A Review Of Tested 156-315.80 Exam

NEW QUESTION 1
The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______.

• A. TCP 18211
• B. TCP 257
• C. TCP 4433
• D. TCP 443

Answer: D

NEW QUESTION 2
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

• A. Analyzes each log entry as it arrives at the log server according to the Event Polic
• B. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
• C. Correlates all the identified threats with the consolidation policy.
• D. Collects syslog data from third party devices and saves them to the database.
• E. Connects with the SmartEvent Client when generating threat reports.

Answer: A

NEW QUESTION 3
Which is not a blade option when configuring SmartEvent?

• A. Correlation Unit
• B. SmartEvent Unit
• C. SmartEvent Server
• D. Log Server

Answer: B

Explanation:
On the Management tab, enable these Software Blades: References:

NEW QUESTION 4
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

• A. Pamela should check SecureXL status on DMZ Security gateway and if it’s turned O
• B. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.
• C. Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OF
• D. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.
• E. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.
• F. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

Answer: A

NEW QUESTION 5
Session unique identifiers are passed to the web api using which http header option?

• A. X-chkp-sid
• B. Accept-Charset
• C. Proxy-Authorization
• D. Application

Answer: C

NEW QUESTION 6
What component of R80 Management is used for indexing?

• A. DBSync
• B. API Server
• C. fwm
• D. SOLR

Answer: D

NEW QUESTION 7
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

• A. Check Point Remote User
• B. Check Point Capsule Workspace
• C. Check Point Mobile Web Portal
• D. Check Point Capsule Remote

Answer: C

NEW QUESTION 8
At what point is the Internal Certificate Authority (ICA) created?

• A. Upon creation of a certificate.
• B. During the primary Security Management Server installation process.
• C. When an administrator decides to create one.
• D. When an administrator initially logs into SmartConsole.

Answer: B

NEW QUESTION 9
If you needed the Multicast MAC address of a cluster, what command would you run?

• A. cphaprob –a if
• B. cphaconf ccp multicast
• C. cphaconf debug data
• D. cphaprob igmp

Answer: D

NEW QUESTION 10
Which of the SecureXL templates are enabled by default on Security Gateway?

• A. Accept
• B. Drop
• C. NAT
• D. None

Answer: D

NEW QUESTION 11
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

• A. cvpnd_restart
• B. cvpnd_restart
• C. cvpnd restart
• D. cvpnrestart

Answer: B

NEW QUESTION 12
Which of the following process pulls application monitoring status?

• A. fwd
• B. fwm
• C. cpwd
• D. cpd

Answer: D

NEW QUESTION 13
What is considered Hybrid Emulation Mode?

• A. Manual configuration of file types on emulation location.
• B. Load sharing of emulation between an on premise appliance and the cloud.
• C. Load sharing between OS behavior and CPU Level emulation.
• D. High availability between the local SandBlast appliance and the cloud.

Answer: B

NEW QUESTION 14
SmartEvent uses it's event policy to identify events. How can this be customized?

• A. By modifying the firewall rulebase
• B. By creating event candidates
• C. By matching logs against exclusions
• D. By matching logs against event rules

Answer: C

NEW QUESTION 15
What is the main difference between Threat Extraction and Threat Emulation?

• A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
• B. Threat Extraction always delivers a file and takes less than a second to complete.
• C. Threat Emulation never delivers a file that takes less than a second to complete.
• D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Answer: B

NEW QUESTION 16
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

• A. Accept Template
• B. Deny Template
• C. Drop Template
• D. NAT Template

Answer: B

NEW QUESTION 17
......