Last Updated on September 23, 2021 by Admin 3

156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 05

  1. What are the two types of address translation rules?

    • Translated packet and untranslated packet
    • Untranslated packet and manipulated packet
    • Manipulated packet and original packet
    • Original packet and translated packet
    Explanation:

    NAT Rule Base
    The NAT Rule Base has two sections that specify how the IP addresses are translated:
    – Original Packet
    – Translated Packet

  2. You are unable to login to SmartConsole. You login to the management server and run #cpwd_admin list with the following output:

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q02 025
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q02 025

    What reason could possibly BEST explain why you are unable to connect to SmartConsole?

    • CPD is down
    • SVR is down
    • CPM and FWM are down
    • CPSM is down
    Explanation:
    The correct answer would be FWM (is the process making available communication between SmartConsole applications and Security Management Server.). STATE is T (Terminate = Down)

    Explanation :
    Symptoms
    – SmartDashboard fails to connect to the Security Management server.
    1. Verify if the FWM process is running. To do this, run the command:
    [Expert@HostName:0]# ps -aux | grep fwm
    2. If the FWM process is not running, then try force-starting the process with the following command:
    [Expert@HostName:0]# cpwd_admin start -name FWM -path “$FWDIR/bin/fwm” -command “fwm”
  3. What does ExternalZone represent in the presented rule?

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q03 026
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q03 026
    • The Internet.
    • Interfaces that administrator has defined to be part of External Security Zone.
    • External interfaces on all security gateways.
    • External interfaces of specific gateways.
    Explanation:

    Configuring Interfaces
    Configure the Security Gateway 80 interfaces in the Interfaces tab in the Security Gateway window.
    To configure the interfaces:
    1. From the Devices window, double-click the Security Gateway 80.
    The Security Gateway window opens.
    2. Select the Interfaces tab.
    3. Select Use the following settings. The interface settings open.
    4. Select the interface and click Edit.
    The Edit window opens.
    5. From the IP Assignment section, configure the IP address of the interface:
    1. Select Static IP.
    2. Enter the IP address and subnet mask for the interface.
    6. In Security Zone, select Wireless, DMS, External, or Internal. Security zone is a type of zone, created by a bridge to easily create segments, while maintaining IP addresses and router configurations. Security zones let you choose if to enable or not the firewall between segments.

  4. The R80 utility fw monitor is used to troubleshoot _____________

    • User data base corruption
    • LDAP conflicts
    • Traffic issues
    • Phase two key negotiation
    Explanation:
    Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark
  5. What are the two high availability modes?

    • Load Sharing and Legacy
    • Traditional and New
    • Active and Standby
    • New and Legacy
    Explanation:

    ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages.
    – Load Sharing Multicast Mode
    – Load Sharing Unicast Mode
    – New High Availability Mode
    – High Availability Legacy Mode

  6. The R80 feature ________ permits blocking specific IP addresses for a specified time period.

    • Block Port Overflow
    • Local Interface Spoofing
    • Suspicious Activity Monitoring
    • Adaptive Threat Prevention
    Explanation:

    Suspicious Activity Rules Solution
    Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
    The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation

  7. Which Threat Prevention Software Blade provides comprehensive against malicious and unwanted network traffic, focusing on application and server vulnerabilities?

    • Anti-Virus
    • IPS
    • Anti-Spam
    • Anti-bot
    Explanation:

    The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:
    – Malware attacks
    – Dos and DDoS attacks
    – Application and server vulnerabilities
    – Insider threats
    – Unwanted application traffic, including IM and P2P

  8. What is the purpose of Captive Portal?

    • It provides remote access to SmartConsole
    • It manages user permission in SmartConsole
    • It authenticates users, allowing them access to the Internet and corporate resources
    • It authenticates users, allowing them access to the Internet and corporate resources
    Explanation:

    Captive Portal – a simple method that authenticates users through a web interface before granting them access to Intranet resources. When users try to access a protected resource, they get a web page that must be filled out to continue.

