Last Updated on September 23, 2021 by Admin 3

156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 15

  1. During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

    • Dropped without sending a negative acknowledgment
    • Dropped without logs and without sending a negative acknowledgment
    • Dropped with negative acknowledgment
    • Dropped with logs and without sending a negative acknowledgment
  2. Which one of the following is true about Threat Extraction?

    • Always delivers a file to user
    • Works on all MS Office, Executables, and PDF files
    • Can take up to 3 minutes to complete
    • Delivers file only if no threats found
  3. Which is the correct order of a log flow processed by SmartEvent components:

    • Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
    • Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
    • Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
    • Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
  4. Which of these statements describes the Check Point ThreatCloud?

    • Blocks or limits usage of web applications
    • Prevents or controls access to web sites based on category
    • Prevents Cloud vulnerability exploits
    • A worldwide collaborative security network
  5. Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection?

    • Source Address.
    • Destination Address
    • TCP Acknowledgment Number
    • Source Port
  6. When defining QoS global properties, which option below is not valid?

    • Weight
    • Authenticated timeout
    • Schedule
    • Rate
  7. The WebUI offers three methods for downloading Hotfixes via CPUSE. One of them is Automatic method. How many times per day will CPUSE agent check for hotfixes and automatically download them?

    • Six times per day
    • Seven times per day
    • Every two hours
    • Every three hours
  8. How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

    • Install appliance TE250X on SpanPort on LAN switch in MTA mode
    • Install appliance TE250X in standalone mode and setup MTA
    • You can utilize only Check Point Cloud Services for this scenario
    • It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance
  9. In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

    • Mail, Block Source, Block Event Activity, External Script, SNMP Trap
    • Mail, Block Source, Block Destination, Block Services, SNMP Trap
    • Mail, Block Source, Block Destination, External Script, SNMP Trap
    • Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
  10. Identify the API that is not supported by Check Point currently.

    • R80 Management API-
    • Identity Awareness Web Services API
    • Open REST API
    • OPSEC SDK
  11. Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

    • mgmt_cli add-host “Server_1” ip_address “10.15.123.10” –format txt
    • mgmt_cli add host name “Server_1” ip_address “10.15.123.10” –format json
    • mgmt_cli add object-host “Server_1” ip_address “10.15.123.10” –format json
    • mgmt_cli add object “Server_1” ip_address “10.15.123.10” –format json
  12. SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

    • Threat Emulation
    • Mobile Access
    • Mail Transfer Agent
    • Threat Cloud
  13. Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?

    • SandBlast Threat Emulation
    • SandBlast Agent
    • Check Point Protect
    • SandBlast Threat Extraction
  14. What is the command to see cluster status in cli expert mode?

    • fw ctl stat
    • clusterXL stat
    • clusterXL status
    • cphaprob stat
  15. On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

    • 18210
    • 18184
    • 257
    • 18191
  16. If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?

    • Nothing
    • TCP FIN
    • TCP RST
    • ICMP unreachable
  17. What is the mechanism behind Threat Extraction?

    • This is a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender
    • This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient
    • This is a new mechanism to identify the IP address of the sender of malicious codes and to put it into the SAM database (Suspicious Activity Monitoring).
    • Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast
  18. What is the benefit of Manual NAT over Automatic NAT?

    • If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy
    • There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
    • You have the full control about the priority of the NAT rules
    • On IPSO and GAIA Gateways, it is handled in a Stateful manner
  19. The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

    • Secure Internal Communication (SIC)
    • Restart Daemons if they fail
    • Transfer messages between Firewall processes
    • Pulls application monitoring status
  20. Which of the following is NOT an attribute of packer acceleration?

    • Source address
    • Protocol
    • Destination port
    • Application Awareness