Check Point Certified Security Administrator (CCSA) 156-215.80 Exam Questions and Answers – Page 2

The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.

Exam Question 131

Which of the following actions do NOT take place in IKE Phase 1?

A. Peers agree on encryption method.
B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.
C. Peers agree on integrity method.
D. Each side generates a session key from its private key and peer’s public key.
Correct Answer:
B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.

Exam Question 132

Which R77 GUI would you use to see number of packets accepted since the last policy install?

A. SmartView Monitor
B. SmartView Tracker
C. SmartDashboard
D. SmartView Status
Correct Answer:
A. SmartView Monitor

Exam Question 133

Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?

A. Bridge
B. Load Sharing
C. High Availability
D. Fail Open
Correct Answer:
A. Bridge

Exam Question 134

What is the Manual Client Authentication TELNET port?

A. 23
B. 264
C. 900
D. 259
Correct Answer:
D. 259

Exam Question 135

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.

To make this scenario work, the IT administrator must:

  1. Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
  2. In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
  3. Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.
  4. Install policy.

Ms McHanry tries to access the resource but is unable. What should she do?

A. Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal”.
B. Have the security administrator reboot the firewall.
C. Have the security administrator select Any for the Machines tab in the appropriate Access Role.
D. Install the Identity Awareness agent on her iPad.
Correct Answer:
A. Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal”.

Exam Question 136

How many packets does the IKE exchange use for Phase 1 Main Mode?

A. 12
B. 1
C. 3
D. 6
Correct Answer:
D. 6

Exam Question 137

A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?

A. Secure Internal Communications (SIC) not configured for the object.
B. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
C. Anti-spoofing not configured on the interfaces on the Gateway object.
D. A Gateway object created using the Check Point > Secure Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
Correct Answer:
B. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.

Exam Question 138

As you review this Security Policy, what changes could you make to accommodate Rule 4?
As you review this Security Policy, what changes could you make to accommodate Rule 4?

A. Remove the service HTTP from the column Service in Rule 4.
B. Modify the column VPN in Rule 2 to limit access to specific traffic.
C. Nothing at all
D. Modify the columns Source or Destination in Rule 4
Correct Answer:
B. Modify the column VPN in Rule 2 to limit access to specific traffic.

Exam Question 139

What happens when you run the command: fw sam -J src [Source IP Address]?

A. Connections from the specified source are blocked without the need to change the Security Policy.
B. Connections to the specified target are blocked without the need to change the Security Policy.
C. Connections to and from the specified target are blocked without the need to change the Security Policy.
D. Connections to and from the specified target are blocked with the need to change the Security Policy.
Correct Answer:
A. Connections from the specified source are blocked without the need to change the Security Policy.

Exam Question 140

According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):

A. Gateway
B. Interoperable Device
C. Externally managed gateway
D. Network Node
Correct Answer:
C. Externally managed gateway