Master the 156-215.80 Check Point Certified Security Administrator content and be ready for exam day success quickly with this Exambible 156-215.80 exam question. We guarantee it!We make it a reality and give you real 156-215.80 questions in our Check-Point 156-215.80 braindumps.Latest 100% VALID Check-Point 156-215.80 Exam Questions Dumps at below page. You can use our Check-Point 156-215.80 braindumps and pass your exam.

Online Check-Point 156-215.80 free dumps demo Below:


Which of these components does NOT require a Security Gateway R77 license?

  • A. Security Management Server
  • B. Check Point Gateway
  • C. SmartConsole
  • D. SmartUpdate upgrading/patching

Answer: C


From SecureXL perspective, what are the tree paths of traffic flow:

  • A. Initial Path; Medium Path; Accelerated Path
  • B. Layer Path; Blade Path; Rule Path
  • C. Firewall Path; Accept Path; Drop Path
  • D. Firewall Path; Accelerated Path; Medium Path

Answer: D


Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

  • A. The two algorithms do not have the same key length and so don't work togethe
  • B. You will get the error… No proposal chosen…
  • C. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
  • D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
  • E. All is fine and can be used as is.

Answer: C


What are the three essential components of the Check Point Security Management Architecture?

  • A. SmartConsole, Security Management Server, Security Gateway
  • B. SmartConsole, SmartUpdate, Security Gateway
  • C. Security Management Server, Security Gateway, Command Line Interface
  • D. WebUI, SmartConsole, Security Gateway

Answer: A

Standalone deployment - Security Gateway and the Security Management server are installed on the same machine.
Distributed deployment - Security Gateway and the Security Management server are installed on different machines.
Basic deployments:
156-215.80 dumps exhibit
Assume an environment with gateways on different sites. Each Security Gateway connects to the Internet on one side, and to a LAN on the other.
You can create a Virtual Private Network (VPN) between the two Security Gateways, to secure all communication between them.
The Security Management server is installed in the LAN, and is protected by a Security Gateway. The Security Management server manages the Security Gateways and lets remote users connect securely to the corporate network. SmartDashboard can be installed on the Security Management server or another computer.
There can be other OPSEC-partner modules (for example, an Anti-Virus Server) to complete the network security with the Security Management server and its Security Gateways.


In what way are SSL VPN and IPSec VPN different?

  • A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
  • B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
  • C. IPSec VPN does not support two factor authentication, SSL VPN does support this
  • D. IPSec VPN uses an additional virtual adapter, SSL VPN uses the client network adapter only

Answer: D


When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?

  • A. If the Action is Accept, the gateway allows the packet to pass through the gateway.
  • B. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
  • C. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
  • D. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.

Answer: C


Which policy type has its own Exceptions section?

  • A. Thread Prevention
  • B. Access Control
  • C. Threat Emulation
  • D. Desktop Security

Answer: A

The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending on necessity.


The Gaia operating system supports which routing protocols?


Answer: A

The Advanced Routing Suite
The Advanced Routing Suite CLI is available as part of the Advanced Networking Software Blade.
For organizations looking to implement scalable, fault-tolerant, secure networks, the Advanced Networking blade enables them to run industry-standard dynamic routing protocols including BGP, OSPF, RIPv1, and RIPv2 on security gateways. OSPF, RIPv1, and RIPv2 enable dynamic routing over a single autonomous system—like a single department, company, or service provider—to avoid network failures. BGP provides dynamic routing support across more complex networks involving multiple autonomous systems—such as when a company uses two service providers or divides a network into multiple areas with different administrators responsible for the performance of each.


What statement is true regarding Visitor Mode?

  • A. VPN authentication and encrypted traffic are tunneled through port TCP 443.
  • B. Only ESP traffic is tunneled through port TCP 443.
  • C. Only Main mode and Quick mode traffic are tunneled on TCP port 443.
  • D. All VPN traffic is tunneled through UDP port 4500.

Answer: A


Which policy type is used to enforce bandwidth and traffic control rules?

  • A. Threat Emulation
  • B. Access Control
  • C. QoS
  • D. Threat Prevention

Answer: C

Check Point's QoS Solution
QoS is a policy-based QoS management solution from Check Point Software Technologies Ltd., satisfies your needs for a bandwidth management solution. QoS is a unique, software-only based application that manages traffic end-to-end across networks, by distributing enforcement throughout network hardware and software.


In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

  • A. Accounting
  • B. Suppression
  • C. Accounting/Suppression
  • D. Accounting/Extended

Answer: C


Which options are given on features, when editing a Role on Gaia Platform?

  • A. Read/Write, Read Only
  • B. Read/Write, Read only, None
  • C. Read/Write, None
  • D. Read Only, None

Answer: B

Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow Gaia users to access specified features by including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (readonly) access to other features, and no access to other features.
You can also specify which access mechanisms (WebUI or the CLI) are available to the user.
Note - When users log in to the WebUI, they see only those features that they have read-only or read/write access to. If they have read-only access to a feature, they can see the settings pages, but cannot change the settings.
Gaia includes these predefined roles:
You cannot delete or change the predefined roles.
Note - Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS) and not on the local Gaia system.


What is the potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?

  • A. degrades performance as the Security Policy grows in size
  • B. requires additional Check Point appliances
  • C. requires additional software subscription
  • D. increases cost

Answer: A


Provide very wide coverage for all products and protocols, with noticeable performance impact.
156-215.80 dumps exhibit
How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

  • A. Set High Confidence to Low and Low Confidence to Inactive.
  • B. Set the Performance Impact to Medium or lower.
  • C. The problem is not with the Threat Prevention Profil
  • D. Consider adding more memory to the appliance.
  • E. Set the Performance Impact to Very Low Confidence to Prevent.

Answer: B


Which GUI tool can be used to view and apply Check Point licenses?

  • A. cpconfig
  • B. Management Command Line
  • C. SmartConsole
  • D. SmartUpdate

Answer: D

SmartUpdate GUI is the recommended way of managing licenses. References:


You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how many often the particular rules match. Where can you see it? Give the BEST answer.

  • A. In the SmartView Tracker, if you activate the column Matching Rate.
  • B. In SmartReporter, in the section Firewall Blade – Activity > Network Activity with information concerning Top Matched Logged Rules.
  • C. SmartReporter provides this information in the section Firewall Blade – Security > Rule Base Analysis with information concerning Top Matched Logged Rules.
  • D. It is not possible to see it directl
  • E. You can open SmartDashboard and select UserDefined in the Track colum
  • F. Afterwards, you need to create your own program with an external counter.

Answer: C


What are the three conflict resolution rules in the Threat Prevention Policy Layers?

  • A. Conflict on action, conflict on exception, and conflict on settings
  • B. Conflict on scope, conflict on settings, and conflict on exception
  • C. Conflict on settings, conflict on address, and conflict on exception
  • D. Conflict on action, conflict on destination, and conflict on settings

Answer: C


You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

  • A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
  • B. Create a separate Security Policy package for each remote Security Gateway.
  • C. Create network object that restrict all applicable rules to only certain networks.
  • D. Run separate SmartConsole instances to login and configure each Security Gateway directly.

Answer: B


The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?

  • A. R80 Management contains compatibility packages for managing earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.
  • B. R80 Management requires the separate installation of compatibility hotfix packages for managing the earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.
  • C. R80 Management was designed as a completely different Management system and so can only monitor Check Point Gateways prior to R80.
  • D. R80 Management cannot manage earlier versions of Check Point Gateways prior to R80. Only R80 and above Gateways can be manage
  • E. Consult the R80 Release Notes for more information.

Answer: A


Which of the following is NOT a component of a Distinguished Name?

  • A. Organization Unit
  • B. Country
  • C. Common name
  • D. User container

Answer: D

Distinguished Name Components
CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name


When defining QoS global properties, which option below is not valid?

  • A. Weight
  • B. Authenticated timeout
  • C. Schedule
  • D. Rate

Answer: C


What component of R80 Management is used for indexing?

  • A. DBSync
  • B. API Server
  • C. fwm
  • D. SOLR

Answer: D


What protocol is specifically used for clustered environments?

  • A. Clustered Protocol
  • B. Synchronized Cluster Protocol
  • C. Control Cluster Protocol
  • D. Cluster Control Protocol

Answer: D


Choose the Best place to find a Security Management Server backup file named backup_fw, on a Check Point Appliance.

  • A. /var/log/Cpbackup/backups/backup/backup_fw.tgs
  • B. /var/log/Cpbackup/backups/backup/backup_fw.tar
  • C. /var/log/Cpbackup/backups/backups/backup_fw.tar
  • D. /var/log/Cpbackup/backups/backup_fw.tgz

Answer: D

Gaia's Backup feature allows backing up the configuration of the Gaia OS and of the Security Management server database, or restoring a previously saved configuration. The configuration is saved to a .tgz file in the following directory:
Gaia OS Version Hardware
Local Directory R75.40 - R77.20
Check Point appliances
/var/log/CPbackup/backups/ Open Server
/var/CPbackup/backups/ R77.30
Check Point appliances
/var/log/CPbackup/backups/ Open Server


P.S. Easily pass 156-215.80 Exam with 485 Q&As 2passeasy Dumps & pdf Version, Welcome to Download the Newest 2passeasy 156-215.80 Dumps: (485 New Questions)