Académique Documents
Professionnel Documents
Culture Documents
80
Question #:1
You have existing dbedit scripts from R77. Can you use them with R80.10?
C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers
Answer: D
Question #:2
When installing a dedicated R80 SmartEvent server. What is the recommended size of the root partition?
A. Any size
D. At least 20GB
Answer: D
Question #:3
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default
Log Server uses port:
A. 18210
B. 18184
C. 257
D. 18191
Answer: B
Question #:4
1 of 92
Checkpoint - 156-315.80
When requiring certificates for mobile devices, make sure the authentication method is set to one of the
following, Username and Password, RADIUS or _______.
A. SecureID
B. SecurID
C. Complexity
D. TacAcs
Answer: B
Question #:5
An administrator would like to troubleshoot why templating is not working for some traffic. How can he
determine at which rule templating is disabled?
C. He can use the fwaccel stat command on the Security Management Server.
Answer: D
Question #:6
A. It is not supported with either the Performance pack of a hardware based accelerator card
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
Answer: A
Question #:7
2 of 92
Checkpoint - 156-315.80
Answer: B
Question #:8
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
Answer: B
Question #:9
From SecureXL perspective, what are the tree paths of traffic flow:
Answer: D
Question #:10
A. The Firewall kernel only touches the packet if the connection is accelerated
B.
3 of 92
Checkpoint - 156-315.80
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times
out
Answer: D
Explanation
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated
copy, or instance, runs on one processing core. These instances handle traffic concurrently, and each instance
is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the
Security Gateway process traffic through the same interfaces and apply the same security policy.
Question #:11
Check Point Management (cpm) is the main management process in that it provides the architecture for a
consolidates management console. CPM allows the GUI client and management server to communicate via
web services using ___________.
Answer: A
Question #:12
You want to store the GAIA configuration in a file for later reference. What command should you use?
Answer: D
4 of 92
Checkpoint - 156-315.80
Question #:13
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS) images
Answer: A
Question #:14
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
Answer: C
Question #:15
What are the different command sources that allow you to communicate with the API server?
Answer: B
Question #:16
Which of the following authentication methods ARE NOT used for Mobile Access?
5 of 92
Checkpoint - 156-315.80
A. RADIUS server
C. SecurID
D. TACACS+
Answer: D
Question #:17
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090,22
B. 19190,22
C. 18190,80
D. 19009,443
Answer: D
Question #:18
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify
security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Answer: B
Question #:19
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
6 of 92
Checkpoint - 156-315.80
B. This statement is false because SecureXL does not improve this traffic but CoreXL does.
Answer: C
Explanation
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by
nearly an order-of-magnitude- particularly for small packets flowing in long duration connections.
Question #:20
A. 2
B. 1
C. 4
D. 6
Answer: B
Question #:21
A. TCP 857
B. TCP 18192
C. TCP 900
D. TCP 19009
Answer: D
Question #:22
A. fwm
7 of 92
Checkpoint - 156-315.80
B. cpmd
C. cpm
D. cpd
Answer: C
Question #:23
Fill in the blank: The R80 utility fw monitor is used to troubleshoot ________.
B. LDAP conflicts
C. Traffic issues
Answer: C
Explanation
Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW
Monitor utility captures network packets at multiple capture points along the FireWall inspection chains.
These captured packets can be inspected later using the WireShark
Question #:24
B. A log entry becomes an event when it matches any rule defined in Event Policy
Answer: B
Question #:25
8 of 92
Checkpoint - 156-315.80
C. From SmartDashboard
Answer: A
Question #:26
When gathering information about a gateway using CPINFO, what information is included or excluded when
using the “-x” parameter?
Answer: B
Question #:27
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check
Point Security Gateway?
C. You can utilize only Check Point Cloud Services for this scenario.
D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.
Answer: C
Question #:28
A.
9 of 92
Checkpoint - 156-315.80
A. Stateful Packets
B. No Match
C. All Packets
D. Stateless Packets
Answer: C
Question #:29
Answer: B
Question #:30
GAiA Software update packages can be imported and installed offline in situation where:
A. Security Gateway with GAiA does NOT have SFTP access to Internet
C. Security Gateway with GAiA does NOT have SSH access to Internet.
D. The desired CPUSE package is ONLY available in the Check Point CLOUD.
Answer: B
Question #:31
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were
dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to
use Priorities Queues and fully enable Dynamic Dispatcher. How can you enable them?
10 of 92
Checkpoint - 156-315.80
Answer: C
Question #:32
A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to
the SmartEvent Server.
B. The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.
C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats
and convert them to events.
D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.
Answer: C
Question #:33
Which is the least ideal Synchronization Status for Security Management Server High Availability
deployment?
A. Synchronized
C. Lagging
D. Collision
Answer: D
Question #:34
A. The number of cores must be the same on every participating cluster node
11 of 92
Checkpoint - 156-315.80
D. If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all
cluster members
Answer: B
Question #:35
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI
command?
