DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

156-215 Practice Tests, Mock Tests & Study Resources, Check Point Certified Security Administrator R80 | SPOTO

spoto provides comprehensive exam materials to help you succeed on the Check Point Certified Security Administrator (CCSA) R80 certification. Our free test questions, online exam questions, sample questions, and exam dumps cover the full scope of objectives for installing, configuring, and maintaining Check Point Security Gateway and Management Software Blade systems on GAiA. Realistic practice tests and mock exams with exam questions and answers allow you to study actual CCSA R80 exam content. Up-to-date exam practice materials and study resources ensure you are prepared for the latest certification topics validating your skills on the R80 platform. Utilizing our latest practice tests is the best way to get ready and pass your CCSA certification exam on the first attempt.
Take other online exams

Question #1
Which options are given on features, when editing a Role on Gaia Platform?
A. Read/Write, Read Only
B. Read/Write, Read only, None
C. Read/Write, None
D. Read Only, None
View answer
Correct Answer: D
Question #2
Which of the following is NOT a component of Check Point Capsule?
A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace
View answer
Correct Answer: C
Question #3
By default, which port does the WebUI listen on?
A. 80
B. 4434
C. 443
D. 8080
View answer
Correct Answer: A
Question #4
When using Monitored circuit VRRP, what is a priority delta?
A. When an interface fails the priority changes to the priority delta
B. When an interface fails the delta claims the priority
C. When an interface fails the priority delta is subtracted from the priority
D. When an interface fails the priority delta decides if the other interfaces takes over
View answer
Correct Answer: A
Question #5
What is the Transport layer of the TCP/IP model responsible for?
A. It transports packets as datagrams along different routes to reach their destination
B. It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application
C. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer
D. It deals with all aspects of the physical components of network connectivity and connects with different network types
View answer
Correct Answer: B
Question #6
Which of these attributes would be critical for a site-to-site VPN?
A. Scalability to accommodate user groups
B. Centralized management
C. Strong authentication
D. Strong data encryption
View answer
Correct Answer: B
Question #7
Where would an administrator enable Implied Rules logging?
A. In Smart Log Rules View
B. In SmartDashboard on each rule
C. In Global Properties under Firewall
D. In Global Properties under log and alert
View answer
Correct Answer: D
Question #8
Review the rules. Assume domain UDP is enabled in the implied rules. What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
A. can connect to the Internet successfully after being authenticated
B. is prompted three times before connecting to the Internet successfully
C. can go to the Internet after Telnetting to the client authentication daemon port 259
D. can go to the Internet, without being prompted for authentication
View answer
Correct Answer: D
Question #9
Which of the following uses the same key to decrypt as it does to encrypt?
A. Asymmetric encryption
B. Dynamic encryption
C. Certificate-based encryption
D. Symmetric encryption
View answer
Correct Answer: A
Question #10
True or False: In R80, more than one administrator can login to the Security Management Server with write permission at the same time.
A. False, this feature has to be enabled in the Global Properties
B. True, every administrator works in a session that is independent of the other administrators
C. True, every administrator works on a different database that is independent of the other administrators
D. False, only one administrator can login with write permission
View answer
Correct Answer: C
Question #11
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
A. ThreatWiki
B. Whitelist Files
C. AppWiki
D. IPS Protections
View answer
Correct Answer: A
Question #12
Fill in the blank: An identity server uses a ___________ for user authentication.
A. Shared secret
B. Certificate
C. One-time password
D. Token
View answer
Correct Answer: B
Question #13
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
View answer
Correct Answer: D
Question #14
What happens when you run the command: fw sam -J src [Source IP Address]?
A. Connections from the specified source are blocked without the need to change the Security Policy
B. Connections to the specified target are blocked without the need to change the Security Policy
C. Connections to and from the specified target are blocked without the need to change the Security Policy
D. Connections to and from the specified target are blocked with the need to change the Security Policy
View answer
Correct Answer: A
Question #15
Which is the correct order of a log flow processed by SmartEvent components:
A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
B. Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
View answer
Correct Answer: B
Question #16
Which policy type has its own Exceptions section?
A. Thread Prevention
B. Access Control
C. Threat Emulation
D. Desktop Security
View answer
Correct Answer: A
Question #17
When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:
A. Security Management Server’s /home/
B. Windows registry is available for future Security Management Server authentications
C. there is no memory used for saving a fingerprint anyway
D. SmartConsole cache is available for future Security Management Server authentications
View answer
Correct Answer: C
Question #18
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondary Smartcenter
B. active Smartcenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter
View answer
Correct Answer: D
Question #19
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
A. Dropped without sending a negative acknowledgment
B. Dropped without logs and without sending a negative acknowledgment
C. Dropped with negative acknowledgment
D. Dropped with logs and without sending a negative acknowledgment
View answer
Correct Answer: C
Question #20
SmartEvent does NOT use which of the following procedures to identity events:
A. Matching a log against each event definition
B. Create an event candidate
C. Matching a log against local exclusions
D. Matching a log against global exclusions
View answer
Correct Answer: A
Question #21
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
A. Using Web Services
B. Using Mgmt_cli tool
C. Using CLISH
D. Using SmartConsole GUI console
View answer
Correct Answer: A
Question #22
Please choose correct command syntax to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
A. host name myHost12 ip-address 10
B. mgmt add host name ip-address 10
C. add host name emailserver1 ip-address 10
D. mgmt add host name emailserver1 ip-address 10
View answer
Correct Answer: D
Question #23
