156-915.80 | All About Simulation 156-915.80 pdf


P.S. Validated 156-915.80 item pool are available on Google Drive, GET MORE: https://drive.google.com/open?id=10nZGq46vgX7-YMephRQOtbIjmfJ8w6LL


New Check Point 156-915.80 Exam Dumps Collection (Question 3 - Question 12)

Q1. Which of the following items should be configured for the Security Management Server to authenticate via LDAP?

A. Check Point Password

B. Active Directory Server object

C. Windows logon password

D. WMI object

Answer: B

Q2. All R80 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

A. FTP

B. SMTP

C. HTTP

D. RLOGIN

Answer: B

Q3. When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of

A. Threat Emulation

B. HTTPS

C. QOS

D. VolP

Answer: D

Explanation:

The following types of traffic are not load-balanced by the CoreXL Dynamic Dispatcher (this traffic will always be handled by the same CoreXL FW instance):

VoIP VPN encrypted packets

Q4. Several Security Policies can be used for different installation targets. The Firewall protecting Human Resourcesu2021 servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?

A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.

B. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.

C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets.

D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.

Answer: C

Q5. John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway

policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

What should John do when he cannot access the web server from a different personal computer?

A. John should lock and unlock his computer

B. Investigate this as a network connectivity issue

C. The access should be changed to authenticate the user instead of the PC

D. John should install the Identity Awareness Agent

Answer: C

Q6. You are investigating issues with two gateway cluster members that are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

A. TCP port 443

B. TCP port 257

C. TCP port 256

D. UDP port 8116

Answer: C

Explanation:

Synchronization works in two modes:

Full sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection.

Delta sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP multicast or broadcast on port 8116.

Full sync is used for initial transfers of state information, for many thousands of connections. If a cluster member is brought up after being down, it will perform full sync. After all members are synchronized, only

updates are transferred via delta sync. Delta sync is quicker than full sync.

Q7. Can you implement a complete IPv6 deployment without IPv4 addresses?

A. No. SmartCenter cannot be accessed from everywhere on the Internet.

B. Yes. Only one TCP stack (IPv6 or IPv4) can be used at the same time.

C. Yes, There is no requirement for managing IPv4 addresses.

D. No. IPv4 addresses are required for management.

Answer: C

Q8. Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

A. This is an example of Hide NAT.

B. There is not enough information provided in the Wireshark capture to determine the NAT settings.

C. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.

D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Answer: D

Q9. Which command displays the installed Security Gateway version?

A. fw printver

B. fw ver

C. fw stat

D. cpstat -gw

Answer: B

Q10. You cannot use SmartDashboardu2021s User Directory features to connect to the LDAP server. What should you investigate?

1) Verify you have read-only permissions as administrator for the operating system.

2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.

3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.

A. 1, 2, and 3

B. 2 and 3

C. 1 and 2

D. 1 and 3

Answer: B

P.S. Easily pass 156-915.80 Exam with Surepassexam Validated Dumps & pdf vce, Try Free: https://www.surepassexam.com/156-915.80-exam-dumps.html ( New Questions)