156-915.80 Exam
Top Up to the minute 156-915.80 sample question Reviews!
Exam Code: 156-915.80 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Check Point Certified Security Expert Update - R80
Certification Provider: Check Point
Free Today! Guaranteed Training- Pass 156-915.80 Exam.
P.S. Free 156-915.80 dump are available on Google Drive, GET MORE: https://drive.google.com/open?id=1YYqgCO6ctCwcBVUFbQYMfHPbrQOvemUT
New Check Point 156-915.80 Exam Dumps Collection (Question 1 - Question 10)
Q1. How granular may an administrator filter an Access Role with identity awareness? Per:
A. Specific ICA Certificate
B. AD User
C. Radius Group
D. Windows Domain
Answer: B
Q2. Several Security Policies can be used for different installation targets. The Firewall protecting Human Resourcesu2021 servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.
B. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.
C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets.
D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.
Answer: C
Q3. MegaCorp is running Smartcenter R70, some Gateways at R65 and some other Gateways with R60. Management wants to upgrade to the most comprehensive IPv6 support. What should the administrator do first?
A. Upgrade Smartcenter to R80 first.
B. Upgrade R60-Gateways to R65.
C. Upgrade every unit directly to R80.
D. Check the ReleaseNotes to verify that every step is supported.
Answer: D
Q4. You cannot use SmartDashboardu2021s User Directory features to connect to the LDAP server. What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.
A. 1, 2, and 3
B. 2 and 3
C. 1 and 2
D. 1 and 3
Answer: B
Q5. The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
C. Once a user is first authenticated, the user will not be prompted for authentication again until logging
out.
D. You can limit the authentication attempts in the User Propertiesu2021 Authentication tab.
Answer: B
Q6. Which of the following tools is used to generate a Security Gateway R80 configuration report?
A. fw cpinfo
B. infoCP
C. cpinfo
D. infoview
Answer: C
Q7. John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway
policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
A. John should lock and unlock his computer
B. Investigate this as a network connectivity issue
C. The access should be changed to authenticate the user instead of the PC
D. John should install the Identity Awareness Agent
Answer: C
Q8. Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.
B. Configure Automatic Static NAT on network 10.10.20.0/24.
C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
D. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.
Answer: C
Q9. You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gatewayu2021s external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ serversu2021 public IP addresses?
A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZu2021s interface.
Answer: B
Q10. When deploying multiple clustered firewalls on the same subnet, what does the firewall administrator need to configure to prevent CCP broadcasts being sent to the wrong cluster?
A. Set the fwha_mac_magic_forward parameter in the $CPDIR/boot/modules/ha_boot. conf
B. Set the fwha_mac_magic parameter in the $FWDIR/boot/fwkern.conf file
C. Set the cluster global ID using the command u201ccphaconf cluster_id set <value>u201d
D. Set the cluster global ID using the command u201cfw ctt set cluster_id <value>u201d
Answer: C
P.S. Easily pass 156-915.80 Exam with Allfreedumps Free Dumps & pdf vce, Try Free: https://www.allfreedumps.com/156-915.80-dumps.html ( New Questions)