A. fw ctl sdstat
B. fw ctl affinity –l a –r –v
D. cpinfo
Answer: B
Question #:36
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed
by remote users and define the actions that users can perform the applications. Mobile Access encrypts all
traffic using:
A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to
access the native applications, they need to install the SSL. Network Extender.
B. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to
access the native application, they need to install the SSL. Network Extender.
C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to
access the native applications, no additional software is required.
D. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to
access the native application, no additional software is required.
Answer: A
Question #:37
12 of 92
Checkpoint - 156-315.80
A. By default the API-server is activated and does not have hardware requirements.
B. By default the API-server is not active and should be activated from the WebUI.
C. By default the API server is active on management and stand-alone servers with 16GB of RAM (or
more).
D. By default, the API server is active on management servers with 4 GB of RAM (or more) and on
stand-alone servers with 8GB of RAM (or more).
Answer: D
Question #:38
B. Automation involves the process of coordinating an exchange of information through web service
interactions such as XML and JSON, but orchestration does not involve processes.
C. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and
puts them all together into a process workflow.
Answer: A
Question #:39
A. Checkpoint Mobile
C. SecuRemote
Answer: D
13 of 92
Checkpoint - 156-315.80
Question #:40
A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview
Answer: B
Question #:41
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now
requires a Check Point Firewall to be installed in Sydney, Australia.
A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of
this.
B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection
Answer: C
Explanation
References:
Question #:42
B. Go to Application&url filtering blade > Advanced > Https Inspection > Policy
14 of 92
Checkpoint - 156-315.80
Answer: A
Question #:43
Answer: B
Question #:44
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You
then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show
down. What command do you run to determine the cause?
A. cphaprob –f register
B. cphaprob –d –s report
C. cpstat –f all
D. cphaprob –a list
Answer: D
Question #:45
A. Gateway API
B. Management API
C. OPSC SDK
15 of 92
Checkpoint - 156-315.80
Answer: A
Question #:46
As an administrator, you may be required to add the company logo to reports. To do this, you would save the
logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory
on the SmartEvent server?
A. SFWDIR/smartevent/conf
B. $RTDIR/smartevent/conf
C. $RTDIR/smartview/conf
D. $FWDIR/smartview/conf
Answer: C
Question #:47
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
Answer: B
Explanation
On the Management tab, enable these Software Blades:
Question #:48
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway
is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
A. Slow Path
B. Medium Path
C. Fast Path
16 of 92
Checkpoint - 156-315.80
D. Accelerated Path
Answer: A
Question #:49
You want to verify if your management server is ready to upgrade to R80.10. What tool could you use in this
process?
A. migrate export
B. upgrade_tools verify
C. pre_upgrade_verifier
D. migrate import
Answer: C
Question #:50
A. fwd
B. cpwd
C. fwm
D. cpd
Answer: A
Question #:51
A. Marks logs that individually are not events, but may be part of a larger pattern to be identified later.
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an
17 of 92
Checkpoint - 156-315.80
D.
ongoing event.
Answer: C
Question #:52
What kind of information would you expect to see using the sim affinity command?
B. The involved firewall kernel modules in inbound and outbound packet chain
Answer: D
Question #:53
Both ClusterXL and VRRP are fully supported by Gaia R80.10 and available to all Check Point appliances.
Which the following command is NOT related to redundancy and functions?
A. cphaprob stat
B. cphaprob –a if
C. cphaprob –l list
Answer: D
Question #:54
D. OPSEC SDK
18 of 92
Checkpoint - 156-315.80
Answer: C
Question #:55
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
A. Lagging
B. Synchronized
D. Collision
Answer: B
Question #:56
C. Create products that use and enhance the Check Point solution
Answer: B
Question #:57
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and
several remote locations which are managed centrally by R77.30 Security Management Server. On central
location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570
series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available
firmware. She is in process of migrating to R80.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R80?
19 of 92
Checkpoint - 156-315.80
Answer: A
Question #:58
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point
R80.10 SmartConsole application?
Answer: C
Question #:59
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular
service and whose sole differentiating element is the source port. The type of grouping enables even the very
first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same
service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of
the these is NOT a SecureXL template?
A. Accept Template
B. Deny Template
C. Drop Template
D. NAT Template
Answer: B
Question #:60
B. Ensure the Check Point SandBlast services is running on the end user’s system
20 of 92
Checkpoint - 156-315.80
C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with
the network
Answer: C
Question #:61
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
A. Threat Emulation
B. HTTPS
C. QOS
D. VoIP
Answer: D
Question #:62
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
B. fw ctl pstat
D. show connections
Answer: B
Question #:63
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset
every
A. 15 sec
B. 60 sec
C. 5 sec
21 of 92
Checkpoint - 156-315.80
D. 30 sec
Answer: B
Question #:64
A. DBSync
B. API Server
C. fwm
D. SOLR
Answer: D
Question #:65
The system administrator of a company is trying to find out why acceleration is not working for the traffic.
The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?
