156-915.80 | Realistic Check Point 156-915.80 examcollection

Q6. Which of the following CLISH commands would you use to set the admin user's shell to bash?

A. set user admin shell bash

B. set user admin shell /bin/bash

C. set user admin shell = /bin/bash

D. set user admin /bin/bash

Answer: B

Q7. Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

A. mgmt_cli add-host u201cServer_1u201d ip_ address u201c10.15.123.10u201d u2013 format txt

B. mgmt_ cli add host name u201cServer_ 1u201d ip-address u201c10.15.123.10u201d u2013 format json

C. mgmt_ cli add object-host u201cServer_ 1u201d ip-address u201c10.15.123.10u201d u2013 format json

D. mgmt_cli add object u201cServer_ 1u201d ip-address u201c10.15.123.10u201d u2013 format json

Answer: B

Explanation: Example:

mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json

u2022 "--format json" is optional. By default the output is presented in plain text.

Q8. How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?

A. fw unload policy

B. fw unloadlocal

C. fw delete all.all@localhost

D. fwm unloadlocal

Answer: B

Q9. As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

A. in the user object's Authentication screen.

B. in the Gateway object's Authentication screen.

C. in the Limit tab of the Client Authentication Action Properties screen.

D. in the Global Properties Authentication screen.

Answer: C

Q10. Study the Rule base and Client Authentication Action properties screen -

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:

A. user is prompted for authentication by the Security Gateway again.

B. FTP data connection is dropped after the user is authenticated successfully.

C. user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication.

D. FTP connection is dropped by Rule 2.

Answer: C

Q11. What CLI command will reset the IPS pattern matcher statistics?

A. ips reset pmstat

B. ips pstats reset

C. ips pmstats refresh

D. ips pmstats reset

Answer: D

Explanation:

ips pmstats reset

Description - Resets the data that is collected to calculate the pmstat statistics. Usage - ips pmstats reset

Q12. The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?

A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.

B. Reinstall the Security Management Server and restore using upgrade_import.

C. Type fwm lock_admin -ua from the Security Management Server command line.

D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.

Answer: C

Q13. You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?

A. No action is needed because cpshell has a timeout of one hour by default.

B. Log in as the default user expert and start cpinfo.

C. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo.

D. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.

Answer: D

Q14. To provide full connectivity upgrade status, use command cphaprob fcustat

Q15. John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).

He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.

John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?

A. Investigate this as a network connectivity issue

B. Install the Identity Awareness Agent

C. Set static IP to DHCP

D. After enabling Identity Awareness, reboot the gateway

Answer: C