Down To Date 156-215.80 Test Questions For Check Point Certified Security Administrator Certification

Want to know Exambible 156-215.80 Exam practice test features? Want to lear more about Check-Point Check Point Certified Security Administrator certification experience? Study Pinpoint Check-Point 156-215.80 answers to Renovate 156-215.80 questions at Exambible. Gat a success with an absolute guarantee to pass Check-Point 156-215.80 (Check Point Certified Security Administrator) test on your first attempt.

Also have 156-215.80 free dumps questions for you:


Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the following except:

  • A. Create new dashboards to manage 3rd party task
  • B. Create products that use and enhance 3rd party solutions
  • C. Execute automated scripts to perform common tasks
  • D. Create products that use and enhance the Check Point Solution

Answer: A


In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

  • A. Accounting
  • B. Suppression
  • C. Accounting/Suppression
  • D. Accounting/Extended

Answer: C


Office mode means that:

  • A. SecureID client assigns a routable MAC addres
  • B. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
  • C. Users authenticate with an Internet browser and use secure HTTPS connection.
  • D. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
  • E. Allows a security gateway to assign a remote client an IP addres
  • F. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Answer: D

Office Mode enables a Security Gateway to assign internal IP addresses to SecureClient users. This IP address will not be exposed to the public network, but is encapsulated inside the VPN tunnel between the client and the Gateway. The IP to be used externally should be assigned to the client in the usual way by the Internet Service provider used for the Internet connection. This mode allows a Security Administrator to control which addresses are used by remote clients inside the local network and makes them part of the local network. The mechanism is based on an IKE protocol extension through which the Security Gateway can send an internal IP address to the client.


What are the three essential components of the Check Point Security Management Architecture?

  • A. SmartConsole, Security Management Server, Security Gateway
  • B. SmartConsole, SmartUpdate, Security Gateway
  • C. Security Management Server, Security Gateway, Command Line Interface
  • D. WebUI, SmartConsole, Security Gateway

Answer: A

Standalone deployment - Security Gateway and the Security Management server are installed on the same machine.
Distributed deployment - Security Gateway and the Security Management server are installed on different machines.
Basic deployments:
156-215.80 dumps exhibit
Assume an environment with gateways on different sites. Each Security Gateway connects to the Internet on one side, and to a LAN on the other.
You can create a Virtual Private Network (VPN) between the two Security Gateways, to secure all communication between them.
The Security Management server is installed in the LAN, and is protected by a Security Gateway. The Security Management server manages the Security Gateways and lets remote users connect securely to the corporate network. SmartDashboard can be installed on the Security Management server or another computer.
There can be other OPSEC-partner modules (for example, an Anti-Virus Server) to complete the network security with the Security Management server and its Security Gateways.


A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?

  • A. Secure Internal Communications (SIC) not configured for the object.
  • B. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
  • C. Anti-spoofing not configured on the interfaces on the Gateway object.
  • D. A Gateway object created using the Check Point > Secure Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.

Answer: B


Which VPN routing option uses VPN routing for every connection a satellite gateway handles?

  • A. To satellites through center only
  • B. To center only
  • C. To center and to other satellites through center
  • D. To center, or through the center to other satellites, to internet and other VPN targets

Answer: D

On the VPN Routing page, enable the VPN routing for satellites section, by selecting one of these options:
To center and to other Satellites through center; this allows connectivity between Gateways; for example, if the spoke Gateways are DAIP Gateways, and the hub is a Gateway with a static IP address
To center, or through the center to other satellites, to Internet and other VPN targets; this allows connectivity between the Gateways, as well as the ability to inspect all communication passing through the hub to the Internet.


Why would an administrator see the message below?
156-215.80 dumps exhibit

  • A. A new Policy Package created on both the Management and Gateway will be deleted and must be packed up first before proceeding.
  • B. A new Policy Package created on the Management is going to be installed to the existing Gateway.
  • C. A new Policy Package created on the Gateway is going to be installed on the existing Management.
  • D. A new Policy Package created on the Gateway and transferred to the management will be overwritten bythe Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.

Answer: B


Which the following type of authentication on Mobile Access can NOT be used as the first authentication method?

  • A. Dynamic ID
  • C. Username and Password
  • D. Certificate

Answer: A


What is the Manual Client Authentication TELNET port?

  • A. 23
  • B. 264
  • C. 900
  • D. 259

Answer: D


What is NOT an advantage of Packet Filtering?

  • A. Low Security and No Screening above Network Layer
  • B. Application Independence
  • C. High Performance
  • D. Scalability

Answer: A

Packet Filter Advantages and Disadvantages
156-215.80 dumps exhibit


If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?

  • A. Log Implied Rule was not selected on Global Properties.
  • B. Log Implied Rule was not set correctly on the track column on the rules base.
  • C. Track log column is set to none.
  • D. Track log column is set to Log instead of Full Log.

Answer: A

Implied Rules are configured only on Global Properties.


To optimize Rule Base efficiency, the most hit rules should be where?

  • A. Removed from the Rule Base.
  • B. Towards the middle of the Rule Base.
  • C. Towards the top of the Rule Base.
  • D. Towards the bottom of the Rule Base.

Answer: C

It is logical that if lesser rules are checked for the matched rule to be found the lesser CPU cycles the device is using. Checkpoint match a session from the first rule on top till the last on the bottom.


Fill in the blank: In order to install a license, it must first be added to the ______ .

  • A. User Center
  • B. Package repository
  • C. Download Center Web site
  • D. License and Contract repository

Answer: B


The Captive Portal tool:

  • A. Acquires identities from unidentified users.
  • B. Is only used for guest user authentication.
  • C. Allows access to users already identified.
  • D. Is deployed from the Identity Awareness page in the Global Properties settings.

Answer: A


Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

  • A. Check Point Password
  • C. LDAP
  • D. Windows password

Answer: C


You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?

  • A. restore_backup
  • B. import backup
  • C. cp_merge
  • D. migrate import

Answer: A


Can multiple administrators connect to a Security Management Server at the same time?

  • A. No, only one can be connected
  • B. Yes, all administrators can modify a network object at the same time
  • C. Yes, every administrator has their own username, and works in a session that is independent of other administrators
  • D. Yes, but only one has the right to write

Answer: C


You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?

  • A. show unsaved
  • B. show save-state
  • C. show configuration diff
  • D. show config-state

Answer: D


AdminA and AdminB are both logged in on SmartConsole. What does it mean if AdminB sees a locked icon on a rule? Choose the BEST answer.

  • A. Rule is locked by AdminA, because the save bottom has not been press.
  • B. Rule is locked by AdminA, because an object on that rule is been edited.
  • C. Rule is locked by AdminA, and will make it available if session is published.
  • D. Rule is locked by AdminA, and if the session is saved, rule will be available

Answer: C


When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?

  • A. As expert user, issue these commands:# IP link set eth0 down# IP link set eth0 addr 00:0C:29:12:34:56# IP link set eth0 up
  • B. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field(conf:(conns:(conn:hwaddr (“00:0C:29:12:34:56”)
  • C. As expert user, issue the command:# IP link set eth0 addr 00:0C:29:12:34:56
  • D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.

Answer: C


John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

  • A. John should install the identity Awareness Agent
  • B. The firewall admin should install the Security Policy
  • C. John should lock and unlock the computer
  • D. Investigate this as a network connectivity issue

Answer: C


100% Valid and Newest Version 156-215.80 Questions & Answers shared by, Get Full Dumps HERE: (New 485 Q&As)