  9. While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?

    • Security Gateways is not part of the Domain
    • SmartConsole machine is not part of the domain
    • Security Management Server is not part of the domain
    • Identity Awareness is not enabled on Global properties
    Explanation:
    To enable Identity Awareness:
    1. Log in to SmartDashboard.
    2. From the Network Objects tree, expand the Check Point branch.
    3. Double-click the Security Gateway on which to enable Identity Awareness.
    4. In the Software Blades section, select Identity Awareness on the Network Security tab.
    The Identity Awareness Configuration wizard opens.
    5. Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
    AD Query – Lets the Security Gateway seamlessly identify Active Directory users and computers.
    – Browser-Based Authentication – Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.
    Terminal Servers – Identify users in a Terminal Server environment (originating from one IP address).
    See Choosing Identity Sources.
    Note – When you enable Browser-Based Authentication on a Security Gateway that is on an IP Series appliance, make sure to set the Voyager management application port to a port other than 443 or 80.
    6. Click Next.
    The Integration With Active Directory window opens.
    When SmartDashboard is part of the domain, SmartDashboard suggests this domain automatically. If you select this domain, the system creates an LDAP Account Unit with all of the domain controllers in the organization’s Active Directory.
  10. View the rule below. What does the lock-symbol in the left column mean? Choose the best answer.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q10 027
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q10 027
    • The current administrator has read-only permissions to Threat Prevention Policy.
    • Another user has locked the rule for editing.
    • Configuration lock is present. Click the lock symbol to gain read-write access.
    • The current administrator is logged in as read-only because someone else is editing the policy.
    Explanation:

    Administrator Collaboration
    More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that is independent of the other administrators.
    When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited.
    To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.

  11. When attempting to start a VPN tunnel, in the logs the error ‘no proposal chosen’ is seen numerous times. No other VPN-related log entries are present. Which phase of the VPN negotiations has failed?

    • IKE Phase 1
    • IPSEC Phase 2
    • IPSEC Phase 1
    • IKE Phase 2
  12. Which command is used to add users to or from existing roles?

    • Add rba user <User Name> roles <List>
    • Add rba user <User Name>
    • Add user <User Name> roles <List>
    • Add user <User Name>

    Explanation:

    Configuring Roles – CLI (rba)

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q12 028
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q12 028
  13. You are the administrator for Alpha Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q13 029
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q13 029

    What does this mean?

    • The rule No.6 has been marked for deletion in your Management session.
    • The rule No.6 has been marked for deletion in another Management session.
    • The rule No.6 has been marked for editing in your Management session.
    • The rule No.6 has been marked for editing in another Management session.
  14. Which type of the Check Point license ties the package license to the IP address of the Security Management Server?

    • Local
    • Central
    • Corporate
    • Formal
  15. What is NOT an advantage of Packet Filtering?

    • Low Security and No Screening above Network Layer
    • Application Independence
    • High Performance
    • Scalability
    Explanation:
    Packet Filter Advantages and Disadvantages
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q15 030
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q15 030
  16. In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?

    • Display policies and logs on the administrator’s workstation.
    • Verify and compile Security Policies.
    • Processing and sending alerts such as SNMP traps and email notifications.
    • Store firewall logs to hard drive storage.
  17. Web Control Layer has been set up using the settings in the following dialogue:

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q17 031
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q17 031

    Consider the following policy and select the BEST answer.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q17 032
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q17 032
    • Traffic that does not match any rule in the subpolicy is dropped.
    • All employees can access only Youtube and Vimeo.
    • Access to Youtube and Vimeo is allowed only once a day.
    • Anyone from internal network can access the internet, expect the traffic defined in drop rules 5.2, 5.5 and 5.6.
    Explanation:
    Policy Layers and Sub-Policies
    R80 introduces the concept of layers and sub-policies, allowing you to segment your policy according to your network segments or business units/functions.  In addition, you can also assign granular privileges by layer or sub-policy to distribute workload and tasks to the most qualified administrators
    With layers, the rule base is organized into a set of security rules.  These set of rules or layers, are inspected in the order in which they are defined, allowing control over the rule base flow and the security functionalities that take precedence. If an “accept” action is performed across a layer, the inspection will continue to the next layer. For example, a compliance layer can be created to overlay across a cross-section of rules.
    Sub-policies are sets of rules that are created for a specific network segment, branch office or business unit, so if a rule is matched, inspection will continue through this subset of rules before it moves on to the next rule.
    Sub-policies and layers can be managed by specific administrators, according to their permissions profiles.  This facilitates task delegation and workload distribution.
  18. To enforce the Security Policy correctly, a Security Gateway requires:

    • a routing table
    • that each Security Gateway enforces at least one rule
    • a Demilitarized Zone
    • a Security Policy install
  19. RADIUS protocol uses ______ to communicate with the gateway.

    • UDP
    • TDP
    • CCP
    • HTTP
    Explanation:
    Parameters:
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q19 033
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 05 Q19 033
  20. When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?

    • If the Action is Accept, the gateway allows the packet to pass through the gateway.
    • If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
    • If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
    • If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.