156-115.80 Online Practice Questions and Answers

Which is the correct "fw monitor" syntax for creating a capture file for loading it into WireShark?

A. fw monitor –e “accept ; “andgt;> Output.cap

B. This cannot be accomplished as it is not supported with R80.10

C. fw monitor –e “accept ;” –file Output.cap

D. fw monitor –e “accept ;” –o Output.cap

Of how many packets consists Main Mode in Phase 1?

A. Three packets

B. Four packets

C. Six packets

D. it depends on the encryption algorithm used. 3DES has three times more packets than DES encryption

When enabling hyper-threading on a Security Gateway, the administrator needs to make sure there is enough _______________ to support additional CoreXL Firewall instances.

A. drive space

B. cpu's

C. available cache

D. available memory

Which file would you need to make sure you collect when debugging a VPN that fails to establish that is configured to use IKEv2?

A. $FWDIR/log/ike2.elg

B. $FWDIR/log/vpnd.xml.v2

C. $FWDIR/log/ikev2.xml

D. $CPDIR/log/ike.elg

Where do Protocol parsers register themselves for IPS?

A. Passive Streaming Library

B. Other handlers register to Protocol parser

C. Protections database

D. Context Management Infrastructure

Which database domain stores URL filtering updates?

A. Threat Prevention Domain

B. Application Control domain

C. IPS Domain

D. Check Point Data Domain

Fill in the blank: The command ______________________ provides the most complete restoration of a R80 configuration.

A. upgrade_import

B. cpconfig

C. fwm dbimport –p

D. cpinfo -recover

You suspect that IPS protections may be dropping legitimate traffic by mistake. To reduce the false positives, what GuiDBedit parameter could you enable to work with fw ctl zdebug drop to generate a more elaborate drop message for these packets?

A. enable_inspect_debug_ips_compilation

B. inspect_ips_debug_inspection

C. enable_inspect_debug_compilation

D. enable_inspect_debug_ips

You have users complain that they have no Internet access. Additionally, you have different Policy Layers configured to control Network Access, Web Filtering and Content. From the SmartLog you notice drop logs with the reason CPEarlyDrop. What is the main cause of this?

A. Due to rulebase optimization, the connection is being blocked

B. In-Line layers with a clean-up rule must be used to optimize the rulebase

C. Ordered layers rulebase must contain a clean-up rule similar to main Access layer to avoid implicit drop and optimize the rulebase

D. This is the new implicit block in R80 gateways because there is no clean-up rule in at least one of the policy layers

An administrator is creating a new site-to-site VPN connection. The agreed settings are AES256 and SHA256. If Elliptic Curve type transforms are required then what can be specifically configured to achieve this level of security?

A. Protocol 50 with AES

B. Diffie-Hellman Group 20

C. Perfect Forward Secrecy

D. AH should replace ESP