Download CCSE Update R80.156-915.80.TestKing.2019-06-21.121q.vcex

Vendor: Checkpoint
Exam Code: 156-915.80
Exam Name: CCSE Update R80
Date: Jun 21, 2019
File Size: 115 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which is the correct order of a log flow processed by SmartEvent components:
  1. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
  2. Firewall > SmartEvent Server Database > Correlation unit > Log Server > SmartEvent Client
  3. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
  4. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct answer: D
Question 2
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
  1. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
  2. Mail, Block Source, Block Destination, Block Services, SNMP Trap
  3. Mail, Block Source, Block Destination, External Script, SNMP Trap
  4. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct answer: A
Explanation:
These are the types of Automatic Reactions:Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction. Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a period of time from one minute to more than three weeks. See Create a Block Source Reaction Block Event activity - instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction. External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data. SNMP Trap - generate an SNMP Trap. See Create an SNMP Trap Reaction. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
These are the types of Automatic Reactions:
  • Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction. 
  • Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a period of time from one minute to more than three weeks. See Create a Block Source Reaction 
  • Block Event activity - instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction. 
  • External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data. 
  • SNMP Trap - generate an SNMP Trap. See Create an SNMP Trap Reaction. 
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
Question 3
When synchronizing clusters, which of the following statements is FALSE?
  1. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.
  2. Only cluster members running on the same OS platform can be synchronized.
  3. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
  4. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.
Correct answer: D
Question 4
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the case?
  1. cphaprob –f register
  2. cphaprob –d–s report
  3. cpstat–f-all
  4. cphaprob –a list
Correct answer: D
Explanation:
Reference: http://dl3.checkpoint.com/paid/63/6357d81e3b75b5a09a422d715c3b3d79/CP_R80.10_ClusterXL_AdminGuide.pdf?HashKey=1522170580_c51bd784a86600b5f6141c0f1a6322fd&xtn=.pdf
Reference: http://dl3.checkpoint.com/paid/63/6357d81e3b75b5a09a422d715c3b3d79/CP_R80.10_ClusterXL_AdminGuide.pdf?HashKey=1522170580_c51bd784a86600b5f6141c0f1a6322fd&xtn=.pdf
Question 5
What is the SandBlast Agent designed to do?
  1. Performs OS-level sandboxing for SandBlast Cloud architecture
  2. Ensure the Check Point SandBlast services is running on the end user’s system
  3. If malware enters an end user’s system, the SandBlast Agent prevents the malware form spreading with the network
  4. Clean up email sent with malicious attachments.
Correct answer: C
Explanation:
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/ds-sandblast-agent.pdf
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/ds-sandblast-agent.pdf
Question 6
The SmartEvent R80 Web application for real-time event monitoring is called:
  1. SmartView Monitor
  2. SmartEventWeb
  3. There is no Web application for SmartEvent
  4. SmartView
Correct answer: A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
Question 7
What Shell is required in Gaia to use WinSCP?
  1. UNIX
  2. CPShell
  3. CLISH
  4. Bash
Correct answer: D
Explanation:
Reference: https://winscp.net/eng/docs/ui_login_scp
Reference: https://winscp.net/eng/docs/ui_login_scp
Question 8
Which one of the following is true about Threat Emulation?
