

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

How will you describe the new “Publish” button in R80 Management Console?
A. The Publish button takes any changes an administrator has made in their management session,
publishes a copy to the Check Point of R80, and then saves it to the R80 database.
B. The Publish button takes any changes an administrator has made in their management session and
publishes a copy to the Check Point Cloud of R80 and but does not save it to the R80
C. The Publish button makes any changes an administrator has made in their management session
visible to all other administrator sessions and saves it to the Database.
D. The Publish button makes any changes an administrator has made in their management session
visible to the new Unified Policy session and saves it to the Database.
Answer: C
Explanation:
To make your changes available to other administrators, and to save the database before installing a
policy, you must publish the session. When you publish a session, a new database version is created.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R
80/CP_R80_SecMGMT/126197

U

pd
a

te

d

15
6-

21

5.
80

23.Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
A. High Availability
B. Load Sharing Multicast
C. Load Sharing Pivot
D. Master/Backup
Answer: B
Explanation:
ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster
members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to
the cluster, acting as a gateway, will reach all members in the cluster.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm
24.With the User Directory Software Blade, you can create R80 user definitions on a(an) ___________
Server.
A. NT domain
B. SMTP
C. LDAP

12 / 29

The safer , easier way to help you pass any IT exams.

D. SecurID
Answer: C
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R
80/CP_R80_SecMGMT/126197

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

25.Which of the following is NOT a component of a Distinguished Name?
A. Organizational Unit
B. Country
C. Common Name
D. User container
Answer: D
Explanation:
Distinguished Name Components CN=common name, OU=organizational unit, O=organization, L=locality,
ST=state or province, C=country name
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=doc
uments/R76/CP_R76_SecMan_WebAdmin/71950

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

26.What are the three authentication methods for SIC?
A. Passwords, Users, and standards-based SSL for the creation of secure channels
B. Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for
encryption
C. Packet Filtering, certificates, and 3DES or AES128 for encryption
D. Certificates, Passwords, and Tokens
Answer: B
Explanation:
Secure Internal Communication (SIC)
Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each
other. The SIC procedure creates a trusted status between gateways, management servers and other
Check Point components. SIC is required to install polices on gateways and to send logs between
gateways and management servers.
These security measures make sure of the safety of SIC:
- Certificates for authentication
- Standards-based SSL for the creation of the secure channel
- 3DES for encryption
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=doc
uments/R76/CP_R76_SecMan_WebAdmin/71950
27.You have enabled “Extended Log” as a tracking option to a security rule.
However, you are still not seeing any data type information.
What is the MOST likely reason?

13 / 29

The safer , easier way to help you pass any IT exams.

A. Logging has disk space issues. Change logging storage options on the logging server or Security
Management Server properties and install database.
B. Content Awareness is not enabled.
C. Identity Awareness is not enabled.
D. Log Trimming is enabled.
Answer: A
Explanation:
The most likely reason for the logs data to stop is the low disk space on the logging device, which can be
the Management Server or the Gateway Server.

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

28.What is the order of NAT priorities?
A. Static NAT, IP pool NAT, hide NAT
B. IP pool NAT, static NAT, hide NAT
C. Static NAT, automatic NAT, hide NAT
D. Static NAT, hide NAT, IP pool NAT
Answer: A
Explanation:
The order of NAT priorities is:
1. Static NAT
2. IP Pool NAT
3. Hide NAT Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority
than the other NAT methods.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm#o6919

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

29.Which of the following is an identity acquisition method that allows a Security Gateway to identify
Active Directory users and computers?
A. UserCheck
B. Active Directory Query
C. Account Unit Query
D. User Directory Query
Answer: B
Explanation:
AD Query extracts user and computer identity information from the Active Directory Security Event Logs.
The system generates a Security Event log entry when a user or computer accesses a network resource.
For example, this occurs when a user logs in, unlocks a screen, or accesses a network drive.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htm
30.Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server
Operating System. He can do this via WebUI or via CLI.
Which command should he use in CLI?
A. remove database lock
B. The database feature has one command: lock database override.
C. override database lock

14 / 29

The safer , easier way to help you pass any IT exams.

S

A

R
80

E
xa
m

D. The database feature has two commands: lock database overrideand unlock database. Both will work.
Answer: D
Explanation:
Use the database feature to obtain the configuration lock.
The database feature has two commands:
- lock database [override].
- unlock database
The commands do the same thing: obtain the configuration lock from another administrator.

oi

nt

C

C

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm#o73091

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

31.Examine the following Rule Base.

