156-215.81.20 Check Point Certified Security Administrator R81 20 Updated Dumps Questions

Text Material Preview

156-215.81.20 Check Point Certified Security Administrator R81.20 exam dumps
questions are the best material for you to test all the related Check Point exam
topics. By using the 156-215.81.20 exam dumps questions and practicing your
skills, you can increase your confidence and chances of passing the
156-215.81.20 exam.
Features of Dumpsinfo’s products
Instant Download
Free Update in 3 Months
Money back guarantee
PDF and Software
24/7 Customer Support
Besides, Dumpsinfo also provides unlimited access. You can get all
Dumpsinfo files at lowest price.
Check Point Certified Security Administrator R81.20 156-215.81.20 exam
free dumps questions are available below for you to study. 
Full version: 156-215.81.20 Exam Dumps Questions
1.Under which file is the proxy arp configuration stored?
A. $FWDIR/state/proxy_arp.conf on the management server
B. $FWDIR/conf/local.arp on the management server
C. $FWDIR/state/_tmp/proxy.arp on the security gateway
D. $FWDIR/conf/local.arp on the gateway
Answer: D
Explanation:
The file that stores the proxy arp configuration is $FWDIR/conf/local.arp on the gateway3. The other
files are not related to proxy arp configuration.
Reference: How to configure Proxy ARP for Manual NAT on Security Gateway, [Check Point CCSA -
R81: Practice Test & Explanation]
 1 / 20
https://www.dumpsinfo.com/unlimited-access/
https://www.dumpsinfo.com/exam/156-215-81-20
2.One of major features in R80.x SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the
same Security Policy?
A. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
B. AdminA and AdminB are editing the same rule at the same time.
C. AdminB sees a pencil icon next the rule that AdminB is currently editing.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Answer: B
Explanation:
One of the major features in R80.x SmartConsole is concurrent administration, which allows multiple
administrators to work on the same Security Policy at the same time12. However, only one
administrator can edit a rule at a time. If AdminA and AdminB are editing the same rule at the same
time, it will cause a conflict and prevent them from saving their changes12. Therefore, the correct
answer is B. AdminA and AdminB are editing the same rule at the same time.
3.Which of the following situations would not require a new license to be generated and installed?
A. The Security Gateway is upgraded.
B. The existing license expires.
C. The license is upgraded.
D. The IP address of the Security Management or Security Gateway has changed.
Answer: A
Explanation:
Upgrading the Security Gateway does not require a new license to be generated and installed. The
license is tied to the IP address or hostname of the Security Gateway, not the software version.
However, if the IP address or hostname changes, the existing license expires, or the license is
upgraded, a new license must be generated and installed12
Reference: Check Point R81, Managing and Installing license via SmartUpdate
4.In order to see real-time and historical graph views of Security Gateway statistics in SmartView
Monitor, what feature needs to be enabled on the Security Gateway?
A. Logging & Monitoring
B. None - the data is available by default
C. Monitoring Blade
D. SNMP
Answer: C
Explanation:
In order to see real-time and historical graph views of Security Gateway statistics in SmartView
Monitor, the Monitoring Blade feature needs to be enabled on the Security Gateway. The Monitoring
Blade is a software blade that collects and displays network and security performance data from the
Security Gateway, such as traffic, throughput, connections, CPU usage, memory usage, etc. The
Monitoring Blade can be enabled or disabled on each Security Gateway from the SmartConsole.
Reference: [Monitoring Blade], [SmartView Monitor]
5.What is the main difference between Static NAT and Hide NAT?
A. Static NAT only allows incoming connections to protect your network.
B. Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections.
C. Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing
connections.
 2 / 20
https://www.dumpsinfo.com/
D. Hide NAT only allows incoming connections to protect your network.
Answer: B
Explanation:
The main difference between Static NAT and Hide NAT is that Static NAT allows incoming and
outgoing connections, while Hide NAT only allows outgoing connections4. Static NAT translates a
single IP address to another single IP address, while Hide NAT translates a group of IP addresses to
a single IP address. Static NAT is used to expose internal servers to external networks, while Hide
NAT is used to hide internal hosts from external networks.
Reference: Check Point R81 Firewall Administration Guide
6.When installing a dedicated R80 SmartEvent server, what is the recommended size of the root
partition?
A. Any size
B. Less than 20GB
C. More than 10GB and less than 20 GB
D. At least 20GB
Answer: D
Explanation:
The correct answer is D because the recommended size of the root partition for a dedicated R80
SmartEvent server is at least 20GB2. Any size, less than 20GB, or more than 10GB and less than
20GB are not sufficient for the SmartEvent server.
Reference: Check Point R80.40 Installation and Upgrade Guide
7.How many users can have read/write access in Gaia Operating System at one time?
A. One
B. Three
C. Two
D. Infinite
Answer: A
Explanation:
Only one user can have read/write access in Gaia Operating System at one time2. This is to prevent
conflicts and errors when multiple users try to modify the same configuration settings.
