156-215.80 Exam - Check Point Certified Security Administrator

NEW QUESTION 1
Which repositories are installed on the Security Management Server by SmartUpdate?

• A. License and Update
• B. Package Repository and Licenses
• C. Update and License and Contract
• D. License and Contract and Package Repository

Answer: D

NEW QUESTION 2
Review the following screenshot and select the BEST answer.

• A. Data Center Layer is an inline layer in the Access Control Policy.
• B. By default all layers are shared with all policies.
• C. If a connection is dropped in Network Layer, it will not be matched against the rules in Data Center Layer.
• D. If a connection is accepted in Network-layer, it will not be matched against the rules in Data Center Layer.

Answer: C

NEW QUESTION 3
Using ClusterXL, what statement is true about the Sticky Decision Function?

• A. Can only be changed for Load Sharing implementations
• B. All connections are processed and synchronized by the pivot
• C. Is configured using cpconfig
• D. Is only relevant when using SecureXL

Answer: A

NEW QUESTION 4
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?
1. Run cpconfig on the Gateway, select Secure Internal Communication, enter the activation key, and reconfirm.
2. Initialize Internal Certificate Authority (ICA) on the Security Management Server.
3. Configure the Gateway object with the host name and IP addresses for the remote site.
4. Click the Communication button in the Gateway object's General screen, enter the activation key, and click Initialize and OK.
5. Install the Security Policy.

• A. 2, 3, 4, 1, 5
• B. 2, 1, 3, 4, 5
• C. 1, 3, 2, 4, 5
• D. 2, 3, 4, 5, 1

Answer: B

NEW QUESTION 5
Review the rules. Assume domain UDP is enabled in the implied rules.

What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

• A. can connect to the Internet successfully after being authenticated.
• B. is prompted three times before connecting to the Internet successfully.
• C. can go to the Internet after Telnetting to the client authentication daemon port 259.
• D. can go to the Internet, without being prompted for authentication.

Answer: D

NEW QUESTION 6
Which of the following commands is used to monitor cluster members?

• A. cphaprob state
• B. cphaprob status
• C. cphaprob
• D. cluster state

Answer: A

NEW QUESTION 7
Which remote Access Solution is clientless?

• A. Checkpoint Mobile
• B. Endpoint Security Suite
• C. SecuRemote
• D. Mobile Access Portal

Answer: D

NEW QUESTION 8
Which SmartConsole component can Administrators use to track changes to the Rule Base?

• A. WebUI
• B. SmartView Tracker
• C. SmartView Monitor
• D. SmartReporter

Answer: B

NEW QUESTION 9
Which of these components does NOT require a Security Gateway R77 license?

• A. Security Management Server
• B. Check Point Gateway
• C. SmartConsole
• D. SmartUpdate upgrading/patching

Answer: C

NEW QUESTION 10
Which of these statements describes the Check Point ThreatCloud?

• A. Blocks or limits usage of web applications
• B. Prevents or controls access to web sites based on category
• C. Prevents Cloud vulnerability exploits
• D. A worldwide collaborative security network

Answer: D

NEW QUESTION 11
By default, which port does the WebUI listen on?

• A. 80
• B. 4434
• C. 443
• D. 8080

Answer: C

Explanation: To configure Security Management Server on Gaia:
Open a browser to the WebUI: https:<//Gaia management IP address>

NEW QUESTION 12
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right protections in place. Check Point has been selected for the security vendor. Which Check Point products protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?

• A. IPS and Application Control
• B. IPS, anti-virus and anti-bot
• C. IPS, anti-virus and e-mail security
• D. SandBlast

Answer: D

Explanation: SandBlast Zero-Day Protection
Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point provides a deeper level of inspection so you can prevent more malware and zero-day attacks, while ensuring quick delivery of safe content to your users.

NEW QUESTION 13
Message digests use which of the following?

• A. DES and RC4
• B. IDEA and RC4
• C. SSL and MD4
• D. SHA-1 and MD5

Answer: D

NEW QUESTION 14
MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway.
How do you apply the license?

• A. Using the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate.
• B. Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.
• C. Using the remote Gateway's IP address, and applying the license locally with command cplic put.
• D. Using each of the Gateway's IP addresses, and applying the licenses on the Security Management Server with the command cprlic put.

Answer: B

NEW QUESTION 15
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

• A. You checked the cache password on desktop option in Global Properties.
• B. Another rule that accepts HTTP without authentication exists in the Rule Base.
• C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
• D. Users must use the SecuRemote Client, to use the User Authentication Rule.

Answer: B

NEW QUESTION 16
Access roles allow the firewall administrator to configure Network access according to:

• A. a combination of computer or computer groups and network
• B. users and user groups
• C. all of above
• D. remote access clients

Answer: C

NEW QUESTION 17
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:

• A. assign privileges to users.
• B. edit the home directory of the user.
• C. add users to your Gaia system.
• D. assign user rights to their home directory in the Security Management Server

Answer: D

Explanation: Users
Use the WebUI and CLI to manage user accounts. You can:
Add users to your Gaia system.
Edit the home directory of the user.
Edit the default shell for a user.
Give a password to a user.
Give privileges to users.