156-215.80 Online Practice Questions and Answers

Which two Identity Awareness commands are used to support identity sharing?

A. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

B. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)

C. Policy Manipulation Point (PMP) and Policy Activation Point (PAP)

D. Policy Activation Point (PAP) and Policy Decision Point (PDP)

You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?

A. The POP3 rule is disabled.

B. POP3 is accepted in Global Properties.

C. The POP3 rule is hidden.

D. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.

Which tool CANNOT be launched from SmartUpdate R77?

A. IP Appliance Voyager

B. snapshot

C. GAiA WebUI

D. cpinfo

Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?

A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

B. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.

C. Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.

D. Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.

Choose the correct statement regarding Implicit Rules.

A. To edit the Implicit rules you go to: Launch Button > Policy > Global Properties > Firewall.

B. Implied rules are fixed rules that you cannot change.

C. You can directly edit the Implicit rules by double-clicking on a specific Implicit rule.

D. You can edit the Implicit rules but only if requested by Check Point support personnel.

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his desktop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. 3) Changes from static IP address to DHCP for the client PC. What should John request when he cannot access the web server from his laptop?

A. John should lock and unlock his computer

B. Investigate this as a network connectivity issue

C. The access should be changed to authenticate the user instead of the PC

D. John should install the Identity Awareness Agent

Where can you trigger a failover of the cluster members?

1.

Log in to Security Gateway CLI and run command clusterXL_admin down.

2.

In SmartView Monitor right-click the Security Gateway member and select Cluster member down.

3.

Log into Security Gateway CLI and run command cphaprob down.

A. 1, 2, and 3

B. 2 and 3

C. 1 and 2

D. 1 and 3

Which of the following commands can be used to remove site-to-site IPSEC Security Associations (SA)?

A. vpn tu

B. vpn ipsec remove -l

C. vpn debug ipsec

D. fw ipsec tu

Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

A. Firewall

B. Application Control

C. Anti-spam and Email Security

D. Antivirus

Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ________ all traffic. However, in the Application Control policy layer, the default action is ________ all traffic.

A. Accept; redirect

B. Accept; drop

C. Redirect; drop

D. Drop; accept