  1. Takes less than a second to complete
  2. Works on MS Office and PDF files only
  3. Always delivers a file
  4. Takes minutes to complete (less than 3 minutes)
Correct answer: D
Question 9
The “MAC magic” value must be modified under the following condition:
  1. There is more than one cluster connected to the same VLAN
  2. A firewall cluster is configured to use Multicast for CCP traffic
  3. There are more than two members in a firewall cluster
  4. A firewall cluster is configured to use Broadcast for CCP traffic
Correct answer: D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
Question 10
The following command is used to verify the CPUSE version:
  1. HostName:0>show installer status build
  2. [Expert@HostName:0]#show installer status
  3. [Expert@HostName:0]#show installer status build
  4. HostName:0>show installer build
Correct answer: A
Explanation:
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
Question 11
Which is the correct order of a log flow processed by SmartEvent components:
  1. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
  2. Firewall > SmartEvent Server Database > Correlation unit > Log Server > SmartEvent Client
  3. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
  4. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct answer: D
Question 12
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
  1. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
  2. Mail, Block Source, Block Destination, Block Services, SNMP Trap
  3. Mail, Block Source, Block Destination, External Script, SNMP Trap
  4. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct answer: A
Explanation:
These are the types of Automatic Reactions:Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction. Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a period of time from one minute to more than three weeks. See Create a Block Source Reaction Block Event activity - instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction. External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data. SNMP Trap - generate an SNMP Trap. See Create an SNMP Trap Reaction. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
These are the types of Automatic Reactions:
  • Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction. 
  • Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a period of time from one minute to more than three weeks. See Create a Block Source Reaction 
  • Block Event activity - instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction. 
  • External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data. 
  • SNMP Trap - generate an SNMP Trap. See Create an SNMP Trap Reaction. 
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
Question 13
When synchronizing clusters, which of the following statements is FALSE?
  1. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.
  2. Only cluster members running on the same OS platform can be synchronized.
  3. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
  4. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.
Correct answer: D
Question 14
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the case?
  1. cphaprob –f register
  2. cphaprob –d–s report
  3. cpstat–f-all
  4. cphaprob –a list
Correct answer: D
Explanation:
Reference: http://dl3.checkpoint.com/paid/63/6357d81e3b75b5a09a422d715c3b3d79/CP_R80.10_ClusterXL_AdminGuide.pdf?HashKey=1522170580_c51bd784a86600b5f6141c0f1a6322fd&xtn=.pdf
Reference: http://dl3.checkpoint.com/paid/63/6357d81e3b75b5a09a422d715c3b3d79/CP_R80.10_ClusterXL_AdminGuide.pdf?HashKey=1522170580_c51bd784a86600b5f6141c0f1a6322fd&xtn=.pdf
Question 15
What is the SandBlast Agent designed to do?
  1. Performs OS-level sandboxing for SandBlast Cloud architecture
  2. Ensure the Check Point SandBlast services is running on the end user’s system
  3. If malware enters an end user’s system, the SandBlast Agent prevents the malware form spreading with the network
  4. Clean up email sent with malicious attachments.
Correct answer: C
Explanation:
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/ds-sandblast-agent.pdf
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/ds-sandblast-agent.pdf
Question 16
The SmartEvent R80 Web application for real-time event monitoring is called:
  1. SmartView Monitor
  2. SmartEventWeb
  3. There is no Web application for SmartEvent
  4. SmartView
Correct answer: A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
Question 17
What Shell is required in Gaia to use WinSCP?
  1. UNIX
  2. CPShell
  3. CLISH
  4. Bash
Correct answer: D
Explanation:
Reference: https://winscp.net/eng/docs/ui_login_scp
Reference: https://winscp.net/eng/docs/ui_login_scp
Question 18
Which one of the following is true about Threat Emulation?