Answer: D
Question #:66
What is the name of the secure application for Mail/Calendar for mobile devices?
A. Capsule Workspace
B. Capsule Mail
C. Capsule VPN
22 of 92
Checkpoint - 156-315.80
D. Secure Workspace
Answer: A
Question #:67
A. SmartEvent Maps
B. SmartEvent
C. Identity Awareness
D. SmartConsole Toolbars
Answer: A
Question #:68
Which file contains the host address to be published, the MAC address that needs to be associated with the IP
Address, and the unique IP of the interface that responds to ARP request?
A. /opt/CPshrd-R80/conf/local.arp
B. /var/opt/CPshrd-R80/conf/local.arp
C. $CPDIR/conf/local.arp
D. $FWDIR/conf/local.arp
Answer: D
Question #:69
In a Client to Server scenario, which represents that the packet has already checked against the tables and the
Rule Base?
A. Big l
B. Little o
C. Little i
D.
23 of 92
Checkpoint - 156-315.80
D. Big O
Answer: D
Question #:70
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint
D. SmartDashboard
Answer: A
Question #:71
Answer: D
Question #:72
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication
method?
A. Dynamic ID
B. RADIUS
D. Certificate
24 of 92
Checkpoint - 156-315.80
Answer: A
Question #:73
Answer: D
Question #:74
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal
website, file share and emails?
Answer: C
Question #:75
Which file gives you a list of all security servers in use, including port number?
A. $FWDIR/conf/conf.conf
B. $FWDIR/conf/servers.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/conf/serversd.conf
Answer: C
25 of 92
Checkpoint - 156-315.80
Question #:76
Answer: C
Question #:77
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control
Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and
risk levels.
Answer: A
Question #:78
A. Accept
B. Drop
C. NAT
D. None
Answer: D
26 of 92
Checkpoint - 156-315.80
Question #:79
With SecureXL enabled, accelerated packets will pass through the following:
A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
B. Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device
D. Network Interface Card, OSI Network Layer, and the Acceleration Device
Answer: C
Question #:80
A. Once a week
B. Once an hour
Answer: D
Question #:81
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
A. fwm compile
B. fwm load
C. fwm fetch
D. fwm install
Answer: B
Question #:82
During inspection of your Threat Prevention logs you find four different computers having one event each
27 of 92
Checkpoint - 156-315.80
with a Critical Severity. Which of those hosts should you try to remediate first?
Answer: D
Question #:83
A. The Database revisions will not be synchronized between the management servers
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow
FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you
wanted to employ Virtual Routers instead, you have to reconsider your design.
Answer: A
Question #:84
A. That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an
RSA Authentication Manager.
B. Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.
C. Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.
D. You can make sure that documents are sent to the intended recipients only.
Answer: C
Question #:85
28 of 92
Checkpoint - 156-315.80
B. Manual/Pre-Automatic NAT
Answer: B
Question #:86
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
Answer: D
Question #:87
C. sysmess all
Answer: D
Question #:88
29 of 92
Checkpoint - 156-315.80
B. In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
D. In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Answer: A
Question #:89
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a
device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
A. 3
B. 2
C. 1
D. 4
Answer: D
Question #:90
A. fwd
B. fwm
C. cpwd
D. cpd
Answer: D
Question #:91
30 of 92
Checkpoint - 156-315.80
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondary Smartcenter
B. active Smartenter
D. primary Smartcenter
Answer: B
Question #:92
A. Security policy
B. Inbound chain
C. Outbound chain
Answer: A
Question #:93
What command can you use to have cpinfo display all installed hotfixes?
A. cpinfo -hf
B. cpinfo –y all
C. cpinfo –get hf
D. cpinfo installed_jumbo
Answer: B
Question #:94
What is correct statement about Security Gateway and Security Management Server failover in Check Point
R80.X in terms of Check Point Redundancy driven solution?
A.
31 of 92
Checkpoint - 156-315.80
A. Security Gateway failover is an automatic procedure but Security Management Server failover is a
manual procedure.
B. Security Gateway failover as well as Security Management Server failover is a manual procedure.
C. Security Gateway failover is a manual procedure but Security Management Server failover is an
automatic procedure.
D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.
Answer: A
Question #:95
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
Answer: C
Question #:96
B. Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.
C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
Answer: A
Question #:97
A. fwm
32 of 92
Checkpoint - 156-315.80
B. cpd
C. cpwd
D. fwssd
Answer: C
Question #:98
A. Incoming
B. Internal
C. External
D. Outgoing
Answer: D
Question #:99
A. fwaccel status
B. fwaccel stats -m
C. fwaccel -s
D. fwaccel stat
Answer: D
Explanation
To check overall SecureXL status:
Question #:100
What cloud-based SandBlast Mobile application is used to register new devices and users?
33 of 92
Checkpoint - 156-315.80
B. Management Dashboard
Answer: D
Question #:101
A. Gateway API
B. Management API
C. OPSEC SDK
Answer: A
Question #:102
To add a file to the Threat Prevention Whitelist, what two items are needed?
