Check Point Certified Security Administrator (CCSA) 156-215.80 Exam Questions and Answers – Page 3

The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.

Exam Question 221

What is the BEST command to view configuration details of all interfaces in Gaia CLISH?

A. ifconfig -a
B. show interfaces all
C. show interfaces detail
D. show configuration interfaces
Correct Answer:
D. show configuration interfaces

Exam Question 222

Which of the following is an authentication method used for Identity Awareness?

A. SSL
B. Captive Portal
C. PKI
D. RSA
Correct Answer:
B. Captive Portal

Exam Question 223

Which of the following commands is used to verify license installation?

A. Cplic verify license
B. Cplic print
C. Cplic show
D. Cplic license
Correct Answer:
B. Cplic print

Exam Question 224

To enforce the Security Policy correctly, a Security Gateway requires:

A. a routing table
B. awareness of the network topology
C. a Demilitarized Zone
D. a Security Policy install
Correct Answer:
B. awareness of the network topology
Answer Description:
The network topology represents the internal network (both the LAN and the DMZ) protected by the gateway. The gateway must be aware of the layout of the network topology to:

  • Correctly enforce the Security Policy.
  • Ensure the validity of IP addresses for inbound and outbound traffic.
  • Configure a special domain for Virtual Private Networks.

Exam Question 225

Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?

A. The firewall topologies
B. NAT Rules
C. The Rule Base
D. The VPN Domains
Correct Answer:
C. The Rule Base

Exam Question 226

Which GUI tool can be used to view and apply Check Point licenses?

A. cpconfig
B. Management Command Line
C. SmartConsole
D. SmartUpdate
Correct Answer:
D. SmartUpdate
Answer Description:
SmartUpdate GUI is the recommended way of managing licenses.

Exam Question 227

How would you determine the software version from the CLI?

A. fw ver
B. fw stat
C. fw monitor
D. cpinfo
Correct Answer:
A. fw ver

Exam Question 228

Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?

A. AES-GCM-256
B. AES-CBC-256
C. AES-GCM-128
D. DES
Correct Answer:
B. AES-CBC-256

Exam Question 229

To create a policy for traffic to or from a specific geographical location, use the _____________.

A. Data Loss Prevention (DLP) shared policy
B. Geo policy shared policy
C. Mobile Access software blade
D. HTTPS Inspection
Correct Answer:
B. Geo policy shared policy
Answer Description:
Shared Policies: The Shared Policies section in the Security Policies shows the policies that are not in a Policy package.
They are shared between all Policy packages.
Shared policies are installed with the Access Control Policy.

  • Mobile Access: Launch Mobile Access policy in a SmartConsole. Configure how your remote users access internal resources, such as their email accounts, when they are mobile.
  • DLP: Launch Data Loss Prevention policy in a SmartConsole. Configure advanced tools to automatically identify data that must not go outside the network, to block the leak, and to educate users.
  • Geo Policy: Create a policy for traffic to or from specific geographical or political locations.

Exam Question 230

After trust has been established between the Check Point components, what is TRUE about name and IPaddress changes?

A. Security Gateway IP-address cannot be changed without re-establishing the trust
B. The Security Gateway name cannot be changed in command line without re-establishing trust
C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust
D. The Security Management Server IP-address cannot be changed without re-establishing the trust
Correct Answer:
A. Security Gateway IP-address cannot be changed without re-establishing the trust