The latest Check Point Certified Security Administrator (CCSA) 156-215.80 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Check Point Certified Security Administrator (CCSA) 156-215.80 exam and earn Check Point Certified Security Administrator (CCSA) 156-215.80 certification.
Exam Question 311
In ____________ NAT, the ____________ is translated.
A. Hide; source
B. Static; source
C. Simple; source
D. Hide; destination
Correct Answer:
A. Hide; source
Exam Question 312
An administrator wishes to enable Identity Awareness on the Check Point firewalls. However, they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?
A. AD Query
B. Browser-Based Authentication
C. Identity Agents
D. Terminal Servers Agent
Correct Answer:
B. Browser-Based Authentication
Exam Question 313
Which of the following situations would not require a new license to be generated and installed?
A. The Security Gateway is upgraded.
B. The existing license expires.
C. The license is upgraded.
D. The IP address of the Security Management or Security Gateway has changed.
Correct Answer:
A. The Security Gateway is upgraded.
Exam Question 314
When should you generate new licenses?
A. Before installing contract files.
B. After a device upgrade.
C. When the existing license expires, the license is upgraded, or the IP address associated with the license changes.
D. Only when the license is upgraded.
Correct Answer:
B. After a device upgrade.
Exam Question 315
When configuring Anti-Spoofing, which tracking options can an Administrator select?
A. Log, Send SNMP Trap, Email
B. Drop Packet, Alert, None
C. Log, Alert, None
D. Log, Allow Packets, Email
Correct Answer:
C. Log, Alert, None
Exam Question 316
Which of the following cannot be configured in an Access Role Object?
A. Users
B. Networks
C. Time
D. Machines
Correct Answer:
C. Time
Exam Question 317
Which software blade does NOT accompany the Threat Prevention policy?
A. Anti-virus
B. IPS
C. Threat Emulation
D. Application Control and URL Filtering
Correct Answer:
D. Application Control and URL Filtering
Exam Question 318
One of major features in R80.x SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the same Security Policy?
A. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
B. AdminA and AdminB are editing the same rule at the same time.
C. AdminB sees a pencil icon next the rule that AdminB is currently editing.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Correct Answer:
A. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
Answer Description:
In SmartConsole, administrators work with sessions. A session is created each time an administrator logs into SmartConsole. Changes made in the session are saved automatically. These changes are private and available only to the administrator. To avoid configuration conflicts, other administrators see a lock icon on objects and rules that are being edited in other sessions.
Exam Question 319
The default method for destination NAT is _____________, where NAT occurs on the inbound interface closest to the client.
A. Destination side
B. Source side
C. Server side
D. Client side
Correct Answer:
D. Client side
Answer Description:
As of VPN-1 NGX, the default method for Destination NAT is “client side”, where NAT occurs on the inbound interface closest to the client.
Exam Question 320
Which of the following is NOT a type of Endpoint Identity Agent?
A. Terminal
B. Light
C. Full
D. Custom
Correct Answer:
A. Terminal