初心者向けの156-215.80試験 [2022] 問題集でCheckPointのPDF問題
156-215.80プレミアム試験エンジンPDFをダウンロード
質問 286
Joey wants to configure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?
- A. https://<Device_IP_Address>:443
- B. https://<Device_IP_Address>
- C. https://<Device_IP_Address>:10000
- D. https://<Device_IP_Address>:4434
正解: B
解説:
Access to Web UI Gaia administration interface, initiate a connection from a browser to the default administration IP address: Logging in to the WebUI Logging in To log in to the WebUI:
https://<Gaia IP address>
質問 287
What does it mean if Deyra sees the gateway status:
Choose the BEST answer.
- A. VPN software blade is reporting a malfunction
- B. Security Gateway's MGNT NIC card is disconnected.
- C. There is a blade reporting a problem
- D. SmartCenter Server cannot reach this Security Gateway
正解: C
解説:
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/sc/SolutionsStatics/NEW_SK_NOID1493612962436/active1704302237.fw.png
質問 288
Which of the following is NOT a back up method?
- A. Save backup
- B. Migrate
- C. System backup
- D. snapshot
正解: A
解説:
Explanation/Reference:
Explanation: The built-in Gaia backup procedures:
Snapshot Management
System Backup (and System Restore)
Save/Show Configuration (and Load Configuration)
Check Point provides three different procedures for backing up (and restoring) the operating system and networking parameters on your appliances.
Snapshot (Revert)
Backup (Restore)
upgrade_export (Migrate)
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk108902
https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk54100
質問 289
View the rule below. What does the pen-symbol in the left column mean?
- A. Those rules have been published in the current session.
- B. Another user has currently locked the rules for editing.
- C. Rules have been edited by the logged in administrator, but the policy has not been published yet.
- D. The configuration lock is present. Click the pen symbol in order to gain the lock.
正解: C
質問 290
Vanessa is firewall administrator in her company; her company is using Check Point firewalls on central and remote locations, which are managed centrally by R80 Security Management Server. One central location has an installed R77.30 Gateway on Open server. Remote location is using Check Point UTM-1
570 series appliance with R71. Which encryption is used in Secure Internal Communication (SIC) between central management and firewall on each location?
- A. On central firewall AES256 encryption is used for SIC, on Remote firewall AES128 encryption is used for SIC.
- B. The Firewall Administrator can choose which encryption suite will be used by SIC.
- C. On central firewall AES128 encryption is used for SIC, on Remote firewall 3DES encryption is used for SIC.
- D. On both firewalls, the same encryption is used for SIC. This is AES-GCM-256.
正解: C
解説:
Explanation/Reference:
Explanation: Gateways above R71 use AES128 for SIC. If one of the gateways is R71 or below, the gateways use 3DES.
Reference:
http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/
CP_R80_SecurityManagement_AdminGuide.pdf?
HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
質問 291
Which of the following is NOT a VPN routing option available in a star community?
- A. To satellites through center only
- B. To center and to other satellites through center
- C. To center only
- D. To center, or through the center to other satellites, to Internet and other VPN targets
正解: A,C
解説:
Explanation/Reference:
Explanation:
SmartConsole
For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 SmartConsole:
1. On the Star Community window, in the:
a. Center Gateways section, select the Security Gateway that functions as the "Hub".
b. Satellite Gateways section, select Security Gateways as the "spokes", or satellites.
2. On the VPN Routing page, Enable VPN routing for satellites section, select one of these options:
a. To center and to other Satellites through center - This allows connectivity between the Security Gateways, for example if the spoke Security Gateways are DAIP Security Gateways, and the Hub is a Security Gateway with a static IP address.
b. To center, or through the center to other satellites, to internet and other VPN targets - This allows connectivity between the Security Gateways as well as the ability to inspect all communication passing through the Hub to the Internet.
3. Create an appropriate Access Control Policy rule.
4. NAT the satellite Security Gateways on the Hub if the Hub is used to route connections from Satellites to the Internet.
The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_VPN/html_frameset.htm
質問 292
Which option would allow you to make a backup copy of the OS and Check Point configuration, without
stopping Check Point processes?
- A. All options stop Check Point processes
- B. migrate export
- C. backup
- D. snapshot
正解: D
質問 293
Access roles allow the firewall administrator to configure network access according to:
- A. a combination of computer groups and network
- B. remote access clients
- C. all of above
- D. users and user groups
正解: C
解説:
To create an access role:
The Access Role window opens.
Your selection is shown in the Networks node in the Role Preview pane.
A window opens. You can search for Active Directory entries or select them from the list.
You can search for AD entries or select them from the list.
The access role is added to the Users and Administrators tree.
質問 294
Fill in the blank: Once a license is activated, a ________ should be installed.
- A. License Management file
- B. Service Contract file
- C. License Contract file
- D. Security Gateway Contract file
正解: B
解説:
Explanation
Service Contract File
Following the activation of the license, a Service Contract File should be installed. This file contains important information about all subscriptions purchased for a specific device and is installed via SmartUpdate. A detailed explanation of the Service Contract File can be found in sk33089.
質問 295
Consider the Global Properties following settings:
The selected option "Accept Domain Name over UDP (Queries)" means:
- A. UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule written by Administrator in a Security Policy.
- B. All UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy.
- C. All UDP Queries will be accepted by the traffic allowed by first explicit rule written by Administrator in a Security Policy.
- D. No UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy.
正解: A
解説:
Explanation
質問 296
In what way are SSL VPN and IPSec VPN different?
