DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

156-215 Exam Essentials: Exam Questions & Practice Tests, Check Point Certified Security Administrator R80 | SPOTO

Welcome to our comprehensive resource hub for 156-215 Exam Essentials! Aspiring Check Point Certified Security Administrators (CCSA) R80 can access a wealth of exam preparation materials tailored to their needs. Dive into our extensive collection of exam questions and practice tests, including free tests, online exam questions, sample questions, and mock exams. Whether you're in search of exam dumps or detailed exam questions and answers, our platform has you covered. Our latest practice tests and exam materials are designed to equip you with the knowledge and skills necessary to excel in the certification exam. Prepare with confidence as you learn to install, configure, and maintain Check Point Security Gateway and Management Software Blade systems on the GAiA operating system. Let SPOTO guide you towards certification success with our unparalleled resources.
Take other online exams
Question #1
You are the administrator for Alpha Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it. What does this mean?
A. The rule No
B. The rule No
C. The rule No
D. The rule No
View answer
Correct Answer: C
Question #2
One of major features in R80 SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the same Security Policy?
A. A lock icon shows that a rule or an object is locked and will be available
B. AdminA and AdminB are editing the same rule at the same time
C. A lock icon next to a rule informs that any Administrator is working on this particular rule
D. AdminA, AdminB and AdminC are editing three different rules at the same time
View answer
Correct Answer: B
Question #3
Fill in the blank: With the User Directory Software Blade, you can create R80 user definitions on a(an) ___________ Server.
A. NT domain
B. SMTP
C. LDAP
D. SecurID
View answer
Correct Answer: C
Question #4
Web Control Layer has been set up using the settings in the following dialogue: Consider the following policy and select the BEST answer.
A. Traffic that does not match any rule in the subpolicy is dropped
B. All employees can access only Youtube and Vimeo
C. Access to Youtube and Vimeo is allowed only once a day
D. Anyone from internal network can access the internet, expect the traffic defined in drop rules 5
View answer
Correct Answer: D
Question #5
When should you generate new licenses?
A. Before installing contract files
B. After an RMA procedure when the MAC address or serial number of the appliance changes
C. When the existing license expires, license is upgraded or the IP-address where the license is tied changes
D. Only when the license is upgraded
View answer
Correct Answer: C
Question #6
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
A. High Availability
B. Load Sharing Multicast
C. Load Sharing Pivot
D. Master/Backup
View answer
Correct Answer: B
Question #7
What Check Point tool is used to automatically update Check Point products for the Gaia OS?
A. Check Point INSPECT Engine
B. Check Point Upgrade Service Engine
C. Check Point Update Engine
D. Check Point Upgrade Installation Service
View answer
Correct Answer: A
Question #8
What is the purpose of a Clean-up Rule?
A. Clean-up Rules do not server any purpose
B. Provide a metric for determining unnecessary rules
C. To drop any traffic that is not explicitly allowed
D. Used to better optimize a policy
View answer
Correct Answer: D
Question #9
Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.
A. On all satellite gateway to satellite gateway tunnels
B. On specific tunnels for specific gateways
C. On specific tunnels in the community
D. On specific satellite gateway to central gateway tunnels
View answer
Correct Answer: D
Question #10
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .
A. The license is attached to the wrong Security Gateway
B. The existing license expires
C. The license is upgraded
D. The IP address of the Security Management or Security Gateway has changed
View answer
Correct Answer: A
Question #11
Fill in the blank: To build an effective Security Policy, use a ________ and _______ rule.
A. Cleanup; stealth
B. Stealth; implicit
C. Cleanup; default
D. Implicit; explicit
View answer
Correct Answer: A
Question #12
What is the purpose of the CPCA process?
A. Monitoring the status of processes
B. Sending and receiving logs
C. Communication between GUI clients and the SmartCenter server
D. Generating and modifying certificates
View answer
Correct Answer: A
Question #13
Which of the following are types of VPN communicates?
A. Pentagon, star, and combination
B. Star, octagon, and combination
C. Combined and star
D. Meshed, star, and combination
View answer
Correct Answer: D
Question #14
After the initial installation on Check Point appliance, you notice that the Management interface and default gateway are incorrect. Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
A. set interface Mgmt ipv4-address 192
B. add interface Mgmt ipv4-address 192
C. set interface Mgmt ipv4-address 192
D. add interface Mgmt ipv4-address 192
View answer
Correct Answer: A
Question #15
What is the most complete definition of the difference between the Install Policy button on the SmartConsole’s tab, and the Install Policy within a specific policy?
A. The Global one also saves and published the session before installation
B. The Global one can install multiple selected policies at the same time
C. The local one does not install the Anti-Malware policy along with the Network policy
D. The second one pre-select the installation for only the current policy and for the applicable gateways
View answer
Correct Answer: B
Question #16
What is the default method for destination NAT?
A. Destination side
B. Source side
C. Server side
D. Client side
View answer
Correct Answer: D
Question #17
Administrator wishes to update IPS from SmartConsole by clicking on the option “update now” under the IPS tab. Which device requires internet access for the update to work?
A. Security Gateway
B. Device where SmartConsole is installed
C. SMS
D. SmartEvent
View answer
Correct Answer: B
Question #18
In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT
A. Upgrade the software version
B. Open WebUI
C. Open SSH
D. Open service request with Check Point Technical Support
View answer
Correct Answer: C
Question #19
How is communication between different Check Point components secured in R80? As with all questions, select the best answer.
