Check Point Certified Security Administrator (CCSA) 156-215.80 Exam Questions and Answers – Page 4

The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.

Check Point Certified Security Administrator (CCSA) 156-215.80 Exam Questions and Answers

Exam Question 301

Examine the sample Rule Base.
Examine the sample Rule Base.
What will be the result of a verification of the policy from SmartConsole?

A. No errors or Warnings
B. Verification Error: Empty Source-List and Service-List in Rule 5 (Mail Inbound)
C. Verification Error: Rule 4 (Web Inbound) hides Rule 6 (Webmaster access)
D. Verification Error: Rule 7 (Clean-Up Rule) hides Implicit Clean-up Rule
Correct Answer:
C. Verification Error: Rule 4 (Web Inbound) hides Rule 6 (Webmaster access)

Exam Question 302

You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?

A. Open SmartLog and connect remotely to the wireless controller
B. Open SmartEvent to see why they are being blocked
C. Open SmartDashboard and review the logs tab
D. Open SmartLog and filter for the IP address of the tablet
Correct Answer:
D. Open SmartLog and filter for the IP address of the tablet

Exam Question 303

Which SmartConsole tab is used to monitor network and security performance?

A. Manage & Settings
B. Security Policies
C. Gateway & Servers
D. Logs & Monitor
Correct Answer:
D. Logs & Monitor

Exam Question 304

When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

A. RADIUS
B. Remote Access and RADIUS
C. All of the above
D. AD Query and Browser-based Authentication
Correct Answer:
D. AD Query and Browser-based Authentication
Answer Description:
Identity Awareness gets identities from these acquisition sources:

  • AD Query
  • Browser-Based Authentication
  • Endpoint Identity Agent
  • Terminal Servers Identity Agent
  • Remote Access

Exam Question 305

Which of the following is NOT a policy type available for each policy package?

A. Threat Emulation
B. Access Control
C. Desktop Security
D. Threat Prevention
Correct Answer:
A. Threat Emulation

Exam Question 306

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?

A. The Gateway is an SMB device
B. The checkbox “Use only Shared Secret for all external members” is not checked
C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
D. Pre-shared secret is already configured in Global Properties
Correct Answer:
C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS

Exam Question 307

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

A. INSPECT Engine
B. Next-Generation Firewall
C. Packet Filtering
D. Application Layer Firewall
Correct Answer:
B. Next-Generation Firewall

Exam Question 308

View the rule below. What does the pen-symbol in the left column mean?
View the rule below. What does the pen-symbol in the left column mean?

A. Those rules have been published in the current session.
B. Rules have been edited by the logged in administrator, but the policy has not been published yet.
C. Another user has currently locked the rules for editing.
D. The configuration lock is present. Click the pen symbol in order to gain the lock.
Correct Answer:
B. Rules have been edited by the logged in administrator, but the policy has not been published yet.

Exam Question 309

What data MUST be supplied to the SmartConsole System Restore window to restore a backup?

A. Server, Username, Password, Path, Version
B. Username, Password, Path, Version
C. Server, Protocol, Username, Password, Destination Path
D. Server, Protocol, Username, Password, Path
Correct Answer:
D. Server, Protocol, Username, Password, Path

Exam Question 310

When a Security Gateway sends its logs to an IP address other than its own, which deployment option is installed?

A. Distributed
B. Standalone
C. Bridge Mode
D. Targeted
Correct Answer:
A. Distributed