156-915.80 Dumps Updated With Optimal 156-915.80 Exam Questions And Answers

On By passitdump

CheckPoint 156-915.80 exam questions and answers can help you prepare well for the Check Point Certified Security Expert Update – R80.10 exam. PassITDump has updated the 156-915.80 dumps with the latest 156-915.80 exam Q&A to help you easily pass the 156-915.80 exam.

In the real 156-915.80 dumps, there are 536 questions, practice hard and you can pass the exam.

Free sample questions of 156-915.80 free dumps are provided here. All the following questions are from the latest real 156-915.80 dumps.

Question 1:

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.

A. client side NAT

B. source NAT

C. destination NAT

D. None of these

Correct Answer: B

Question 2:

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

A. destination on server side

B. source on server side

C. source on client side

D. destination on client side

Correct Answer: D

Question 3:

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

A. Automatic ARP must be unchecked in the Global Properties.

B. Nothing else must be configured.

C. A static route must be added on the Security Gateway to the internal host.

D. A static route for the NAT IP must be added to the Gateway\’s upstream router.

Correct Answer: C

Question 4:

You are MegaCorp\’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer.

A. The Administrator decides the rule order by shifting the corresponding rules up and down.

B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

D. The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.

Correct Answer: B

Question 5:

You are a Security Administrator who has installed Security Gateway R80 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner\’s access for HTTP and FTP

only, you did the following:

1) Created manual Static NAT rules for the Web server.

2) Cleared the following settings in the Global Properties > Network Address Translation screen:

-Allow bi-directional NAT

Translate destination on client side Do the above settings limit the partner\’s access?

A.

Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

B.

No. The first setting is not applicable. The second setting will reduce performance.

C.

Yes. Both of these settings are only applicable to automatic NAT rules.

D.

No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.

Correct Answer: D

Question 6:

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:

Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original “web_public_IP” is the node object that represents the new Web server\’s public IP address.

“web_private_IP” is the node object that represents the new Web site\’s private IP address. You enable all settings from Global Properties > NAT. When you try to browse the Web server from the Internet you see the error “page cannot be

displayed”. Which of the following is NOT a possible reason?

A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.

B. There is no ARP table entry for the protected Web server\’s public IP address.

C. There is no route defined on the Security Gateway for the public IP address to the Web server\’s private IP address.

D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Correct Answer: D

Question 7:

You are responsible for the configuration of MegaCorp\’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.

A. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.

B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).

C. Yes, there are always as many active NAT rules as there are connections.

D. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

Correct Answer: D

Question 8:

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.

What is TRUE about the new package\’s NAT rules?

A. Rules 1, 2, 3 will appear in the new package.

B. Only rule 1 will appear in the new package.

C. NAT rules will be empty in the new package.

D. Rules 4 and 5 will appear in the new package.

Correct Answer: A

Question 9:

Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?

A. The configuration file $FWDIR/conf/fwauthd.conf is incorrect.

B. The Security Policy is not correct.

C. You can\’t use any port other than the standard port 900 for Client Authentication via HTTP.

D. The service FW_clntauth_http configuration is incorrect.

Correct Answer: A

Question 10:

In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group.

What happens when Eric tries to connect to a server on the Internet?

A. None of these things will happen.

B. Eric will be authenticated and get access to the requested server.

C. Eric will be blocked because LDAP is not allowed in the Rule Base.

D. Eric will be dropped by the Stealth Rule.

Correct Answer: D

Question 11:

You cannot use SmartDashboard\’s User Directory features to connect to the LDAP server. What should you investigate?

1) Verify you have read-only permissions as administrator for the operating system.

2) Verify there are no restrictions blocking SmartDashboard\’s User Manager from connecting to the LDAP server.

3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server\’s access control configuration.

A. 1, 2, and 3

B. 2 and 3

C. 1 and 2

D. 1 and 3

Correct Answer: B

Question 12:

Your company\’s Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:

A. Client Authentication rule using the manual sign-on method, using HTTP on port 900

B. Client Authentication rule, using partially automatic sign on

C. Client Authentication for fully automatic sign on

D. Session Authentication rule

Correct Answer: A

Question 13:

Which Security Gateway R80 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:

A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.

B. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.

C. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.

D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.

Correct Answer: C

Question 14:

All R80 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

A. FTP

B. SMTP

C. HTTP

D. RLOGIN

Correct Answer: B

Question 15:

Which of the following are authentication methods that Security Gateway R80 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.

A. Proxied, User, Dynamic, Session

B. Connection, User, Client

C. User, Client, Session

D. User, Proxied, Session

Correct Answer: C