The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.
Exam Question 221
What is the BEST command to view configuration details of all interfaces in Gaia CLISH?
A. ifconfig -a
B. show interfaces all
C. show interfaces detail
D. show configuration interfaces
Correct Answer:
D. show configuration interfaces
Exam Question 222
Which of the following is an authentication method used for Identity Awareness?
A. SSL
B. Captive Portal
C. PKI
D. RSA
Correct Answer:
B. Captive Portal
Exam Question 223
Which of the following commands is used to verify license installation?
A. Cplic verify license
B. Cplic print
C. Cplic show
D. Cplic license
Correct Answer:
B. Cplic print
Exam Question 224
To enforce the Security Policy correctly, a Security Gateway requires:
A. a routing table
B. awareness of the network topology
C. a Demilitarized Zone
D. a Security Policy install
Correct Answer:
B. awareness of the network topology
Answer Description:
The network topology represents the internal network (both the LAN and the DMZ) protected by the gateway. The gateway must be aware of the layout of the network topology to:
- Correctly enforce the Security Policy.
- Ensure the validity of IP addresses for inbound and outbound traffic.
- Configure a special domain for Virtual Private Networks.
Exam Question 225
Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?
A. The firewall topologies
B. NAT Rules
C. The Rule Base
D. The VPN Domains
Correct Answer:
C. The Rule Base
Exam Question 226
Which GUI tool can be used to view and apply Check Point licenses?
A. cpconfig
B. Management Command Line
C. SmartConsole
D. SmartUpdate
Correct Answer:
D. SmartUpdate
Answer Description:
SmartUpdate GUI is the recommended way of managing licenses.
Exam Question 227
How would you determine the software version from the CLI?
A. fw ver
B. fw stat
C. fw monitor
D. cpinfo
Correct Answer:
A. fw ver
Exam Question 228
Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?
A. AES-GCM-256
B. AES-CBC-256
C. AES-GCM-128
D. DES
Correct Answer:
B. AES-CBC-256
Exam Question 229
To create a policy for traffic to or from a specific geographical location, use the _____________.
A. Data Loss Prevention (DLP) shared policy
B. Geo policy shared policy
C. Mobile Access software blade
D. HTTPS Inspection
Correct Answer:
B. Geo policy shared policy
Answer Description:
Shared Policies: The Shared Policies section in the Security Policies shows the policies that are not in a Policy package.
They are shared between all Policy packages.
Shared policies are installed with the Access Control Policy.
- Mobile Access: Launch Mobile Access policy in a SmartConsole. Configure how your remote users access internal resources, such as their email accounts, when they are mobile.
- DLP: Launch Data Loss Prevention policy in a SmartConsole. Configure advanced tools to automatically identify data that must not go outside the network, to block the leak, and to educate users.
- Geo Policy: Create a policy for traffic to or from specific geographical or political locations.
Exam Question 230
After trust has been established between the Check Point components, what is TRUE about name and IPaddress changes?
A. Security Gateway IP-address cannot be changed without re-establishing the trust
B. The Security Gateway name cannot be changed in command line without re-establishing trust
C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust
D. The Security Management Server IP-address cannot be changed without re-establishing the trust
Correct Answer:
A. Security Gateway IP-address cannot be changed without re-establishing the trust