Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Checkpoint
  5. 156-215.82

Checkpoint 156-215.82 Exam Questions
Check Point Certified Security Administrator R82 (Page 6 )

Updated On: 18-Mar-2026
Page 6 of 37
PDF with 180 Questions

With Autonomous Threat-Prevention, you can choose a profile that best fits your needs.

What are the available options?

  1. Perimeter, Cloud North-West, East-West, Lateral Movement, External Network.
  2. Perimeter, Cloud/Data Center, Internal Network, Guest Network
  3. Perimeter, Cloud/Data Center, East-West-Traffic, Guest Network
  4. Perimeter, Fully Overlapping Encryption Domain, Partially Overlapping Encryption Domain, Proper Subset.

Answer(s): B

Explanation:

Autonomous Threat Prevention profiles are designed to match common deployment scenarios, allowing administrators to select profiles for Perimeter, Cloud/Data Center, Internal Network, and Guest Network environments to automatically apply appropriate threat prevention behavior.



What is a recommended best practice after deploying Autonomous Threat Prevention?

  1. Regularly monitor logs and reports for unusual activity
  2. Use the same profile for all network segments
  3. Disable logging to improve performance
  4. Avoid customizing any profiles

Answer(s): A

Explanation:

After deploying Autonomous Threat Prevention, regularly monitoring logs and reports helps validate that protections are working as intended and allows early detection of unusual or malicious activity.



There are 2 ordered layers in a policy with 20 rules each. A connection matches rule number 5 in the first layer and the action for that rule is Drop.

What will the firewall do now?

  1. Both layers are checked simultaneously and the strictest action is taken, hence the Firewall will wait for the matching results of the second layer before taking an action
  2. The Firewall will check if any rules in the second layer match with the connection and take action accordingly
  3. The Firewall will drop the connection and stop further inspection for it
  4. The Firewall will check if there is an Inline Layer attached to the rule 5 and will continue inspection if found

Answer(s): C

Explanation:

When a connection matches a rule with a Drop action in an ordered layer, the firewall immediately drops the connection and stops further inspection without evaluating additional layers.



Choose what best describes how Outbound HTTPS Inspection works.

  1. The user's browser and the web server perform the HTTPS negotiation, which is monitored by the Security Gateway to collect the encryption keys. Once the encrypted communication between the user and the web server begins, the Security Gateway intercepts and decrypts it with the acquired encryption key.
  2. The Security Gateway impersonates the requested Web Site and completes the HTTPS negotiation. A separate HTTPS-encrypted connection is automatically created between Security Gateway and the web server.
  3. The user must insert a static encryption key provided by the filewall, into their browser. All HTTPS communication by the user's browser is always encrypted with this key. As the key is provided by the Security Gateway, it can decrypt the communication between the user and the web server
  4. When HTTPS Inspection is enabled on the Security Gateway, a JavaScript payload is sent to the user's browser when a request to connect to HTTPS websites is made. The JavaScript code inserts a Browser Helper Module (BHO) that helps detects and shares the encryption key with the Security Gateway.

Answer(s): B

Explanation:

Outbound HTTPS Inspection works by the Security Gateway acting as a man-in-the-middle, impersonating the requested website to the client while establishing a separate HTTPS-encrypted connection to the actual web server, allowing the gateway to decrypt, inspect, and re-encrypt the traffic.



In HTTPS Inspection, what is the role of Categorization Mode?

  1. It disables inspection for trusted sites
  2. It decrypts all HTTPS traffic by default
  3. It blocks all encrypted traffic
  4. It categorizes traffic based on domain and certificate without decryption

Answer(s): D

Explanation:

Categorization Mode allows the Security Gateway to identify and categorize HTTPS traffic using domain and certificate information without decrypting the traffic, enabling policy decisions while preserving encryption.



Viewing page 6 of 37
Viewing questions 26 - 30 out of 180 questions



Post your Comments and Discuss Checkpoint 156-215.82 exam dumps with other Community members:

156-215.82 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!