[2021-New] Check Point 156-915.80 Dumps With Update Exam Questions (7-16)

156-915.80 Dumps

156-915.80 Exam Questions - Online Test

156-915.80 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

P.S. High quality 156-915.80 testing engine are available on Google Drive, GET MORE: https://drive.google.com/open?id=1YYqgCO6ctCwcBVUFbQYMfHPbrQOvemUT

New Check Point 156-915.80 Exam Dumps Collection (Question 7 - Question 16)

New Questions 7

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)

When you run fw monitor on the R80 Security Gateway and then start a new HTTP connection from host

10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

A. o=outbound kernel, before the virtual machine

B. I=inbound kernel, after the virtual machine

C. O=outbound kernel, after the virtual machine

D. i=inbound kernel, before the virtual machine

Answer: B

New Questions 8

Which of the following commands can provide the most complete restoration of a R80 configuration?

A. upgrade_import

B. cpinfo -recover

C. cpconfig

D. fwm dbimport -p <export file>

Answer: A

New Questions 9

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

A. Symmetric routing

B. Failovers

C. Asymmetric routing

D. Anti-Spoofing

Answer: C

New Questions 10

You intend to upgrade a Check Point Gateway from R71 to R80. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?

A. database revision

B. snapshot

C. upgrade_export

D. backup

Answer: D

New Questions 11

Which of these options is an implicit MEP option?

A. Primary-backup

B. Source address based

C. Round robin

D. Load Sharing

Answer: A

Explanation:

There are three methods to implement implicit MEP:

First to Respond, in which the first Security Gateway to reply to the peer Security Gateway is chosen. An organization would choose this option if, for example, the organization has two Security Gateways in a MEP

configuration - one in London, the other in New York. It makes sense for VPN-1 peers located in England to try the London Security Gateway first and the NY Security Gateway second. Being geographically closer to VPN peers in England, the London Security Gateway is the first to respond, and becomes the entry point to the internal network. See: First to Respond.

Primary-Backup, in which one or multiple backup Security Gateways provide "high availability" for a primary Security Gateway. The remote peer is configured to work with the primary Security Gateway, but switches to the backup Security Gateway if the primary goes down. An organization might decide to use this configuration if it has two machines in a MEP environment, one of which is stronger than the other. It makes sense to configure the stronger machine as the primary. Or perhaps both machines are the same in terms of strength of performance, but one has a cheaper or faster connection to the Internet. In this case, the machine with the better Internet connection should be configured as the primary. See: Primary-Backup Security Gateways.

Load Distribution, in which the remote VPN peer randomly selects a Security Gateway with which to open a connection. For each IP source/destination address pair, a new Security Gateway is randomly selected. An organization might have a number of machines with equal performance abilities. In this case, it makes

sense to enable load distribution. The machines are used in a random and equal way. See: Random Selection.

New Questions 12

Match the following commands to their correct function.

Each command has one function only listed.

A. C1>F6; C2>F4; C3>F2; C4>F5

B. C1>F2; C2>F1; C3>F6; C4>F4

C. C1>F2; C2>F4; C3>F1; C4>F5

D. C1>F4; C2>F6; C3>F3; C4>F2

Answer: A

New Questions 13

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the useru2021s credentials?

A. Access Policy

B. Access Role

C. Access Rule

D. Access Certificate

Answer: B

New Questions 14

Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?

A. The configuration file $FWDIR/conf/fwauthd.conf is incorrect.

B. The Security Policy is not correct.

C. You can't use any port other than the standard port 900 for Client Authentication via HTTP.

D. The service FW_clntauth_http configuration is incorrect.

Answer: A

New Questions 15

Study the Rule base and Client Authentication Action properties screen -

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:

A. user is prompted for authentication by the Security Gateway again.

B. FTP data connection is dropped after the user is authenticated successfully.

C. user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication.

D. FTP connection is dropped by Rule 2.

Answer: C

New Questions 16

What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?

A. WMI

B. CIFS

C. RCP

D. LDAP

Answer: A

P.S. Easily pass 156-915.80 Exam with Certifytools High quality Dumps & pdf vce, Try Free: https://www.certifytools.com/156-915.80-exam.html ( New Questions)