What can we infer about the recent changes made to the Rule Base?
A. Rule 7 was created by the 'admin' administrator in the current session
B. 8 changes have been made by administrators since the last policy installation
C. Te rules 1, 5 and 6 cannot be edited by the 'admin' administrator
D. Rule 1 and object webserver are locked by another administrator

15 / 29

The safer , easier way to help you pass any IT exams.

oi

nt

C

C

S

A

R
80

E
xa
m

Answer: D
Explanation:
On top of the print screen there is a number "8" which consists for the number of changes made and not
saved.
Session Management Toolbar (top of SmartConsole)

Fo
r

C

he
ck

P

Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R
80/CP_R80_SecMGMT/117948

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

32.ALPHA Corp has a new administrator who logs into the Gaia Portal to make some changes. He
realizes that even though he has logged in as an administrator, he is unable to make any changes
because all configuration options are greyed out as shown in the screenshot image below.

16 / 29

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

The safer , easier way to help you pass any IT exams.

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

What is the likely cause for this?
A. The Gaia /bin/confdis locked by another administrator from a SmartConsole session.
B. The database is locked by another administrator SSH session.
C. The Network address of his computer is in the blocked hosts.
D. The IP address of his computer is not in the allowed hosts.
Answer: B
Explanation:
There is a lock on top left side of the screen. B is the logical answer.

U

pd
a

te

33.Administrator Kofi has just made some changes on his Management Server and then clicks on the
Publish button in SmartConsole but then gets the error message shown in the screenshot below.

17 / 29

oi

nt

C

C

S

A

R
80

E
xa
m

The safer , easier way to help you pass any IT exams.

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

Where can the administrator check for more information on these errors?
A. The Log and Monitor section in SmartConsole
B. The Validations section in SmartConsole
C. The Objects section in SmartConsole
D. The Policies section in SmartConsole
Answer: B
Explanation:
Validation Errors
The validations pane in SmartConsole shows configuration error messages. Examples of errors are
object names that are not unique, and the use of objects that are not valid in the Rule Base. To publish,
you must fix the errors.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R
80/CP_R80_SecMGMT/126197

U

34.You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify
security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restrict all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Answer: B
35.Harriet wants to protect sensitive information from intentional loss when users browse to a specific
URL: https://personal.mymail.com, which blade will she enable to achieve her goal?
A. DLP
B. SSL Inspection

18 / 29

The safer , easier way to help you pass any IT exams.

E
xa
m

C. Application Control
D. URL Filtering
Answer: A
Explanation:
Check Point revolutionizes DLP by combining technology and processes to move businesses from
passive detection to active Data Loss Prevention. Innovative MultiSpect™ data classification combines
user, content and process information to make accurate decisions, while UserCheck™ technology
empowers users to remediate incidents in real time. Check Point’s self-educating network-based DLP
solution frees IT/security personnel from incident handling and educates users on proper data handling
policies— protecting sensitive corporate information from both intentional and unintentional loss.
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/DLP-software-bladedatasheet.pdf

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

36.To optimize Rule Base efficiency the most hit rules should be where?
A. Removed from the Rule Base.
B. Towards the middle of the Rule Base.
C. Towards the top of the Rule Base.
D. Towards the bottom of the Rule Base.
Answer: C
Explanation:
It is logical that if lesser rules are checked for the matched rule to be found the lesser CPU cycles the
device is using. Checkpoint match a session from the first rule on top till the last on the bottom.

15
6-

21

5.
80

S

tu
dy

G

ui
de

37.Which of the following is NOT a license activation method?
A. SmartConsole Wizard
B. Online Activation
C. License Activation Wizard
D. Offline Activation
Answer: A

U

pd
a

te

d

38.Which policy type has its own Exceptions section?
A. Thread Prevention
B. Access Control
C. Threat Emulation
D. Desktop Security
Answer: A
Explanation:
The Exceptions Groups pane lets you define exception groups. When necessary, you can create
exception groups to use in the Rule Base. An exception group contains one or more defined exceptions.
This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for
commonly required exceptions. You can choose to which rules you want to add exception groups. This
means they can be added to some rules and not to others, depending on necessity.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/82209.htm#o97030

19 / 29

The safer , easier way to help you pass any IT exams.

