156-915.80 | 10 Tips For Leading 156-915.80 vce


P.S. Approved 156-915.80 preparation are available on Google Drive, GET MORE: https://drive.google.com/open?id=1YYqgCO6ctCwcBVUFbQYMfHPbrQOvemUT


New Check Point 156-915.80 Exam Dumps Collection (Question 7 - Question 16)

Question No: 7

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:

Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original

u201cweb_public_IPu201d is the node object that represents the new Web serveru2021s public IP address. u201cweb_private_IPu201d is the node object that represents the new Web siteu2021s private IP address. You enable all settings from Global Properties > NAT.

When you try to browse the Web server from the Internet you see the error u201cpage cannot be displayedu201d. Which of the following is NOT a possible reason?

A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.

B. There is no ARP table entry for the protected Web serveru2021s public IP address.

C. There is no route defined on the Security Gateway for the public IP address to the Web serveru2021s private IP address.

D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Answer: D

Question No: 8

You are a Security Administrator who has installed Security Gateway R80 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partneru2021s access for HTTP and FTP only, you did the following:

1) Created manual Static NAT rules for the Web server.

2) Cleared the following settings in the Global Properties > Network Address Translation screen:

- Allow bi-directional NAT

- Translate destination on client side

Do the above settings limit the partneru2021s access?

A. Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

B. No. The first setting is not applicable. The second setting will reduce performance.

C. Yes. Both of these settings are only applicable to automatic NAT rules.

D. No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.

Answer: D

Question No: 9

Fill in the blank. To verify SecureXL statistics, you would use the command .

Answer:

fwaccel stats

Question No: 10

The Firewall kernel is replicated multiple times, therefore:

A. The Firewall kernel only touches the packet if the connection is accelerated

B. The Firewall can run different policies per core

C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

D. The Firewall can run the same policy on all cores

Answer: D

Explanation:

On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the Security Gateway process traffic through the same interfaces and apply the same security policy.

Question No: 11

To run GAiA in 64bit mode, which of the following is true?

1) Run set edition default 64-bit.

2) Install more than 4 GB RAM.

3) Install more than 4 TB of Hard Disk.

A. 1 and 3

B. 1 and 2

C. 2 and 3

D. 1, 2, and 3

Answer: B

Question No: 12

You are troubleshooting a HTTP connection problem. You've started fw monitor -o http.pcap. When you open http.pcap with Wireshark there is only one line. What is the most likely reason?

A. fw monitor was restricted to the wrong interface.

B. Like SmartView Tracker only the first packet of a connection will be captured by fw monitor.

C. By default only SYN pakets are captured.

D. Acceleration was turned on and therefore fw monitor sees only SYN.

Answer: D

Question No: 13

To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

A. Action

B. Source

C. User

D. Track

Answer: B

Question No: 14

What is the primary benefit of using the command upgrade_export over either backup or snapshot?

A. upgrade_export is operating system independent and can be used when backup or snapshot is not available.

B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.

C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.

D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.

Answer: A

Question No: 15

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of .

A. client side NAT

B. source NAT

C. destination NAT

D. None of these

Answer: B

Question No: 16

Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?

A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.

B. Put the one administrator in an Administrator group and configure this group in the specific Firewall

object in Advanced > Permission to Install.

C. In the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator.

D. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.

Answer: B

P.S. Easily pass 156-915.80 Exam with 2passeasy Approved Dumps & pdf vce, Try Free: https://www.2passeasy.com/dumps/156-915.80/ ( New Questions)