New 2021 Guaranteed Success with ActualCollection 156-215.80 Dumps CheckPoint PDF Questions
Exceptional Practice To Check Point Certified Security Administrator R80 Pass the First Time
NEW QUESTION 202
Which command is used to add users to or from existing roles?
- A. Add user <User Name> roles <List>
- B. Add user <User Name>
- C. Add rba user <User Name> roles <List>
- D. Add rba user <User Name>
Answer: C
Explanation:
Explanation
Configuring Roles - CLI (rba)
References:
NEW QUESTION 203
Which of the following methods can be used to update the trusted log server regarding the policy and
configuration changes performed on the Security Management Server?
- A. Save Policy
- B. Save session
- C. Install Policy
- D. Install Database
Answer: C
NEW QUESTION 204
What CLI utility allows an administrator to capture traffic along the firewall inspection chain?
- A. tcpdump
- B. tcpdump /snoop
- C. fw monitor
- D. show interface (interface) -chain
Answer: C
NEW QUESTION 205
The Captive Portal tool:
- A. Acquires identities from unidentified users.
- B. Is only used for guest user authentication.
- C. Allows access to users already identified.
- D. Is deployed from the Identity Awareness page in the Global Properties settings.
Answer: A
NEW QUESTION 206
At what point is the Internal Certificate Authority (ICA) created?
- A. When an administrator decides to create one.
- B. When an administrator initially logs into SmartConsole.
- C. Upon creation of a certificate
- D. During the primary Security Management Server installation process.
Answer: D
Explanation:
Explanation
Introduction to the ICA
The ICA is a Certificate Authority which is an integral part of the Check Point product suite. It is fully
compliant with X.509 standards for both certificates and CRLs. See the relevant X.509 and PKI
documentation, as well as RFC 2459 standards for more information. You can read more about Check Point
and PKI in the R76 VPN Administration Guide.
The ICA is located on the Security Management server. It is created during the installation process, when the
Security Management server is configured.
NEW QUESTION 207
Two administrators Dave and Jon both manage R80 Management as administrators for ABC Corp. Jon logged
into the R80 Management and then shortly after Dave logged in to the same server. They are both in the
Security Policies view. From the screenshots below, why does Dave not have the rule no.6 in his
SmartConsole view even though Jon has it his in his SmartConsole view?
- A. Jon is currently editing rule no.6 but has Published part of his changes.
- B. Jon is currently editing rule no.6 but has not yet Published his changes.
- C. Dave is currently editing rule no.6 and has marked this rule for deletion.
- D. Dave is currently editing rule no.6 and has deleted it from his Rule Base.
Answer: B
Explanation:
Explanation
When an administrator logs in to the Security Management Server through SmartConsole, a new editing
session starts. The changes that the administrator makes during the session are only available to that
administrator. Other administrators see a lock icon on object and rules that are being edited. To make changes
available to all administrators, and to unlock the objects and rules that are being edited, the administrator must
publish the session.
NEW QUESTION 208
Fill in the blank: Authentication rules are defined for ____________.
- A. Users using UserCheck
- B. Individual users
- C. All users in the database
- D. User groups
Answer: D
NEW QUESTION 209
ABC Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes that even though he has logged in as an administrator, he is unable to make any changes because all configuration options are greyed out as shown in the screenshot image below. What is the likely cause for this?
- A. The IP address of his computer is not in the allowed hosts.
- B. The Gaia /bin/confdis locked by another administrator from a SmartConsole session.
- C. The database is locked by another administrator SSH session.
- D. The Network address of his computer is in the blocked hosts.
Answer: C
Explanation:
Explanation/Reference:
Explanation: There is a lock on top left side of the screen. B is the logical answer.
NEW QUESTION 210
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
- A. Install appliance TE250X on SpanPort on LAN switch in MTA mode
- B. You can utilize only Check Point Cloud Services for this scenario
- C. Install appliance TE250X in standalone mode and setup MTA
- D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance
Answer: B
Explanation:
Reference:
http://dl3.checkpoint.com/paid/f2/f2faf02dba06acad8cc4c57833593df6/
CP_TE100X_TE250X_Appliance_GettingStartedGuide.pdf?
HashKey=1517091196_a292abdde351bbdb4b3d28e82654b240&xtn=.pdf
NEW QUESTION 211
Which option in a firewall rule would only match and allow traffic to VPN gateways for one Community in common?
- A. All Site-to-Site VPN Communities
- B. Specific VPN Communities
- C. All Connections (Clear or Encrypted)
- D. Accept all encrypted traffic
Answer: B
NEW QUESTION 212
Which of the following Windows Security Events will NOT map a username to an IP address in Identity
Awareness?
- A. Account Logon
- B. Kerberos Ticket Renewed
- C. Kerberos Ticket Timed Out
- D. Kerberos Ticket Requested
Answer: C
NEW QUESTION 213
In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway.
- A. True, Central Licenses can be installed with CPLIC command on a Security Gateway
- B. False, Central Licenses are installed via Gaia on Security Gateways
- C. False, Central Licenses are handled via Security Management Server
- D. True, CLI is the preferred method for Licensing
Answer: A
NEW QUESTION 214
Which message indicates IKE Phase 2 has completed successfully?
- A. Main Mode Complete
- B. Aggressive Mode Complete
- C. Quick Mode Complete
- D. IKE Mode Complete
Answer: C
NEW QUESTION 215
What are the two types of address translation rules?
- A. Manipulated packet and original packet
- B. Translated packet and untranslated packet
- C. Untranslated packet and manipulated packet
- D. Original packet and translated packet
Answer: D
Explanation:
NAT Rule Base
The NAT Rule Base has two sections that specify how the IP addresses are translated:
NEW QUESTION 216
Which command is used to obtain the configuration lock in Gaia?
- A. Unlock database override
- B. Unlock database lock
- C. Lock database override
- D. Lock database user
Answer: C
Explanation:
Obtaining a Configuration Lock
* lock database override
* unlock database
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm#o73091
NEW QUESTION 217
Which Check Point software blade provides protection from zero-day and undiscovered threats?
- A. Threat Emulation
- B. Threat Extraction
- C. Firewall
- D. Application Control
Answer: B
Explanation:
SandBlast Threat Emulation
As part of the Next Generation Threat Extraction software bundle (NGTX), the SandBlast
Threat Emulation capability prevents infections from undiscovered exploits zero-day and targeted attacks.
This innovative solution quickly inspects files and runs them in a virtual sandbox to discover malicious behavior.
Discovered malware is prevented from entering the network.
NEW QUESTION 218
By default, which port does the WebUI listen on?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
Explanation:
Explanation
To configure Security Management Server on Gaia:
* Open a browser to the WebUI: https://
NEW QUESTION 219
......
156-215.80 EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.actualcollection.com/156-215.80-exam-questions.html
Best Quality CheckPoint 156-215.80 Exam Questions: https://drive.google.com/open?id=1TWjg0noqZ7lB7c7neOlYqQA5q4iQ1m0B