Pass the Checkpoint Check Point Certified Security Administrator R81.20 CCSA (156-215.81.20) 156-215.81 Questions and answers with ValidTests

A reason for manual creation of a NAT rule is when the public IP-address is different from the gateway’s external IP. This can happen when the gateway is behind another NAT device or firewall3 . References: Check Point R81 Security Gateway Administration Guide, Check Point CCSA - R81: Practice Test & Explanation

The Advanced Networking Blade is NOT subscription-based and therefore does not have to be renewed on a regular basis1011. The Advanced Networking Blade provides advanced routing capabilities such as BGP, OSPF, VRRP, and multicast routing10. The other blades are subscription-based and require annual renewal to receive updates and support from Check Point1012.

References: Check Point License Guide, IPS Software Blade contracts, Product Catalog

The command that shows the installed licenses in Expert mode is cplic print. This command displays information about the licenses that are installed on the local machine or a remote machine1. The other commands are not valid for showing licenses in Expert mode. 

This answer is correct because a standalone deployment is a valid option for installing a Check Point Security Gateway and a Security Management Server on the same machine1. This option is suitable for small or medium-sized networks that do not require high availability or load balancing1.

The other answers are not correct because they are either invalid or irrelevant options for deployment. CloudSec deployment is not a valid option, but it might be confused with CloudGuard, which is a Check Point solution for securing cloud environments2. Disliked deployment is not a valid option, but it might be a typo for Distributed deployment, which is a valid option for installing a Check Point Security Gateway and a Security Management Server on separate machines1. Router only deployment is not a valid option, but it might be confused with Router mode, which is a configuration option for a Check Point Security Gateway that enables it to act as a router and forward packets between interfaces3.

Gaia R81.20 Administration Guide

CloudGuard Network Security

Configuring Router Mode in Gaia Clish

The Threat Prevention policy is a unified policy that manages three software blades: IPS, Anti-Virus, and Threat Emulation7. The Threat Prevention policy enables you to configure settings and actions for detecting and preventing various types of threats, such as malware, exploits, botnets, etc. Application Control and URL Filtering are not part of the Threat Prevention policy, but they are part of a separate policy that controls access to applications and websites based on categories, users, groups, and machines

 A one-time password is used to initially create trust between a Gateway and Security Management Server. The administrator generates a one-time password from SmartConsole and enters it on the gateway command line interface using the cpconfig command. This establishes a Secure Internal Communication (SIC) between the gateway and the server . The other options are not used for this purpose. References: [Configuring Secure Internal Communication (SIC)], [Check Point CCSA - R81: Practice Test & Explanation]

When LDAP is integrated with Check Point Security Management, it is then referred to as User Directory. User Directory is a feature that allows administrators to manage users and user groups from an external LDAP server, such as Active Directory2.

References: 2: Check Point R81 Identity Awareness Administration Guide, page 9.

 src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop is the correct log query to show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1. The AND operator means that all conditions must be true for the query to match. The OR operator means that any condition can be true for the query to match3. The other queries will either show packets that are not dropped or packets that have different source or destination addresses.

 ThreatWiki is a web-based tool that provides statistics on detected threats, such as attack types, sources, destinations, and severity. It also allows the administrator to search for specific threats and view their details and mitigation methods. The other options are not tools for viewing statistics on detected threats. References: [ThreatWiki], [ThreatWiki - Threat Emulation]

 Captive Portal is a feature of Identity Awareness that allows you to authenticate users through a web browser before they access the Internet or corporate resources. Captive Portal can be used for various authentication methods, such as user name and password, one-time password (OTP), or certificate3. Captive Portal does not manage user permission in SmartConsole, provide remote access to SmartConsole, or authenticate users to the Gaia OS. Those are different functions that are not related to Captive Portal. References: Check Point R81 Identity Awareness Administration Guide