CheckPoint 156-215.81 Dumps - Check Point Certified Security Administrator R81.20 PDF Sample Questions

discount banner
Exam Code:
156-215.81
Exam Name:
Check Point Certified Security Administrator R81.20
400 Questions
Last Update Date : 25 March, 2024
PDF + Test Engine
$60 $78
Test Engine Only Demo
$50 $65
PDF Only Demo
$35 $45.5

CheckPoint 156-215.81 This Week Result

0

They can't be wrong

0

Score in Real Exam at Testing Centre

0

Questions came word by word from this dumps

Best CheckPoint 156-215.81 Dumps - pass your exam In First Attempt

Our 156-215.81 dumps are better than all other cheap 156-215.81 study material.

Only best way to pass your CheckPoint 156-215.81 is that if you will get reliable exam study materials. We ensure you that realexamdumps is one of the most authentic website for CheckPoint CCSA R81 exam question answers. Pass your 156-215.81 Check Point Certified Security Administrator R81.20 with full confidence. You can get free Check Point Certified Security Administrator R81.20 demo from realexamdumps. We ensure 100% your success in 156-215.81 Exam with the help of CheckPoint Dumps. you will feel proud to become a part of realexamdumps family.

Our success rate from past 5 year very impressive. Our customers are able to build their carrier in IT field.

Owl
Search

45000+ Exams

Buy

Desire Exam

Download

Exam

and pass your exam...

Related Exam

Realexamdumps Providing most updated CCSA R81 Question Answers. Here are a few exams:


Sample Questions

Realexamdumps Providing most updated CCSA R81 Question Answers. Here are a few sample questions:

CheckPoint 156-215.81 Sample Question 1

Which of the following is used to enforce changes made to a Rule Base?


Options:

A. Publish database
B. Save changes
C. Install policy
D. Activate policy

Answer: B

CheckPoint 156-215.81 Sample Question 2

R80 is supported by which of the following operating systems:


Options:

A. Windows only
B. Gaia only
C. Gaia, SecurePlatform, and Windows
D. SecurePlatform only

Answer: C

CheckPoint 156-215.81 Sample Question 3

How Capsule Connect and Capsule Workspace differ?


Options:

A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications
B. Capsule Workspace can provide access to any application
C. Capsule Connect provides Business data isolation
D. Capsule Connect does not require an installed application at client

Answer: B

CheckPoint 156-215.81 Sample Question 4

What data MUST be supplied to the SmartConsole System Restore window to restore a backup?


Options:

A. Server, Username, Password, Path, Version
B. Username, Password, Path, Version
C. Server, Protocol, Username, Password, Destination Path
D. Server, Protocol, Username, Password, Path

Answer: D Explanation: Explanation: References:

CheckPoint 156-215.81 Sample Question 5

True or False: The destination server for Security Gateway logs depends on a Security Management Server configuration.


Options:

A. False, log servers are configured on the Log Server General Properties
B. True, all Security Gateways will only forward logs with a SmartCenter Server configuration
C. True, all Security Gateways forward logs automatically to the Security Management Server
D. False, log servers are enabled on the Security Gateway General Properties

Answer: C

CheckPoint 156-215.81 Sample Question 6

Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made:


Options:

A. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of this work.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom will have to reboot his SmartConsole computer, clear the cache and restore changes.

Answer: B

CheckPoint 156-215.81 Sample Question 7

What is the purpose of the Clean-up Rule?


Options:

A. To log all traffic that is not explicitly allowed or denied in the Rule Base
B. To clean up policies found inconsistent with the compliance blade reports
C. To remove all rules that could have a conflict with other rules in the database
D. To eliminate duplicate log entries in the Security Gateway

Answer: A Explanation: Explanation: These are basic access control rules we recommend for all Rule Bases:There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.

CheckPoint 156-215.81 Sample Question 8

Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.


Options:

A. Main
B. Authentication
C. Quick
D. High Alert

Answer: A Explanation: Explanation: Phase I modesBetween Security Gateways, there are two modes for IKE phase I. These modes only apply to IKEv1:

CheckPoint 156-215.81 Sample Question 9

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?


