- Home
- CheckPoint
- Check Point Certified Security Administrator R80
- CheckPoint.156-215.80.v2018-06-25.q219
- Question 201
Valid 156-215.80 Dumps shared by ExamDiscuss.com for Helping Passing 156-215.80 Exam! ExamDiscuss.com now offer the newest 156-215.80 exam dumps, the ExamDiscuss.com 156-215.80 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 156-215.80 dumps with Test Engine here:
Access 156-215.80 Dumps Premium Version
(527 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 201/219
Web Control Layer has been set up using the settings in the following dialogue:
Consider the following policy and select the BEST answer.
Consider the following policy and select the BEST answer.
Correct Answer: D
Explanation/Reference:
Explanation:
Policy Layers and Sub-Policies
R80 introduces the concept of layers and sub-policies, allowing you to segment your policy according to your network segments or business units/functions. In addition, you can also assign granular privileges by layer or sub-policy to distribute workload and tasks to the most qualified administrators With layers, the rule base is organized into a set of security rules. These set of rules or layers, are
inspected in the order in which they are defined, allowing control over the rule base flow and the security functionalities that take precedence. If an "accept" action is performed across a layer, the inspection will continue to the next layer. For example, a compliance layer can be created to overlay across a cross-section of rules.
Sub-policies are sets of rules that are created for a specific network segment, branch office or business
unit, so if a rule is matched, inspection will continue through this subset of rules before it moves on to the next rule.
Sub-policies and layers can be managed by specific administrators, according to their permissions
profiles. This facilitates task delegation and workload distribution.
Reference: https://community.checkpoint.com/docs/DOC-1065
Explanation:
Policy Layers and Sub-Policies
R80 introduces the concept of layers and sub-policies, allowing you to segment your policy according to your network segments or business units/functions. In addition, you can also assign granular privileges by layer or sub-policy to distribute workload and tasks to the most qualified administrators With layers, the rule base is organized into a set of security rules. These set of rules or layers, are
inspected in the order in which they are defined, allowing control over the rule base flow and the security functionalities that take precedence. If an "accept" action is performed across a layer, the inspection will continue to the next layer. For example, a compliance layer can be created to overlay across a cross-section of rules.
Sub-policies are sets of rules that are created for a specific network segment, branch office or business
unit, so if a rule is matched, inspection will continue through this subset of rules before it moves on to the next rule.
Sub-policies and layers can be managed by specific administrators, according to their permissions
profiles. This facilitates task delegation and workload distribution.
Reference: https://community.checkpoint.com/docs/DOC-1065
- Question List (219q)
- Question 1: Which policy type is used to enforce bandwidth and traffic c...
- Question 2: rd According to Check Point Best Practice, when adding a 3 p...
- 1 commentQuestion 3: Which type of the Check Point license ties the package licen...
- Question 4: What happens when you run the command: fw sam -J src [Source...
- Question 5: Fill in the blanks: A security Policy is created in ________...
- Question 6: Which statement is NOT TRUE about Delta synchronization?...
- 1 commentQuestion 7: Which of the following describes how Threat Extraction funct...
- Question 8: Which of the following is TRUE about the Check Point Host ob...
- Question 9: Look at the screenshot below. What CLISH command provides th...
- Question 10: You are about to integrate RSA SecurID users into the Check ...
- Question 11: The CPD daemon is a Firewall Kernel Process that does NOT do...
- Question 12: You have two rules, ten users, and two user groups in a Secu...
- Question 13: Which of the following firewall modes DOES NOT allow for Ide...
- Question 14: Which of the following is NOT an advantage to using multiple...
- Question 15: Which of the following is a hash algorithm?...
- Question 16: Fill in the blank: Once a license is activated, a ________ s...
- Question 17: Fill in the blank: Each cluster has __________ interfaces....
- Question 18: The following graphic shows: (Exhibit)...
- Question 19: What is the mechanism behind Threat Extraction?...
- Question 20: Using mgmt_cli, what is the correct syntax to import a host ...
- Question 21: Which method below is NOT one of the ways to communicate usi...
- Question 22: Where does the security administrator activate Identity Awar...
- Question 23: Which one of these features is NOT associated with the Check...
- Question 24: Which path below is available only when CoreXL is enabled?...
- Question 25: In SmartView Tracker, which rule shows when a packet is drop...