Answer: B
Question #:103
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
B. Threat Extraction always delivers a file and takes less than a second to complete.
34 of 92
Checkpoint - 156-315.80
C. Threat Emulation never delivers a file that takes less than a second to complete.
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
Answer: B
Question #:104
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
Answer: C
Explanation
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of
IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic,
while avoiding any impact on the flow of traffic.
Question #:105
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA
management CLI?
Answer: D
Question #:106
35 of 92
Checkpoint - 156-315.80
A. SmartEvent Server
B. Correlation Unit
C. Log Consolidator
D. Log Server
Answer: C
Question #:107
3. Manual/Pre-Automatic NAT
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
Answer: A
Question #:108
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
Answer: D
36 of 92
Checkpoint - 156-315.80
Question #:109
Answer: C
Question #:110
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check
Point Enterprise Appliances using GAiA/R80.10. Company’s Developer Team is having random access issue
to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security
Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela
decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved
Maintenance window. What do you recommend as the best suggestion for Pamela to make sure she
successfully captures entire traffic in context of Firewall and problematic traffic?
A. Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn
OFF SecureXL before using fw monitor to avoid misleading traffic captures.
B. Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should
turn ON SecureXL before using fw monitor to avoid misleading traffic captures.
C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire
traffic.
D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire
traffic.
Answer: A
Question #:111
A. SmartProvisioning
B.
37 of 92
Checkpoint - 156-315.80
B. SmartView Tracker
C. SmartView Monitor
D. SmartLog
Answer: C
Question #:112
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
A. 20 minutes
B. 15 minutes
D. 30 minutes at least
Answer: D
Question #:113
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specific time period.
Answer: C
Explanation
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access
privileges upon detection of any suspicious network activity (for example, several attempts to gain
unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity
rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are
not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date),
38 of 92
Checkpoint - 156-315.80
can be applied immediately without the need to perform an Install Policy operation
Question #:114
Answer: D
Question #:115
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following
command in Expert mode then reboot:
B. fw ctl Dynamic_Priority_Queue on
Answer: D
Question #:116
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Answer: B
Explanation
39 of 92
Checkpoint - 156-315.80
CoreXL does not support Check Point Suite with these features:
Question #:117
VPN Link Selection will perform the following when the primary VPN link goes down?
B. The Firewall can update the Link Selection entries to start using a different link for the same tunnel.
D. The Firewall will inform the client that the tunnel is down.
Answer: B
Question #:118
A. AES-128
B. AES-256
C. DES
D. 3DES
Answer: C
Question #:119
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?
A. You can assign only one profile per gateway and a profile can be assigned to one rule Only.
B. You can assign multiple profiles per gateway and a profile can be assigned to one rule only.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.
D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
Answer: C
40 of 92
Checkpoint - 156-315.80
Question #:120
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems
this way, how many machines will he need if he does NOT include a SmartConsole machine in his
calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Answer: C
Explanation
One for Security Management Server and the other one for the Security Gateway.
Question #:121
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which
application would you use?
B. SecuRemote
Answer: C
Question #:122
D. High availability between the local SandBlast appliance and the cloud.
41 of 92
Checkpoint - 156-315.80
Answer: B
Question #:123
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
Answer: B
Explanation
Example:
mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json
Question #:124
Answer: D
Explanation
References:
Question #:125
If you needed the Multicast MAC address of a cluster, what command would you run?
A. cphaprob –a if
42 of 92
Checkpoint - 156-315.80
D. cphaprob igmp
Answer: D
Question #:126
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
B. fw ctl get int vmac global param enabled; result of command should return value 1
C. cphaprob-a if
Answer: D
Question #:127
Answer: A
Question #:128
You are asked to check the status of several user-mode processes on the management server and gateway.
Which of the following processes can only be seen on a Management Server?
A. fwd
B. fwm
43 of 92
Checkpoint - 156-315.80
C. cpd
D. cpwd
Answer: B
Question #:129
What statement best describes the Proxy ARP feature for Manual NAT in R80.10?
Answer: D
Question #:130
Your manager asked you to check the status of SecureXL, and its enable templates and features, what
command will you use to provide such information to manager?
A. fw accel stat
B. fwaccel stat
C. fw acces stats
D. fwaccel stats
Answer: B
Question #:131
B. source ip
C. source port
44 of 92
Checkpoint - 156-315.80
Answer: C
Question #:132
For Management High Availability, which of the following is NOT a valid synchronization status?
A. Collision
B. Down
C. Lagging
Answer: B
Question #:133
When using CPSTAT, what is the default port used by the AMON server?
A. 18191
B. 18192
C. 18194
D. 18190
Answer: B
Explanation
References:
Question #:134
Fill in the blank: The tool ________ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D.
45 of 92
Checkpoint - 156-315.80
D. fw cpinfo
Answer: C
Question #:135
C. With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”
D. “fw monitor” can be used from the CLI of the Management Server to collect information from multiple
gateways.
