Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-215.80

Checkpoint 156-215.80 Exam Questions
Check Point Certified Security Administrator (CCSA R80) (Page 19 )

Updated On: 21-Feb-2026
Page 19 of 108
PDF with 536 Questions

The R80 feature ____________ permits blocking specific IP addresses for a specified time period.

  1. Block Port Overflow
  2. Local Interface Spoofing
  3. Suspicious Activity Monitoring
  4. Adaptive Threat Prevention

Answer(s): C

Explanation:

Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access). The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation


Reference:

https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewMonitor_AdminGuide/17670.htm



Which Threat Prevention Software Blade provides comprehensive against malicious and unwanted network traffic, focusing on application and server vulnerabilities?

  1. Anti-Virus
  2. IPS
  3. Anti-Spam
  4. Anti-bot

Answer(s): B

Explanation:

The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:
1.Malware attacks
2.Dos and DDoS attacks
3.Application and server vulnerabilities
4.Insider threats
5.Unwanted application traffic, including IM and P2P


Reference:

https://www.checkpoint.com/products/ips-software-blade/



What is the purpose of Captive Portal?

  1. It provides remote access to SmartConsole
  2. It manages user permission in SmartConsole
  3. It authenticates users, allowing them access to the Internet and corporate resources
  4. It authenticates users, allowing them access to the Gaia OS

Answer(s): C

Explanation:

Captive Portal – a simple method that authenticates users through a web interface before granting them access to Intranet resources. When users try to access a protected resource, they get a web page that must be filled out to continue.


Reference:

https://www.checkpoint.com/products/identity-awareness-software-blade/



While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?

  1. Security Gateways is not part of the Domain
  2. SmartConsole machine is not part of the domain
  3. Security Management Server is not part of the domain
  4. Identity Awareness is not enabled on Global properties

Answer(s): B

Explanation:

To enable Identity Awareness:
1. Log in to SmartDashboard.
2. From the Network Objects tree, expand the Check Point branch.
3. Double-click the Security Gateway on which to enable Identity Awareness.
4. In the Software Blades section, select Identity Awareness on the Network Security tab. The Identity Awareness Configuration wizard opens.
5. Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
1.AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers.
2.Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.
3.Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address). See Choosing Identity Sources.
Note - When you enable Browser-Based Authentication on a Security Gateway that is on an IP Series appliance, make sure to set the Voyager management application port to a port other than 443 or 80.
6. Click Next.
The Integration With Active Directory window opens.
When SmartDashboard is part of the domain, SmartDashboard suggests this domain automatically. If you select this domain, the system creates an LDAP Account Unit with all of the domain controllers in the organization's Active Directory.


Reference:

https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm



View the rule below. What does the lock-symbol in the left column mean?

  1. The current administrator has read-only permissions to Threat Prevention Policy.
  2. Another user has locked the rule for editing.
  3. Configuration lock is present. Click the lock symbol to gain read-write access.
  4. The current administrator is logged in as read-only because someone else is editing the policy.

Answer(s): B

Explanation:

Administrator Collaboration
More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that is independent of the other administrators. When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited.
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.


Reference:

https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265






Post your Comments and Discuss Checkpoint 156-215.80 exam dumps with other Community members:

Join the 156-215.80 Discussion