156-215.80 Check-Point Exam Questions and Free Practice Test

Question 49

- (Exam Topic 3)
Which R77 GUI would you use to see number of packets accepted since the last policy install?

A. SmartView Monitor

B. SmartView Tracker

C. SmartDashboard

D. SmartView Status

Correct Answer:A

Question 50

- (Exam Topic 4)
What two ordered layers make up the Access Control Policy Layer?

A. URL Filtering and Network

B. Network and Threat Prevention

C. Application Control and URL Filtering

D. Network and Application Control

Correct Answer:C

Question 51

- (Exam Topic 2)
Which information is included in the “Full Log” tracking option, but is not included in the “Log” tracking option?

A. file attributes

B. application information

C. destination port

D. data type information

Correct Answer:D
Network Log - Generates a log with only basic Firewall information: Source, Destination, Source Port,
Destination Port, and Protocol.
Log - Equivalent to the Network Log option, but also includes the application name (for example, Dropbox), and application information (for example, the URL of the Website). This is the default Tracking option.
Full Log - Equivalent to the log option, but also records data for each URL request made.
If suppression is not selected, it generates a complete log (as defined in pre-R80 management).
If suppression is selected, it generates an extended log(as defined in pre-R80 management).
None - Do not generate a log.

Question 52

- (Exam Topic 1)
ABC Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes that even though he has logged in as an administrator, he is unable to make any changes because all configuration options are greyed out as shown in the screenshot image below. What is the likely cause for this?
156-215.80 dumps exhibit

A. The Gaia /bin/confd is locked by another administrator from a SmartConsole session.

B. The database is locked by another administrator SSH session.

C. The Network address of his computer is in the blocked hosts.

D. The IP address of his computer is not in the allowed hosts.

Correct Answer:B
There is a lock on top left side of the screen. B is the logical answer.

Question 53

- (Exam Topic 4)
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

A. SND is a feature to accelerate multiple SSL VPN connections

B. SND is an alternative to IPSec Main Mode, using only 3 packets

C. SND is used to distribute packets among Firewall instances

D. SND is a feature of fw monitor to capture accelerated packets

Correct Answer:C

Question 54

- (Exam Topic 1)
Which of the following is NOT an integral part of VPN communication within a network?

A. VPN key

B. VPN community

C. VPN trust entities

D. VPN domain

Correct Answer:A
VPN key (to not be confused with pre-shared key that is used for authentication).
VPN trust entities, such as a Check Point Internal Certificate Authority (ICA). The ICA is part of the Check Point suite used for creating SIC trusted connection between Security Gateways, authenticating administrators and third party servers. The ICA provides certificates for internal Security Gateways and remote access clients which negotiate the VPN link.
VPN Domain - A group of computers and networks connected to a VPN tunnel by one VPN gateway that handles encryption and protects the VPN Domain members.
VPN Community - A named collection of VPN domains, each protected by a VPN gateway. References: http://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13868.htm

START 156-215.80 EXAM