Last Updated on September 23, 2021 by Admin 3

156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 13

  1. What happens when you run the command: fw sam -J src [Source IP Address]?

    • Connections from the specified source are blocked without the need to change the Security Policy.
    • Connections to the specified target are blocked without the need to change the Security Policy.
    • Connections to and from the specified target are blocked without the need to change the Security Policy.
    • Connections to and from the specified target are blocked with the need to change the Security Policy.
  2. VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?

    • 3DES and MD5
    • Certificates and IPsec
    • Certificates and pre-shared secret
    • IPsec and VPN Domains
  3. According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):

    • Gateway
    • Interoperable Device
    • Externally managed gateway
    • Network Node
  4. You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

    • A group with generic user
    • All users
    • LDAP Account Unit Group
    • Internal user Group
  5. Where does the security administrator activate Identity Awareness within SmartDashboard?

    • Gateway Object > General Properties
    • Security Management Server > Identity Awareness
    • Policy > Global Properties > Identity Awareness
    • LDAP Server Object > General Properties
  6. While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?

    1) Select Active Mode tab in SmartView Tracker.
    2) Select Tools > Block Intruder.
    3) Select Log Viewing tab in SmartView Tracker.
    4) Set Blocking Timeout value to 60 minutes.
    5) Highlight connection that should be blocked.

    • 1, 2, 5, 4
    • 3, 2, 5, 4
    • 1, 5, 2, 4
    • 3, 5, 2, 4
  7. You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?

    • Manual copies of the directory $FWDIR/conf
    • upgrade_export command
    • Database Revision Control
    • GAiA backup utilities
  8. You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT’d source port if you are using Source NAT?

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 13 Q08 051
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 13 Q08 051
    • XlateDst
    • XlateSPort
    • XlateDPort
    • XlateSrc
  9. What happens if the identity of a user is known?

    • If the user credentials do not match an Access Role, the traffic is automatically dropped.
    • If the user credentials do not match an Access Role, the system displays a sandbox.
    • If the user credentials do not match an Access Role, the gateway moves onto the next rule.
    • If the user credentials do not match an Access Role, the system displays the Captive Portal.
  10. Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker’s specific active connection?

    • Change the Rule Base and install the Policy to all Security Gateways
    • Block Intruder feature of SmartView Tracker
    • Intrusion Detection System (IDS) Policy install
    • SAM – Suspicious Activity Rules feature of SmartView Monitor
  11. What port is used for communication to the User Center with SmartUpdate?

    • CPMI 200
    • TCP 8080
    • HTTP 80
    • HTTPS 443
  12. How do you configure an alert in SmartView Monitor?

    • An alert cannot be configured in SmartView Monitor.
    • By choosing the Gateway, and Configure Thresholds.
    • By right-clicking on the Gateway, and selecting Properties.
    • By right-clicking on the Gateway, and selecting System Information.
  13. Where would an administrator enable Implied Rules logging?

    • In Smart Log Rules View
    • In SmartDashboard on each rule
    • In Global Properties under Firewall
    • In Global Properties under log and alert
  14. Which of these attributes would be critical for a site-to-site VPN?

    • Scalability to accommodate user groups
    • Centralized management
    • Strong authentication
    • Strong data encryption
  15. You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 13 Q15 052
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 13 Q15 052

    Unfortunately, you get the message:
    “There are no machines that contain Firewall Blade and SmartView Monitor”.

    What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 13 Q15 053
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 13 Q15 053
    • Purchase the SmartView Monitor license for your Security Management Server.
    • Enable Monitoring on your Security Management Server.
    • Purchase the SmartView Monitor license for your Security Gateway.
    • Enable Monitoring on your Security Gateway.
  16. You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicious?

    • SmartDashboard
    • SmartUpdate
    • SmartView Status
    • SmartView Tracker
  17. Which of the following uses the same key to decrypt as it does to encrypt?

    • Asymmetric encryption
    • Dynamic encryption
    • Certificate-based encryption
    • Symmetric encryption
  18. How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?

    • Change the gateway settings to allow Captive Portal access via an external interface.
    • No action is necessary. This access is available by default.
    • Change the Identity Awareness settings under Global Properties to allow Captive Policy access on all interfaces.
    • Change the Identity Awareness settings under Global Properties to allow Captive Policy access for an external interface.
  19. The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

    • You can only use the rule for Telnet, FTP, SMPT, and rlogin services.
    • The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
    • Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
    • You can limit the authentication attempts in the User Properties’ Authentication tab.
  20. As a Security Administrator, you must refresh the Client Authentication authorized time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

    • in the user object’s Authentication screen.
    • in the Gateway object’s Authentication screen.
    • in the Limit tab of the Client Authentication Action Properties screen.
    • in the Global Properties Authentication screen.