Last Updated on September 23, 2021 by Admin 3

156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 17

  1. Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enable which path is handling the traffic?

    • Slow Path
    • Medium Path
    • Fast Path
    • Accelerated Path
  2. From SecureXL perspective, what are the tree paths of traffic flow:

    • Initial Path; Medium Path; Accelerated Path
    • Layer Path; Blade Path; Rule Path
    • Firewall Path; Accept Path; Drop Path
    • Firewall Path; Accelerated Path; Medium Path
  3. You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

    • fwd
    • fwm
    • cpd
    • cpwd
  4. R80.10 management server can manage gateways with which versions installed?

    • Versions R77 and higher
    • Versions R76 and higher
    • Versions R75.20 and higher
    • Version R75 and higher
  5. You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?

    • show unsaved
    • show save-state
    • show configuration diff
    • show config-state
  6. In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

    • SND is a feature to accelerate multiple SSL VPN connections
    • SND is an alternative to IPSec Main Mode, using only 3 packets
    • SND is used to distribute packets among Firewall instances
    • SND is a feature of fw monitor to capture accelerated packets
  7. Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

    • Symmetric routing
    • Failovers
    • Asymmetric routing
    • Anti-Spoofing
  8. What are the steps to configure the HTTPS Inspection Policy?

    • Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard
    • Go to Application&url filtering blade > Advanced > Https Inspection > Policy
    • Go to Manage&Settings > Blades > HTTPS Inspection > Policy
    • Go to Application&url filtering blade > Https Inspection > Policy
  9. What is the difference between SSL VPN and IPSec VPN?

    • IPSec VPN does not require installation of a resident VPN client
    • SSL VPN requires installation of a resident VPN client
    • SSL VPN and IPSec VPN are the same
    • IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser
  10. Which statement is NOT TRUE about Delta synchronization?

    • Using UDP Multicast or Broadcast on port 8161
    • Using UDP Multicast or Broadcast on port 8116
    • Quicker than Full sync
    • Transfers changes in the Kernel tables between cluster members
  11. Under which file is the proxy arp configuration stored?

    • $FWDIR/state/proxy_arp.conf on the management server
    • $FWDIR/conf/local.arp on the management server
    • $FWDIR/state/_tmp/proxy.arp on the security gateway
    • $FWDIR/conf/local.arp on the gateway
  12. Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?

    • Export R80 configuration, clean install R80.10 and import the configuration
    • CPUSE online upgrade
    • CPUSE offline upgrade
    • SmartUpdate upgrade
  13. SmartEvent does NOT use which of the following procedures to identity events:

    • Matching a log against each event definition
    • Create an event candidate
    • Matching a log against local exclusions
    • Matching a log against global exclusions
  14. John is using Management HA. Which Smartcenter should be connected to for making changes?

    • secondary Smartcenter
    • active Smartcenter
    • connect virtual IP of Smartcenter HA
    • primary Smartcenter
  15. Which path below is available only when CoreXL is enabled?

    • Slow path
    • Firewall path
    • Medium path
    • Accelerated path
  16. Which of the following describes how Threat Extraction functions?

    • Detect threats and provides a detailed report of discovered threats
    • Proactively detects threats
    • Delivers file with original content
    • Delivers PDF versions of original files with active content removed
  17. The SmartEvent R80 Web application for real-time event monitoring is called:

    • SmartView Monitor
    • SmartEventWeb
    • There is no Web application for SmartEvent
    • SmartView
  18. SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

    • Smart Cloud Services
    • Load Sharing Mode Services
    • Threat Agent Solution
    • Public Cloud Services
  19. What SmartEvent component creates events?

    • Consolidation Policy
    • Correlation Unit
    • SmartEvent Policy
    • SmartEvent GUI
  20. Which Threat Prevention Profile is not included by default in R80 Management?

    • Basic – Provides reliable protection on a range of non-HTTP protocols for servers, with minimal impact on network performance
    • Optimized – Provides excellent protection for common network products and protocols against recent or popular attacks
    • Strict – Provides a wide coverage for all products and protocols, with impact on network performance
    • Recommended – Provides all protection for all common network products and servers, with impact on network performance