E
xa
m

39.By default, which port does the WebUI listen on?
B. 4434
C. 443
D. 8080
Answer: C
Explanation:
To configure Security Management Server on Gaia:
- Open a browser to the WebUI: https://<Gaia management IP address>
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_Gaia_IUG/html_frameset.htm?topic=documents/R8
0/CP_R80_Gaia_IUG/132120

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

40.When doing a Stand-Alone Installation, you would install the Security Management Server with which
other Check Point architecture component?
A. None, Security Management Server would be installed by itself.
B. SmartConsole
C. SecureClient
D. Security Gateway
Answer: D
Explanation:
There are different deployment scenarios for Check Point software products.
- Standalone Deployment - The Security Management Server and the Security Gateway are installed
on the same computer or appliance.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/86429.htm

U

pd
a

te

d

15
6-

21

5.
80

41.Which options are given on features, when editing a Role on Gaia Platform?
A. Read/Write, Read Only
B. Read/Write, Read Only, None
C. Read/Write, None
D. Read Only, None
Answer: B
Explanation:
Roles
Role-based administration (RBA) lets you create administrative roles for users. With RBA, an
administrator can allow Gaia users to access specified features by including those features in a role and
assigning that role to users. Each role can include a combination of administrative (read/write) access to
some features, monitoring (read-only) access to other features, and no access to other features. You can
also specify which access mechanisms (WebUI or the CLI) are available to the user.

Note - When users log in to the WebUI, they see only those features that they have read-only or
read/write access to. If they have read-only access to a feature, they can see the settings pages, but

20 / 29

The safer , easier way to help you pass any IT exams.

cannot change the settings.
Gaia includes these predefined roles:
- adminRole -Gives the user read/write access to all features.
- monitorRole-Gives the user read-only access to all features.
You cannot delete or change the predefined roles.

E
xa
m

Note - Do not define a new user for external users. An external user is one that is defined on an
authentication server (such as RADIUS or TACACS) and not on the local Gaia system.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?t
opic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/75930

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

42.What is the default time length that Hit Count Data is kept?
A. 3 month
B. 4 weeks
C. 12 months
D. 1 week
Answer: A
Explanation:
Reference:
https://community.checkpoint.com/t5/General-Topics/What-is-the-default-time-that-HIT-count-data-is-kept
in-R80/td-p/33636

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

43.Choose the Best place to find a Security Management Server backup file named backup_fw, on a
Check Point Appliance.
A. /var/log/Cpbackup/backups/backup/backup_fw.tgs
B. /var/log/Cpbackup/backups/backup/backup_fw.tar
C. /var/log/Cpbackup/backups/backups/backup_fw.tar
D. /var/log/Cpbackup/backups/backup_fw.tgz
Answer: D
Explanation:
Gaia's Backup feature allows backing up the configuration of the Gaia OS and of the Security
Management server database, or restoring a previously saved configuration.
The configuration is saved to a .tgz file in the following directory:

21 / 29

The safer , easier way to help you pass any IT exams.

Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve
ntSubmit_doGoviewsolutiondetails=&solutionid=sk91400
44.With which command can you view the running configuration of Gaia Operating system.
A. show conf-active
B. show configuration active
C. show configuration
D. show running-configuration
Answer: C

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

45.Which of the following is TRUE regarding Gaia command line?
A. Configuration changes should be done in mgmt_cli and use CLISH for monitoring. Expert mode is used
only for OS level tasks.
B. Configuration changes should be done in expert-mode and CLISH is used for monitoring.
C. Configuration changes should be done in mgmt-cli and use expert-mode for OS-level tasks.
D. All configuration changes should be made in CLISH and expert-mode should be used for OS-level
tasks.
Answer: D

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

46.If there are two administrators logged in at the same time to the SmartConsole, and there are objects
locked for editing, what must be done to make them available to other administrators?
A. Publish or discard the session.
B. Revert the session.
C. Save and install the Policy.
D. Delete older versions of database.
Answer: A
Explanation:
To make changes available to all administrators, and to unlock the objects and rules that are being edited,
the administrator must publish the session. To make your changes available to other administrators, and
to save the database before installing a policy, you must publish the session. When you publish a session,
a new database version is created. When you select Install Policy, you are prompted to publish all
unpublished changes. You cannot install a policy if the included changes are not published.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R
80/CP_R80_SecMGMT/126197
47.Which one of the following is the preferred licensing model?
A. Local licensing because it ties the package license to the IP-address of the gateway and has no
dependency of the Security Management Server.
B. Central licensing because it ties the package license to the IP-address of the Security Management
Server and has no dependency of the gateway.
C. Local licensing because it ties the package license to the MAC-address of the gateway management
interface and has no Security Management Server dependency.

