Check Point Certified Security Administrator (CCSA) 156-215.80 Exam Questions and Answers – Page 3

The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.

Exam Question 291

An Endpoint identity agent uses a ___________ for user authentication.

A. Shared secret
B. Token
C. Username/password or Kerberos Ticket
D. Certificate
Correct Answer:
C. Username/password or Kerberos Ticket

Exam Question 292

What is the purpose of a Stealth Rule?

A. A rule used to hide a server’s IP address from the outside world.
B. A rule that allows administrators to access SmartDashboard from any device.
C. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.
D. A rule at the end of your policy to drop any traffic that is not explicitly allowed.
Correct Answer:
C. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.

Exam Question 293

Which SmartConsole tab shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

A. Gateway and Servers
B. Logs and Monitor
C. Manage and Settings
D. Security Policies
Correct Answer:
B. Logs and Monitor

Exam Question 294

You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

No.HitsNameSourceDestinationVPNServices & ApplicationsActionTrack
10Guest AccessGuestUsers* Any* Any* AnyAcceptLog

A. Right click Accept in the rule, select “More”, and then check “Enable Identity Captive Portal”
B. On the firewall object, Legacy Authentication screen, check “Enable Identity Captive Portal”
C. In the Captive Portal screen of Global Properties, check “Enable Identity Captive Portal”
D. On the Security Management Server object, check the box “Identity Logging”
Correct Answer:
A. Right click Accept in the rule, select “More”, and then check “Enable Identity Captive Portal”

Exam Question 295

Identity Awareness allows the Security Administrator to configure network access based on which of the following?

A. Name of the application, identity of the user, and identity of the machine
B. Identity of the machine, username, and certificate
C. Network location, identity of a user, and identity of a machine
D. Browser-Based Authentication, identity of a user, and network location
Correct Answer:
C. Network location, identity of a user, and identity of a machine

Exam Question 296

Which option will match a connection regardless of its association with a VPN community?

A. All Site-to-Site VPN Communities
B. Accept all encrypted traffic
C. All Connections (Clear or Encrypted)
D. Specific VPN Communities
Correct Answer:
B. Accept all encrypted traffic

Exam Question 297

Which of the following is NOT a tracking log option in R80.x?

A. Log
B. Full Log
C. Detailed Log
D. Extended Log
Correct Answer:
C. Detailed Log

Exam Question 298

Where is the “Hit Count” feature enabled or disabled in SmartConsole?

A. On the Policy Package
B. On each Security Gateway
C. On the Policy layer
D. In Global Properties for the Security Management Server
Correct Answer:
B. On each Security Gateway

Exam Question 299

Which tool is used to enable cluster membership on a Gateway?

A. SmartUpdate
B. cpconfig
C. SmartConsole
D. sysconfig
Correct Answer:
B. cpconfig

Exam Question 300

Which key is created during Phase 2 of a site-to-site VPN?

A. Pre-shared secret
B. Diffie-Hellman Public Key
C. Symmetrical IPSec key
D. Diffie-Hellman Private Key
Correct Answer:
C. Symmetrical IPSec key