Real of 156-215.80 brain dumps materials and dumps questions for Check-Point certification for candidates, Real Success Guaranteed with Updated 156-215.80 pdf dumps vce Materials. 100% PASS Check Point Certified Security Administrator exam Today!

Check 156-215.80 free dumps before getting the full version:


Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?

  • A. UserCheck
  • B. Active Directory Query
  • C. Account Unit Query
  • D. User Directory Query

Answer: B

AD Query extracts user and computer identity information from the Active Directory Security Event Logs. The system generates a Security Event log entry when a user or computer accesses a network resource. For example, this occurs when a user logs in, unlocks a screen, or accesses a network drive.
Reference :


Fill in the blank: An identity server uses a ____ for user authentication.

  • A. Shared secret
  • B. Certificate
  • C. One-time password
  • D. Token

Answer: A


Fill in the blanks: A _____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.

  • A. Format; corporate
  • B. Local; formal
  • C. Local; central
  • D. Central; local

Answer: D


The organization's security manager wishes to back up just the Gaia operating system parameters. Which command can be used to back up only Gaia operating system parameters like interface details, Static routes and Proxy ARP entries?

  • A. show configuration
  • B. backup
  • C. migrate export
  • D. upgrade export

Answer: B

3. System Backup (and System Restore)
System Backup can be used to backup current system configuration. A backup creates a compressed file that contains the Check Point configuration including the networking and operating system parameters, such as routing and interface configuration etc., but unlike a snapshot, it does not include the operating system, product binaries, and hotfixes.


You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

  • A. Logging has disk space issue
  • B. Change logging storage options on the logging server or Security Management Server properties and install database.
  • C. Data Awareness is not enabled.
  • D. Identity Awareness is not enabled.
  • E. Logs are arriving from Pre-R80 gateways.

Answer: A

The most likely reason for the logs data to stop is the low disk space on the logging device, which can be the Management Server or the Gateway Server.


Where would an administrator enable Implied Rules logging?

  • A. In Smart Log Rules View
  • B. In SmartDashboard on each rule
  • C. In Global Properties under Firewall
  • D. In Global Properties under log and alert

Answer: B


Choose what BEST describes users on Gaia Platform.

  • A. There is one default user that cannot be deleted.
  • B. There are two default users and one cannot be deleted.
  • C. There is one default user that can be deleted.
  • D. There are two default users that cannot be deleted and one SmartConsole Administrator.

Answer: B

These users are created by default and cannot be deleted:
admin — Has full read/write capabilities for all Gaia features, from the WebUI and the CLI. This user
has a User ID of 0, and therefore has all of the privileges of a root user.
monitor — Has read-only capabilities for all features in the WebUI and the CLI, and can change its own password. You must give a password for this user before the account can be used.


When a Security Gateways sends its logs to an IP address other than its own, which deployment option is installed?

  • A. Distributed
  • B. Standalone
  • C. Bridge

Answer: A


On the following graphic, you will find layers of policies.
156-215.80 dumps exhibit
What is a precedence of traffic inspection for the defined polices?

  • A. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if implicit Drop Rule drops the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer.
  • B. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer
  • C. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to Threat Prevention layer and then after accepting the packet it passes to IPS layer.
  • D. A packet arrives at the gateway, it is checked against the rules in IPS policy layer and then it comes next to the Network policy layer and then after accepting the packet it passes to Threat Prevention layer.

Answer: B

To simplify Policy management, R80 organizes the policy into Policy Layers. A layer is a set of rules, or a Rule Base.
For example, when you upgrade to R80 from earlier versions:
Gateways that have the Firewall and the Application Control Software Blades enabled will have their Access Control Policy split into two ordered layers: Network and Applications.
When the gateway matches a rule in a layer, it starts to evaluate the rules in the next layer.
Gateways that have the IPS and Threat Emulation Software Blades enabled will have their Threat Prevention policies split into two parallel layers: IPS and Threat Prevention.
All layers are evaluated in parallel
When the gateway matches a rule in a layer, it starts to evaluate the rules in the next layer.
All layers are evaluated in parallel


Phase 1 of the two-phase negotiation process conducted by IKE operates in a_____ mode.