22 / 29

The safer , easier way to help you pass any IT exams.

R
80

E
xa
m

D. Central licensing because it ties the package license to the MAC-address of the Security Management
Server Mgmt-interface and has no dependency of the gateway.
Answer: B
Explanation:
Central License A Central License is a license attached to the Security Management server IP address,
rather than the gateway IP address.
The benefits of a Central License are:
- Only one IP address is needed for all licenses.
- A license can be taken from one gateway and given to another.
- The new license remains valid when changing the gateway IP address. There is no need to create and
install a new license.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/13128.htm#o13527

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

48.Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the
systems this way, how many machines will he need if he does NOT include a SmartConsole machine in
his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Answer: C
Explanation:
One for Security Management Server and the other one for the Security Gateway.

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

49.A new license should be generated and installed in all of the following situations EXCEPT when
________ .
A. The license is attached to the wrong Security Gateway
B. The existing license expires
C. The license is upgraded
D. The IP address of the Security Management or Security Gateway has changed
Answer: A
Explanation:
There is no need to generate new license in this situation, just need to detach license from wrong Security
Gateway and attach it to the right one.
50.What is the default shell for the command line interface?
A. Expert
B. Clish
C. Admin
D. Normal
Answer: B
Explanation:
The default shell of the CLI is called clish Reference:

23 / 29

The safer , easier way to help you pass any IT exams.

https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

51.When you upload a package or license to the appropriate repository in SmartUpdate, where is the
package or license stored
A. Security Gateway
B. Check Point user center
C. Security Management Server
D. SmartConsole installed device
Answer: C
Explanation:
SmartUpdate installs two repositories on the Security Management server:
- License & Contract Repository, which is stored on all platforms in the directory $FWDIR\conf\.
- Package Repository, which is stored:
- on Windows machines in C:\SUroot.
- on UNIX machines in /var/suroot.
The Package Repository requires a separate license, in addition to the license for the Security
Management server. This license should stipulate the number of nodes that can be managed in
the Package Repository.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128
.htm#o13527

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

52.The tool _______ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Answer: C
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of
execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for
uploading files to Check Point servers). The CPinfo output file allows analyzing customer setups from a
remote location. Check Point support engineers can open the CPinfo file in a demo mode, while viewing
actual customer Security Policies and Objects. This allows the in-depth analysis of customer's
configuration and environment settings. When contacting Check Point Support, collect the cpinfo files
from the Security Management server and Security Gateways involved in your case.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut
ionid=sk92739
53.Which of the following commands can be used to remove site-to-site IPSEC Security Associations
(SA)?
A. vpn tu
B. vpn ipsec remove -l

24 / 29

The safer , easier way to help you pass any IT exams.

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

C. vpn debug ipsec
D. fw ipsec tu
Answer: A
Explanation:
vpn tu
Description Launch the TunnelUtil tool which is used to control VPN tunnels.
Usage vpn tu
vpn tunnelutil
Example vpn tu
Output

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/12467.htm#o12627
54.Which of the following is NOT an authentication scheme used for accounts created through
SmartConsole?
A. Security questions
B. Check Point password
C. SecurID
D. RADIUS
Answer: A

25 / 29

The safer , easier way to help you pass any IT exams.

Explanation:
Authentication Schemes:
- Check Point Password
- Operating System Password
- RADIUS
- SecurID
- TACAS
- Undefined
If a user with an undefined authentication scheme is matched to a Security Rule with some form of
authentication, access is always denied.

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

55.Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator
that requires full access to audit all configurations without modifying them?
A. Editor
B. Read Only All
C. Super User
D. Full Access
Answer: B
Explanation:
To create a new permission profile:
1. In SmartConsole, go to Manage & Settings > Permissions and Administrators > PermissionProfiles.
2. Click New Profile. The New Profile window opens.
3. Enter a unique name for the profile.
4. Select a profile type:
- Read/Write All - Administrators can make changes
- Auditor (Read Only All) - Administrators can see information but cannot make changes
- Customized -Configure custom settings
5. Click OK.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R
80/CP_R80_SecMGMT/124265

U

56.Packages and licenses are loaded from all of these sources EXCEPT
A. Download Center Web site
B. UserUpdate
C. User Center
D. Check Point DVD
Answer: B
Explanation:
Packages and licenses are loaded into these repositories from several sources:
- the Download Center web site (packages)
- the Check Point DVD (packages)
- the User Center (licenses)
- by importing a file (packages and licenses)

26 / 29

The safer , easier way to help you pass any IT exams.

