CheckPoint 156-315-80 practice test

Question 1

When performing a minimal effort upgrade, what will happen to the network traffic?
A. All connections that were initiated before the upgrade will be dropped, causing network
downtime
B. All connections that were initiated before the upgrade will be handled normally
C. All connections that were initiated before the upgrade will be handled by the standby gateway
D. All connections that were initiated before the upgrade will be handled by the active gateway

Answer:

A
131/132
Questions & Answers PDF
P-
132/132

Question 2

What is required for a certificate-based VPN tunnel between two gateways with separate
management systems?

• A. Mutually Trusted Certificate Authorities
• B. Shared User Certificates
• C. Shared Secret Passwords
• D. Unique Passwords

Answer:

A

Question 3

What level of CPU load on a Secure Network Distributor would indicate that another may be
necessary?

• A. Idle <20%
• B. USR <20%
• C. SYS <20%
• D. Wait <20%

Answer:

A

Question 4

How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?

• A. By dropping traffic from websites identified through ThreatCloud Verification and URL Caching
• B. By dropping traffic that is not proven to be from clean websites in the URL Filtering blade
• C. By allowing traffic from websites that are known to run Antivirus Software on servers regularly
• D. By matching logs against ThreatCloud information about the reputation of the website

Answer:

D

Question 5

John is using Management HA. Which Security Management Server should he use for making
changes?
A. secondary Smartcenter
B. active SmartConsole
C. connect virtual IP of Smartcenter HA
D. primary Log Server

Answer:

B
130/132
Questions & Answers PDF
P-

Question 6

Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade?

• A. The Standby Member
• B. The Active Member
• C. The Primary Member
• D. The Secondary Member

Answer:

A

Question 7

In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-
box profiles of:

• A. Basic, Optimized, Strict
• B. Basic, Optimized, Severe
• C. General, Escalation, Severe
• D. General, purposed, Strict

Answer:

A

Question 8

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?

• A. Yes, but they need to have a mutually trusted certificate authority
• B. Yes, but they have to have a pre-shared secret key
• C. No, they cannot share certificate authorities
• D. No, Certificate based VPNs are only possible between Check Point devices

Answer:

A

Question 9

What is the benefit of Manual NAT over Automatic NAT?
A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy.
B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
C. You have the full control about the priority of the NAT rules
D. On IPSO and GAIA Gateways, it is handled in a stateful manner

Answer:

C
129/132
Questions & Answers PDF
P-

Question 10

What destination versions are supported for a Multi-Version Cluster Upgrade?

• A. R80.40 and later
• B. R76 and later
• C. R70 and Later
• D. R80.10 and Later

Answer:

D