Reference: Check Point Gaia Administration Guide
8.Which command is used to add users to or from existing roles?
A. add rba user <User Name> roles <List>
B. add user <User Name>
C. add rba user <User Name>
D. add user <User Name> roles <List>
Answer: A
Explanation:
The command add rba user <User Name> roles <List> is used to add users to or from existing roles.
RBA stands for Role-Based Administration, which is a feature that allows administrators to assign
different permissions and access levels to users based on their roles2.
Reference: 2: Check Point R81 Security Management Administration Guide, page 20.
9.Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates
for what components?
 3 / 20
https://www.dumpsinfo.com/
A. The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE
engine.
B. Licensed Check Point products for the Gala operating system and the Gaia operating system itself.
C. The CPUSE engine and the Gaia operating system.
D. The Gaia operating system only.
Answer: B
Explanation:
Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for
licensed Check Point products for the Gaia operating system and the Gaia operating system itself.
CPUSE is an advanced tool that automates software updates and upgrades on Gaia platforms. It can
download and install packages such as hotfixes, Jumbo Hotfix Accumulators, minor versions, major
versions, and OS updates.
Reference: [CPUSE - Gaia Software Updates (including Gaia Software Updates Agent)], [Check Point
R81]
10.Can multiple administrators connect to a Security Management Server at the same time?
A. No, only one can be connected
B. Yes, all administrators can modify a network object at the same time
C. Yes, every administrator has their own username, and works in a session that is independent of
other administrators
D. Yes, but only one has the right to write
Answer: C
Explanation:
Multiple administrators can connect to a Security Management Server at the same time, and each
administrator has their own username and works in a session that is independent of other
administrators1. This allows concurrentadministration and prevents conflicts between different
administrators. The other options are incorrect. Only one administrator can be connected is false. All
administrators can modify a network object at the same time is false, as only one administrator can
lock and edit an object at a time. Only one has the right to write is false, as all administrators have
write permissions unless they are restricted by roles or permissions.
Reference: Security Management Server - Check Point Software
11.Which type of Check Point license is tied to the IP address of a specific Security Gateway and
cannot be transferred to a gateway that has a different IP address?
A. Formal
B. Central
C. Corporate
D. Local
Answer: D
Explanation:
Check Point licenses are divided into two types: central and local. Central licenses are managed by a
Security Management Server and can be attached to any Security Gateway managed by that server.
Local licenses are tied to the IP address of a specific Security Gateway and cannot be transferred to
a gateway that has a different IP address. Formal and corporate are not types of Check Point
licenses.
Reference: [Check Point R81 Licensing and Contract Administration Guide]
12.Which of the following is NOT an option to calculate the traffic direction?
A. Incoming
 4 / 20
https://www.dumpsinfo.com/
B. Internal
C. External
D. Outgoing
Answer: D
Explanation:
The options to calculate the traffic direction are Incoming, Internal, and External3. Outgoing is not an
option. Incoming traffic is traffic that enters the Security Gateway from an external network. Internal
traffic is traffic that originates and terminates in networks that are directly connected to the Security
Gateway. External traffic is traffic that originates or terminates in networks that are not directly
connected to the Security Gateway.
Reference: Check Point R81 Security Management Administration Guide
13.Fill in the blank: In Security Gateways R75 and above, SIC uses ______________ for encryption.
A. AES-128
B. AES-256
C. DES
D. 3DES
Answer: A
Explanation:
In Security Gateways R75 and above, SIC uses AES-128 for encryption. SIC stands for Secure
Internal Communication, which is a mechanism that establishes trust between Check Point
components, such as Security Gateways, Security Management Servers, Log Servers, etc. SIC uses
certificates to authenticate and encrypt the communication between the components. AES-128 is an
encryption algorithm that uses a 128-bit key to encrypt and decrypt data. The other options are
incorrect. AES-256 is an encryption algorithm that uses a 256-bit key, but it is not used by SIC. DES
and 3DES are older encryption algorithms that use 56-bit and 168-bit keys respectively, but they are
not used by SIC either.
Reference: [Secure Internal Communication (SIC) between Check Point components], AES -
Wikipedia, DES - Wikipedia, Triple DES - Wikipedia
14.Which command shows the installed licenses?
A. cplic print
B. print cplic
C. fwlic print
D. show licenses
Answer: A
Explanation:
The command that shows the installed licenses is cplic print. This command displays the license
information on a Check Point server or Security Gateway. It shows the license type, expiration date,
attached blades, etc. The other options are incorrect. print cplic is not a valid command. fwlic print is
not a valid command. show licenses is not a valid command.
Reference: [How to check license status on SecurePlatform / Gaia from CLI]
15.Check Point licenses come in two forms.
What are those forms?
A. Security Gateway and Security Management.
B. On-premise and Public Cloud
C. Central and Local.
D. Access Control and Threat Prevention.
 5 / 20
https://www.dumpsinfo.com/
Answer: C
Explanation:
This answer is correct because these are the two forms of Check Point licenses that are used to
activate the software blades on the Security Gateways and the Security Management Servers1. A
central license is a license that is attached to a Security Management Server and can be used to
manage multiple Security Gateways1. A local license is a license that is attached to a specific
Security Gateway and can only be used by that gateway1.
The other answers are not correct because they are either irrelevant or inaccurate options for Check
Point licenses forms. Security Gateway and Security Management are not license forms, but software
components that provide firewall, VPN, and other security features2. On-premise and Public Cloud
are not license forms, but deployment options for Check Point products3. Access Control and Threat
Prevention are not license forms, but software blades that provide different security functions.
Check Point License Guide
Check Point Software Blade Quick Licensing Guide
Check Point CloudGuard Network Security
[Check Point Software Blades]
16.In order for changes made to policy to be enforced by a Security Gateway, what action must an
administrator perform?
A. Publish changes
B. Save changes
C. Install policy
D. Install database
Answer: C
Explanation:
In order for changes made to policy to be enforced by a Security Gateway, an administrator must
perform Install Policy3. This action transfers the policy package from the Security Management
Server to the Security Gateway and activates it.
Reference: Check Point R81 Security Management Administration Guide
17.Which Security Blade needs to be enabled in order to sanitize and remove potentially malicious
content from files, before those files enter the network?
A. Threat Emulation
B. Anti-Malware
C. Anti-Virus
D. Threat Extraction
Answer: D
Explanation:
Threat Extraction is the Security Blade that needs to be enabled in order to sanitize and remove
potentially malicious content from files, before those files enter the network. It can strip out active
content, embedded objects, and other risky elements from documents and deliver a safe version of
the file to the user.
Reference: Remote Access VPN R81.20 Administration Guide, page 18.
18.How would you determine the software version from the CLI?
A. fw ver
B. fw stat
C. fw monitor
D. cpinfo
 6 / 20
https://www.dumpsinfo.com/
Answer: A
Explanation:
The command that can be used to determine the software version from the CLI is fw ver. This
command displays the version of the firewall module and the build number3. fw stat, fw monitor, and
cpinfo are not commands for software version identification.
Reference: Check Point R81 Command Line Interface Reference Guide, [156-315.81 Checkpoint
Exam Info and Free Practice Test - ExamTopics]
19.The default shell of the Gaia CLI is cli.sh.
How do you change from the cli.sh shell to the advanced shell to run Linux commands?
A. Execute the command 'enable' in the cli.sh shell
B. Execute the 'conf t' command in the cli.sh shell
C. Execute the command 'expert' in the cli.sh shell
D. Execute the 'exit' command in the cli.sh shell
Answer: C
Explanation:
The default shell of the Gaia CLI is cli.sh, which provides a limited set of commands for basic
configuration and troubleshooting. To change from the cli.sh shell to the advanced shell (also known
as expert mode) to run Linux commands, the administrator needs to execute the command ‘expert’
in the cli.sh shell
20.In SmartConsole, on which tab are Permissions and Administrators defined?
A. Manage and Settings
B. Logs and Monitor
C. Security Policies
D. Gateways and Servers
Answer: A
Explanation:
Permissions and Administrators are defined on the Manage and Settings tab in SmartConsole3. This
tab allows you to create and manage administrator accounts, roles, permissions, and authentication
methods for accessing SmartConsole and other Check Point management interfaces.
Reference: Check Point R81 Security Management Administration Guide
21.By default, which port does the WebUI listen on?
A. 8080
B. 80
C. 4434
D. 443
Answer: B
Explanation:
By default, the WebUI listens on port 80. The WebUI is a web-based interface that allows
administrators to configureand monitor Gaia OS settings and features from a web browser. The
WebUI uses the HTTP protocol to communicate with the Gaia machine, which by default uses port 80
as the standard port number. The other port numbers are not used by the WebUI by default, but they
can be changed by modifying the Gaia configuration file or using CLISH commands.
22.What is the order of NAT priorities?
A. IP pool NAT static NAT. hide NAT
 7 / 20
https://www.dumpsinfo.com/
B. Static NAT hide NAT, IP pool NAT
C. Static NAT, IP pool NAT hide NAT
D. Static NAT automatic NAT hide NAT
Answer: C
Explanation:
The order of NAT priorities is Static NAT, IP pool NAT, and hide NAT. Static NAT has the highest
priority because it is a one-to-one mapping of a private IP address to a public IP address. IP pool NAT
has the second highest priority because it is a one-to-many mapping of a private IP address to a pool
of public IP addresses. Hide NAT has the lowest priority because it is a many-to-one mapping of
multiple private IP addresses to a single public IP address1.
Reference: 1: Check Point R81 Security Gateway Administration Guide, page 23.
23.Fill in the blank: SmartConsole, SmartEvent GUI client, and ___________ allow viewing of billions
of
consolidated logs and shows them as prioritized security events.
