1. Home
  2. CheckPoint
  3. 156-215.75

Check Point Certified Security Administrator

Exam Details

  • Exam Code
    :156-215.75
  • Exam Name
    :Check Point Certified Security Administrator
  • Certification
    :CCSA
  • Vendor
    :CheckPoint
  • Total Questions
    :543 Q&As
  • Last Updated
    :Jun 02, 2025

CheckPoint CCSA 156-215.75 Questions & Answers

  • Question 161:

    What happens in relation to the CRL cache after a cpstop and cpstart have been initiated?

    A. The Gateway retrieves a new CRL on startup, and discards the old CRL as invalid.

    B. The Gateway continues to use the old CRL, as long as it is valid.

    C. The Gateway continuous to use the old CRL even if it is not valid, until a new CRL is cashed.

    D. The Gateway issues a crl_zap on startup, which empties the cache and forces certificate retrieval.

  • Question 162:

    Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration?

    A. This cannot be done without downtime as a VPN between a traditional mode Gateway and a simplified mode Gateway does not work.

    B. You first need to completely rewrite all policies in simplified mode and then push this new policy to all Gateways at the same time.

    C. This can not be done as it requires a SIC- reset on the Gateways first forcing an outage.

    D. Convert the required Gateway policies using the simplified VPN wizard, check their logic and then migrate Gateway per Gateway.

  • Question 163:

    Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

    A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.

    B. All is fine and can be used as is.

    C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

    D. The 2 algorithms do not have the same key length and so don't work together. You will get the error ".... No proposal chosen...."

  • Question 164:

    Which of these attributes would be critical for a site-to-site VPN?

    A. Strong authentication

    B. Centralized management

    C. Strong data encryption

    D. Scalability to accommodate user groups

  • Question 165:

    Which of the following is NOT true for Clientless VPN?

    A. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN

    B. Secure communication is provided between clients and servers that support HTTP

    C. User Authentication is supported

    D. The Gateway can enforce the use of strong encryption

  • Question 166:

    You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

    A. Manually import your partner's Certificate Revocation List.

    B. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA).

    C. Create a new logical-server object to represent your partner's CA

    D. Manually import your partner's Control List.

  • Question 167:

    Which statement defines Public Key Infrastructure? Security is provided:

    A. By authentication

    B. By Certificate Authorities, digital certificates, and two-way symmetric- key encryption

    C. By Certificate Authorities, digital certificates, and public key encryption.

    D. Via both private and public keys, without the use of digital Certificates.

  • Question 168:

    Review the following list of actions that Security Gateway R75 can take when it controls packets. The Policy Package has been configured for Simplified Mode VPN. Select the response below that includes the available actions:

    A. Accept, Drop, Encrypt, Session Auth

    B. Accept, Reject, Encrypt, Drop

    C. Accept, Drop, Reject, Client Auth

    D. Accept, Hold, Reject, Proxy

  • Question 169:

    Your organization maintains several IKE VPNs. Executives in your organization want to know which mechanism Security Gateway R75 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?

    A. Key-exchange protocols

    B. Digital signatures

    C. Certificate Revocation Lists

    D. Application Intelligence

  • Question 170:

    Which of the following provides confidentiality services for data and messages in a Check Point VPN?

    A. Cryptographic checksums

    B. Digital signatures

    C. Asymmetric Encryption

    D. Symmetric Encryption

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.75 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.