156-115.80 Updated Questions For Check Point Certified Security Master – R80 (159 Q&As)

To help you pass 156-115.80 Check Point Certified Security Master – R80 eexam, Using PassQuestion 156-115.80 Updated Questions you can pass the CCSM 156-115.80 exam easily. The first time you try to participate in CCSM 156-115.80 exam, selecting PassQuestion 156-115.80 Updated Questions will increase your confidence of passing the exam and will effectively help you pass the exam.

Practice Online Check Point Certified Security Master – R80 156-115.80 Free Questions

1. Tom has been tasked to install Check Point R80 in a distributed deployment.

Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

One machine, but it needs to be installed using SecurePlatform for compatibility purposes

One machine

Two machines

Three machines

2. In order to test ClusterXL failovers which command would you use on one of the ClusterXL nodes to initiate a failover?

clusterXL_admin down -p

cluster XL_admin up -p

cphaprob -d TEST -s ok register

cphaprob -d TEST -s problem unregister

3. Which of the following is NOT a valid “fwaccel” parameter?

stat

stats

templates

packets

4. Which of the following is not one of the relational database domains that stores the management configuration?

User Domain

System Domain

Global Domain

Audit Domain

5. What file extension should be used with fw monitor to allow the output file to be imported and read in Wireshark?

.cap

.exe

.tgz

.pcap

6. Where will the usermode core files located?

/var/log/dump/usermode

/var/suroot

$FWDIR/var/log/dump/usermode

$CPDIR/var/log/dump/usermode

7. How often will a gateway with Performance Pack running by default automatically review and distribute interface affinity between cores?

Every 60 seconds

Interface affinity is determined at gateway build time and does not change

Every 5 minutes

Every 10 seconds

8. Which of the following features is supported in Check Point’s implementation of IPv6?

Security Servers

QoS

ClusterXL High Availability

SAM

9. You verified that Performance Pack is disabled and need to distribute the affinity interfaces.

What command would you run to use static affinity to balance the interfaces between the SND cores?

cpmq set

sim affinity -s

fw ctl affinity -a -l -v

fw ctl affinity -s

10. Which command would you use to check CoreXL instances for IPv6 traffic?

fwaccel6 stats

fwaccel6 stat

fw ctl multik stat

fw6ctl multik stat

11. What must be done for the “fw monitor” command to capture packets through the firewall kernel?

SecureXL must be disabled

ClusterXL must be temporarily disabled

Firewall policy must be re-installed

The output file must be transferred to a machine with WireShark

12. Consider a Check Point Security Gateway under high load.

What mechanism can be used to confirm that important traffic such as control connections are not dropped?

fw debug fgd50 on OPSEC_DEBUG_LEVEL=3

fw ctl multik prioq

fgate Cd load

fw ctl debug Cm fg all

13. What is the default and maximum number of entries in the ARP Cache Table in a Check Point appliance?

1,024 and 4,096

4,096 and 16,384

4,096 and 65,536

1,024 and 16,384

14. Which kernel debug flag should you use to troubleshoot NAT connections?

fw ctl debug + xlate xltrc nat table

fw ctl debug + xltrc xlate nat conn

fw ctl debug + xlate xltrc nat conn drop

fw ctl debug + fwx_alloc nat conn drop

15. You are working with multiple Security Gateways enforcing an extensive number of rules.

To simplify security administration, which action would you choose?

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules

Create a separate Security Policy package for each remote Security Gateway

Create network objects that restrict all applicable rules to only certain networks

Run separate SmartConsole instances to login and configure each Security Gateway directly

16. Which type of SecureXL templates is enabled by default on Security Gateways?

Drop

NAT

VPN

17. Which one of following commands should you run to display HTTPS packet content together with kernel debug?

fw ctl get int https_inspection_show_decrypted_data_in_debug=1
fw ctl get int ssl_inspection_extra_debug=1

fw set int https_inspection_get_encrypted_data_in_debug 1
fw set int https_inspection_show_debug 1

fw ctl set int https_inspection_show_decrypted_data_in_debug 1
fw ctl set int ssl_inspection_extra_debug 1

fw ctl set int http_inspection_display_encrypted_data_in_debug=1
fw ctl set int http_inspection_extra_debug=1

18. You issued the command “set ipv6-state on” in order to enable IPv6 protocol on a Security Gateway. The command was executed successfully. After reboot you notice that IPv6 protocol is not enabled.

