Free 156-215.80 Sample Questions — Check Point Certified Security Administrator (CCSA R80)

What licensing feature automatically verifies current licenses and activates new licenses added to the License and Contracts repository?

• A. Verification tool
• B. Verification licensing
• C. Automatic licensing
• D. Automatic licensing and Verification tool

Where would an administrator enable Implied Rules logging?

• A. In Smart Log Rules View
• B. In SmartDashboard on each rule
• C. In Global Properties under Firewall
• D. In Global Properties under log and alert

What are the three authentication methods for SIC?

• A. Passwords, Users, and standards-based SSL for the creation of secure channels
• B. Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption
• C. Packet Filtering, certificates, and 3DES or AES128 for encryption
• D. Certificates, Passwords, and Tokens

Where can administrator edit a list of trusted SmartConsole clients?

• A. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server
• B. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients
• C. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients
• D. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients, via cpconfig on a Security Gateway

Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

• A. Application Control
• B. Threat Emulation
• C. Anti-Virus
• D. Advanced Networking Blade

Which option will match a connection regardless of its association with a VPN community?

• A. All Site-to-Site VPN Communities
• B. Accept all encrypted traffic
• C. All Connections (Clear or Encrypted)
• D. Specific VPN Communities

You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

• A. You checked the cache password on desktop option in Global Properties
• B. Another rule that accepts HTTP without authentication exists in the Rule Base
• C. You have forgotten to place the User Authentication Rule before the Stealth Rule
• D. Users must use the SecuRemote Client, to use the User Authentication Rule

Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

• A. All Connections (Clear or Encrypted)
• B. Accept all encrypted traffic
• C. Specific VPN Communities
• D. All Site-to-Site VPN Communities

Which tool is used to enable cluster membership on a Gateway?

• A. SmartUpdate
• B. cpconfig
• C. SmartConsole
• D. sysconfig

When should you generate new licenses?

• A. Before installing contract files
• B. After an RMA procedure when the MAC address or serial number of the appliance changes
• C. When the existing license expires, license is upgraded, or the IP-address where the license is tied changes
• D. Only when the license is upgraded

From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server?

• A. Verify a Security Policy
• B. Open a terminal shell
• C. Add a static route
• D. View Security Management GUI Clients

Which type of attack can a firewall NOT prevent?

• A. Network Bandwidth Saturation
• B. Buffer Overflow
• C. SYN Flood
• D. SQL Injection

When a policy package is installed, ________ are also distributed to the target installation Security Gateways.

• A. Both User and Objects databases
• B. Network databases only
• C. Objects databases only
• D. User databases only

The IPS policy for pre-R80 gateways is installed during the _______ .

• A. Firewall policy install
• B. Threat Prevention policy install
• C. Anti-bot policy install
• D. Access Control policy install

Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?

• A. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account
• B. She needs to run sysconfig and restart the SSH process
• C. She needs to edit /etc/scpusers and add the Standard Mode account
• D. She needs to run cpconfig to enable the ability to SCP files

Which of the following is NOT a back up method?

• A. Save backup
• B. System backup
• C. snapshot
• D. Migrate

Your internal networks 10.1.1.0/24, 10.2.2.0/24 and 192.168.0.0/16 are behind the Internet Security Gateway. Considering that Layer 2 and Layer 3 setup is correct, what are the steps you will need to do in SmartConsole in order to get the connection working? Choose the BEST answer.

• A. 1. Define an accept rule in Security Policy. 2. Define Security Gateway to hide all internal networks behind the gateway's external IP. 3. Publish and install the policy
• B. 1. Define an accept rule in Security Policy. 2. Configure automatic NAT for each network to NAT the networks behind a public IP. 3. Publish the policy
• C. 1. Define an accept rule in Security Policy. 2. Configure automatic NAT for each network to NAT the networks behind a private IP. 3. Publish and install the policy
• D. 1. Define an accept rule in Security Policy. 2. Define Security Gateway to hide all internal networks behind the gateway's external IP. 3. Publish the policy

Choose what BEST describes the Policy Layer Traffic Inspection.

• A. If a packet does not match any of the inline layers, the matching continues to the next Layer
• B. If a packet matches an inline layer, it will continue matching the next layer
• C. If a packet does not match any of the inline layers, the packet will be matched against the Implicit Clean-up Rule
• D. If a packet does not match a Network Policy Layer, the matching continues to its inline layer

A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?

• A. Secure Internal Communications (SIC) not configured for the object
• B. Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box
• C. Anti-spoofing not configured on the interfaces on the Gateway object
• D. Gateway object created using the Check Point > Secure Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object

SmartConsole is supported by which of the following operating systems:

• A. Windows only
• B. Gaia only
• C. Gaia, SecurePlatform, and Windows
• D. SecurePlatform only