- by running the cpliccommand line
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/13128.htm

R
80

E
xa
m

57.Which of the following technologies extracts detailed information from packets and stores that
information in state tables?
A. INSPECT Engine
B. Stateful Inspection
C. Packet Filtering
D. Application Layer Firewall
Answer: B
Explanation:
Reference: https://www.checkpoint.com/smb/help/utm1/8.2/7080.htm

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

58.On the following graphic, you will find layers of policies.

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

What is a precedence of traffic inspection for the defined polices?
A. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if
Implicit Drop Rule drops the packet, it comes next to IPS layer and then after accepting the packet it
passes to Threat Prevention layer.
B. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if
there is any rule which accepts the packet, it comes next to IPS layer and then after accepting the packet
it passes to Threat Prevention layer
C. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if
there is any rule which accepts the packet, it comes next to Threat Prevention layer and then after
accepting the packet it passes to IPS layer.
D. A packet arrives at the gateway, it is checked against the rules in IPS policy layer and then if it is
accepted then it comes next to the Network policy layer and then after accepting the packet it passes to
Threat Prevention layer.
Answer: B
Explanation:
To simplify Policy management, R80 organizes the policy into Policy Layers. A layer is a set of rules, or a
Rule Base.
For example, when you upgrade to R80 from earlier versions:
- Gateways that have the Firewall and the Application Control Software Blades enabled will have their
Access Control Policy split into two ordered layers: Network and Applications.
When the gateway matches a rule in a layer, it starts to evaluate the rules in the next layer.

27 / 29

The safer , easier way to help you pass any IT exams.

- Gateways that have the IPS and Threat Emulation Software Blades enabled will have their Threat
Prevention policies split into two parallel layers: IPS and Threat Prevention. All layers are evaluated in
parallel
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R
80/CP_R80_SecMGMT/126197

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

S

A

R
80

E
xa
m

59.Tina is a new administrator who is currently reviewing the new Check Point R80 Management console
interface.
In the Gateways view, she is reviewing the Summary screen as in the screenshot below.

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

What as an 'Open Server'?
A. Check Point software deployed on a non-Check Point appliance.
B. The Open Server Consortium approved Server Hardware used for the purpose of Security and
Availability.
C. A Check Point Management Server deployed using the Open Systems Interconnection (OSI) Server
and Security deployment model.
D. A Check Point Management Server software using the Open SSL.
Answer: A
Explanation:

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/index.html
60.Choose what BEST describes the Policy Layer Traffic Inspection.
A. If a packet does not match any of the inline layers, the matching continues to the next Layer.

28 / 29

The safer , easier way to help you pass any IT exams.

B. If a packet matches an inline layer, it will continue matching the next layer.
C. If a packet does not match any of the inline layers, the packet will be matched against the Implicit
Clean-up Rule.
D. If a packet does not match a Network Policy Layer, the matching continues to its inline layer.
Answer: B
Explanation:
Reference: https://community.checkpoint.com/thread/1092

S

A

R
80

E
xa
m

61.What are the three conflict resolution rules in the Threat Prevention Policy Layers?
A. Conflict on action, conflict on exception, and conflict on settings
B. Conflict on scope, conflict on settings, and conflict on exception
C. Conflict on settings, conflict on address, and conflict on exception
D. Conflict on action, conflict on destination, and conflict on settings
Answer: C

U

pd
a

te

d

15
6-

21

5.
80

S

tu
dy

G

ui
de

V

10
.0
2

Fo
r

C

he
ck

P

oi

nt

C

C

62.What does the “unknown” SIC status shown on SmartConsole mean?
A. The SMS can contact the Security Gateway but cannot establish Secure Internal Communication.
B. SIC activation key requires a reset.
C. The SIC activation key is not known by any administrator.
D. There is no connection between the Security Gateway and SMS.
Answer: D
Explanation:
The most typical status is Communicating. Any other status indicates that the SIC communication is
problematic. For example, if the SIC status is Unknown then there is no connection between the Gateway
and the Security Management server. If the SIC status is Not Communicating, the Security Management
server is able to contact the gateway, but SIC communication cannot be established.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=doc
uments/R76/CP_R76_SecMan_WebAdmin/118037

29 / 29


Related documents


untitled pdf document 1
156 215 80 exam questions updated demo 2018
156 215 80 exam dumps try latest 156 215 80 demo questions
issap exam dumps   isc2 information security exam questions pdf
untitled pdf document 21
7591x exam questions updated demo 2018


Related keywords