Last Updated on September 23, 2021 by Admin 3

156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 03

  1. Which options are given on features, when editing a Role on Gaia Platform?

    • Read/Write, Read Only
    • Read/Write, Read Only, None
    • Read/Write, None
    • Read Only, None
    Explanation:
    Roles
    Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow Gaia users to access specified features by including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (read‑only) access to other features, and no access to other features.
    You can also specify which access mechanisms (WebUI or the CLI) are available to the user.
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q01 014
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q01 014

    Note – When users log in to the WebUI, they see only those features that they have read-only or read/write access to. If they have read-only access to a feature, they can see the settings pages, but cannot change the settings.

    Gaia includes these predefined roles:
    – adminRole – Gives the user read/write access to all features.
    – monitorRole- Gives the user read-only access to all features.
    You cannot delete or change the predefined roles.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q01 015
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q01 015

    Note – Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS) and not on the local Gaia system.

  2. What is the default time length that Hit Count Data is kept?

    • 3 month
    • 4 weeks
    • 12 months
    • 1 week
  3. Choose the Best place to find a Security Management Server backup file named backup_fw, on a Check Point Appliance.

    • /var/log/Cpbackup/backups/backup/backup_fw.tgs
    • /var/log/Cpbackup/backups/backup/backup_fw.tar
    • /var/log/Cpbackup/backups/backups/backup_fw.tar
    • /var/log/Cpbackup/backups/backup_fw.tgz
    Explanation:
    Gaia’s Backup feature allows backing up the configuration of the Gaia OS and of the Security Management server database, or restoring a previously saved configuration.
    The configuration is saved to a .tgz file in the following directory:
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q03 016
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q03 016
  4. With which command can you view the running configuration of Gaia Operating system?

    • show conf-active
    • show configuration active
    • show configuration
    • show running-configuration
  5. Which of the following is TRUE regarding Gaia command line?

    • Configuration changes should be done in mgmt_cli and use CLISH for monitoring. Expert mode is used only for OS level tasks.
    • Configuration changes should be done in expert-mode and CLISH is used for monitoring.
    • Configuration changes should be done in mgmt_cli and use expert-mode for OS-level tasks.
    • All configuration changes should be made in CLISH and expert-mode should be used for OS-level tasks.
  6. If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer.

    • Publish or discard the session.
    • Revert the session.
    • Save and install the Policy.
    • Delete older versions of database.
    Explanation:
    To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
    To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.
    When you select Install Policy, you are prompted to publish all unpublished changes. You cannot install a policy if the included changes are not published.
  7. Which one of the following is the preferred licensing model? Choose the BEST answer.

    • Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
    • Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.
    • Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
    • Central licensing because it ties the package license to the MAC-address of the Security Management Server’s Mgmt-interface and has no dependency on the gateway.
    Explanation:

    Central License
    A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address. The benefits of a Central License are:
    – Only one IP address is needed for all licenses.
    – A license can be taken from one gateway and given to another.
    – The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.

  8. Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

    • One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
    • One machine
    • Two machines
    • Three machines
    Explanation:

    One for Security Management Server and the other one for the Security Gateway.

  9. A new license should be generated and installed in all of the following situations EXCEPT when ________ .

    • The license is attached to the wrong Security Gateway
    • The existing license expires
    • The license is upgraded
    • The IP address of the Security Management or Security Gateway has changed
    Explanation:

    There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.

  10. What is the default shell for the command line interface?

    • Expert
    • Clish
    • Admin
    • Normal
    Explanation:

    The default shell of the CLI is called clish

  11. When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored?

    • Security Gateway
    • Check Point user center
    • Security Management Server
    • SmartConsole installed device
    Explanation:

    SmartUpdate installs two repositories on the Security Management server:
    – License & Contract Repository, which is stored on all platforms in the directory $FWDIR\conf\.
    – Package Repository, which is stored:
    – on Windows machines in C:\SUroot.
    – on UNIX machines in /var/suroot.
    The Package Repository requires a separate license, in addition to the license for the Security Management server. This license should stipulate the number of nodes that can be managed in the Package Repository.