What SmartEvent component creates events?
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI
View answer
Correct Answer: A
Question #24
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enable which path is handling the traffic?
A. Slow Path
B. Medium Path
C. Fast Path
D. Accelerated Path
View answer
Correct Answer: A
Question #25
You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor. Unfortunately, you get the message: “There are no machines that contain Firewall Blade and SmartView Monitor”. What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.
A. Purchase the SmartView Monitor license for your Security Management Server
B. Enable Monitoring on your Security Management Server
C. Purchase the SmartView Monitor license for your Security Gateway
D. Enable Monitoring on your Security Gateway
View answer
Correct Answer: A
Question #26
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?
A. SandBlast Threat Emulation
B. SandBlast Agent
C. Check Point Protect
D. SandBlast Threat Extraction
View answer
Correct Answer: B
Question #27
What is the benefit of Manual NAT over Automatic NAT?
A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy
B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
C. You have the full control about the priority of the NAT rules
D. On IPSO and GAIA Gateways, it is handled in a Stateful manner
View answer
Correct Answer: B
Question #28
When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?
A. Any size
B. Less than 20GB
C. More than 10GB and less than 20 GB
D. At least 20GB
View answer
Correct Answer: C
Question #29
With which command can you view the running configuration of Gaia-based system.
A. show conf-active
B. show configuration active
C. show configuration
D. show running-configuration
View answer
Correct Answer: A
Question #30
Which statement is NOT TRUE about Delta synchronization?
A. Using UDP Multicast or Broadcast on port 8161
B. Using UDP Multicast or Broadcast on port 8116
C. Quicker than Full sync
D. Transfers changes in the Kernel tables between cluster members
View answer
Correct Answer: D
Question #31
The CDT utility supports which of the following?
A. Major version upgrades to R77
B. Only Jumbo HFA’s and hotfixes
C. Only major version upgrades to R80
D. All upgrades
View answer
Correct Answer: A
Question #32
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
A. You can only use the rule for Telnet, FTP, SMPT, and rlogin services
B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server
C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out
D. You can limit the authentication attempts in the User Properties' Authentication tab
View answer
Correct Answer: D
Question #33
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
A. 18210
B. 18184C
D. 18191
View answer
Correct Answer: D
Question #34
Which Threat Prevention Profile is not included by default in R80 Management?
A. Basic – Provides reliable protection on a range of non-HTTP protocols for servers, with minimal impact on network performance
B. Optimized – Provides excellent protection for common network products and protocols against recent or popular attacks
C. Strict – Provides a wide coverage for all products and protocols, with impact on network performance
D. Recommended – Provides all protection for all common network products and servers, with impact on network performance
View answer
Correct Answer: D
Question #35
Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?
A. SmartManager
B. SmartConsole
C. Security Gateway
D. Security Management Server
View answer
Correct Answer: B
Question #36
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The
A. John should lock and unlock his computer
B. Investigate this as a network connectivity issue
C. The access should be changed to authenticate the user instead of the PC
D. John should install the Identity Awareness Agent
View answer
Correct Answer: D
Question #37
You have discovered activity in your network. What is the BEST immediate action to take?
A. Create a policy rule to block the traffic
B. Create a suspicious action rule to block that traffic
C. Wait until traffic has been identified before making any changes
D. Contact ISP to block the traffic
View answer
Correct Answer: A
Question #38
Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?
A. The firewall topologies
B. NAT Rules
C. The Rule Base
D. The VPN Domains
View answer
Correct Answer: ACD
Question #39
Which NAT rules are prioritized first?
A. Post-Automatic/Manual NAT rules
B. Manual/Pre-Automatic NAT
C. Automatic Hide NAT
D. Automatic Static NAT
View answer
Correct Answer: D
Question #40
What is the command to see cluster status in cli expert mode?
A. fw ctl stat
B. clusterXL stat
C. clusterXL statusD
View answer
Correct Answer: B
Question #41
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall can run the same policy on all cores
View answer
Correct Answer: D
Question #42
Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?
A. All options stop Check Point processes
B. backup
C. migrate export
D. snapshot
View answer
Correct Answer: A
Question #43
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm's business partners. Which SmartConsole application should you use to confirm your suspicious?
A. SmartDashboard
B. SmartUpdate
C. SmartView Status
D. SmartView Tracker
View answer
Correct Answer: B
Question #44
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?
A. Export R80 configuration, clean install R80
B. CPUSE online upgrade
C. CPUSE offline upgrade
D. SmartUpdate upgrade
View answer
Correct Answer: A
Question #45
Which of the following is NOT a tracking option? (Select three)
A. Partial log
B. Log
C. Network log
D. Full log
View answer
Correct Answer: C
Question #46
Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server. He can do this via WebUI or a via CLI. Which command should be use in CLI? Choose the correct answer.
A. remove database lock
B. The database feature has one command lock database override
C. override database lock
D. The database feature has two commands: lock database override and unlock database
View answer
Correct Answer: D
Question #47
Which of the following describes how Threat Extraction functions?
A. Detect threats and provides a detailed report of discovered threats
B. Proactively detects threats
C. Delivers file with original content
D. Delivers PDF versions of original files with active content removed
View answer
Correct Answer: B
Question #48
As a Security Administrator, you must refresh the Client Authentication authorized time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:
A. in the user object's Authentication screen
B. in the Gateway object's Authentication screen
C. in the Limit tab of the Client Authentication Action Properties screen
D. in the Global Properties Authentication screen
View answer
Correct Answer: B
Question #49
You want to store the GAiA configuration in a file for later reference. What command should you use?
A. write mem
B. show config -f
C. save config -o
D. save configuration
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: