156-915.80 Online Practice Questions and Answers

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials?

A. Access Policy

B. Access Role

C. Access Rule

D. Access Certificate

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only

from John's desktop which is assigned a static IP address 10.0.0.19.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a

rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

What should John do when he cannot access the web server from a different personal computer?

A. John should lock and unlock his computer

B. Investigate this as a network connectivity issue

C. The access should be changed to authenticate the user instead of the PC

D. John should install the Identity Awareness Agent

Select the command set best used to verify proper failover function of a new ClusterXL configuration.

A. reboot

B. cphaprob -d failDevice -s problem -t 0 register / cphaprob -d failDevice unregister

C. clusterXL_admin down / clusterXL_admin up

D. cpstop/cpstart

Match the VPN-related terms with their definitions. Each correct term is only used once. Exhibit:

A. A-3, B-4, C-1, D-5

B. A-4, B-3, C-5, D-2

C. A-2, B-5, C-4, D-1

D. A-3, B-2, C-1, D-4

What is the purpose of a SmartEvent Correlation Unit?

A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server

B. The SmartEvent Correlation Unit's task it to assign severity levels to the identified events.

C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.

D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server

Which one of these is NOT a firewall chain?

A. RTM packet in (rtm)

B. VPN node add (vpnad)

C. IP Options restore (in) (ipopt_res)

D. Fw SCV inbound (scv)

Which web services protocol is used to communicate to the Check Point R80 identity Awareness Web APi?

A. SOAP

B. REST

C. XLANG

D. XML-RPC

What is the least ideal Synchronization Status for Security Management Server High Availability deployment?

A. Lagging

B. Synchronized

C. Never been synchronized

D. Collision

What is true about the IPS-Blade?

A. in R80, IPS is managed by the Threat Prevention Policy

B. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

C. in R80, IPS Exceptions cannot be attached to "all rules"

D. in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

The Check Point installation history feature in R80 provides the following:

A. View install changes and install specific version.

B. View install changes

C. Policy Installation Date, view install changes and install specific version

D. Policy Installation Date only