Answer: C
Question #:136
Where you can see and search records of action done by R80 SmartConsole administrators?
B. In the Logs & Monitor view, select “Open Audit Log View”
C. In SmartAuditLog View
Answer: B
Question #:137
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users
from AD.
A. WMI
B. Eventvwr
C. XML
D. Services.msc
46 of 92
Checkpoint - 156-315.80
Answer: A
Question #:138
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the
Description pane. Which is NOT an option to adjust or configure?
A. Severity
B. Automatic reactions
C. Policy
D. Threshold
Answer: C
Question #:139
The essential means by which state synchronization works to provide failover in the event an active member
goes down, ____________ is used specifically for clustered environments to allow gateways to report their
own state and learn about the states of other members in the cluster.
A. ccp
B. cphaconf
C. cphad
D. cphastart
Answer: A
Question #:140
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for
deployment of Check Point SandBlast Zero-Day Protection?
D.
47 of 92
Checkpoint - 156-315.80
Answer: A
Question #:141
Can multiple administrators connect to a Security Management Server at the same time?
B. Yes, all administrators can modify a network object at the same time
C. Yes, every administrator has their own username, and works in a session that is independent of other
administrators.
Answer: C
Question #:142
B. IPS
D. CoreXL
Answer: A
Question #:143
Fill in the blank: The command ___________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
D. cpinfo –recover
48 of 92
Checkpoint - 156-315.80
Answer: A
Question #:144
The Security Gateway is installed on GAIA R80. The default port for the Web User interface is ______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Answer: D
Question #:145
Check Point security components are divided into the following components:
Answer: B
Question #:146
A. 18191
B. 18190
C. 8983
D. 19009
Answer: D
49 of 92
Checkpoint - 156-315.80
Question #:147
B. VRRP can be used together with ClusterXL, but with degraded performance
Answer: C
Question #:148
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
A. cvpnd_restart
B. cvpnd_restart
C. cvpnd restart
D. cvpnrestart
Answer: B
Question #:149
Which two of these Check Point Protocols are used by SmartEvent Processes?
Answer: D
50 of 92
Checkpoint - 156-315.80
Question #:150
A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace
Answer: C
Question #:151
A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud
Answer: B
Question #:152
Answer: A
Question #:153
Joey wants to upgrade from R75.40 to R80 version of Security management. He will use Advanced Upgrade
51 of 92
Checkpoint - 156-315.80
A. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log
directory on the target machine
B. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory
on the source machine
C. Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the
$FWDIR/log directory on the source machine
D. Size of the /var/log folder of the target machine must be at least 25GB or more
Answer: B
Explanation
References:
Question #:154
In SmartEvent, what are different types of automatic reactions that the administrator can configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Answer: A
Question #:155
Answer: D
52 of 92
Checkpoint - 156-315.80
Question #:156
A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack
against its sender.
B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy
it prior to sending it to the intended recipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the
SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the
document and forwarded to the intended recipient, which makes this solution very fast.
Answer: D
Question #:157
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the
following options can you add to each Log, Detailed Log and Extended Log?
A. Accounting
B. Suppression
C. Accounting/Suppression
D. Accounting/Extended
Answer: C
Question #:158
B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.
53 of 92
Checkpoint - 156-315.80
Answer: C
Question #:159
Which configuration file contains the structure of the Security Server showing the port numbers,
corresponding protocol name, and status?
A. $FWDIR/database/fwauthd.conf
B. $FWDIR/conf/fwauth.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/state/fwauthd.conf
Answer: C
Question #:160
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an
Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Answer: C
Question #:161
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Answer: C
54 of 92
Checkpoint - 156-315.80
Question #:162
What is the command to check the status of the SmartEvent Correlation Unit?
B. cpstat cpsead
Answer: B
Question #:163
A. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination
MAC addresses
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
Answer: B
Question #:164
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering,
Anti-Virus, IPS, and Threat Emulation?
B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command &
Control Centers
55 of 92
Checkpoint - 156-315.80
Answer: D
Question #:165
A. Summary
B. Views
C. Reports
D. Checkups
Answer: B
Question #:166
SandBlast has several functional components that work together to ensure that attacks are prevented in
real-time. Which the following is NOT part of the SandBlast component?
A. Threat Emulation
B. Mobile Access
D. Threat Cloud
Answer: C
Question #:167
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in
the order in which they are defined, allowing control over the rule base flow and which security
functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched,
56 of 92
Checkpoint - 156-315.80
D.
inspection will continue in the sub policy attached to it rather than in the next rule.
Answer: D
Question #:168
R80.10 management server can manage gateways with which versions installed?
Answer: C
Question #:169
Answer: C
Question #:170
Using ClusterXL, what statement is true about the Sticky Decision Function?
Answer: A
57 of 92
Checkpoint - 156-315.80
Question #:171
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session
without employing Stateful Inspection?