A. By using IPSEC
B. By using SIC
C. By using ICA
D. By using 3DES
View answer
Correct Answer: A
Question #20
The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?
A. Add tcpdump to CLISH using add command
B. Add tcpdump to CLISH using add command
C. Create a new access role
D. Create a new access role
View answer
Correct Answer: D
Question #21
What are the three deployment considerations for a secure network?
A. Distributed, Bridge Mode, and Remote
B. Bridge Mode, Remote, and Standalone
C. Remote, Standalone, and Distributed
D. Standalone, Distributed, and Bridge Mode
View answer
Correct Answer: C
Question #22
View the rule below. What does the lock-symbol in the left column mean? Select the BEST answer.
A. The current administrator has read-only permissions to Threat Prevention Policy
B. Another user has locked the rule for editing
C. Configuration lock is present
D. The current administrator is logged in as read-only because someone else is editing the policy
View answer
Correct Answer: B
Question #23
What is the default shell of Gaia CLI?
A. Monitor
B. CLI
C. Read-only
D. Bash
View answer
Correct Answer: B
Question #24
In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server (Security Management Server)?
A. Display policies and logs on the administrator's workstation
B. Verify and compile Security Policies
C. Processing and sending alerts such as SNMP traps and email notifications
D. Store firewall logs to hard drive storage
View answer
Correct Answer: A
Question #25
Office mode means that:
A. SecureID client assigns a routable MAC address
B. Users authenticate with an Internet browser and use secure HTTPS connection
C. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user
D. Allows a security gateway to assign a remote client an IP address
View answer
Correct Answer: D
Question #26
Which of the following is NOT an advantage to using multiple LDAP servers?
A. You achieve a faster access time by placing LDAP servers containing the database at remote sites
B. Information on a user is hidden, yet distributed across several servers
C. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
D. You gain High Availability by replicating the same information on several servers
View answer
Correct Answer: B
Question #27
Examine the following Rule Base. What can we infer about the recent changes made to the Rule Base?
A. Rule 7 was created by the 'admin' administrator in the current session
B. 8 changes have been made by administrators since the last policy installation
C. Te rules 1, 5 and 6 cannot be edited by the 'admin' administrator
D. Rule 1 and object webserver are locked by another administrator
View answer
Correct Answer: D
Question #28
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
A. All Connections (Clear or Encrypted)
B. Accept all encrypted traffic
C. Specific VPN Communities
D. All Site-to-Site VPN Communities
View answer
Correct Answer: A
Question #29
Which icon indicates that read/write access is enabled?
A. Pencil
B. Padlock
C. Book
D. Eyeglasses
View answer
Correct Answer: C
Question #30
What does ExternalZone represent in the presented rule?
A. The Internet
B. Interfaces that administrator has defined to be part of External Security Zone
C. External interfaces on all security gateways
D. External interfaces of specific gateways
View answer
Correct Answer: B
Question #31
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right protections in place. Check Point has been selected for the security vendor. Which Check Point products protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users
A. IPS and Application Control
B. IPS, anti-virus and anti-bot
C. IPS, anti-virus and e-mail security
D. SandBlast
View answer
Correct Answer: D
Question #32
Identify the ports to which the Client Authentication daemon listens on by default?
A. 259, 900
B. 256, 257
C. 8080, 529
D. 80, 256
View answer
Correct Answer: B
Question #33
The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is _______ .
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
View answer
Correct Answer: D
Question #34
To view statistics on detected threats, which Threat Tool would an administrator use?
A. Protections
B. IPS Protections
C. Profiles
D. ThreatWiki
View answer
Correct Answer: C
Question #35
What are the three authentication methods for SIC?
A. Passwords, Users, and standards-based SSL for the creation of security channels
B. Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption
C. Packet Filtering, certificates, and 3DES or AES128 for encryption
D. Certificates, Passwords, and Tokens
View answer
Correct Answer: B
Question #36
Consider the Global Properties following settings: The selected option “Accept Domain Name over UDP (Queries)” means:
A. UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule written by Administrator in a Security Policy
B. All UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy
C. No UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy
D. All UDP Queries will be accepted by the traffic allowed by first explicit rule written by Administrator in a Security Policy
View answer
Correct Answer: B
Question #37
Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?
A. Kerberos Ticket Renewed
B. Kerberos Ticket Requested
C. Account Logon
D. Kerberos Ticket Timed Out
View answer
Correct Answer: A
Question #38
If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer.
A. Publish or discard the session
B. Revert the session
C. Save and install the Policy
D. Delete older versions of database
View answer
Correct Answer: A
Question #39
What is the purpose of Captive Portal?
A. It provides remote access to SmartConsole
B. It manages user permission in SmartConsole
C. It authenticates users, allowing them access to the Internet and corporate resources
D. It authenticates users, allowing them access to the Gaia OS
View answer
Correct Answer: C
Question #40
Which of the following is used to initially create trust between a Gateway and Security Management Server?
A. Internal Certificate Authority
B. Token
C. One-time Password
D. Certificate
View answer
Correct Answer: D
Question #41
You are unable to login to SmartDashboard. You log into the management server and run #cpwd_admin list with the following output: What reason could possibly BEST explain why you are unable to connect to SmartDashboard?
A. CDP is down
B. SVR is down
C. FWM is down
D. CPSM is down
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.