Checkpoint Check Point Certified Security Administrator (CCSA R80) 156-215.80 Dumps in PDF

Free Checkpoint 156-215.80 Real Questions (page: 103)

Office mode means that:

  1. SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
  2. Users authenticate with an Internet browser and use secure HTTPS connection.
  3. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
  4. Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Answer(s): D

Explanation:

Office Mode enables a Security Gateway to assign internal IP addresses to SecureClient users. This IP address will not be exposed to the public network, but is encapsulated inside the VPN tunnel between the client and the Gateway. The IP to be used externally should be assigned to the client in the usual way by the Internet Service provider used for the Internet connection. This mode allows a Security Administrator to control which addresses are used by remote clients inside the local network and makes them part of the local network. The mechanism is based on an IKE protocol extension through which the Security Gateway can send an internal IP address to the client.


Reference:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30545



The Administrator wishes to update IPS protections from SmartConsole by clicking on the option “Update Now” under the Updates tab in Threat Tools. Which device requires internet access for the update to work?

  1. Security Gateway only
  2. Only the device where SmartConsole is installed
  3. Only the Security Management Server
  4. Either the Security Management Server or device where SmartConsole is installed

Answer(s): B

Explanation:

Updating IPS Manually
You can immediately update IPS with real-time information on attacks and all the latest protections from the IPS website. You can only manually update IPS if a proxy is defined in Internet Explorer settings.
To obtain updates of all the latest protections from the IPS website:
1. Configure the settings for the proxy server in Internet Explorer.
1. In Microsoft Internet Explorer, open Tools > Internet Options > Connections tab > LAN Settings. The LAN Settings window opens.
2. Select Use a proxy server for your LAN.
3. Configure the IP address and port number for the proxy server. 4.Click OK.
The settings for the Internet Explorer proxy server are configured.
2. In the IPS tab, select Download Updates and click Update Now.
If you chose to automatically mark new protections for Follow Up, you have the option to open the Follow Up page directly to see the new protections.


Reference:

https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12850.htm



Jack works for a managed service provider and he has been tasked to create 17 new policies for several new customers. He does not have much time. What is the BEST way to do this with R80 security management?

  1. Create a text-file with mgmt_cli script that creates all objects and policies. Open the file in SmartConsole Command Line to run it.
  2. Create a text-file with Gaia CLI -commands in order to create all objects and policies. Run the file in CLISH with command load configuration.
  3. Create a text-file with DBEDIT script that creates all objects and policies. Run the file in the command line of the management server using command dbedit -f.
  4. Use Object Explorer in SmartConsole to create the objects and Manage Policies from the menu to create the policies.

Answer(s): A

Explanation:

Did you know: mgmt_cli can accept csv files as inputs using the --batch option.
The first row should contain the argument names and the rows below it should hold the values for these parameters.

So an equivalent solution to the powershell script could look like this:
data.csv:

mgmt_cli add host --batch data.csv -u <username> -p <password> -m <management server>

This can work with any type of command not just "add host" : simply replace the column names with the ones relevant to the command you need.


Reference:

https://community.checkpoint.com/thread/1342
https://sc1.checkpoint.com/documents/R80/APIs/#gui-cli/add-access-rule



When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

  1. RADIUS
  2. Remote Access and RADIUS
  3. AD Query
  4. AD Query and Browser-based Authentication

Answer(s): D

Explanation:

Identity Awareness gets identities from these acquisition sources:
-AD Query
-Browser-Based Authentication
-Endpoint Identity Agent
-Terminal Servers Identity Agent
-Remote Access


Reference:

https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62007.htm



Which of the following is NOT a back up method?

  1. Save backup
  2. System backup
  3. snapshot
  4. Migrate

Answer(s): A

Explanation:

The built-in Gaia backup procedures:
-Snapshot Management
-System Backup (and System Restore)
-Save/Show Configuration (and Load Configuration)
Check Point provides three different procedures for backing up (and restoring) the operating system and networking parameters on your appliances.
-Snapshot (Revert)
-Backup (Restore)
-upgrade_export (Migrate)


Reference:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108902 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk54100



Share your comments for Checkpoint 156-215.80 exam with other users:

A
Abduraimov
4/19/2023 12:43:00 AM

preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.

P
Puneeth
10/5/2023 2:06:00 AM

new to this site but i feel it is good

A
Ashok Kumar
1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.

M
Merry
7/30/2023 6:57:00 AM

good questions

V
VoiceofMidnight
12/17/2023 4:07:00 PM

Delayed the exam until December 29th.

U
Umar Ali
8/29/2023 2:59:00 PM

A and D are True

V
vel
8/28/2023 9:17:09 AM

good one with explanation

G
Gurdeep
1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.

AI Tutor 👋 I’m here to help!