  • A. Main
  • B. Authentication
  • C. Quick
  • D. High Alert

Answer: A


At what point is the Internal Certificate Authority (ICA) created?

  • A. Upon creation of a certificate
  • B. During the primary Security Management Server installation process.
  • C. When an administrator decides to create one.
  • D. When an administrator initially logs into SmartConsole.

Answer: B

Introduction to the ICA
The ICA is a Certificate Authority which is an integral part of the Check Point product suite. It is fully compliant with X.509 standards for both certificates and CRLs. See the relevant X.509 and PKI documentation, as well as RFC 2459 standards for more information. You can read more about Check Point and PKI in the R76 VPN Administration Guide.
The ICA is located on the Security Management server. It is created during the installation process, when the Security Management server is configured.


Which of the following is NOT a valid deployment option for R80?

  • A. All-in-one (stand-alone)
  • B. Log Server
  • C. SmartEvent
  • D. Multi-domain management server

Answer: D


Which of the following is NOT an alert option?

  • A. SNMP
  • B. High alert
  • C. Mail
  • D. User defined alert

Answer: B

In Action, select:
none - No alert.
log - Sends a log entry to the database.
alert - Opens a pop-up window to your desktop.
mail - Sends a mail alert to your Inbox.
snmptrap - Sends an SNMP alert.
useralert - Runs a script. Make sure a user-defined action is available. Go to SmartDashboard > Global Properties > Log and Alert > Alert Commands.


Which remote Access Solution is clientless?

  • A. Checkpoint Mobile
  • B. Endpoint Security Suite
  • C. SecuRemote
  • D. Mobile Access Portal

Answer: D


Using R80 Smart Console, what does a “pencil icon” in a rule mean?

  • A. I have changed this rule
  • B. Someone else has changed this rule
  • C. This rule is managed by check point’s SOC
  • D. This rule can’t be changed as it’s an implied rule

Answer: A


You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities sh you do first?

  • A. Create a new logical-server object to represent your partner's CA
  • B. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA)
  • C. Manually import your partner's Certificate Revocation List.
  • D. Manually import your partner's Access Control List.

Answer: B


Message digests use which of the following?

  • A. DES and RC4
  • B. IDEA and RC4
  • C. SSL and MD4
  • D. SHA-1 and MD5

Answer: D


In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

  • A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
  • B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
  • C. Mail, Block Source, Block Destination, External Script, SNMP Trap
  • D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

Answer: A


Which of these components does NOT require a Security Gateway R77 license?

  • A. Security Management Server
  • B. Check Point Gateway
  • C. SmartConsole
  • D. SmartUpdate upgrading/patching

Answer: C


John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

  • A. John should install the identity Awareness Agent
  • B. The firewall admin should install the Security Policy
  • C. John should lock and unlock the computer
  • D. Investigate this as a network connectivity issue

Answer: C


What is the Transport layer of the TCP/IP model responsible for?

  • A. It transports packets as datagrams along different routes to reach their destination.
  • B. It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
  • C. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.
  • D. It deals with all aspects of the physical components of network connectivity and connects with different network types.

Answer: B


What is the difference between an event and a log?

  • A. Events are generated at gateway according to Event Policy
  • B. A log entry becomes an event when it matches any rule defined in Event Policy
  • C. Events are collected with SmartWorkflow from Trouble Ticket systems
  • D. Logs and Events are synonyms

Answer: B


How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

  • A. Install appliance TE250X on SpanPort on LAN switch in MTA mode
  • B. Install appliance TE250X in standalone mode and setup MTA
  • C. You can utilize only Check Point Cloud Services for this scenario
  • D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance

Answer: C


Recommend!! Get the Full 156-215.80 dumps in VCE and PDF From, Welcome to Download: (New 485 Q&As Version)