- Question 26: When Identity Awareness is enabled, which identity source(s)...
- Question 27: Fill in the blank: RADIUS protocol uses ______ to communicat...
- Question 28: The IT Management team is interested in the new features of ...
- Question 29: Which of the completed statements is NOT true? The WebUI can...
- Question 30: When defining QoS global properties, which option below is n...
- Question 31: What SmartEvent component creates events?...
- Question 32: Which SmartConsole component can Administrators use to track...
- Question 33: When launching SmartDashboard, what information is required ...
- Question 34: You want to verify if there are unsaved changes in GAiA that...
- Question 35: Fill in the blank: Licenses can be added to the License and ...
- Question 36: You want to establish a VPN, using certificates. Your VPN wi...
- Question 37: Provide very wide coverage for all products and protocols, w...
- Question 38: What are the three components for Check Point Capsule?...
- Question 39: At what point is the Internal Certificate Authority (ICA) cr...
- Question 40: Fill in the blanks: A Check Point software license consists ...
- Question 41: Fill in the blank: A(n) _____ rule is created by an administ...
- Question 42: On the following picture an administrator configures Identit...
- Question 43: Which Threat Prevention Profile is not included by default i...
- Question 44: Which of the following is NOT an option for internal network...
- Question 45: Identify the API that is not supported by Check Point curren...
- Question 46: Which of the following is NOT an alert option?...
- Question 47: You work as a security administrator for a large company. CS...
- Question 48: Which rule is responsible for the user authentication failur...
- Question 49: Which Check Point software blade provides protection from ze...
- Question 50: If there is an Accept Implied Policy set to "First", what is...
- Question 51: Which Threat Prevention Software Blade provides comprehensiv...
- Question 52: Where do you verify that UserDirectory is enabled?...
- Question 53: A client has created a new Gateway object that will be manag...
- Question 54: In SmartEvent, what are the different types of automatic rea...
- Question 55: Your users are defined in a Windows 2008 R2 Active Directory...
- Question 56: Jack works for a managed service provider and he has been ta...
- Question 57: Administrator wishes to update IPS from SmartConsole by clic...
- Question 58: Which of the below is the MOST correct process to reset SIC ...
- Question 59: Packet acceleration (SecureXL) identifies connections by sev...
- 1 commentQuestion 60: Traffic from source 192.168.1.1 is going to www.google.com. ...
- Question 61: What does ExternalZone represent in the presented rule? (Exh...
- Question 62: Where would an administrator enable Implied Rules logging?...
- Question 63: When attempting to start a VPN tunnel, in the logs the error...
- Question 64: Joey is using the computer with IP address 192.168.20.13. He...
- Question 65: Which command can you use to verify the number of active con...
- Question 66: What are the two high availability modes?...
- Question 67: What are the steps to configure the HTTPS Inspection Policy?...
- Question 68: What is the Manual Client Authentication TELNET port?...
- Question 69: R80 Security Management Server can be installed on which of ...
- Question 70: The most important part of a site-to-site VPN deployment is ...
- Question 71: Fill in the blank: The IPS policy for pre-R80 gateways is in...
- Question 72: Vanessa is a Firewall administrator. She wants to test a bac...
- Question 73: Under which file is the proxy arp configuration stored?...
- Question 74: Which one of the following is true about Threat Extraction?...
- Question 75: The WebUI offers three methods for downloading Hotfixes via ...
- Question 76: What is the default shell of Gaia CLI?...
- Question 77: Which of these attributes would be critical for a site-to-si...
- Question 78: Joey wants to configure NTP on R80 Security Management Serve...
- Question 79: Which of the following is NOT a back up method?...
- Question 80: You find that Users are not prompted for authentication when...
- Question 81: You are the administrator for ABC Corp. You have logged into...
- Question 82: Fill in the blank: When LDAP is integrated with Check Point ...
- Question 83: What is the difference between an event and a log?...
- Question 84: In which VPN community is a satellite VPN gateway not allowe...
- Question 85: SmartEvent does NOT use which of the following procedures to...
- Question 86: You find a suspicious connection from a problematic host. Yo...
- Question 87: SandBlast has several functional components that work togeth...
- Question 88: According to Check Point Best Practice, when adding a non-ma...
- Question 89: Which remote Access Solution is clientless?...
- Question 90: In the Check Point three-tiered architecture, which of the f...