What do you do to permanently enable IPv6 protocol?

Issue “set ipv6-state on” again; Save configuration and reboot

You need to modify Gateway Properties in SmartConsole and install policy in order to enable IPv6

You need to set “ipv6_state” parameter in $FWDIR/boot/modules/fwkern.conf and reboot

You need to install a valid license to use IPv6 protocol

19. Where does the translation occur with Hide NAT?

The destination translation occurs at the client side

The source translation occurs at the server side

The source translation occurs at the client side

The destination translation occurs at the server side

20. Fill in the blank. The tool ____________________ generates a R80 Security Gateway configuration report.

infoCP

infoview

cpinfo

fw cpinfo

21. Which is the correct “fw monitor” syntax for creating a capture file for loading it into WireShark?

fw monitor Ce “accept <FILTER EXPRESSION>; “>> Output.cap

This cannot be accomplished as it is not supported with R80.10

fw monitor Ce “accept <FILTER EXPRESSION>;” Cfile Output.cap

fw monitor Ce “accept <FILTER EXPRESSION>;” Co Output.cap

22. How many layers are incorporated in IPS detection and what are they called?

4 layers C Passive Streaming Library (PSL), Protocol Parsers, Context Management, Protections

3 layers C Active Streaming Library (ASL), CMI, Protections

4 layers C Active Streaming Library (ASL), Protocol Parsers, Context Management, Protections

3 layers C Protocol Parsers, CMI, Protections

23. What is the command to check the current status of hyper-threading?

fw ctl get int cphwd_hyper_status

fw ctl multik stat

cat/proc/hyperstats

cat/proc/smt_status

24. What occurs when Bypass Under Load activated?

Packets are forwarded to the destination without checking the packets against the firewall rule base

Packets are forwarded to the destination without performing IPS analysis

To still ensure a minimum level of data integrity, the system revert to the use of MD5 instead of SHA-1, since former produces an output smaller than the latter

The amount of the state table entries is decreased according to the LRU (least recently used) algorithm

25. Having a look at the output of the “fwaccel conns” command, the F flag is the indicator for a packet ______________.

getting the routing information according to the Forwarding Information Base (FIB)

being processed by the firewall kernel module

going through the slow path

being forced of using the accelerated path

26. Of how many packets consists Main Mode in Phase 1?

Three packets

Four packets

Six packets

it depends on the encryption algorithm used. 3DES has three times more packets than DES encryption

27. What does the command “vpn shell tunnels delete all ike” do?

Delete only outbound_SPI tables

Deletes all IKE and IPSEC SA’s

Deletes all IKE configuration on the Gateway

Deletes all IKE SA’s

28. When enabling hyper-threading on a Security Gateway, the administrator needs to make sure there is enough _______________ to support additional CoreXL Firewall instances.

drive space

cpu’s

available cache

available memory

29. You run “cat/proc/smt_status” on your security gateway and the output shows ‘Soft Disable’.

How is your system configured in reference to hyper-threading?

Hyper-threading is disabled in BIOS and cpconfig

Hyper-threading is enabled in BIOS but disabled in cpconfig

Hyper-threading is disabled in BIOS but enabled in cpconfig

Your system does not support Hyper-threading

30. Which command is used to enable IPv6 on Security Gateway?

set ipv6-state on

add ipv6 interface on

set ipv6-enable on

set ipv6-state enabled

31. What is the correct command to turn off an IKE debug?

vpn debug ikeoff

fw ctl debug ikeoff

vpn debug ikeoff 0

fw ctl vpn debug ikeoff

32. What process(es) should be checked if there is high I/O and you suspect it may be related to the Antivirus Software Blade?

avsp

dlpu and rad processes

cpta

cpm and fwm

33. Which of the following is NOT a special consideration while running fw monitor on production firewall?

While executing fw monitor, you need to specify an expression so that it captures the required traffic instead of all traffic

While running fw monitor on a busy firewall, the Cci <count> and Cco <count> switches can be used to limit the number of packets captured

While running fw monitor, it resets all the debug flags

During a fw monitor, the firewall will have to process more packets because SecureXL acceleration should be disabled

34. In R80 spoofing is defined as a method of:

Disguising an illegal IP address behind an authorized IP address through Port Address Translation