Options:

A. fwd
B. fwm
C. cpd
D. cpwd

Answer: C

CheckPoint 156-215.81 Sample Question 10

What needs to be configured if the NAT property ‘Translate destination on client side’ is not enabled in Global properties?


Options:

A. A host route to route to the destination IP
B. Use the file local.arp to add the ARP entries for NAT to work
C. Nothing, the Gateway takes care of all details necessary
D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly

Answer: D

CheckPoint 156-215.81 Sample Question 11

How are the backups stored in Check Point appliances?


Options:

A. Saved as*.tar under /var/log/CPbackup/backups
B. Saved as*tgz under /var/CPbackup
C. Saved as*tar under /var/CPbackup
D. Saved as*tgz under /var/log/CPbackup/backups

Answer: B Explanation: Explanation: Backup configurations are stored in: /var/CPbackup/backups/

CheckPoint 156-215.81 Sample Question 12

Which one of the following is TRUE?


Options:

A. Ordered policy is a sub-policy within another policy
B. One policy can be either inline or ordered, but not both
C. Inline layer can be defined as a rule action
D. Pre-R80 Gateways do not support ordered layers

Answer: D

CheckPoint 156-215.81 Sample Question 13

Access roles allow the firewall administrator to configure network access according to:


Options:

A. a combination of computer groups and network
B. users and user groups
C. all of above
D. remote access clients

Answer: C Explanation: Explanation: To create an access role:The Access Role window opens.Your selection is shown in the Networks node in the Role Preview pane.A window opens. You can search for Active Directory entries or select them from the list.You can search for AD entries or select them from the list.The access role is added to the Users and Administrators tree.

CheckPoint 156-215.81 Sample Question 14

How many layers make up the TCP/IP model?


Options:

A. 2
B. 7
C. 6
D. 4

Answer: E

CheckPoint 156-215.81 Sample Question 15

Which Check Point software blade provides Application Security and identity control?


Options:

A. Identity Awareness
B. Data Loss Prevention
C. URL Filtering
D. Application Control

Answer: D Explanation: Explanation: Check Point Application Control provides the industry’s strongest application security and identity control to organizations of all sizes.

CheckPoint 156-215.81 Sample Question 16

When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security Policy?


Options:

A. Access Role
B. User Group
C. SmartDirectory Group
D. Group Template

Answer: B

CheckPoint 156-215.81 Sample Question 17

A digital signature:


Options:

A. Guarantees the authenticity and integrity of a message.
B. Automatically exchanges shared keys.
C. Decrypts data to its original form.
D. Provides a secure key exchange mechanism over the Internet.

Answer: B

CheckPoint 156-215.81 Sample Question 18

Which NAT rules are prioritized first?


Options:

A. Post-Automatic/Manual NAT rules
B. Manual/Pre-Automatic NAT
C. Automatic Hide NAT
D. Automatic Static NAT

Answer: C

CheckPoint 156-215.81 Sample Question 19

You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?


Options:

A. SmartView Tracker and SmartView Monitor
B. SmartLSM and SmartUpdate
C. SmartDashboard and SmartView Tracker
D. SmartView Monitor and SmartUpdate

Answer: E

CheckPoint 156-215.81 Sample Question 20

Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia CLI?


Options:

A. Blue > add local backup
B. Expert&Blue#add local backing
C. Blue > set backup local
D. Blue > add backup local

Answer: E

CheckPoint 156-215.81 Sample Question 21

You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.


Options:

A. You checked the cache password on desktop option in Global Properties.
B. Another rule that accepts HTTP without authentication exists in the Rule Base.
C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
D. Users must use the SecuRemote Client, to use the User Authentication Rule.

Answer: C

CheckPoint 156-215.81 Sample Question 22

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the following except:


Options:

A. Create new dashboards to manage 3rd party task
B. Create products that use and enhance 3rd party solutions
C. Execute automated scripts to perform common tasks
D. Create products that use and enhance the Check Point Solution

Answer: B

CheckPoint 156-215.81 Sample Question 23

Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection?


Options:

A. Source Address
B. Destination Address
C. TCP Acknowledgment Number
D. Source Port

Answer: D

CheckPoint 156-215.81 Sample Question 24

What is the command to see cluster status in cli expert mode?