- Question 91: Which tool CANNOT be launched from SmartUpdate R77?...
- Question 92: Fill in the blanks: The Application Layer Firewalls inspect ...
- Question 93: Which of the following authentication methods can be configu...
- Question 94: Bob and Joe both have Administrator Roles on their Gaia Plat...
- Question 95: Which of the following is NOT a VPN routing option available...
- Question 96: What is also referred to as Dynamic NAT?...
- Question 97: Which command is used to add users to or from existing roles...
- Question 98: You want to store the GAiA configuration in a file for later...
- Question 99: Which Check Point software blade prevents malicious files fr...
- Question 100: What is the command to see cluster status in cli expert mode...
- Question 101: If the Active Security Management Server fails or if it beco...
- Question 102: Which feature is NOT provided by all Check Point Mobile Acce...
- Question 103: You are unable to login to SmartDashboard. You log into the ...
- Question 104: The Gaia operating system supports which routing protocols?...
- Question 105: The SmartEvent R80 Web application for real-time event monit...
- Question 106: You are about to test some rule and object changes suggested...
- Question 107: How many packets does the IKE exchange use for Phase 1 Main ...
- Question 108: Fill in the blank: RADIUS Accounting gets ______ data from r...
- Question 109: Which of the following is NOT an attribute of packer acceler...
- Question 110: Fill in the blank: The R80 feature ________ permits blocking...
- Question 111: Due to high CPU workload on the Security Gateway, the securi...
- Question 112: Office mode means that:
- Question 113: Fill in the blank: The ________ feature allows administrator...
- Question 114: Choose what BEST describes users on Gaia Platform....
- Question 115: Look at the following screenshot and select the BEST answer....
- Question 116: Which firewall daemon is responsible for the FW CLI commands...
- Question 117: Fill in the blanks: A High Availability deployment is referr...
- Question 118: What is the default method for destination NAT?...
- Question 119: What is the difference between SSL VPN and IPSec VPN?...
- Question 120: An internal router is sending UDP keep-alive packets that ar...
- Question 121: In R80, Unified Policy is a combination of...
- Question 122: Vanessa is expecting a very important Security Report. The D...
- Question 123: Customer's R80 management server needs to be upgraded to R80...
- Question 124: Fill in the blank: The R80 utility fw monitoris used to trou...
- Question 125: Fill in the blank: The command __________ provides the most ...
- Question 126: The system administrator of a company is trying to find out ...
- Question 127: The CDT utility supports which of the following?...
- Question 128: What are the three essential components of the Check Point S...
- Question 129: You have configured SNX on the Security Gateway. The client ...
- Question 130: Which Check Point software blade provides visibility of user...
- Question 131: You want to define a selected administrator's permission to ...
- Question 132: Choose what BEST describes a Session....
- Question 133: Which of the following is NOT a set of Regulatory Requiremen...
- Question 134: When installing a dedicated R80 SmartEvent server, what is t...
- Question 135: A digital signature:
- Question 136: Which set of objects have an Authentication tab?...
- Question 137: What is true about the IPS-Blade?...
- Question 138: How Capsule Connect and Capsule Workspace differ?...
- Question 139: What does it mean if Bob gets this result on an object searc...
- Question 140: Which application should you use to install a contract file?...
- Question 141: A Cleanup rule:
- Question 142: Which of these statements describes the Check Point ThreatCl...
- Question 143: SandBlast offers flexibility in implementation based on thei...
- Question 144: Sticky Decision Function (SDF) is required to prevent which ...
- Question 145: What component of R80 Management is used for indexing?...
- Question 146: If the first packet of an UDP session is rejected by a secur...
- Question 147: Session unique identifiers are passed to the web api using w...
- Question 148: Your company enforces a strict change control policy. Which ...
- Question 149: Which of the following are types of VPN communicates?...
- Question 150: John is using Management HA. Which Smartcenter should be con...
- Question 151: Which of the following is NOT an element of VPN Simplified M...
- Question 152: What is Consolidation Policy?
- Question 153: Which of the following are available SmartConsole clients wh...
- Question 154: Fill in the blanks: In the Network policy layer, the default...
- Question 155: In the R80 SmartConsole, on which tab are Permissions and Ad...
- Question 156: Jennifer McHanry is CEO of ACME. She recently bought her own...
- Question 157: Why would an administrator see the message below? (Exhibit)...