  1. Takes less than a second to complete
  2. Works on MS Office and PDF files only
  3. Always delivers a file
  4. Takes minutes to complete (less than 3 minutes)
Correct answer: D
Question 19
The “MAC magic” value must be modified under the following condition:
  1. There is more than one cluster connected to the same VLAN
  2. A firewall cluster is configured to use Multicast for CCP traffic
  3. There are more than two members in a firewall cluster
  4. A firewall cluster is configured to use Broadcast for CCP traffic
Correct answer: D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
Question 20
The following command is used to verify the CPUSE version:
  1. HostName:0>show installer status build
  2. [Expert@HostName:0]#show installer status
  3. [Expert@HostName:0]#show installer status build
  4. HostName:0>show installer build
Correct answer: A
Explanation:
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
Question 21
Which is the correct order of a log flow processed by SmartEvent components:
  1. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
  2. Firewall > SmartEvent Server Database > Correlation unit > Log Server > SmartEvent Client
  3. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
  4. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct answer: D
Question 22
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
  1. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
  2. Mail, Block Source, Block Destination, Block Services, SNMP Trap
  3. Mail, Block Source, Block Destination, External Script, SNMP Trap
  4. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct answer: A
Explanation:
These are the types of Automatic Reactions:Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction. Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a period of time from one minute to more than three weeks. See Create a Block Source Reaction Block Event activity - instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction. External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data. SNMP Trap - generate an SNMP Trap. See Create an SNMP Trap Reaction. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
These are the types of Automatic Reactions:
  • Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction. 
  • Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a period of time from one minute to more than three weeks. See Create a Block Source Reaction 
  • Block Event activity - instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction. 
  • External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data. 
  • SNMP Trap - generate an SNMP Trap. See Create an SNMP Trap Reaction. 
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
Question 23
When synchronizing clusters, which of the following statements is FALSE?
  1. The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.
  2. Only cluster members running on the same OS platform can be synchronized.
  3. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
  4. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.
Correct answer: D
Question 24
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the case?
  1. cphaprob –f register
  2. cphaprob –d–s report
  3. cpstat–f-all
  4. cphaprob –a list
Correct answer: D
Explanation:
Reference: http://dl3.checkpoint.com/paid/63/6357d81e3b75b5a09a422d715c3b3d79/CP_R80.10_ClusterXL_AdminGuide.pdf?HashKey=1522170580_c51bd784a86600b5f6141c0f1a6322fd&xtn=.pdf
Reference: http://dl3.checkpoint.com/paid/63/6357d81e3b75b5a09a422d715c3b3d79/CP_R80.10_ClusterXL_AdminGuide.pdf?HashKey=1522170580_c51bd784a86600b5f6141c0f1a6322fd&xtn=.pdf
Question 25
What is the SandBlast Agent designed to do?
  1. Performs OS-level sandboxing for SandBlast Cloud architecture
  2. Ensure the Check Point SandBlast services is running on the end user’s system
  3. If malware enters an end user’s system, the SandBlast Agent prevents the malware form spreading with the network
  4. Clean up email sent with malicious attachments.
Correct answer: C
Explanation:
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/ds-sandblast-agent.pdf
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/ds-sandblast-agent.pdf
Question 26
The SmartEvent R80 Web application for real-time event monitoring is called:
  1. SmartView Monitor
  2. SmartEventWeb
  3. There is no Web application for SmartEvent
  4. SmartView
Correct answer: A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
Question 27
What Shell is required in Gaia to use WinSCP?
  1. UNIX
  2. CPShell
  3. CLISH
  4. Bash
Correct answer: D
Explanation:
Reference: https://winscp.net/eng/docs/ui_login_scp
Reference: https://winscp.net/eng/docs/ui_login_scp
Question 28
Which one of the following is true about Threat Emulation?
  1. Takes less than a second to complete
  2. Works on MS Office and PDF files only
  3. Always delivers a file
  4. Takes minutes to complete (less than 3 minutes)
Correct answer: D
Question 29
The “MAC magic” value must be modified under the following condition:
  1. There is more than one cluster connected to the same VLAN
  2. A firewall cluster is configured to use Multicast for CCP traffic
  3. There are more than two members in a firewall cluster
  4. A firewall cluster is configured to use Broadcast for CCP traffic
Correct answer: D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
Question 30
The following command is used to verify the CPUSE version:
  1. HostName:0>show installer status build
  2. [Expert@HostName:0]#show installer status
  3. [Expert@HostName:0]#show installer status build
  4. HostName:0>show installer build
Correct answer: A
Explanation:
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!