A. SmartView Web Application
B. SmartTracker
C. SmartMonitor
D. SmartReporter
Answer: A
Explanation:
SmartConsole, SmartEvent GUI client, and SmartView Web Application allow viewing of billions of
consolidated logs and shows them as prioritized security events1. SmartView Web Application is a
web-based interface that provides access to SmartEvent reports and dashboards2.
Reference: Check Point R81 Security Management Administration Guide, Check Point R81
SmartEvent Administration Guide
24. Define Security Gateway to hide all internal networks behind the gateway’s external IP.
25.Security Zones do no work with what type of defined rule?
A. Application Control rule
B. Manual NAT rule
C. IPS bypass rule
D. Firewall rule
Answer: B
Explanation:
Security Zones are a feature of Application Control and Identity Awareness that allow you to define
groups of network objects based on their level of trust. Security Zones do not work with Manual NAT
rules, because Manual NAT rules are applied before the Application Control and Identity Awareness
policy is enforced1.
Reference: Check Point R81 Security Management Administration Guide
26.Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility.
Which statement is true?
A. Manual NAT can offer more flexibility than Automatic NAT.
B. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port
Address Translation.
C. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address
Translation (NAT) Overloading.
 8 / 20
https://www.dumpsinfo.com/
D. Automatic NAT can offer more flexibility than Manual NAT.
Answer: A
Explanation:
Manual NAT can offer more flexibility than Automatic NAT because it allows the administrator to
define the NAT rules in any order and position1. Automatic NAT creates the NAT rules automatically
and places them at the top or bottom of the NAT Rule Base2.
Reference: Check Point R81 Firewall Administration Guide, Check Point R81 Security Management
Administration Guide
27.Identity Awareness lets an administrator easily configure network access and auditing based on
three items Choose the correct statement.
A. Network location, the identity of a user and the active directory membership.
B. Network location, the identity of a user and the identity of a machine.
C. Network location, the telephone number of a user and the UID of a machine
D. Geographical location, the identity of a user and the identity of a machine
Answer: B
Explanation:
Identity Awareness is a software blade that lets an administrator easily configure network access and
auditing based on three items: network location, the identity of a user, and the identity of a machine.
These items are used to identify and authenticate users and machines, and to enforce identity-based
policies. Network location refers to the IP address or subnet of the source or destination of the traffic.
The identity of a user can be obtained from various sources, such as Active Directory, LDAP, or
Captive Portal. The identity of a machine can be verified by using Secure Domain Logon or Identity
Agent.
28.Name the file that is an electronically signed file used by Check Point to translate the features in
the license into a code?
A. Both License (.lic) and Contract (.xml) files
B. cp.macro
C. Contract file (.xml)
D. license File (.lie)
Answer: B
Explanation:
The file that is an electronically signed file used by Check Point to translate the features in the license
into a code is cp.macro. This file contains a list of macros that define the license features and their
values. It is located in the $FWDIR/conf directory on the Security Management Server or Security
Gateway.
Reference: [Check Point R81 Licensing Guide], [Check Point R80.40 Licensing Guide]
29.What is required for a certificate-based VPN tunnel between two gateways with separate
management systems?
A. Shared Secret Passwords
B. Unique Passwords
C. Shared User Certificates
D. Mutually Trusted Certificate Authorities
Answer: D
Explanation:
This answer is correct because for a certificate-based VPN tunnel, both gateways need to have a
certificate issued by a certificate authority (CA) that they trust1. A CA is a trusted entity that verifies
 9 / 20
https://www.dumpsinfo.com/
the identity of the gateways and signs their certificates2. The gateways can either use the same CA
or different CAs, as long as they trust each other’s CA3. This way, the gateways can authenticate
each other using their certificates and establish a secure VPN tunnel.
The other answers are not correct because they are either irrelevant or incompatible with certificate-
based VPN tunnel. Shared secret passwords and unique passwords are used for pre-shared key
(PSK) authentication, which is a different method than certificate authentication4. PSK authentication
is less secure and more vulnerable to brute force attacks than certificate authentication. Shared user
certificates are not used for gateway authentication, but for user authentication, which is a different
level of authentication than gateway authentication. User authentication is optional and can be used
in addition to gateway authentication to provide more granular access control.
Configure server settings for P2S VPN Gateway connections - certificate authentication VPN
certificates and how they work
Create Certificate Based Site to Site VPN between 2 Check Point Gateways HowTo Set Up
Certificate Based VPNs with Check Point Appliances
30.Fill in the blank: ____________ is the Gaia command that turns the server off.
A. sysdown
B. exit
C. halt
D. shut-down
Answer: C
Explanation:
halt is the Gaia command that turns the server off. This command shuts down the operating system
and powers off the machine. Other commands that can be used to shut down the server are
shutdown and poweroff.
Reference: [Gaia Administration Guide R80.40]
31.A SAM rule Is implemented to provide what function or benefit?
