New Updated 156-215.80 Exam Questions from PassLeader 156-215.80 PDF dumps! Welcome to download the newest PassLeader 156-215.80 VCE dumps: https://www.passleader.com/156-215-80.html (497 Q&As)
Keywords: 156-215.80 exam dumps, 156-215.80 exam questions, 156-215.80 VCE dumps, 156-215.80 PDF dumps, 156-215.80 practice tests, 156-215.80 study guide, 156-215.80 braindumps, Check Point Certified Security Administrator (CCSA) R80 Exam
P.S. New 156-215.80 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpdm81T0hOX1ZpWGs
NEW QUESTION 476
What are the two types of NAT supported by the Security Gateway?
A. Destination and Hide
B. Hide and Static
C. Static and Source
D. Source and Destination
Answer: B
Explanation:
A Security Gateway can use these procedures to translate IP addresses in your network:
1. Static NAT – Each internal IP address is translated to a different public IP address. The Firewall can allow external traffic to access internal resources.
2. Hide NAT – The Firewall uses port numbers to translate all specified internal IP addresses to a single public IP address and hides the internal IP structure. Connections can only start from internal computers, external computers CANNOT access internal servers. The Firewall can translate up to 50,000 connections at the same time from external computers and servers.
3. Hide NAT with Port Translation – Use one IP address and let external users access multiple application servers in a hidden network. The Firewall uses the requested service (or destination port) to send the traffic to the correct server. A typical configuration can use these ports: FTP server (port 21), SMTP server (port 25) and an HTTP server (port 80). It is necessary to create manual NAT rules to use Port Translation.
https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm
NEW QUESTION 477
Which of the following is used to initially create trust between a Gateway and Security Management Server?
A. Internal Certificate Authority
B. Token
C. One-time Password
D. Certificate
Answer: C
Explanation:
To establish the initial trust, a gateway and a Security Management Server use a one-time password. After the initial trust is established, further communication is based on security certificates.
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/125443
NEW QUESTION 478
John is the administrator of a R80 Security Management server managing r R77.30 Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John’s changes available to other administrators, and to save the database before installing a policy, what must John do?
A. Logout of the session
B. File > Save
C. Install database
D. Publish the session
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/119225
NEW QUESTION 479
Fill in the bank: In Office mode, a Security Gateway assigns a remote client to an IP address once ____.
A. the user connects and authenticates
B. office mode is initiated
C. the user requests a connection
D. the user connects
Answer: A
Explanation:
Office Mode enables a Security Gateway to assign a remote client an IP address. The assignment takes place once the user connects and authenticates. The assignment lease is renewed as long as the user is connected.
https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13857.htm
NEW QUESTION 480
Which of the following is NOT a role of the SmartCenter?
A. Status monitoring
B. Policy configuration
C. Certificate authority
D. Address translation
Answer: C
Explanation:
http://www.checkfirewalls.com/datasheets/smartcenter_datasheet.pdf
NEW QUESTION 481
Which of the following is NOT a valid application navigation tab in the R80 SmartConsole?
A. Manage and Command Line
B. Logs and Monitor
C. Security Policies
D. Gateway and Servers
Answer: A
NEW QUESTION 482
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
A. Application Control
B. Threat Emulation
C. Anti-Virus
D. Advanced Networking Blade
Answer: B
NEW QUESTION 483
Fill in the blank: Back up and restores can be accomplished through ____.
A. SmartConsole, WebUI, or CLI
B. WebUI, CLI, or SmartUpdate
C. CLI, SmartUpdate, or SmartBackup
D. SmartUpdate, SmartBackup, or SmartConsole
Answer: A
Explanation:
https://community.checkpoint.com/thread/5375-checkpoint-gateway-firewall-backup-through-smart-console
NEW QUESTION 484
What is NOT an advantage of Stateful Inspection?
A. High Performance
B. Good Security
C. No Screening above Network layer
D. Transparency
Answer: A
NEW QUESTION 485
In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT what?
A. Upgrade the software version
B. Open WebUI
C. Open SSH
D. Open service request with Check Point Technical Support
Answer: C
NEW QUESTION 486
Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers?
