The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.
Exam Question 261
Which of the following is NOT a role of the SmartCenter:
A. Status monitoring
B. Policy configuration
C. Certificate authority
D. Address translation
Correct Answer:
C. Certificate authority
Exam Question 262
Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.
A. Main
B. Authentication
C. Quick
D. High Alert
Correct Answer:
A. Main
Answer Description:
Phase I modes: Between Security Gateways, there are two modes for IKE phase I. These modes only apply to IKEv1:
- Main Mode
- Aggressive Mode
Exam Question 263
What is the BEST method to deploy Identity Awareness for roaming users?
A. Use Office Mode
B. Use identity agents
C. Share user identities between gateways
D. Use captive portal
Correct Answer:
B. Use identity agents
Answer Description:
Using Endpoint Identity Agents give you:
- User and machine identity
- Minimal user intervention: all necessary configuration is done by administrators and does not require user input.
- Seamless connectivity: transparent authentication using Kerberos Single Sign-On (SSO) when users are logged in to the domain. If you do not want to use SSO, users enter their credentials manually. You can let them save these credentials.
- Connectivity through roaming: users stay automatically identified when they move between networks, as the client detects the movement and reconnects.
Exam Question 264
What is the purpose of the Clean-up Rule?
A. To log all traffic that is not explicitly allowed or denied in the Rule Base
B. To clean up policies found inconsistent with the compliance blade reports
C. To remove all rules that could have a conflict with other rules in the database
D. To eliminate duplicate log entries in the Security Gateway
Correct Answer:
A. To log all traffic that is not explicitly allowed or denied in the Rule Base
Answer Description:
These are basic access control rules we recommend for all Rule Bases:
- Stealth rule that prevents direct access to the Security Gateway.
- Cleanup rule that drops all traffic that is not allowed by the earlier rules.
There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.
Exam Question 265
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
A. Application Control
B. Threat Emulation
C. Anti-Virus
D. Advanced Networking Blade
Correct Answer:
B. Threat Emulation
Exam Question 266
Which icon in the WebUI indicates that read/write access is enabled?
A. Pencil
B. Padlock
C. Book
D. Eyeglasses
Correct Answer:
A. Pencil
Exam Question 267
What is NOT an advantage of Stateful Inspection?
A. High Performance
B. Good Security
C. No Screening above Network layer
D. Transparency
Correct Answer:
A. High Performance
Exam Question 268
Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?
A. Kerberos Ticket Renewed
B. Kerberos Ticket Requested
C. Account Logon
D. Kerberos Ticket Timed Out
Correct Answer:
D. Kerberos Ticket Timed Out
Exam Question 269
In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT ________.
A. Upgrade the software version
B. Open WebUI
C. Open SSH
D. Open service request with Check Point Technical Support
Correct Answer:
C. Open SSH
Exam Question 270
What are the three deployment options available for a security gateway?
A. Distributed, Bridge Mode, and Remote
B. Bridge Mode, Remote, and Standalone
C. Remote, Standalone, and Distributed
D. Standalone, Distributed, and Bridge Mode
Correct Answer:
A. Distributed, Bridge Mode, and Remote