The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.
Exam Question 41
You work as a security administrator for a large company. The CSO of your company has attended a security conference where he has learned how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right protections in place. Check Point has been selected for the security vendor. Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
A. IPS and Application Control
B. IPS, anti-virus and anti-bot
C. IPS, anti-virus and e-mail security
D. SandBlast
Correct Answer:
D. SandBlast
Answer Description:
SandBlast Zero-Day Protection: Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point provides a deeper level of inspection so you can prevent more malware and zero-day attacks, while ensuring quick delivery of safe content to your users.
Exam Question 42
Each cluster has __________ interfaces.
A. Five
B. Two
C. Three
D. Four
Correct Answer:
C. Three
Answer Description:
Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch.
Exam Question 43
What are the two types of address translation rules?
A. Translated packet and untranslated packet
B. Untranslated packet and manipulated packet
C. Manipulated packet and original packet
D. Original packet and translated packet
Correct Answer:
D. Original packet and translated packet
Answer Description:
NAT Rule Base: The NAT Rule Base has two sections that specify how the IP addresses are translated:
- Original Packet
- Translated Packet
Exam Question 44
You are unable to login to SmartConsole. You login to the management server and run #cpwd_admin list with the following output:
What reason could possibly BEST explain why you are unable to connect to SmartConsole?
A. CPD is down
B. SVR is down
C. CPM and FWM are down
D. CPSM is down
Correct Answer:
C. CPM and FWM are down
Answer Description:
The correct answer would be FWM (is the process making available communication between SmartConsole applications and Security Management Server.). STATE is T (Terminate = Down)
Symptoms: SmartDashboard fails to connect to the Security Management server.
1. Verify if the FWM process is running. To do this, run the command: [Expert@HostName:0]# ps -aux | grep fwm
2. If the FWM process is not running, then try force-starting the process with the following command: [Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"
Exam Question 45
What does ExternalZone represent in the presented rule?
A. The Internet.
B. Interfaces that administrator has defined to be part of External Security Zone.
C. External interfaces on all security gateways.
D. External interfaces of specific gateways.
Correct Answer:
B. Interfaces that administrator has defined to be part of External Security Zone.
Answer Description:
Configuring Interfaces
Configure the Security Gateway 80 interfaces in the Interfaces tab in the Security Gateway window.
To configure the interfaces:
- From the Devices window, double-click the Security Gateway 80. The Security Gateway window opens.
- Select the Interfaces tab.
- Select Use the following settings. The interface settings open.
- Select the interface and click Edit. The Edit window opens.
- From the IP Assignment section, configure the IP address of the interface. Select Static IP, and enter the IP address and subnet mask for the interface.
- In Security Zone, select Wireless, DMS, External, or Internal. Security zone is a type of zone, created by a bridge to easily create segments, while maintaining IP addresses and router configurations. Security zones let you choose if to enable or not the firewall between segments.
Exam Question 46
The R80 feature ________ permits blocking specific IP addresses for a specified time period.
A. Block Port Overflow
B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
Correct Answer:
C. Suspicious Activity Monitoring
Answer Description:
Suspicious Activity Rules Solution: Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation
Exam Question 47
What is the purpose of Captive Portal?
A. It provides remote access to SmartConsole
B. It manages user permission in SmartConsole
C. It authenticates users, allowing them access to the Internet and corporate resources
D. It authenticates users, allowing them access to the Gaia OS
Correct Answer:
C. It authenticates users, allowing them access to the Internet and corporate resources
Answer Description:
Captive Portal: a simple method that authenticates users through a web interface before granting them access to Intranet resources. When users try to access a protected resource, they get a web page that must be filled out to continue.
Exam Question 48
View the rule below. What does the lock-symbol in the left column mean? Choose the best answer.
A. The current administrator has read-only permissions to Threat Prevention Policy.
B. Another user has locked the rule for editing.
C. Configuration lock is present. Click the lock symbol to gain read-write access.
D. The current administrator is logged in as read-only because someone else is editing the policy.
Correct Answer:
B. Another user has locked the rule for editing.
Answer Description:
Administrator Collaboration: More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that is independent of the other administrators.
When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited.
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
Exam Question 49
When attempting to start a VPN tunnel, in the logs the error ‘no proposal chosen’ is seen numerous times.
No other VPN-related log entries are present. Which phase of the VPN negotiations has failed?
A. IKE Phase 1
B. IPSEC Phase 2
C. IPSEC Phase 1
D. IKE Phase 2
Correct Answer:
A. IKE Phase 1
Exam Question 50
What is NOT an advantage of Packet Filtering?
A. Low Security and No Screening above Network Layer
B. Application Independence
C. High Performance
D. Scalability
Correct Answer:
A. Low Security and No Screening above Network Layer
Answer Description:
Packet Filter Advantages: Application independence, high performance, scalability.
Packet Filter Disadvantages: Low security, no screening above the network layer.