1. Home
  2. CheckPoint
  3. 156-215.75

Check Point Certified Security Administrator

Exam Details

  • Exam Code
    :156-215.75
  • Exam Name
    :Check Point Certified Security Administrator
  • Certification
    :CCSA
  • Vendor
    :CheckPoint
  • Total Questions
    :543 Q&As
  • Last Updated
    :Jun 02, 2025

CheckPoint CCSA 156-215.75 Questions & Answers

  • Question 151:

    Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard?

    A. Mesh

    B. Star

    C. Routed

    D. Remote Access

  • Question 152:

    When a user selects to allow Hot-spot, SecureClient modifies the Desktop Security Policy and/or Hub Mode routing to enable Hot-spot registration. Which of the following is NOT true concerning this modification?

    A. IP addresses accessed during registration are recorded.

    B. Ports accessed during registration are recorded.

    C. The number of IP addresses accessed is unrestricted.

    D. The modification is restricted by time.

  • Question 153:

    For VPN routing to succeed, what must be configured?

    A. VPN routing is not configured in the Rule Base or Community objects. Only the native- routing mechanism on each Gateway can direct the traffic via its VTI configured interfaces.

    B. No rules need to be created; implied rules that cover inbound and outbound traffic on the central (HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections.

    C. At least two rules in the Rule Base must be created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway.

    D. A single rule in the Rule Base must cover all traffic on the central (HUB) Security Gateway for the VPN domain.

  • Question 154:

    Which of the following is TRUE concerning control connections between the Security Management Server and the Gateway in a VPN Community? Control Connections are:

    A. encrypted using SIC and re-encrypted again by the Community regardless of VPN domain configuration.

    B. encrypted by the Community.

    C. not encrypted, only authenticated.

    D. encrypted using SIC.

  • Question 155:

    How many times is the firewall kernel invoked for a packet to be passed through a VPN connection?

    A. Three times

    B. Twice

    C. Once

    D. None The IPSO kernel handles it

  • Question 156:

    You have traveling salesmen connecting to your VPN community from all over the world. Which technology would you choose?

    A. SSL VPN: It has more secure and robust encryption schemes than IPsec.

    B. IPseC. It allows complex setups that match any network situation available to the client, i.e. connection from a private customer network or various hotel networks.

    C. SSL VPN: It only requires HTTPS connections between client and server. These are most likely open from all networks, unlike IPsec, which uses protocols and ports which are blocked by many sites.

    D. IPseC. It offers encryption, authentication, replay protection and all algorithms that are state of the art (AES) or that perform very well. It is native to many client operating systems, so setup can easily be scripted.

  • Question 157:

    You wish to configure a VPN and you want to encrypt not just the data packet, but the original header. Which encryption scheme would you select?

    A. Both encrypt the data and header

    B. Tunneling-mode encryption

    C. In-place encryption

  • Question 158:

    You wish to view the current state of the customer's VPN tunnels, including those that are down and destroyed. Which SmartConsole application will provide you with this information?

    A. SmartView Monitor

    B. SmartView Status

    C. SmartView Tracker

    D. SmartUpdate

  • Question 159:

    Why are certificates preferred over pre-shared keys in an IPsec VPN?

    A. Weak scalability: PSKs need to be set on each and every Gateway

    B. Weak performance: PSK takes more time to encrypt than Drffie-Hellman

    C. Weak security: PSKs can only have 112 bit length.

    D. Weak Security: PSK are static and can be brute-forced.

  • Question 160:

    Multi-Corp must comply with industry regulations in implementing VPN solutions among multiple sites. The

    corporate Information Assurance policy defines the following requirements:

    What is the most appropriate setting to comply with these requirements?

    Portability Standard Key management Automatic, external PKI Session keys changed at configured times during a connection's lifetime Key length No less than 128-bit Data integrity Secure against inversion and brute-force attacks What is the most appropriate setting to comply with theses requirements?

    A. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for phase 2, AES hash

    B. IKE VPNs: DES encryption for IKE phase 1, and 3DES encryption for phase 2, MD 5 hash

    C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA 1 encryption for phase 2, DES hash

    D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.75 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.