Curious about Actual CheckPoint CCSA (156-215.81) Exam Questions?

Here are sample CheckPoint Check Point Certified Security Administrator R81.20 (156-215.81) Exam questions from real exam. You can get more CheckPoint CCSA (156-215.81) Exam premium practice questions at TestInsights.

Page: 1 /
Total 401 questions

Want more questions? Get Premium Access.

Question 1

Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?

AActive Directory Query

BUser Directory Query

CAccount Unit Query

DUserCheck

Correct : A

Active Directory Query is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers. Active Directory Query enables the Security Gateway to query the Active Directory Domain Controllers for user and computer information, such as IP addresses, group memberships, and login events.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AActive Directory Query

BUser Directory Query

CAccount Unit Query

DUserCheck

0 / 1500

Question 2

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

ARoute-based--- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTls. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

BDomain-based--- VPN domains are pre-defined for all VPN Gateways.
A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

CDomain-based--- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive
VPN traffic through a VPN Gateway.

DDomain-based--- VPN domains are pre-defined for all VPN Gateways.
When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another
VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

Correct : B

Domain-based--- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

This statement isnot truebecause a VPN domain isnota service or user, but ahost or networkthat can send or receive VPN traffic through a VPN Gateway1.This is the definition given in the Site to Site VPN R81 Administration Guide1.The other statements are true according to the same guide1.

Remote Access VPN R81.20 Administration Guide

Site to Site VPN R81 Administration Guide

DeepDive Webinar - R81.20 Seamless VPN Connection to Public Cloud

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

BDomain-based--- VPN domains are pre-defined for all VPN Gateways.
A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

CDomain-based--- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive
VPN traffic through a VPN Gateway.

0 / 1500

Question 3

You had setup the VPN Community NPN-Stores' with 3 gateways. There are some issues with one remote gateway(l .1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways.

Aaction:''Key Install' AND 1.1.1.1 AND Quick Mode

BBlade:''VPN''AND VPN-Stores AND Main Mode

Caction:''Key Install'' AND 1.1.1.1 AND Main Mode

DBlade:''VPN''AND VPN-Stores AND Quick Mode

Correct : A

This log filter will show only the logs that have the action of ''Key Install'', which means that the Security Gateway installed a new encryption key for the VPN tunnel1. It will also show only the logs that have the IP address of 1.1.1.1, which is the remote gateway that has some issues.Finally, it will show only the logs that have the Quick Mode, which is the IKE Phase 2 negotiation that establishes the agreed networks for both gateways2.

The other log filters are not correct because they either include the Main Mode, which is the IKE Phase 1 negotiation that establishes the secure channel between the gateways2, or they do not specify the IP address of the remote gateway.

Logging and Monitoring R81.20 Administration Guide

Remote Access VPN R81.20 Administration Guide

Remote Access VPN R81 Administration Guide