Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server. He can do this via WebUI or a via CLI. Which command should be use in CLI? Choose the correct answer.
Correct Answer: D
Use the database feature to obtain the configuration lock. The database feature has two commands: The commands do the same thing: obtain the configuration lock from another administrator.
156-215.80 Exam Question 52
Which of the following is NOT a VPN routing option available in a star community?
Correct Answer: A
Explanation SmartConsole For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 SmartConsole: On the Star Community window, in the: Center Gateways section, select the Security Gateway that functions as the "Hub". Satellite Gateways section, select Security Gateways as the "spokes", or satellites. On the VPN Routing page, Enable VPN routing for satellites section, select one of these options: To center and to other Satellites through center - This allows connectivity between the Security Gateways, for example if the spoke Security Gateways are DAIP Security Gateways, and the Hub is a Security Gateway with a static IP address. To center, or through the center to other satellites, to internet and other VPN targets - This allows connectivity between the Security Gateways as well as the ability to inspect all communication passing through the Hub to the Internet. Create an appropriate Access Control Policy rule. NAT the satellite Security Gateways on the Hub if the Hub is used to route connections from Satellites to the Internet. The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address. References:
156-215.80 Exam Question 53
What are the three essential components of the Check Point Security Management Architecture?
Correct Answer: A
Explanation/Reference: Explanation: Deployments Basic deployments: Standalone deployment - Security Gateway and the Security Management server are installed on the same machine. Distributed deployment - Security Gateway and the Security Management server are installed on different machines. Assume an environment with gateways on different sites. Each Security Gateway connects to the Internet on one side, and to a LAN on the other. You can create a Virtual Private Network (VPN) between the two Security Gateways, to secure all communication between them. The Security Management server is installed in the LAN, and is protected by a Security Gateway. The Security Management server manages the Security Gateways and lets remote users connect securely to the corporate network. SmartDashboard can be installed on the Security Management server or another computer. There can be other OPSEC-partner modules (for example, an Anti-Virus Server) to complete the network security with the Security Management server and its Security Gateways. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityManagement_WebAdminGuide/ html_frameset.htm?topic=documents/R77/CP_R77_SecurityManagement_WebAdminGuide/118037
156-215.80 Exam Question 54
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically?
Correct Answer: A
Explanation/Reference: Explanation: What Happens When a Security Gateway Recovers? In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are redistributed among all active members. High Availability and Load Sharing in ClusterXL ClusterXL Administration Guide R77 Versions | 31 In a High Availability configuration, when the failed Security Gateway in a cluster recovers, the recovery method depends on the configured cluster setting. The options are: * Maintain Current Active Security Gateway means that if one member passes on control to a lower priority member, control will be returned to the higher priority member only if the lower priority member fails. This mode is recommended if all members are equally capable of processing traffic, in order to minimize the number of failover events. * Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher priority member is restored, then control will be returned to the higher priority member. This mode is recommended if one member is better equipped for handling connections, so it will be the default Security Gateway. Reference: http://dl3.checkpoint.com/paid/7e/7ef174cf00762ceaf228384ea20ea64a/CP_R77_ClusterXL_AdminGuide.pdf?HashKey=1479822138_31410b1f8360074be87fd8f1ab682464&xtn=.pdf
156-215.80 Exam Question 55
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?