A. Allow security audits.
B. Handle traffic as defined in the policy.
C. Monitor sequence activity.
D. Block suspicious activity.
Answer: D
Explanation:
A SAM (Suspicious Activity Monitoring) rule is implemented to provide the function or benefit of
blocking suspicious activity. A SAM rule is a rule that defines an action to be taken by the firewall
when it detects a suspicious activity, such as an attack, a scan, or a policy violation. The action can
be blocking, dropping, rejecting, or logging the traffic that triggered the suspicious activity. A SAM rule
can be created manually or automatically by other security features, such as IPS, Anti-Bot, or
SmartEvent.
Reference: [SAMRules], [Suspicious Activity Rules]
32.Fill in the blanks: Default port numbers for an LDAP server is ______ for standard connections and
_______ SSL connections.
A. 675, 389
B. 389, 636
C. 636, 290
D. 290, 675
Answer: B
 10 / 20
https://www.dumpsinfo.com/
Explanation:
The default port numbers for an LDAP server are 389 for standard connections and 636 for SSL
connections. LDAP (Lightweight Directory Access Protocol) is a protocol that allows access to
directory services over TCP/IP. Therefore, the correct answer is B. 389, 636.
33.Which software blade enables Access Control policies to accept, drop, or limit web site access
based on user, group, and/or machine?
A. Application Control
B. Data Awareness
C. Identity Awareness
D. Threat Emulation
Answer: A
Explanation:
Application Control is the software blade that enables Access Control policies to accept, drop, or limit
web site access based on user, group, and/or machine. Application Control allows you to define
granular rules for applications, web sites, web categories, web content types, and users. You can also
use Application Control to monitor and block risky applications and web usage.
Reference: [Application Control Administration Guide R80.40]
34.A Check Point Software license consists of two components, the Software Blade and the Software
Container. There are ______ types of Software Containers: ________.
A. Two; Security Management and Endpoint Security
B. Two; Endpoint Security and Security Gateway
C. Three; Security Management, Security Gateway, and Endpoint Security
D. Three; Security Gateway, Endpoint Security, and Gateway Management
Answer: C
Explanation:
A Check Point Software license consists of two components, the Software Blade and the Software
Container. There are three types of Software Containers: Security Management, Security Gateway,
and Endpoint Security1. A Software Blade is a specific security function that can be enabled or
disabled on a Software Container. A Software Container is a platform that runs one or more Software
Blades. Security Management is a container that manages the security policy and configuration of
Security Gateways. Security Gateway is a container that enforces the security policy on network
traffic. Endpoint Security is a container that protects endpoints from threats and data loss.
Reference: Check Point Licensing and Contract Operations User Guide
35.Fill in the blank: When a policy package is installed, ________ are also distributed to the target
installation Security Gateways.
A. User and objects databases
B. Network databases
C. SmartConsole databases
D. User databases
Answer: A
Explanation:
When a policy package is installed, user and objects databases are also distributed to the target
installation Security Gateways14. The user and objects databases contain information about network
objects, users, groups, services, VPN domains, and more14. Therefore, the correct answer is
A. User and objects databases.
 11 / 20
https://www.dumpsinfo.com/
36.True or False: In R80, more than one administrator can login to the Security Management Server
with write permission at the same time.
A. False, this feature has to be enabled in the Global Properties.
B. True, every administrator works in a session that is independent of the other administrators.
C. True, every administrator works on a different database that is independent of the other
administrators.
D. False, only one administrator can login with write permission.
Answer: B
Explanation:
The answer is B because in R80 and above, more than one administrator can login to the Security
Management Server with write permission at the same time. Every administrator works in a session
that is independent of the other administrators. This is called concurrent administration and it allows
multiple administrators to work on the same policy package simultaneously34
Reference: Check Point R80.10 Concurrent Administration, Check Point R80.40 Security
Management Administration Guide
37.Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
A. All Connections (Clear or Encrypted)
B. Accept all encrypted traffic
C. Specific VPN Communities
D. All Site-to-Site VPN Communities
Answer: C
Explanation:
The option that allows traffic to VPN gateways in specific VPN communities is Specific VPN
Communities4. This option enables you to define which VPN communities are allowed in the rule. All
Connections (Clear or Encrypted) allows traffic to any destination, regardless of whether it is
encrypted or not. Accept all encrypted traffic allows traffic to any encrypted destination, regardless of
the VPN community. All Site-to-Site VPN Communities allows traffic to any site-to-site VPN gateway,
regardless of the VPN community4. Therefore, the correct answer is
C. Specific VPN Communities.
38.What Check Point technologies deny or permit network traffic?
A. Application Control, DLP
B. Packet Filtering, Stateful Inspection, Application Layer Firewall.
C. ACL, SandBlast, MPT
D. IPS, Mobile Threat Protection
Answer: B
Explanation:
Check Point technologies that deny or permit network traffic are packet filtering, stateful inspection,
and application layer firewall1, p. 15-16. Packet filtering is a basic firewall technique that examines
packets based on their source and destination addresses and ports2, p. 13. Stateful inspection is an
advanced firewall technique that tracks the state and context of network connections and inspects
packets based on their content and sequence2, p. 13. Application layer firewall is a firewall technique
that operates at the application layer of the OSI model and inspects packets based on their
application protocols and data2, p. 14.
Reference: Check Point CCSA - R81: Practice Test & Explanation, 156-315.81 Checkpoint Exam Info
and Free Practice Test
 12 / 20
https://www.dumpsinfo.com/
39.Gaia has two default user accounts that cannot be deleted.
What are those user accounts?
A. Admin and Default
B. Expert and Clish
C. Control and Monitor
D. Admin and Monitor
Answer: D
Explanation:
Gaia has two default user accounts that cannot be deleted. They are Admin and Monitor. Admin is the
user account that has full administrative privileges and can access both WebUI and CLI. Monitor is
the user account that has read-only privileges and can access only WebUI2. The other options are
not default user accounts in Gaia.
40.Fill in the blank: An identity server uses a______________to trust a Terminal Server Identity
Agent.
A. One-time password
B. Shared secret
C. Certificate
D. Token
Answer: B
41.The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
Answer: D
Explanation:
SmartView is the web application for real-time event monitoring in SmartEvent R80 and above. It
provides a unified view of security events across the network and allows for quick investigation and
response34.
Reference: SmartEvent R80.40 Administration Guide, SmartView
42.What are the two types of NAT supported by the Security Gateway?
A. Destination and Hide
B. Hide and Static
C. Static and Source
D. Source and Destination
Answer: B
Explanation:
The two types of NAT supported by the Security Gateway are hide NAT and static NAT. Hide NAT
translates many source IP addresses into one IP address, usually the external interface of the
gateway. Static NAT translates one source IP address into another IP address, usually a public IP
address34. The other options are not valid types of NAT.
Reference: Network Address Translation (NAT), Check Point CCSA - R81: Practice Test &
Explanation
 13 / 20
https://www.dumpsinfo.com/
43.When a SAM rule is required on Security Gateway to quickly block suspicious connections which
are not restricted by the Security Policy, what actions does the administrator need to take?
A. SmartView Monitorshould be opened and then the SAM rule/s can be applied immediately.
Installing policy is not required.
B. The policy type SAM must be added to the Policy Package and a new SAM rule must be applied.
Simply Publishing the changes applies the SAM rule on the firewall.
C. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the
command 'sam block' must be used with the right parameters.
D. The administrator should open the LOGS & MONITOR view and find the relevant log. Right
clicking on the log entry will show the Create New SAM rule option.
Answer: A
Explanation:
When a SAM rule is required on Security Gateway to quickly block suspicious connections which are
not restricted by the Security Policy, the administrator needs to take the following action: SmartView
Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not
required. SAM stands for Suspicious Activity Monitoring and is a feature that allows administrators to
block or limit connections from specific sources or destinations without modifying the security policy.
SAM rules can be created from SmartView Monitor or SmartEvent based on real-time network activity
or security events.
Reference: [Check Point R81 SmartView Monitor Administration Guide]
44. An Endpoint identity agent is a lightweight client installed on endpoint computers that
communicates with Identity Awareness gateways and provides reliable identity information. An
Endpoint identity agent does not use a shared secret, a token, or a certificate for user authentication.
Reference: Check Point CCSA - R81: Practice Test & Explanation, [Check Point Identity Awareness
Administration Guide R81]
45.Fill in the blank RADIUS protocol uses_____to communicate with the gateway
A. UDP
B. CCP
C. TDP
D. HTTP
Answer: A
Explanation:
RADIUS protocol uses UDP (User Datagram Protocol) to communicate with the gateway. UDP is a
connectionless protocol that does not require a handshake or acknowledgment before sending or
receiving data2.
Reference: 2: [Check Point R81 Identity Awareness Administration Guide], page 14.
46.Which software blade does NOT accompany the Threat Prevention policy?
A. IPS
B. Application Control and URL Filtering
C. Threat Emulation
D. Anti-virus
Answer: B
Explanation:
The Threat Prevention policy is a unified policy that manages three software blades: IPS, Anti-Virus,
 14 / 20
https://www.dumpsinfo.com/
and Threat Emulation7. The Threat Prevention policy enables you to configure settings and actions
for detecting and preventing various types of threats, such as malware, exploits, botnets,
etc. Application Control and URL Filtering are not part of the Threat Prevention policy, but they are
part of a separate policy that controls access to applications and websites based on categories,
users, groups, and machines
47.Which product correlates logs and detects security threats, providing a centralized display of
potential attack patterns from all network devices?
A. SmartDashboard
B. SmartEvent
C. SmartView Monitor
D. SmartUpdate
Answer: B
Explanation:
The product that correlates logs and detects security threats, providing a centralized display of
potential attack patterns from all network devices is SmartEvent. SmartEvent is a software blade that
analyzes logs from various sources such as Security Gateways, Endpoint Security Servers, Identity
Awareness Servers, etc. and generates security events based on predefined or custom rules.
SmartEvent provides a graphical interface for viewing and managing security events in real-time or
historical mode.
Reference: [Check Point R81 SmartEvent Administration Guide]
48.Which one of the following is a way that the objects can be manipulated using the new API
integration in R80 Management?
A. Microsoft Publisher
B. JSON
C. Microsoft Word
D. RC4 Encryption
Answer: B
Explanation:
The way that the objects can be manipulated using the new API integration in R80 Management is
JSON. JSON (JavaScript Object Notation) is a lightweight data-interchange format that is easy for
humans and machines to read and write. The R80 Management API uses JSON as the primary data
format for requests and responses. Therefore, the correct answer is B. JSON.
49.What is NOT an advantage of Stateful Inspection?
A. High Performance
B. Good Security
C. No Screening above Network layer
D. Transparency
Answer: C
Explanation:
The option that is NOT an advantage of Stateful Inspection is No Screening above Network layer.
Stateful Inspection is a firewall technology that inspects packets at all layers of the OSI model, from
layer 3 (Network) to layer 7 (Application). Stateful Inspection provides screening above Network layer,
such as checking TCP flags, sequence numbers, ports, and application protocols. The other options
are advantages of Stateful Inspection, as it provides high performance, good security, and
transparency for legitimate traffic.
Reference: Stateful Inspection Technology, Firewall Administration Guide
 15 / 20
https://www.dumpsinfo.com/
50.You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have
received a call by one of the management users stating that they are unable to browse the Internet
with their new tablet connected to the company Wireless. The Wireless system goes through the
Check Point Gateway.
How do you review the logs to see what the problem may be?
A. Open SmartLog and connect remotely to the IP of the wireless controller
B. Open SmartView Tracker and filter the logs for the IP address of the tablet
C. Open SmartView Tracker and check all the IP logs for the tablet
D. Open SmartLog and query for the IP address of the Manager’s tablet
Answer: D
Explanation:
SmartLog is a unified log viewer that provides fast and easy access to logs from all Check Point
components3. It allows the administrator to query for any log field, such as the IP address of the
tablet, and filter the results by time, severity, blade, action, and more4. SmartView Tracker is a legacy
tool that displays network activity logs from Security Gateways and other Check Point devices. It does
not support remote connection to the wireless controller or querying for specific IP addresses.
Reference: SmartLog, SmartLog Queries, [SmartView Tracker]
51.You are asked to check the status of several user-mode processes on the management server
and gateway.
Which of the following processes can only be seen on a Management Server?
A. fwd
B. fwm
C. cpd
D. cpwd
Answer: B
Explanation:
The fwm process is responsible for managing the communication between the SmartConsole and the
Security Management Server. It can only be seen on a Management Server12.
Reference: Check Point Processes and Daemons, Check Point CCSA - R81: Practice Test &
Explanation
52.With URL Filtering, what portion of the traffic is sent to the Check Point Online Web Service for
analysis?
A. The complete communication is sent for inspection.
B. The IP address of the source machine.
C. The end user credentials.
D. The host portion of the URL.
Answer: D
Explanation:
With URL Filtering, only the host portion of the URL is sent to the Check Point Online Web Service for
analysis. The host portion is the part of the URL that identifies the web server, such as
www.example.com. The Check Point Online Web Service uses this information to categorize the URL
and return the appropriate action to the Security Gateway3. The other options are not sent to the
Check Point Online Web Service for analysis, as they may contain sensitive or irrelevant data.
53.To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from
 16 / 20
https://www.dumpsinfo.com/
‘Medium’ to ‘High’ Predefined Sensitivity.
Which Policy should the administrator install after Publishing the changes?
A. The Access Control and Threat Prevention Policies.
B. The Access Control Policy.
C. The Access Control & HTTPS Inspection Policy.
D.The Threat Prevention Policy.
Answer: D
Explanation:
To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from
‘Medium’ to ‘High’ Predefined Sensitivity. The administrator should install the Threat Prevention
Policy after Publishing the changes3. The Threat Prevention Policy defines how the Security Gateway
inspects and protects against threats such as port scans, bot attacks, and zero-day exploits4.
Reference: Check Point R81 Firewall Administration Guide, Check Point R81 Threat Prevention
Administration Guide
54.If there are two administrators logged in at the same time to the SmartConsole, and there are
objects locked for editing, what must be done to make them available to other administrators?
Choose the BEST answer
A. Save and install the Policy
B. Delete older versions of database
C. Revert the session.
D. Publish or discard the session
Answer: D
Explanation:
If there are two administrators logged in at the same time to the SmartConsole, and there are objects
locked for editing, the administrator who locked the objects must publish or discard the session to
make them available to other administrators. Publishing or discarding the session will save or discard
the changes made by the administrator and unlock the objects for editing by others3.
Reference: 3: Check Point R81 Security Management Administration Guide, page 18.
55.Which one of these features is NOT associated with the Check Point URL Filtering and Application
Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security
policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories,
and risk levels.
Answer: A
Explanation:
The correct answer is A because detecting and blocking malware by correlating multiple detection
engines before users are affected is not a feature of the Check Point URL Filtering and Application
Control Blade3. This feature is part of the Check Point Anti-Virus and Anti-Bot Blades3. The other
options are features of the Check Point URL Filtering and Application Control Blade3.