A. Stateful Mode
C. Wire Mode
D. Stateless Mode
Answer: C
Explanation
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing
Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source
and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure
VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place,
dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be
deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the
meaning of "Wire Mode".
Question #:172
B. DMZ server
C. Cloud
D. Email servers
Answer: A
Question #:173
What is the correct command to observe the Sync traffic in a VRRP environment?
A. fw monitor –e “accept[12:4,b]=224.0.0.18;”
B. fw monitor –e “accept(6118;”
58 of 92
Checkpoint - 156-315.80
Answer: D
Question #:174
B. rpm-Uv
D. UnixinstallScript
Answer: A
Question #:175
D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed
Browser.
Answer: D
Question #:176
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
D. SmartView
59 of 92
Checkpoint - 156-315.80
Answer: B
Question #:177
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API
command can he use in the script to achieve the requirement?
Answer: A
Question #:178
When setting up an externally managed log server, what is one item that will not be configured on the R80
Security Management Server?
A. IP
B. SIC
C. NAT
D. FQDN
Answer: C
Question #:179
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which
command you use?
A. sim erdos –e 1
B. sim erdos – m 1
C. sim erdos –v 1
D. sim erdos –x 1
60 of 92
Checkpoint - 156-315.80
Answer: A
Question #:180
SmartEvent provides a convenient way to run common command line executables that can assist in
investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default
and customized commands. They appear only on cells that refer to IP addresses because the IP address of the
active cell is used as the destination of the command when run. The default commands are:
Answer: C
Explanation
References:
Question #:181
A. Cpstop then find keyword “certificate” in objects_5_0.C and delete the section
Answer: D
Question #:182
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following
command in Expert mode and reboot:
A. fw ctl Dyn_Dispatch on
C.
61 of 92
Checkpoint - 156-315.80
Answer: C
Question #:183
Answer: D
Question #:184
A. Firewall
B. VPN
C. IPS
D. HTTPS
Answer: C
Question #:185
You need to see which hotfixes are installed on your gateway, which command would you use?
A. cpinfo –h all
B. cpinfo –o hotfix
C. cpinfo –l hotfix
D. cpinfo –y all
62 of 92
Checkpoint - 156-315.80
Answer: D
Question #:186
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI
Answer: B
Question #:187
A. IDA
B. RAD
C. PDP
D. VPN
Answer: C
Question #:188
A. cpmq get
C. cpmq set
Answer: A
63 of 92
Checkpoint - 156-315.80
Question #:189
A. clusterXL_admin down
B. cphaprob_admin down
C. clusterXL_admin down-p
Answer: C
Question #:190
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members
over Check Point SIC _____________ .
Answer: D
Question #:191
A. Primary-backup
C. Round robin
D. Load Sharing
Answer: A
Question #:192
64 of 92
Checkpoint - 156-315.80
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of
traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with
__________________ will not apply.
A. ffff
B. 1
C. 2
D. 3
Answer: B
Question #:193
Please choose the path to monitor the compliance status of the Check Point R80.10 based management.
C. Logs & Monitor --> New Tab --> Open compliance View
Answer: C
Question #:194
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
Answer: A
Question #:195
65 of 92
Checkpoint - 156-315.80
John detected high load on sync interface. Which is most recommended solution?
A. For short connections like http service – delay sync for 2 seconds
D. For short connections like icmp service – delay sync for 2 seconds
Answer: A
Question #:196
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and
Mobile Access Software Blade policies
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in
the order in which they are defined, allowing control over the rule base flow and which security
functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Answer: C
Question #:197
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when
the management server is not connected to the Internet?
A. Export R80 configuration, clean install R80.10 and import the configuration
D. SmartUpdate upgrade
Answer: C
Question #:198
66 of 92
Checkpoint - 156-315.80
A. fw tab -t
B. fw tab -s
C. fw tab -n
D. fw tab -k
Answer: B
Question #:199
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile
defines a(n) _____ or ______ action for the file types.
A. Inspect/Bypass
B. Inspect/Prevent
C. Prevent/Bypass
D. Detect/Bypass
Answer: A
Question #:200
B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and
support for new products.
D. Using a plug-in offers full central management only if special licensing is applied to specific features of
the plug-in.
Answer: C
Question #:201
67 of 92
Checkpoint - 156-315.80
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which
2 processes?
Answer: A
Question #:202
Which of the following Check Point processes within the Security Management Server is responsible for the
receiving of log records from Security Gateway?
A. logd
B. fwd
C. fwm
D. cpd
Answer: B
Question #:203
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
D. With SDF enabled, you can only have three Sync interfaces at most
Answer: B
Question #:204
Which command can you use to enable or disable multi-queue per interface?
68 of 92
Checkpoint - 156-315.80
A. cpmq set
B. Cpmqueue set
C. Cpmq config
D. St cpmq enable
Answer: A
Question #:205
A. Slow path
B. Firewall path
C. Medium path
D. Accelerated path
Answer: C
Question #:206
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their
mobile devices. However, there are differences between the two.
A. Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating
system and Android only
B. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect
offers both jailbreak/root detection and MDM cooperative enforcement.
C. For credential protection, Connect uses One-time Password login support and has no SSO support,
whereas Workspace offers both One-Time Password and certain SSO login support.
D. Workspace can support any application, whereas Connect has a limited number of application types
which it will support.
Answer: C
69 of 92
Checkpoint - 156-315.80
Question #:207
What is the port used for SmartConsole to connect to the Security Management Server?
Answer: A
Question #:208
A. System Administrators know their cluster has failed over and can also see why it failed over by using
the cphaprob –f if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances,
open servers, and virtualized environments.
Answer: D
Question #:209
B. detect only
C. inline/prevent or detect
Answer: C
70 of 92
Checkpoint - 156-315.80
Question #:210
Connections to the Check Point R80 Web API use what protocol?
A. HTTPS
B. RPC
C. VPN
D. SIC
Answer: A
Question #:211
Which CLI command will reset the IPS pattern matcher statistics?
Answer: D
Question #:212
You have successfully backed up Check Point configurations without the OS information. What command
would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
Answer: D
Question #:213
71 of 92
Checkpoint - 156-315.80
Fill in the blank. The R80 feature ___________________ permits blocking specific IP addresses for a
specified time period.
Answer: C
Question #:214
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection
and are rejected by the rule definition, packets are:
Answer: D
Question #:215
Answer: A
Question #:216
72 of 92
Checkpoint - 156-315.80
A. only the primary member received packets sent to the cluster IP address
B. only the secondary member receives packets sent to the cluster IP address
C. packets sent to the cluster IP address are distributed equally between all members of the cluster
D. every member of the cluster received all of the packets sent to the cluster IP address
Answer: D
Question #:217
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
Answer: D
Explanation
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your
network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS
attacks, or to gain unauthorized access.
Question #:218
SmartEvent has several components that function together to track security threats. What is the function of the
Correlation Unit as a component of this architecture?
A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat
pattern is identified, an event is forwarded to the SmartEvent Server.
C. Collects syslog data from third party devices and saves them to the database.
Answer: A
73 of 92
Checkpoint - 156-315.80
Question #:219
A. 1-254
B. 1-255
C. 0-254
D. 0-255
Answer: B
Explanation
Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255.
Question #:220
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster
synchronization. What service is used by the PWO daemon to do a Full Synchronization?
Answer: C
Question #:221
Which process is available on any management product and on products that require direct GUI access, such
as SmartEvent and provides GUI client communications, database manipulation, policy compilation and
Management HA synchronization?
A. cpwd
B. fwd
C. cpd
D. fwm
74 of 92
Checkpoint - 156-315.80
Answer: D
Explanation
Firewall Management (fwm) is available on any management product, including Multi-Domain and on
products that requite direct GUI access, such as SmartEvent, It provides the following:
– Database manipulation
– Policy Compilation
– Management HA sync
Question #:222
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The
database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Answer: B
Question #:223
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
A. 4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third
interface for synchronization, a fourth interface leading to the Security Management Server.
B. 3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third
interface for synchronization.
C. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.
D. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for
synchronization.
Answer: B
75 of 92
Checkpoint - 156-315.80
Question #:224
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
A. AV issues
B. VPN errors
C. Network issues
D. Authentication issues
Answer: C
Question #:225
Answer: C
Explanation
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The
monitored interfaces do not have to be running VRRP.
If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the
specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less
than the priority a backup platform has, then the backup platform will beging to send out its own HELLO
packet.
Once the master sees this packet with a priority greater than its own, then it releases the VIP.
Question #:226
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with
potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent)
functionality in the Security Gateway?
76 of 92
Checkpoint - 156-315.80
D. Traffic on port 25
Answer: B
Question #:227
Which method below is NOT one of the ways to communicate using the Management API’s?
B. Typing API commands from a dialog box inside the SmartConsole GUI application
Answer: D
Question #:228
A. cpwd_admin -l
B. cpwd -l
C. cpwd admin_list
D. cpwd_admin list
Answer: D
Question #:229
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based
algorithms and has four dedicated components that constantly work together to protect mobile devices and
their data. Which component is NOT part of the SandBlast Mobile solution?
A. Management Dashboard
B.
77 of 92
Checkpoint - 156-315.80
B. Gateway
Answer: C
Question #:230
B. fw ctl affinity -l
C. fw ctl instances -v
D. fw ctl iflist
Answer: A
Question #:231
Answer: C
Question #:232
Check Point APIs allow system engineers and developers to make changes to their organization’s security
policy with CLI tools and Web Services for all the following except:
C.
78 of 92
Checkpoint - 156-315.80
D. Create products that use and enhance the Check Point Solution
Answer: A
Explanation
Check Point APIs let system administrators and developers make changes to the security policy with CLI tools
and web-services. You can use an API to:
• Create products that use and enhance the Check Point solution
Question #:233
A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable
applications.