Options:

A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat

Answer: B

CheckPoint 156-215.81 Sample Question 25

Which component functions as the Internal Certificate Authority for R77?


Options:

A. Security Gateway
B. Management Server
C. Policy Server
D. SmartLSM

Answer: C

CheckPoint 156-215.81 Sample Question 26

What component of R80 Management is used for indexing?


Options:

A. DBSync
B. API Server
C. fwm
D. SOLR

Answer: E

CheckPoint 156-215.81 Sample Question 27

Which one of the following is true about Threat Extraction?


Options:

A. Always delivers a file to user
B. Works on all MS Office, Executables, and PDF files
C. Can take up to 3 minutes to complete
D. Delivers file only if no threats found

Answer: C

CheckPoint 156-215.81 Sample Question 28

Which of the following is NOT a valid option when configuring access for Captive Portal?


Options:

A. From the Internet
B. Through internal interfaces
C. Through all interfaces
D. According to the Firewall Policy

Answer: B

CheckPoint 156-215.81 Sample Question 29

VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?


Options:

A. 3DES and MD5
B. Certificates and IPsec
C. Certificates and pre-shared secret
D. IPsec and VPN Domains

Answer: D

CheckPoint 156-215.81 Sample Question 30

Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?


Options:

A. SandBlast Threat Emulation
B. SandBlast Agent
C. Check Point Protect
D. SandBlast Threat Extraction

Answer: E

CheckPoint 156-215.81 Sample Question 31

You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?


Options:

A. Run fwm dbexport -1 filename. Restore the database. Then, run fwm dbimport -1 filename to import the users.
B. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.
C. Restore the entire database, except the user database, and then create the new user and user group.
D. Restore the entire database, except the user database.

Answer: E

CheckPoint 156-215.81 Sample Question 32

What is the benefit of Manual NAT over Automatic NAT?


Options:

A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy
B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
C. You have the full control about the priority of the NAT rules
D. On IPSO and GAIA Gateways, it is handled in a Stateful manner

Answer: D

CheckPoint 156-215.81 Sample Question 33

Which R77 GUI would you use to see number of packets accepted since the last policy install?


Options:

A. SmartView Monitor
B. SmartView Tracker
C. SmartDashboard
D. SmartView Status

Answer: B

CheckPoint 156-215.81 Sample Question 34

Which SmartConsole component can Administrators use to track changes to the Rule Base?


Options:

A. WebUI
B. SmartView Tracker
C. SmartView Monitor
D. SmartReporter

Answer: C

CheckPoint 156-215.81 Sample Question 35

What port is used for delivering logs from the gateway to the management server?


Options:

A. Port 258
B. Port 18209
C. Port 257
D. Port 981

Answer: D

CheckPoint 156-215.81 Sample Question 36

Which of these components does NOT require a Security Gateway R77 license?


Options:

A. Security Management Server
B. Check Point Gateway
C. SmartConsole
D. SmartUpdate upgrading/patching

Answer: D

CheckPoint 156-215.81 Sample Question 37

Where do we need to reset the SIC on a gateway object?


Options:

A. SmartDashboard > Edit Gateway Object > General Properties > Communication
B. SmartUpdate > Edit Security Management Server Object > SIC
C. SmartUpdate > Edit Gateway Object > Communication
D. SmartDashboard > Edit Security Management Server Object > SIC

Answer: B

CheckPoint 156-215.81 Sample Question 38

Jack works for a managed service provider and he has been tasked to create 17 new policies for several new customers. He does not have much time. What is the BEST way to do this with R80 security management?


Options:

A. Create a text-file with mgmt_cli script that creates all objects and policies. Open the file in SmartConsole Command Line to run it.
B. Create a text-file with Gaia CLI -commands in order to create all objects and policies. Run the file in CLISH with command load configuration.
C. Create a text-file with DBEDIT script that creates all objects and policies. Run the file in the command line of the management server using command dbedit -f.
D. Use Object Explorer in SmartConsole to create the objects and Manage Policies from the menu to create the policies.

