Check Point Certified Security Administrator (CCSA) 156-215.80 Exam Questions and Answers – Page 1

The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.

Exam Question 21

With which command can you view the running configuration of Gaia Operating system?

A. show conf-active
B. show configuration active
C. show configuration
D. show running-configuration
Correct Answer:
C. show configuration

Exam Question 22

Which one of the following is the preferred licensing model? Choose the BEST answer.

A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
B. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.
C. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
D. Central licensing because it ties the package license to the MAC-address of the Security Management Server’s Mgmt-interface and has no dependency on the gateway.
Correct Answer:
B. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.
Answer Description:
Central License: A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address. The benefits of a Central License are:

  • Only one IP address is needed for all licenses.
  • A license can be taken from one gateway and given to another.
  • The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.

Exam Question 23

A new license should be generated and installed in all of the following situations EXCEPT when ________ .

A. The license is attached to the wrong Security Gateway
B. The existing license expires
C. The license is upgraded
D. The IP address of the Security Management or Security Gateway has changed
Correct Answer:
A. The license is attached to the wrong Security Gateway
Answer Description:
There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.

Exam Question 24

What is the default shell for the command line interface?

A. Expert
B. Clish
C. Admin
D. Normal
Correct Answer:
B. Clish
Answer Description:
The default shell of the CLI is called clish

Exam Question 25

Which of the following commands can be used to remove site-to-site IPSEC Security Associations (SA)?

A. vpn tu
B. vpn ipsec remove -l
C. vpn debug ipsec
D. fw ipsec tu
Correct Answer:
A. vpn tu
Answer Description:
vpn tu
Description Launch the TunnelUtil tool which is used to control VPN tunnels.
Usage vpn tu
vpn tunnelutil
Example vpn tu
Output
Description Launch the TunnelUtil tool which is used to control VPN tunnels.

Exam Question 26

Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

A. Editor
B. Read Only All
C. Super User
D. Full Access
Correct Answer:
B. Read Only All
Answer Description:
To create a new permission profile:
1. In SmartConsole, go to Manage & Settings > Permissions and Administrators > Permission Profiles.
2. Click New Profile. The New Profile window opens.
3. Enter a unique name for the profile.
4. Select a profile type:

  • Read/Write All: Administrators can make changes
  • Auditor (Read Only All): Administrators can see information but cannot make changes
  • Customized: Configure custom settings

5. Click OK.

Exam Question 27

Packages and licenses are loaded from all of these sources EXCEPT ________.

A. Download Center Web site
B. UserUpdate
C. User Center
D. Check Point DVD
Correct Answer:
B. UserUpdate
Answer Description:
Packages and licenses are loaded into these repositories from several sources:

  • the Download Center web site (packages)
  • the Check Point DVD (packages)
  • the User Center (licenses)
  • by importing a file (packages and licenses)
  • by running the cplic command line

Exam Question 28

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

A. INSPECT Engine
B. Stateful Inspection
C. Packet Filtering
D. Application Layer Firewall
Correct Answer:
B. Stateful Inspection

Exam Question 29

Tina is a new administrator who is currently reviewing the new Check Point R80 Management console interface. In the Gateways view, she is reviewing the Summary screen as in the screenshot below. What as an ‘Open Server’?
Tina is a new administrator who is currently reviewing the new Check Point R80 Management console interface. In the Gateways view, she is reviewing the Summary screen as in the screenshot below. What as an 'Open Server'?

A. Check Point software deployed on a non-Check Point appliance.
B. The Open Server Consortium approved Server Hardware used for the purpose of Security and Availability.
C. A Check Point Management Server deployed using the Open Systems Interconnection (OSI) Server and Security deployment model.
D. A Check Point Management Server software using the Open SSL.
Correct Answer:
A. Check Point software deployed on a non-Check Point appliance.
Answer Description:
Open Server: Non-Check Point hardware platform that is certified by Check Point as supporting Check Point products. Open Servers allow customers the flexibility of deploying Check Point software on systems that have not been pre-hardened or pre-installed (servers running standard versions of Solaris, Windows, Red Hat Linux).

Exam Question 30

Choose what BEST describes the Policy Layer Traffic Inspection.
A. If a packet does not match any of the inline layers, the matching continues to the next Layer.
B. If a packet matches an inline layer, it will continue matching the next layer.
C. If a packet does not match any of the inline layers, the packet will be matched against the Implicit Cleanup Rule.
D. If a packet does not match a Network Policy Layer, the matching continues to its inline layer.
Correct Answer:
B. If a packet matches an inline layer, it will continue matching the next layer.