The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.
Exam Question 291
An Endpoint identity agent uses a ___________ for user authentication.
A. Shared secret
B. Token
C. Username/password or Kerberos Ticket
D. Certificate
Correct Answer:
C. Username/password or Kerberos Ticket
Exam Question 292
What is the purpose of a Stealth Rule?
A. A rule used to hide a server’s IP address from the outside world.
B. A rule that allows administrators to access SmartDashboard from any device.
C. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.
D. A rule at the end of your policy to drop any traffic that is not explicitly allowed.
Correct Answer:
C. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.
Exam Question 293
Which SmartConsole tab shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
A. Gateway and Servers
B. Logs and Monitor
C. Manage and Settings
D. Security Policies
Correct Answer:
B. Logs and Monitor
Exam Question 294
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?
| No. | Hits | Name | Source | Destination | VPN | Services & Applications | Action | Track |
|---|---|---|---|---|---|---|---|---|
| 1 | 0 | Guest Access | GuestUsers | * Any | * Any | * Any | Accept | Log |
A. Right click Accept in the rule, select “More”, and then check “Enable Identity Captive Portal”
B. On the firewall object, Legacy Authentication screen, check “Enable Identity Captive Portal”
C. In the Captive Portal screen of Global Properties, check “Enable Identity Captive Portal”
D. On the Security Management Server object, check the box “Identity Logging”
Correct Answer:
A. Right click Accept in the rule, select “More”, and then check “Enable Identity Captive Portal”
Exam Question 295
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
A. Name of the application, identity of the user, and identity of the machine
B. Identity of the machine, username, and certificate
C. Network location, identity of a user, and identity of a machine
D. Browser-Based Authentication, identity of a user, and network location
Correct Answer:
C. Network location, identity of a user, and identity of a machine
Exam Question 296
Which option will match a connection regardless of its association with a VPN community?
A. All Site-to-Site VPN Communities
B. Accept all encrypted traffic
C. All Connections (Clear or Encrypted)
D. Specific VPN Communities
Correct Answer:
B. Accept all encrypted traffic
Exam Question 297
Which of the following is NOT a tracking log option in R80.x?
A. Log
B. Full Log
C. Detailed Log
D. Extended Log
Correct Answer:
C. Detailed Log
Exam Question 298
Where is the “Hit Count” feature enabled or disabled in SmartConsole?
A. On the Policy Package
B. On each Security Gateway
C. On the Policy layer
D. In Global Properties for the Security Management Server
Correct Answer:
B. On each Security Gateway
Exam Question 299
Which tool is used to enable cluster membership on a Gateway?
A. SmartUpdate
B. cpconfig
C. SmartConsole
D. sysconfig
Correct Answer:
B. cpconfig
Exam Question 300
Which key is created during Phase 2 of a site-to-site VPN?
A. Pre-shared secret
B. Diffie-Hellman Public Key
C. Symmetrical IPSec key
D. Diffie-Hellman Private Key
Correct Answer:
C. Symmetrical IPSec key