A. Anti-Malware
B. IPS
C. Anti-bot
D. Anti-Spam
Answer: C
NEW QUESTION 487
When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?
A. Log, send snmp trap, email
B. Drop packet, alert, none
C. Log, alert, none
D. Log, allow packets, email
Answer: C
NEW QUESTION 488
What are the three deployment considerations for a secure network?
A. Distributed, Bridge Mode, and Remote
B. Bridge Mode, Remote, and Standalone
C. Remote, Standalone, and Distributed
D. Standalone, Distributed, and Bridge Mode
Answer: A
NEW QUESTION 489
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
A. All Connections (Clear or Encrypted)
B. Accept all encrypted traffic
C. Specific VPN Communities
D. All Site-to-Site VPN Communities
Answer: B
Explanation:
1. The first rule is the automatic rule for the Accept All Encrypted Traffic feature. The Firewalls for the Security Gateways in the BranchOffices and LondonOffices VPN communities allow all VPN traffic from hosts in clients in these communities. Traffic to the Security Gateways is dropped. This rule is installed on all Security Gateways in these communities.
2. Site to site VPN – Connections between hosts in the VPN domains of all Site to Site VPN communities are allowed. These are the only protocols that are allowed: FTP, HTTP, HTTPS and SMTP.
3. Remote access – Connections between hosts in the VPN domains of RemoteAccess VPN community are allowed. These are the only protocols that are allowed: HTTP, HTTPS, and IMAP.
https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92709.htm
NEW QUESTION 490
One of major features in R80 SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the same Security Policy?
A. A lock icon shows that a rule or an object is locked and will be available.
B. AdminA and AdminB are editing the same rule at the same time.
C. A lock icon next to a rule informs that any Administrator is working on this particular rule.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Answer: C
Explanation:
In SmartConsole, administrators work with sessions. A session is created each time an administrator logs into SmartConsole. Changes made in the session are saved automatically. These changes are private and available only to the administrator. To avoid configuration conflicts, other administrators see a lock icon on objects and rules that are being edited in other sessions.
http://downloads.checkpoint.com/dc/download.htm?ID=65846
NEW QUESTION 491
When should you generate new licenses?
A. Before installing contract files.
B. After an RMA procedure when the MAC address or serial number of the appliance changes.
C. When the existing license expires, license is upgraded or the IP-address where the license is tied changes.
D. Only when the license is upgraded.
Answer: B
NEW QUESTION 492
Fill in the blank: When a policy package is installed, ____ are also distributed to the target installation Security Gateways.
A. user and objects databases
B. network databases
C. SmartConsole databases
D. user databases
Answer: A
NEW QUESTION 493
Which Check Point software blade provides Application Security and identity control?
A. Identity Awareness
B. Data Loss Prevention
C. URL Filtering
D. Application Control
Answer: D
Explanation:
Check Point Application Control provides the industry’s strongest application security and identity control to organizations of all sizes.
https://www.checkpoint.com/products/application-control-software-blade/
NEW QUESTION 494
How are the backups stored in Check Point appliances?
A. Saved as *.tar under /var/log/CPbackup/backups
B. Saved as *.tgz under /var/CPbackup
C. Saved as *.tar under /var/CPbackup
D. Saved as *.tgz under /var/log/CPbackup/backups
Answer: B
Explanation:
Backup configurations are stored in: /var/CPbackup/backups/.
NEW QUESTION 495
You are going to perform a major upgrade. Which back up solution should you use to ensure your database can be restored on that device?
A. backup
B. logswitch
C. Database Revision
D. snapshot
Answer: D
Explanation:
The snapshot creates a binary image of the entire root (lv_current) disk partition. This includes Check Point products, configuration, and operating system. Starting in R77.10, exporting an image from one machine and importing that image on another machine of the same type is supported. The log partition is not included in the snapshot. Therefore, any locally stored FireWall logs will not be saved.
NEW QUESTION 496
……
Download the newest PassLeader 156-215.80 dumps from passleader.com now! 100% Pass Guarantee!
156-215.80 PDF dumps & 156-215.80 VCE dumps: https://www.passleader.com/156-215-80.html (497 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!)
P.S. New 156-215.80 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpdm81T0hOX1ZpWGs
