156-215.80 Check-Point Exam Questions and Free Practice Test

Question 73

- (Exam Topic 1)
Vanessa is firewall administrator in her company; her company is using Check Point firewalls on central and remote locations, which are managed centrally by R80 Security Management Server. One central location has an installed R77.30 Gateway on Open server. Remote location is using Check Point UTM-1 570 series appliance with R71. Which encryption is used in Secure Internal Communication (SIC) between central management and firewall on each location?

A. On central firewall AES128 encryption is used for SIC, on Remote firewall 3DES encryption is used for SIC.

B. On both firewalls, the same encryption is used for SI

C. This is AES-GCM-256.

D. The Firewall Administrator can choose which encryption suite will be used by SIC.

E. On central firewall AES256 encryption is used for SIC, on Remote firewall AES128 encryption is used for SIC.

Correct Answer:A
Gateways above R71 use AES128 for SIC. If one of the gateways is R71 or below, the gateways use 3DES.

Question 74

- (Exam Topic 4)
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer.

A. fw ctl set int fwha vmac global param enabled

B. fw ctl get int fwha vmac global param enabled; result of command should return value 1

C. cphaprob –a if

D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Correct Answer:B

Question 75

- (Exam Topic 2)
What CLI utility allows an administrator to capture traffic along the firewall inspection chain?

A. show interface (interface) –chain

B. tcpdump

C. tcpdump /snoop

D. fw monitor

Correct Answer:D

Question 76

- (Exam Topic 2)
Fill in the blanks: A security Policy is created in ______, stored in the ______, and Distributed to the various ______.

A. Rule base, Security Management Server, Security Gateways

B. SmartConsole, Security Gateway, Security Management Servers

C. SmartConsole, Security Management Server, Security Gateways

D. The Check Point database, SmartConsole, Security Gateways

Correct Answer:C

Question 77

- (Exam Topic 4)
Which command shows the installed licenses?

A. cplic print

B. print cplic

C. fwlic print

D. show licenses

Correct Answer:A

Question 78

- (Exam Topic 4)
The SIC Status “Unknown” means

A. There is connection between the gateway and Security Management Server but it is not trusted.

B. The secure communication is established.

C. There is no connection between the gateway and Security Management Server.

D. The Security Management Server can contact the gateway, but cannot establish SIC.

Correct Answer:CExplanation:SICStatus
After the gateway receives the certificate issued by the ICA, the SIC status shows if the Security Management Server can communicate securely with this gateway:
Communicating - The secure communication is established.
Unknown - There is no connection between the gateway and Security Management Server.
Not Communicating - The Security Management Server can contact the gateway, but cannot establish SIC. A message shows more information.

START 156-215.80 EXAM