Answer: A
Question #:234
To help SmartEvent determine whether events originated internally you must define using the Initial Settings
under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
C. 2 Internal; External
Answer: D
79 of 92
Checkpoint - 156-315.80
Question #:235
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
Answer: A
Question #:236
A. Reports
B. Advanced
C. Checkups
D. Views
E. Summary
Answer: A
Question #:237
A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
C. IPSec VPN does not support two factor authentication, SSL VPN does support this
D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.
Answer: D
80 of 92
Checkpoint - 156-315.80
Question #:238
Which command would you use to set the network interfaces’ affinity in Manual mode?
A. sim affinity -m
B. sim affinity -l
C. sim affinity -a
D. sim affinity -s
Answer: D
Question #:239
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one
is NOT correct?
C. Using CLISH
Answer: E
Question #:240
Which of the following links will take you to the SmartView web application?
Answer: B
81 of 92
Checkpoint - 156-315.80
Question #:241
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
A. 6 GB
C. 4 GB
Answer: C
Question #:242
A. Firewall logs
Answer: A
Question #:243
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s
machine via the web browser. What are the two modes of SNX?
Answer: B
Question #:244
82 of 92
Checkpoint - 156-315.80
Which web services protocol is used to communicate to the Check Point R80 Identity Awareness Web API?
A. SOAP
B. REST
C. XLANG
D. XML-RPC
Answer: B
Explanation
The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in JSON
format.
Question #:245
When SecureXL is enabled, all packets should be accelerated, except packets that match the following
conditions:
C. All packets that match a rule whose source or destination is the Outside Corporate Network
D. CIFS packets
Answer: D
Question #:246
Answer: A
83 of 92
Checkpoint - 156-315.80
Question #:247
Answer: B
Question #:248
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of
traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with
__________________ will not apply.
A. ffff
B. 1
C. 3
D. 2
Answer: D
Explanation
References:
Question #:249
What is a best practice before starting to troubleshoot using the “fw monitor” tool?
C. Disable CoreXL
D. Disable SecureXL
Answer: D
84 of 92
Checkpoint - 156-315.80
Question #:250
Answer: A
Question #:251
A. cpm status
B. api restart
C. api status
Answer: C
Question #:252
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a
failover on an active cluster member, what command allows you remove the problematic state?
Answer: A
85 of 92
Checkpoint - 156-315.80
Question #:253
A. fw tab –t
B. fw tab –list
C. fw-tab –s
D. fw tab -1
Answer: C
Question #:254
Check Point recommends configuring Disk Space Management parameters to delete old log entries when
available disk space is less than or equal to?
A. 50%
B. 75%
C. 80%
D. 15%
Answer: D
Question #:255
A. api stat
B. api status
C. show api_status
D. app_get_status
Answer: B
Question #:256
86 of 92
Checkpoint - 156-315.80
SmartEvent does NOT use which of the following procedures to identify events:
Answer: C
Explanation
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria
that match an Event Definition. SmartEvent uses these procedures to identify events:
Question #:257
When doing a Stand-Alone Installation, you would install the Security Management Server with which other
Check Point architecture component?
B. SmartConsole
C. SecureClient
D. Security Gateway
E. SmartEvent
Answer: D
Question #:258
Which of the following is NOT a type of Check Point API available in R80.10?
B.
87 of 92
Checkpoint - 156-315.80
B. OPSEC SDK
C. Mobile Access
D. Management
Answer: C
Question #:259
Answer: B
Question #:260
Check Point Management (cpm) is the main management process in that it provides the architecture for a
consolidated management console. It empowers the migration from legacy Client-side logic to Server-side
logic. The cpm process:
A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects as well as policy code
generation.
Answer: C
Question #:261
A. cphaprob interface
B.
88 of 92
Checkpoint - 156-315.80
B. cphaprob –I interface
C. cphaprob –a if
D. cphaprob stat
Answer: C
Question #:262
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
Answer: D
Explanation
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is
handled by the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the
Security Gateway kernel using UDP connections on port 8116.
Question #:263
B. A 5-tuple match
C. Multicast packets
Answer: B
89 of 92
Checkpoint - 156-315.80
Question #:264
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Answer: A
Explanation
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of
execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading
files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support
engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and
Objects. This allows the in-depth analysis of customer's configuration and environment settings.
Question #:265
Answer: D
Question #:266
A. fw tab –t StateTable
B. fw tab –t connections
C. fw tab –t connection
D.
90 of 92
Checkpoint - 156-315.80
D. fw tab connections
Answer: B
Question #:267
Answer: A
Question #:268
A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat
Answer: D
Question #:269
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of
ThreatCloud?
B. ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud
consisting of a combination of all on-premise private cloud environments
C. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi
infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud
91 of 92
Checkpoint - 156-315.80
D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about
malicious and benign files that all of the customers can benefit from as it makes emulation of known
files unnecessary
Answer: D
Question #:270
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
Answer: C
92 of 92