Last Updated on September 23, 2021 by Admin 3

156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 19

  1. Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?

    • SmartManager
    • SmartConsole
    • Security Gateway
    • Security Management Server
  2. Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?

    • All of the above options stop Check Point processes
    • backup
    • migrate export
    • snapshot
  3. What is the Transport layer of the TCP/IP model responsible for?

    • It transports packets as datagrams along different routes to reach their destination.
    • It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
    • It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.
    • It deals with all aspects of the physical components of network connectivity and connects with different network types.
  4. What needs to be configured if the NAT property ‘Translate destination on client side’ is not enabled in Global Properties?

    • A host route to route to the destination server
    • Use the file local.arp to add the ARP entries for NAT to work
    • Nothing, the Gateway takes care of all details necessary
    • Enabling ‘Allow bi-directional NAT’ for NAT to work correctly
  5. In the Check Point Security Management Architecture, which component(s) can store logs?

    • SmartConsole
    • Security Management Server and Security Gateway
    • Security Management Server
    • SmartConsole and Security Management Server
  6. In order to install a license, it must first be added to the ____________.

    • User Center
    • Package repository
    • Download Center Web site
    • License and Contract repository
  7. When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:

    • Security Management Server’s /home/.fgpt file and is available for future SmartConsole authentications.
    • Windows registry is available for future Security Management Server authentications.
    • There is no memory used for saving a fingerprint anyway.
    • SmartConsole cache is available for future Security Management Server authentications.
  8. By default, the SIC certificates issued by R80 Management Server are based on the ____________ algorithm.

    • SHA-256
    • SHA-200
    • MD5
    • SHA-128
  9. Which message indicates IKE Phase 2 has completed successfully?

    • Quick Mode Complete
    • Aggressive Mode Complete
    • Main Mode Complete
    • IKE Mode Complete
  10. Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 19 Q10 055
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 19 Q10 055

    What is the possible explanation for this?

    • DNS Rule is using one of the new features of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important.
    • Another administrator is logged into the Management and currently editing the DNS Rule.
    • DNS Rule is a placeholder rule for a rule that existed in the past but was deleted.
    • This is normal behavior in R80 when there are duplicate rules in the Rule Base.
  11. When tunnel test packets no longer invoke a response, Tunnel and User Monitoring displays _____________ for the given VPN tunnel.

    • Down
    • No Response
    • Inactive
    • Failed
  12. Which of the following is the most secure means of authentication?

    • Password
    • Certificate
    • Token
    • Pre-shared secret
  13. What is the BEST command to view configuration details of all interfaces in Gaia CLISH?

    • ifconfig -a
    • show interfaces all
    • show interfaces detail
    • show configuration interfaces
  14. Authentication rules are defined for ____________.

    • User groups
    • Users using UserCheck
    • Individual users
    • All users in the database
  15. Which Threat Tool within SmartConsole provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

    • ThreatWiki
    • Whitelist Files
    • AppWiki
    • IPS Protections
  16. Which of the following is an authentication method used for Identity Awareness?

    • SSL
    • Captive Portal
    • PKI
    • RSA
  17. The SIC Status “Unknown” means

    • There is connection between the gateway and Security Management Server but it is not trusted.
    • The secure communication is established.
    • There is no connection between the gateway and Security Management Server. 
    • The Security Management Server can contact the gateway, but cannot establish SIC.
    Explanation:

    SIC Status
    After the gateway receives the certificate issued by the ICA, the SIC status shows if the Security Management Server can communicate securely with this gateway:
    Communicating – The secure communication is established.
    Unknown – There is no connection between the gateway and Security Management Server.
    Not Communicating – The Security Management Server can contact the gateway, but cannot establish SIC. A message shows more information.

  18. What is a reason for manual creation of a NAT rule?

    • In R80 all Network Address Translation is done automatically and there is no need for manually defined NAT-rules.
    • Network Address Translation of RFC1918-compliant networks is needed to access the Internet.
    • Network Address Translation is desired for some services, but not for others.
    • The public IP-address is different from the gateway’s external IP
  19. Which of the following commands is used to verify license installation?

    • Cplic verify license
    • Cplic print
    • Cplic show
    • Cplic license
  20. To enforce the Security Policy correctly, a Security Gateway requires:

    • a routing table
    • awareness of the network topology
    • a Demilitarized Zone
    • a Security Policy install
    Explanation:

    The network topology represents the internal network (both the LAN and the DMZ) protected by the gateway. The gateway must be aware of the layout of the network topology to:
    Correctly enforce the Security Policy.
    Ensure the validity of IP addresses for inbound and outbound traffic.
    Configure a special domain for Virtual Private Networks.