  12. The tool _______ generates an R80 Security Gateway configuration report.

    • infoCP
    • infoview
    • cpinfo
    • fw cpinfo
    Explanation:

    CPInfo is an auto-updatable utility that collects diagnostics data on a customer’s machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).
    The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer’s configuration and environment settings.
    When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security Gateways involved in your case.

  13. Which of the following commands can be used to remove site-to-site IPSEC Security Associations (SA)?

    • vpn tu
    • vpn ipsec remove -l
    • vpn debug ipsec
    • fw ipsec tu
    Explanation:
    vpn tu
    Description Launch the TunnelUtil tool which is used to control VPN tunnels.
    Usage vpn tu
    vpn tunnelutil
    Example vpn tu
    Output
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q13 017
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q13 017
  14. Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

    • Security questions
    • Check Point password
    • SecurID
    • RADIUS
    Explanation:

    Authentication Schemes:
    – Check Point Password
    – Operating System Password
    – RADIUS
    – SecurID
    – TACAS
    – Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied.

  15. Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

    • Editor
    • Read Only All
    • Super User
    • Full Access
    Explanation:

    To create a new permission profile:
    1. In SmartConsole, go to Manage & Settings > Permissions and Administrators > Permission Profiles.
    2. Click New Profile.
    The New Profile window opens.
    3. Enter a unique name for the profile.
    4. Select a profile type:
    – Read/Write All – Administrators can make changes
    – Auditor (Read Only All) – Administrators can see information but cannot make changes
    CustomizedCheck Point Security Management R80
    5. Click OK.

  16. Packages and licenses are loaded from all of these sources EXCEPT ________.

    • Download Center Web site
    • UserUpdate
    • User Center
    • Check Point DVD
    Explanation:

    Packages and licenses are loaded into these repositories from several sources:
    – the Download Center web site (packages)
    – the Check Point DVD (packages)
    – the User Center (licenses)
    – by importing a file (packages and licenses)
    – by running the cplic command line

  17. Which of the following technologies extracts detailed information from packets and stores that information in state tables?

    • INSPECT Engine
    • Stateful Inspection
    • Packet Filtering
    • Application Layer Firewall
  18. On the following graphic, you will find layers of policies.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q18 018
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q18 018

    What is a precedence of traffic inspection for the defined polices?

    • A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if Implicit Drop Rule drops the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer.
    • A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer
    • A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to Threat Prevention layer and then after accepting the packet it passes to IPS layer.
    • A packet arrives at the gateway, it is checked against the rules in IPS policy layer and then if it is accepted then it comes next to the Network policy layer and then after accepting the packet it passes to Threat Prevention layer.
    Explanation:

    To simplify Policy management, R80 organizes the policy into Policy Layers. A layer is a set of rules, or a Rule Base.
    For example, when you upgrade to R80 from earlier versions:
    – Gateways that have the Firewall and the Application Control Software Blades enabled will have their Access Control Policy split into two ordered layers: Network and Applications.
    When the gateway matches a rule in a layer, it starts to evaluate the rules in the next layer.
    – Gateways that have the IPS and Threat Emulation Software Blades enabled will have their Threat Prevention policies split into two parallel layers: IPS and Threat Prevention.
    All layers are evaluated in parallel

  19. Tina is a new administrator who is currently reviewing the new Check Point R80 Management console interface. In the Gateways view, she is reviewing the Summary screen as in the screenshot below. What as an ‘Open Server’?

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q19 019
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q19 019
    •  Check Point software deployed on a non-Check Point appliance.
    • The Open Server Consortium approved Server Hardware used for the purpose of Security and Availability.
    • A Check Point Management Server deployed using the Open Systems Interconnection (OSI) Server and Security deployment model.
    • A Check Point Management Server software using the Open SSL.

    Explanation:

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q19 020
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 03 Q19 020
  20. Choose what BEST describes the Policy Layer Traffic Inspection.

    • If a packet does not match any of the inline layers, the matching continues to the next Layer.
    • If a packet matches an inline layer, it will continue matching the next layer.
    • If a packet does not match any of the inline layers, the packet will be matched against the Implicit Clean-up Rule.
    • If a packet does not match a Network Policy Layer, the matching continues to its inline layer.