- Question 158: Which of the following actions do NOT take place in IKE Phas...
- Question 159: You manage a global network extending from your base in Chic...
- Question 160: Which is a suitable command to check whether Drop Templates ...
- Question 161: Which the following type of authentication on Mobile Access ...
- Question 162: During the Check Point Stateful Inspection Process, for pack...
- Question 163: After the initial installation the First Time Configuration ...
- Question 164: What is the benefit of Manual NAT over Automatic NAT?...
- Question 165: The organization's security manager wishes to back up just t...
- Question 166: Which of the following licenses are considered temporary?...
- Question 167: Full synchronization between cluster members is handled by F...
- Question 168: When a packet arrives at the gateway, the gateway checks it ...
- Question 169: Which authentication scheme requires a user to possess a tok...
- Question 170: Fill in the blank: A _______ is used by a VPN gateway to sen...
- Question 171: What is NOT an advantage of Packet Filtering?...
- Question 172: What port is used for delivering logs from the gateway to th...
- Question 173: MegaCorp's security infrastructure separates Security Gatewa...
- 1 commentQuestion 174: R80.10 management server can manage gateways with which vers...
- Question 175: Which information is included in the "Full Log" tracking opt...
- Question 176: Fill in the blank: The _________ software blade enables Appl...
- Question 177: Which command is used to obtain the configuration lock in Ga...
- Question 178: What happens if the identity of a user is known?...
- Question 179: How would you deploy TE250X Check Point appliance just for e...
- Question 180: Which type of Endpoint Identity Agent includes packet taggin...
- Question 181: What are the two types of address translation rules?...
- Question 182: VPN gateways must authenticate to each other prior to exchan...
- Question 183: You are using SmartView Tracker to troubleshoot NAT entries....
- Question 184: Using R80 Smart Console, what does a "pencil icon" in a rule...
- Question 185: While in SmartView Tracker, Brady has noticed some very odd ...
- Question 186: All R77 Security Servers can perform authentication with the...
- Question 187: As you review this Security Policy, what changes could you m...
- Question 188: Using ClusterXL, what statement is true about the Sticky Dec...
- Question 189: Please choose correct command syntax to add an "emailserver1...
- Question 190: From SecureXL perspective, what are the tree paths of traffi...
- Question 191: Choose the correct statement regarding Implicit Rules....
- Question 192: Your boss wants you to closely monitor an employee suspected...
- Question 193: Which of the following is NOT a valid option when configurin...
- Question 194: There are two R77.30 Security Gateways in the Firewall Clust...
- Question 195: Which of the following is a new R80.10 Gateway feature that ...
- Question 196: You are asked to check the status of several user-mode proce...
- Question 197: Which R77 GUI would you use to see number of packets accepte...
- Question 198: Where can administrator edit a list of trusted SmartConsole ...
- Question 199: Match the following commands to their correct function. Each...
- Question 200: Fill in the blank: The R80 SmartConsole, SmartEvent GUI clie...
- Question 201: Web Control Layer has been set up using the settings in the ...
- Question 202: Which is the correct order of a log flow processed by SmartE...
- Question 203: What must a Security Administrator do to comply with a manag...
- Question 204: What command would show the API server status?...
- Question 205: AdminA and AdminB are both logged in on SmartConsole. What d...
- Question 206: You have just installed your Gateway and want to analyze the...
- Question 207: What is the main difference between Threat Extraction and Th...
- Question 208: In order to modify Security Policies the administrator can u...
- Question 209: What is the purpose of Captive Portal?...
- Question 210: On R80.10 when configuring Third-Party devices to read the l...
- Question 211: How do you configure an alert in SmartView Monitor?...
- Question 212: There are 4 ways to use the Management API for creating host...
- Question 213: What is the appropriate default Gaia Portal address?...
- Question 214: While enabling the Identity Awareness blade the Identity Awa...
- Question 215: Katie has been asked to do a backup on the Blue Security Gat...
- Question 216: Which NAT rules are prioritized first?...
- Question 217: In what way is Secure Network Distributor (SND) a relevant f...
- Question 218: You are going to upgrade from R77 to R80. Before the upgrade...
- Question 219: What port is used for communication to the User Center with ...
[×]
Download PDF File
Enter your email address to download CheckPoint.156-215.80.v2018-06-25.q219.pdf