The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.
Exam Question 301
Examine the sample Rule Base.
What will be the result of a verification of the policy from SmartConsole?
A. No errors or Warnings
B. Verification Error: Empty Source-List and Service-List in Rule 5 (Mail Inbound)
C. Verification Error: Rule 4 (Web Inbound) hides Rule 6 (Webmaster access)
D. Verification Error: Rule 7 (Clean-Up Rule) hides Implicit Clean-up Rule
Correct Answer:
C. Verification Error: Rule 4 (Web Inbound) hides Rule 6 (Webmaster access)
Exam Question 302
You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?
A. Open SmartLog and connect remotely to the wireless controller
B. Open SmartEvent to see why they are being blocked
C. Open SmartDashboard and review the logs tab
D. Open SmartLog and filter for the IP address of the tablet
Correct Answer:
D. Open SmartLog and filter for the IP address of the tablet
Exam Question 303
Which SmartConsole tab is used to monitor network and security performance?
A. Manage & Settings
B. Security Policies
C. Gateway & Servers
D. Logs & Monitor
Correct Answer:
D. Logs & Monitor
Exam Question 304
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
A. RADIUS
B. Remote Access and RADIUS
C. All of the above
D. AD Query and Browser-based Authentication
Correct Answer:
D. AD Query and Browser-based Authentication
Answer Description:
Identity Awareness gets identities from these acquisition sources:
- AD Query
- Browser-Based Authentication
- Endpoint Identity Agent
- Terminal Servers Identity Agent
- Remote Access
Exam Question 305
Which of the following is NOT a policy type available for each policy package?
A. Threat Emulation
B. Access Control
C. Desktop Security
D. Threat Prevention
Correct Answer:
A. Threat Emulation
Exam Question 306
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?
A. The Gateway is an SMB device
B. The checkbox “Use only Shared Secret for all external members” is not checked
C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
D. Pre-shared secret is already configured in Global Properties
Correct Answer:
C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS
Exam Question 307
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
A. INSPECT Engine
B. Next-Generation Firewall
C. Packet Filtering
D. Application Layer Firewall
Correct Answer:
B. Next-Generation Firewall
Exam Question 308
View the rule below. What does the pen-symbol in the left column mean?
A. Those rules have been published in the current session.
B. Rules have been edited by the logged in administrator, but the policy has not been published yet.
C. Another user has currently locked the rules for editing.
D. The configuration lock is present. Click the pen symbol in order to gain the lock.
Correct Answer:
B. Rules have been edited by the logged in administrator, but the policy has not been published yet.
Exam Question 309
What data MUST be supplied to the SmartConsole System Restore window to restore a backup?
A. Server, Username, Password, Path, Version
B. Username, Password, Path, Version
C. Server, Protocol, Username, Password, Destination Path
D. Server, Protocol, Username, Password, Path
Correct Answer:
D. Server, Protocol, Username, Password, Path
Exam Question 310
When a Security Gateway sends its logs to an IP address other than its own, which deployment option is installed?
A. Distributed
B. Standalone
C. Bridge Mode
D. Targeted
Correct Answer:
A. Distributed