Answer: A Explanation: Explanation: Did you know:  mgmt_cli can accept csv files as inputs using the --batch option.The first row should contain the argument names and the rows below it should hold the values for these parameters. So an equivalent solution to the powershell script could look like this: data.csv:mgmt_cli add host --batch data.csv -u -p -m  This can work with any type of command not just "add host" : simply replace the column names with the ones relevant to the command you need.

CheckPoint 156-215.81 Sample Question 39

When using LDAP as an authentication method for Identity Awareness, the query:


Options:

A. Requires client and server side software.
B. Prompts the user to enter credentials.
C. Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.
D. Is transparent, requiring no client or server side software, or client intervention.

Answer: E

CheckPoint 156-215.81 Sample Question 40

The most important part of a site-to-site VPN deployment is the ________ .


Options:

A. Internet
B. Remote users
C. Encrypted VPN tunnel
D. VPN gateways

Answer: C Explanation: Explanation: Site to Site VPNThe basis of Site to Site VPN is the encrypted VPN tunnel. Two Security Gateways negotiate a link and create a VPN tunnel and each tunnel can contain more than one VPN connection. One Security Gateway can maintain more than one VPN tunnel at the same time.

CheckPoint 156-215.81 Sample Question 41

At what point is the Internal Certificate Authority (ICA) created?


Options:

A. Upon creation of a certificate
B. During the primary Security Management Server installation process.
C. When an administrator decides to create one.
D. When an administrator initially logs into SmartConsole.

Answer: B Explanation: Explanation: Introduction to the ICAThe ICA is a Certificate Authority which is an integral part of the Check Point product suite. It is fully compliant with X.509 standards for both certificates and CRLs. See the relevant X.509 and PKI documentation, as well as RFC 2459 standards for more information. You can read more about Check Point and PKI in the R76 VPN Administration Guide.The ICA is located on the Security Management server. It is created during the installation process, when the Security Management server is configured.

CheckPoint 156-215.81 Sample Question 42

In the R80 SmartConsole, on which tab are Permissions and Administrators defined?


Options:

A. Security Policies
B. Logs and Monitor
C. Manage and Settings
D. Gateway and Servers

Answer: D

CheckPoint 156-215.81 Sample Question 43

Which of the following is NOT a set of Regulatory Requirements related to Information Security?


Options:

A. ISO 37001
B. Sarbanes Oxley (SOX)
C. HIPPA
D. PCI

Answer: A Explanation: Explanation: ISO 37001 - Anti-bribery management systemt

CheckPoint 156-215.81 Sample Question 44

Joey is using the computer with IP address 192.168.20.13. He wants to access web page “www.CheckPoint.com”, which is hosted on Web server with IP address 203.0.113.111. How many rules on Check Point Firewall are required for this connection?


Options:

A. Two rules – first one for the HTTP traffic and second one for DNS traffic.
B. Only one rule, because Check Point firewall is a Packet Filtering firewall
C. Two rules – one for outgoing request and second one for incoming replay.
D. Only one rule, because Check Point firewall is using Stateful Inspection technology.

Answer: E

CheckPoint 156-215.81 Sample Question 45

What action can be performed from SmartUpdate R77?


Options:

A. upgrade_export
B. fw stat -1
C. cpinfo
D. remote_uninstall_verifier

Answer: D

CheckPoint 156-215.81 Sample Question 46

How many users can have read/write access in Gaia at one time?


Options:

A. Infinite
B. One
C. Three
D. Two

Answer: C

CheckPoint 156-215.81 Sample Question 47

Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?


Options:

A. A star community requires Check Point gateways, as it is a Check Point proprietary technology.
B. In a star community, satellite gateways cannot communicate with each other.
C. In a mesh community, member gateways cannot communicate directly with each other.
D. In a mesh community, all members can create a tunnel with any other member.

Answer: E

CheckPoint 156-215.81 Sample Question 48

What statement is true regarding Visitor Mode?


Options:

A. VPN authentication and encrypted traffic are tunneled through port TCP 443.
B. Only ESP traffic is tunneled through port TCP 443.
C. Only Main mode and Quick mode traffic are tunneled on TCP port 443.
D. All VPN traffic is tunneled through UDP port 4500.

Answer: B


and so much more...