Reference: Check Point R81 URL Filtering and Application Control Administration Guide
56.What is the most recommended installation method for Check Point appliances?
A. SmartUpdate installation
B. DVD media created with Check Point ISOMorphic
 17 / 20
https://www.dumpsinfo.com/
C. USB media created with Check Point ISOMorphic
D. Cloud based installation
Answer: C
Explanation:
USB media created with Check Point ISOMorphic is the most recommended installation method for
Check Point appliances, as it provides a fast and easy way to install the Gaia operating system and
the latest software version4. SmartUpdate installation requires an existing Gaia installation and does
not support fresh installations4. DVD media created with Check Point ISOMorphic is less convenient
than USB media, as it requires burning the image to a DVD and inserting it into the appliance4. Cloud
based installation is not applicable for Check Point appliances, as it is intended for cloud
environments such as AWS or Azure4.
Reference: INSTALLATION AND UPGRADE GUIDE R81.10, Chassis R81 Installation and Upgrade
Guide, Check Point R81.10
57.Stateful Inspection compiles and registers connections where?
A. Connection Cache
B. State Cache
C. State Table
D. Network Table
Answer: C
Explanation:
Stateful Inspection compiles and registers connections in the State Table. The State Table is a
database that stores information about active connections and sessions on the Security Gateway.
The other options are not valid names for the database that stores connection information.
Reference: 1: Policy Types 2: CPUSE 3: SIC: [Software Containers]: [Stateful Inspection]
58.When configuring Spoof Tracking, which tracking actions can an administrator select to be done
when spoofed packets are detected?
A. Log, send snmp trap, email
B. Drop packet, alert, none
C. Log, alert, none
D. Log, allow packets, email
Answer: C
Explanation:
The tracking actions that can be selected when configuring Spoof Tracking are Log, alert, none.
Spoof Tracking is a feature that detects packets with spoofed source IP addresses and logs them in
SmartView Tracker. The administrator can choose to log only, log and alert, or do nothing when
spoofed packets are detected. The other options are not valid tracking actions for Spoof Tracking, as
they are either not available or not relevant for this feature.
Reference: [Spoof Tracking], [Firewall Administration Guide]
59.Fill in the blank: Service blades must be attached to a ______________.
A. Security Gateway
B. Management container
C. Management server
D. Security Gateway container
Answer: A
Explanation:
Service blades must be attached to a Security Gateway. A Security Gateway is a device that enforces
 18 / 20
https://www.dumpsinfo.com/
security policies on traffic that passes through it. A service blade is a software module that provides a
specific security function, such as firewall, VPN, IPS, etc. A Security Gateway can have one or more
service blades attached to it, depending on the license and hardware capabilities. The other options
are incorrect. A management container is a virtualized environment that hosts a Security
Management Server or a Log Server. A management server is a device that manages security
policies and distributes them to Security Gateways. A Security Gateway container is not a valid term
in Check Point terminology.
Reference: [Check Point R81 Security Management Administration Guide], [Check Point R81
CloudGuard Administration Guide]
60.What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Answer: D
Explanation:
The command api status shows the API server status, including whether it is enabled or not, the port
number, and the API version1.
Reference: Check Point R81 API Reference Guide
61.Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitor
displays _____________ for the given VPN tunnel.
A. Down
B. No Response
C. Inactive
D. Failed
Answer: A
Explanation:
When tunnel test packets no longer invoke a response, SmartView Monitor displays Down for the
given VPN tunnel1. This means that the VPN tunnel is not operational and there is no IKE or IPsec
traffic passing through it. No Response, Inactive, and Failed are not valid statuses for VPN tunnels in
SmartView Monitor.
Reference: Smart View Monitor displays status for all S2S VPN tunnels - Phase1 UP
62.You have created a rule at the top of your Rule Base to permit Guest Wireless access to the
Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash
page to accept your Terms of Service, and cannot access the Internet.
How can you fix this?
A. Right click Accept in the rule, select “More”, and then check “Enable Identity Captive Portal”
B. On the firewall object, Legacy Authentication screen, check “Enable Identity Captive Portal”
C. In the Captive Portal screen of Global Properties, check “Enable Identity Captive Portal”
 19 / 20
https://www.dumpsinfo.com/
D. On the Security Management Server object, check the box “Identity Logging”
Answer: A
Explanation:
Identity Captive Portal is a Check Point Identity Awareness web portal, to which users connect with
their web browser to log in and authenticate, when using Browser-Based Authentication2. To enable
Identity Captive Portal for a specific rule, you need to right click Accept in the rule, select “More”, and
then check “Enable Identity Captive Portal”3.
Reference: Identity Awareness Administration Guide R80, Identity awareness with captive portal in
Checkpoint R80
Powered by TCPDF (www.tcpdf.org)20 / 20
https://www.dumpsinfo.com/
http://www.tcpdf.org