CheckPoint 156-315-80 practice test

Question 1

When performing a minimal effort upgrade, what will happen to the network traffic?
A. All connections that were initiated before the upgrade will be dropped, causing network
downtime
B. All connections that were initiated before the upgrade will be handled normally
C. All connections that were initiated before the upgrade will be handled by the standby gateway
D. All connections that were initiated before the upgrade will be handled by the active gateway

Question 2

What is required for a certificate-based VPN tunnel between two gateways with separate
management systems?

• A. Mutually Trusted Certificate Authorities
• B. Shared User Certificates
• C. Shared Secret Passwords
• D. Unique Passwords

Question 3

What level of CPU load on a Secure Network Distributor would indicate that another may be
necessary?

• A. Idle <20%
• B. USR <20%
• C. SYS <20%
• D. Wait <20%

Question 4

How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?

• A. By dropping traffic from websites identified through ThreatCloud Verification and URL Caching
• B. By dropping traffic that is not proven to be from clean websites in the URL Filtering blade
• C. By allowing traffic from websites that are known to run Antivirus Software on servers regularly
• D. By matching logs against ThreatCloud information about the reputation of the website

Question 5

John is using Management HA. Which Security Management Server should he use for making
changes?
A. secondary Smartcenter
B. active SmartConsole
C. connect virtual IP of Smartcenter HA
D. primary Log Server

Question 6

Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade?

• A. The Standby Member
• B. The Active Member
• C. The Primary Member
• D. The Secondary Member

Question 7

In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-
box profiles of:

• A. Basic, Optimized, Strict
• B. Basic, Optimized, Severe
• C. General, Escalation, Severe
• D. General, purposed, Strict

Question 8

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?

• A. Yes, but they need to have a mutually trusted certificate authority
• B. Yes, but they have to have a pre-shared secret key
• C. No, they cannot share certificate authorities
• D. No, Certificate based VPNs are only possible between Check Point devices

Question 9

What is the benefit of Manual NAT over Automatic NAT?
A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy.
B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
C. You have the full control about the priority of the NAT rules
D. On IPSO and GAIA Gateways, it is handled in a stateful manner

Question 10

What destination versions are supported for a Multi-Version Cluster Upgrade?

• A. R80.40 and later
• B. R76 and later
• C. R70 and Later
• D. R80.10 and Later

Question 11

What command is used to manually failover a Multi-Version Cluster during the upgrade?

• A. clusterXL_admin down in Expert Mode
• B. clusterXL_admin down in Clish
• C. set cluster member state down in Clish
• D. set cluster down in Expert Mode

Question 12

What is the command used to activated Multi-Version Cluster mode?

• A. set cluster member mvc on in Clish
• B. set mvc on on Clish
• D. set cluster mvc on in Expert Mode

Question 13

What traffic does the Anti-bot feature block?
A. Command and Control traffic from hosts that have been identified as infected
B. Command and Control traffic to servers with reputation for hosting malware
C. Network traffic that is directed to unknown or malicious servers
D. Network traffic to hosts that have been identified as infected

Question 14

What solution is Multi-queue intended to provide?

• A. Improve the efficiency of traffic handling by SecureXL SNDs
• B. Reduce the confusion for traffic capturing in FW Monitor
• C. Improve the efficiency of CoreXL Kernel Instances
• D. Reduce the performance of network interfaces

Question 15

What is the base level encryption key used by Capsule Docs?

• A. RSA 2048
• B. RSA 1024
• C. SHA-256
• D. AES