Exam Details
Exam Code
:156-215.75Exam Name
:Check Point Certified Security AdministratorCertification
:CCSAVendor
:CheckPointTotal Questions
:543 Q&AsLast Updated
:Jun 02, 2025
CheckPoint CCSA 156-215.75 Questions & Answers
-
Question 321:
You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
B. No, it is not possible to have more one NAT rule matching a connection. When the firewall receives a packet belonging to a concentration, it compares it against the first rule in the Rule Base, then the second rule, and so on When it finds a rule that matches, it stops checking and applies that rule.
C. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT)
D. Yes, there are always as many active NAT rules as there are connections.
-
Question 322:
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
"web_public_IP" is the node object that represents the public IP address of the new Web server. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error "page cannot be displayed". Which of the following is NOT a possible reason?
A. There is no NAT rule translating the source IP address of packets coming from the protected Web server.
B. There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.
C. There is no ARP table entry for the public IP address of the protected Web server.
D. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
-
Question 323:
What CANNOT be configured for existing connections during a policy install?
A. Keep all connections
B. Keep data connections
C. Reset all connections
D. Re-match connections
-
Question 324:
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
"web_public_IP" is the node object that represents the new Web server's public IP address.
"web_private_IP" is the node object that represents the new Web site's private IP address. You enable all
settings from Global Properties > NAT.
When you try to browse the Web server from the Internet, you see the error "page cannot be displayed".
Which statements are possible reasons for this?
i). There is no route defined on the Security Gateway for the public IP address to the Web server's private
IP address.
ii) There is no Security Policy defined that allows HTTP traffic to the protected Web server. iii) There is an
ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration
are enabled in Global Properties. The Security Gateway ignores manual ARP entries.
iv) There is no ARP table entry for the protected Web server's public IP address.
A. (i), (ii), (iv)
B. (iii)
C. (i), (ii)
D. (i), (ii), (iii), (iv)
-
Question 325:
To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?
A. In SmartDashboard menu, select Search / Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. "HTTP_SSH") and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND.
B. This cannot be configured since two selections (Service, Action) are not possible.
C. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the cpinfo file of the Security Management Server.
D. In SmartDashboard, right-click in the column field Service and select Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here.
-
Question 326:
You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:
A. Last policy that was installed
B. Default filter
C. Standard policy
D. Initial policy
-
Question 327:
Nancy has lost SIC communication with her Security Gateway and she needs to re-establish SIC. What
would be the correct order of steps needed to perform this task?
1) Create a new activation key on the Security Gateway, then exit cpconfig.
2) Click the Communication tab on the Security Gateway object, and then click Reset.
3) Run the cpconfig tool, and then select Secure Internal Communication to reset.
4) Input the new activation key in the Security Gateway object, and then click initialize
5) Run the cpconfig tool, then select source Internal Communication to reset.
A. 5, 4, 1, 2
B. 2, 3, 1, 4
C. 2, 5, 1, 4
D. 3, 1, 4, 2
-
Question 328:
Security Administrator, Anna has done the following:
What will happen when she recreates the firewall object?
A. Creating the object will result in a duplicate IP address warning.
B. Get interfaces will show all interfaces.
C. Establishing the SIC will fail.
D. Get interfaces will still show only the old interfaces but not the newly added ones.
-
Question 329:
The SIC certificate is stored in the________ directory.
A. $FUIDIR/conf
B. $CPDIR/conf
C. $FWDIR/database
D. $CPDIR/registry
-
Question 330:
When configuring the network interfaces of a Check Point Gateway, the direction can be defined as Internal or External. What is the meaning of Interface leads to DMZ?
A. It defines the DMZ Interface since this information is necessary for Content Control.
B. Using restricted Gateways, this option automatically turns off the counting of IP Addresses originating from this interface
C. When selecting this option. Ann-Spoofing is configured automatically to this net.
D. Activating this option automatically turns this interface to External
Related Exams:
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.75 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.