- A. IPSec VPN uses an additional virtual adapter, SSL VPN uses the client network adapter only
- B. IPSec VPN does not support two factor authentication, SSL VPN does support this
- C. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
- D. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
正解: A
解説:
Explanation/Reference:
質問 297
What is the default shell for the command line interface?
- A. Expert
- B. Clish
- C. Normal
- D. Admin
正解: B
解説:
Explanation
The default shell of the CLI is called clish
質問 298
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?
- A. Identity Awareness is not enabled on Global properties.
- B. Security Gateways is not part of the Domain.
- C. SmartConsole machine is not part of the domain.
- D. Security Management Server is not part of the domain.
正解: C
解説:
Explanation
To enable Identity Awareness:
* Log in to SmartDashboard.
* From the Network Objects tree, expand the Check Point branch.
* Double-click the Security Gateway on which to enable Identity Awareness.
* In the Software Blades section, select Identity Awareness on the Network Security tab.
The Identity Awareness Configuration wizard opens.
* Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
* AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers.
* Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.
* Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address).
See Choosing Identity Sources.
Note - When you enable Browser-Based Authentication on a Security Gateway that is on an IP Series appliance, make sure to set the Voyager management application port to a port other than 443 or 80.
* Click Next.
The Integration With Active Directory window opens.
When SmartDashboard is part of the domain, SmartDashboard suggests this domain automatically. If you select this domain, the system creates an LDAP Account Unit with all of the domain controllers in the organization's Active Directory.
質問 299
How are the backups stored in Chock Point appliances?
- A. Saved as * .tgz under /var/log/CPbackup/backups
- B. Saved as * .tar under /var/cppbackup
- C. Saved as * .tgz under /var/cppbackup
- D. Saved as * .tar under /var/log/Cpbackup/backups
正解: A
質問 300
What does the "unknown" SIC status shown on SmartConsole mean?
- A. The SIC activation key is not known by any administrator.
- B. The SMS can contact the Security Gateway but cannot establish Secure Internal Communication.
- C. SIC activation key requires a reset.
- D. There is no connection between the Security Gateway and SMS.
正解: D
解説:
Explanation/Reference:
Explanation: The most typical status is Communicating. Any other status indicates that the SIC communication is problematic. For example, if the SIC status is Unknown then there is no connection between the Gateway and the Security Management server. If the SIC status is Not Communicating, the Security Management server is able to contact the gateway, but SIC communication cannot be established.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?
topic=documents/R76/CP_R76_SecMan_WebAdmin/118037
質問 301
When launching SmartDashboard, what information is required to log into R77?
- A. Password, Management Server IP, LDAP Server IP
- B. Password, Management Server IP
- C. User Name, Password, Management Server IP
- D. User Name, Management Server IP, certificate fingerprint file
正解: C
質問 302
Examine the following Rule Base.
What can we infer about the recent changes made to the Rule Base?
- A. Rule 1 and object webserver are locked by another administrator
- B. Rule 7 was created by the 'admin' administrator in the current session
- C. 8 changes have been made by administrators since the last policy installation
- D. The rules 1, 5 and 6 cannot be edited by the 'admin' administrator
正解: A
解説:
Explanation
On top of the print screen there is a number "8" which consists for the number of changes made and not saved.
Session Management Toolbar (top of SmartConsole)
質問 303
Fill in the blank: A _______ is used by a VPN gateway to send traffic as if it were a physical interface.
- A. VPN router
- B. VPN interface
- C. VPN Tunnel Interface
- D. VPN community
正解: C
解説:
Explanation
Route Based VPN
VPN traffic is routed according to the routing settings (static or dynamic) of the Security Gateway operating system. The Security Gateway uses a VTI (VPN Tunnel Interface) to send the VPN traffic as if it were a physical interface. The VTIs of Security Gateways in a VPN community connect and can support dynamic routing protocols.
質問 304
To view the policy installation history for each gateway, which tool would an administrator use?
- A. Installation history
- B. Gateway installations
- C. Gateway history
- D. Revisions
正解: A
解説:
Explanation/Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?
topic=documents/R80/CP_R80_SecMGMT/119225
質問 305
Tina is a new administrator who is currently reviewing the new Check Point R80 Management console interface. In the Gateways view, she is reviewing the Summary screen as in the screenshot below. What as an 'Open Server'?
- A. Check Point software deployed on a non-Check Point appliance.
- B. A check Point Management Server deployed using the Open Systems Interconnection (OSI) Server and Security deployment model.
- C. A check Point Management Server software using the Open SSL.
- D. The Open Server Consortium approved Server Hardware used for the purpose of Security and Availability.
正解: A
解説:
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/index.html
質問 306
Identify the ports to which the Client Authentication daemon listens on by default?
- A. 8080, 529
- B. 80, 256
- C. 259, 900
- D. 256, 257
正解: C
質問 307
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?
- A. The checkbox "Use only Shared Secret for all external members" is not checked
- B. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
- C. Pre-shared secret is already configured in Global Properties
- D. The Gateway is an SMB device
正解: B
質問 308
Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .
- A. Anti-bot policy install
- B. Access Control policy install
- C. Threat Prevention policy install
- D. Firewall policy install
正解: C
解説:
Explanation/Reference:
Explanation: https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/ html_frameset.htm?topic=documents/R80/CP_R80BC_ThreatPrevention/136486
質問 309
......
CheckPoint 156-215.80 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
あなたを合格させるCheckPoint試験には156-215.80試験問題集:https://www.jpntest.com/shiken/156-215.80-mondaishu