DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest 2024 Check Point 156-215 Certification Questions & Mock Tests, Check Point Certified Security Administrator R80 | SPOTO

Seeking the latest resources to earn the Check Point Certified Security Administrator (CCSA) R80 certification in 2024? Our up-to-date 156-215 certification questions and mock tests are essential prep materials. Access hundreds of current online exam questions, sample questions, and practice tests covering Security Gateway, Management Software Blades, and the GAiA operating system. These realistic exam dumps allow you to experience the actual certification exam format. Identify knowledge gaps through our comprehensive test prep featuring exam questions and answers. Regular practice with these free online exam materials is key to passing the challenging CCSA R80 certification. Start today with our latest 2024 mock tests - experiencing authentic practice could make the difference in your success!
Take other online exams

Question #1
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondary Smartcenter
B. active Smartcenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter
View answer
Correct Answer: B
Question #2
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
View answer
Correct Answer: B
Question #3
SmartEvent does NOT use which of the following procedures to identity events:
A. Matching a log against each event definition
B. Create an event candidate
C. Matching a log against local exclusions
D. Matching a log against global exclusions
View answer
Correct Answer: C
Question #4
To fully enable Dynamic Dispatcher on a Security Gateway:
A. run fw ctl multik set_mode 9 in Expert mode and then reboot
B. Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu
C. Edit /proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot
D. run fw ctl multik set_mode 1 in Expert mode and then reboot
View answer
Correct Answer: A
Question #5
Which of the following is the most secure means of authentication?
A. Password
B. Certificate
C. Token
D. Pre-shared secret
View answer
Correct Answer: B
Question #6
In R80 Management, apart from using SmartConsole, objects or rules can also be modified using:
A. 3rd Party integration of CLI and API for Gateways prior to R80
B. A complete CLI and API interface using SSH and custom CPCode integration
C. 3rd Party integration of CLI and API for Management prior to R80
D. A complete CLI and API interface for Management with 3rd Party integration
View answer
Correct Answer: B
Question #7
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. UDP port 265
B. TCP port 265
C. UDP port 256
D. TCP port 256
View answer
Correct Answer: B
Question #8
What is a reason for manual creation of a NAT rule?
A. In R80 all Network Address Translation is done automatically and there is no need for manually defined NAT-rules
B. Network Address Translation of RFC1918-compliant networks is needed to access the Internet
C. Network Address Translation is desired for some services, but not for others
D. The public IP-address is different from the gateway’s external IP
View answer
Correct Answer: D
Question #9
You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?
A. show unsaved
B. show save-state
C. show configuration diff
D. show config-state
View answer
Correct Answer: D
Question #10
As a Security Administrator, you must refresh the Client Authentication authorized time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:
A. in the user object's Authentication screen
B. in the Gateway object's Authentication screen
C. in the Limit tab of the Client Authentication Action Properties screen
D. in the Global Properties Authentication screen
View answer
Correct Answer: C
Question #11
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
B. fw ctl pst pstat
C. show all connections
D. show connections
View answer
Correct Answer: B
Question #12
Under which file is the proxy arp configuration stored?
A. $FWDIR/state/proxy_arp
B. $FWDIR/conf/local
C. $FWDIR/state/_tmp/proxy
D. $FWDIR/conf/local
View answer
Correct Answer: D
Question #13
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
View answer
Correct Answer: B
Question #14
Fill in the blank: To create policy for traffic to or from a particular location, use the _____________.
A. DLP shared policy
B. Geo policy shared policy
C. Mobile Access software blade
D. HTTPS inspection
View answer
Correct Answer: B
Question #15
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The c
A. John should lock and unlock his computer
B. Investigate this as a network connectivity issue
C. The access should be changed to authenticate the user instead of the PC
D. John should install the Identity Awareness Agent
View answer
Correct Answer: C
Question #16
What are the steps to configure the HTTPS Inspection Policy?
A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard
B. Go to Application&url filtering blade > Advanced > Https Inspection > Policy
C. Go to Manage&Settings > Blades > HTTPS Inspection > Policy
D. Go to Application&url filtering blade > Https Inspection > Policy
View answer
Correct Answer: C
Question #17
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
B. Edit the file /etc/sysconfig/netconf
C. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56
D. Open the WebUI, select Network > Connections > eth0
View answer
Correct Answer: C
Question #18
Which NAT rules are prioritized first?
A. Post-Automatic/Manual NAT rules
B. Manual/Pre-Automatic NAT
C. Automatic Hide NAT
D. Automatic Static NAT
View answer
Correct Answer: B
Question #19
Which of these attributes would be critical for a site-to-site VPN?
A. Scalability to accommodate user groups
B. Centralized management
C. Strong authentication
D. Strong data encryption
View answer
Correct Answer: D
Question #20
When an encrypted packet is decrypted, where does this happen?
A. Security policy
B. Inbound chain
C. Outbound chain
D. Decryption is not supported
View answer
Correct Answer: A
Question #21
What is the BEST command to view configuration details of all interfaces in Gaia CLISH?
A. ifconfig -a
B. show interfaces
C. show interfaces detail
D. show configuration interface
View answer
Correct Answer: D
Question #22
You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
View answer
Correct Answer: A
Question #23
How do you configure an alert in SmartView Monitor?
A. An alert cannot be configured in SmartView Monitor
B. By choosing the Gateway, and Configure Thresholds
C. By right-clicking on the Gateway, and selecting Properties
D. By right-clicking on the Gateway, and selecting System Information
View answer
Correct Answer: B
Question #24
Consider the Global Properties following settings: The selected option “Accept Domain Name over UDP (Queries)” means:
A. UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule written by Administrator in a Security Policy
B. All UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy
C. No UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security Policy
D. All UDP Queries will be accepted by the traffic allowed by first explicit rule written by Administrator in a Security Policy
View answer
Correct Answer: A
Question #25
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?
A. Export R80 configuration, clean install R80
B. CPUSE online upgrade
C. CPUSE offline upgrade
D. SmartUpdate upgrade
View answer
Correct Answer: C
Question #26
When connected to the Check Point R80 Management Server using the SmartConsole the first administrator to connect has a lock on:
A. Only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network
B. The entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only
C. The entire Management Database and all sessions and other administrators can connect only as Read-only
D. Only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions
View answer
Correct Answer: D
Question #27
True or False: The destination server for Security Gateway logs depends on a Security Management Server configuration.
A. False, log servers are configured on the Log Server General Properties
B. True, all Security Gateways will only forward logs with a SmartCenter Server configuration
C. True, all Security Gateways forward logs automatically to the Security Management Server
D. False, log servers are enabled on the Security Gateway General Properties
View answer
Correct Answer: B
Question #28
Which of the following describes how Threat Extraction functions?
A. Detect threats and provides a detailed report of discovered threats
B. Proactively detects threats
C. Delivers file with original content
D. Delivers PDF versions of original files with active content removed
View answer
Correct Answer: B
Question #29
What is the purpose of Priority Delta in VRRP?
A. When a box is up, Effective Priority = Priority + Priority Delta
B. When an Interface is up, Effective Priority = Priority + Priority Delta
C. When an Interface fails, Effective Priority = Priority - Priority Delta
D. When a box fails, Effective Priority = Priority - Priority Delta
View answer
Correct Answer: C
Question #30
What are types of Check Point APIs available currently as part of R80.10 code?
A. Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API
B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
C. OSE API, OPSEC SDK API, Threat Prevention API and Policy Editor API
D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: