156-915.80

156-915.80 Check Point Certified Security Expert Update – R80.10 exam is a hot Check Point certification exam, Exam4Training offers you the latest free online 156-915.80 dumps to practice. You can get online training in the following questions, all these questions are verified by Check Point experts. If this exam changed, we will share new update questions.

Home » Check Point » 156-915.80
Certification Provider: Check Point
Exam Name: Check Point Certified Security Expert Update - R80.10
Exam Code: 156-915.80
Official Exam Time: 90 mins
Number of questions in the Official Exam: 90 Q&As
Latest update time in our database: September 25,2023
156-915.80 Official Exam Topics:
  • Topic1 :  Snapshot management
  • Topic2 :  Upgrade Tools /  Install Security Management Server
  • Topic3 :  Migrating Management server Data /  Management
  • Topic4 :  How a Security Server Works /  Using cpinfo
  • Topic5 :  Using tcpdump /  The Management High Availability Environment
  • Topic6 :  What SecureXL Does /  Session Rate Acceleration
  • Topic7 :  Masking the Source Port /  Factors that Preclude Acceleration
  • Topic8 :  Factors that Preclude Templating (Session Acceleration) /  Packet Flow
  • Topic9 :  Default Configuration /  Limitations of Authentication Flow
  • Topic10 :  Some LDAP Tools /  Creating the Active Directory Object in SmartDashboard
  • Topic11 :  Tunnel-Management Configuration /  VPN Tunnel Sharing Configuration
  • Topic12 :  vpn debug trunc /  Creating the Certificate
  • Topic13 :  Report Types /

The Correlation Unit performs all but which of the following actions:

Leave a comment

The Correlation Unit performs all but which of the following actions:
A . Marks logs that individually are not events, but may be part of a larger pattern to be identified later
B . Generates an event based on the Event policy
C . Assigns a severity level to the event
D . Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event

Answer: C

What are types of Check Point APIs available currently as part of R80.10 code?

Leave a comment

What are types of Check Point APIs available currently as part of R80.10 code?
A . Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API
B . Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
C . OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API
D . CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API

Answer: B

Explanation:

Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/ CP_R80_CheckPoint_API_ReferenceGuide.pdf? HashKey=1522171994_d7bae71a861bbc54c18c61420e586d77&xtn=.pdf

When synchronizing clusters, which of the following statements is FALSE?

Leave a comment

When synchronizing clusters, which of the following statements is FALSE?
A . The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.
B . Only cluster members running on the same OS platform can be synchronized.
C . In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
D . Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

Answer: D

Check Point recommends configuring Disk Space Management parameters to delete old log entities when available disk space is less than or equal to?

Leave a comment

Check Point recommends configuring Disk Space Management parameters to delete old log entities when available disk space is less than or equal to?
A . 50%
B . 75%
C . 80%
D . 15%

Answer: D

Explanation:

Reference: https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doGoviewsolutiondetails=&solutionid=sk110557

The “MAC magic” value must be modified under the following condition:

Leave a comment

The “MAC magic” value must be modified under the following condition:
A . There is more than one cluster connected to the same VLAN
B . A firewall cluster is configured to use Multicast for CCP traffic
C . There are more than two members in a firewall cluster
D . A firewall cluster is configured to use Broadcast for CCP traffic

Answer: D

Explanation:

Reference: https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977

In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

Leave a comment

In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A . Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B . Mail, Block Source, Block Destination, Block Services, SNMP Trap
C . Mail, Block Source, Block Destination, External Script, SNMP Trap
D . Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

Answer: A

Explanation:

These are the types of Automatic Reactions:

– Mail – tell an administrator by email that the event occurred. See Create a Mail Reaction.

– Block Source – instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a period of time from one minute to more than three weeks. See Create a Block Source Reaction

– Block Event activity – instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction.

– External Script – run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data.

– SNMP Trap – generate an SNMP Trap. See Create an SNMP Trap Reaction.

Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/ html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Leave a comment

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A . Stateful Mode
B . VPN Routing Mode
C . Wire Mode
D . Stateless Mode

Answer: C

Explanation:

Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".

Reference: https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doGoviewsolutiondetails=&solutionid=sk30974

Which component of SandBlast protection is her company using on a Gateway?

Leave a comment

Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_ report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.

Which component of SandBlast protection is her company using on a Gateway?
A . SandBlast Threat Emulation
B . SandBlast Agent
C . Check Point Protect
D . SandBlast Threat Extraction

Answer: D