Hiding your firewall from unauthorized users

Detecting people using false or wrong authentication logins

Making packets appear as if they come an authorized IP address

35. Which of the following inputs is suitable for debugging HTTPS inspection issues?

vpn debug cptls on

fw ctl debug Cm fw + conn drop cptls

fw diag debug tls enable

fw debug tls on TDERROR_ALL_ALL=5

36. Which of the connections cannot be accelerated with SecureXL?

Every NAT’ed connection

Every encrypted connection, such as HTTPS or SSH connections

Every connection destined to the Security Gateways

Every connection through a rule using a time object

37. Which of the following ports are used for SIC?

18355 and 18356

18210 and 18211

257 and 258

18192 and 18193

38. Joey’s implementing a new R80.10 firewall cluster into the network. During the implementation he notices that the cluster object is in error state in SmartConsole. He tries to figure out the cause of the problem and runs a ClusterXL kernel debug with command: ‘fw ctl debug Cm cluster + stat pnote conf ccp’ ClusterXL kernel debug shows him following info: fwha_set_new_local_state: Old version HA machines exist around so prevent state change to READY.

How can he solve the problem?

cphaconf cluster_id set <NEW_CLUSTER_ID_VALUE>

cphaprob mmagic

Connect with GuiDBedit Tool to Security Management Server. Go to Table C Network Objects C network_objects. Select the relevant R80.10 Cluster object. Go to Search menu C Find C paste mac_magic. Right-click on the mac_magic the object C select Edit… and change the value to 254. Save changes and install policy.

Connect with GuiDBedit Tool to Security Management Server. Go to Table C Network Objects C network_objects. Select the relevant R80.10 Cluster object. Go to Search menu C Find C paste cluster_magic. Right-click on the cluster_magic the object C select Edit… and change the value between 1 and 253. Save changes and install policy.

39. Which file would you need to make sure you collect when debugging a VPN that fails to establish that is configured to use IKEv2?

$FWDIR/log/ike2.elg

$FWDIR/log/vpnd.xml.v2

$FWDIR/log/ikev2.xml

$CPDIR/log/ike.elg

40. What is the name of the table that an administrator would review to investigate a port exhaustion error when using Hide NAT?

dyn_nat_table

connection

nat_dyn_table

fwx_alloc

41. After determining that the IPS Blade is causing high resource utilization in the gateway, which would be an appropriate strategy to improve IPS performance?

Enabling CoreXL

Enable Bypass mode

Disabling SecureXL

Enabling SecureXL

42. Which process is responsible for the generation of certificates?

cpm

cpca

dbsync

fwm

43. Which one of the following does not belong to an initial status of a critical device?

restart

problem

init

44. Fill in the blank: The R80 feature _________________ permits blocking specific IP addresses for a specified time period.

Block Port Overflow

Local Interface Spoofing

Suspicious Activity Monitoring

Adaptive Threat Prevention

45. The Security Gateway is installed on GAiA R80. The default port for the Web User Interface is _____________.

TCP 18211

TCP 257

TCP 4433

TCP 443

46. What is enabled by the command “vpn debug mon”?

statistics monitoring for vpn encrypted packets

vpn daemon monitor mode

ike monitor

vpn debug mode

47. Fill in the blank: The R80 utility fw monitoris used to troubleshoot ___________________.

User data base corruption

LDAP conflicts

Traffic issues

Phase two key negotiation

48. Which daemon would you debug if you have issues acquiring identities via identity sharing and identities with other gateways?

pdpd

wstlsd

iad

pepd

49. What is the difference between disabling SecureXL by running “fwaccel off” and disabling it via cpconfig?

Disabling SecureXL in cpconfig survives reboot

cpconfig option is available only on the security manager

There is no difference. These are two different ways of accomplishing the same task

“fwaccel off” will survive the reboot but cpconfig will not

50. What is the role of FWM process in Check Point R80.10 Security Management architecture?

It is called by CPM process to perform verification and conversion of the database

FWM is used to transfer CPsets from management to the gateway

FWM prepares and loads commit functions to execute the policy

Policy installation command initiated from SmartConsole is sent to FWM

Question 1 of 50

156-115.80 Updated Questions For Check Point Certified Security Master – R80 (159 Q&As)

Practice Online Check Point Certified Security Master – R80 156-115.80 Free Questions

Leave a Reply Cancel reply