1. Home
  2. CheckPoint
  3. 156-215.75

Check Point Certified Security Administrator

Exam Details

  • Exam Code
    :156-215.75
  • Exam Name
    :Check Point Certified Security Administrator
  • Certification
    :CCSA
  • Vendor
    :CheckPoint
  • Total Questions
    :543 Q&As
  • Last Updated
    :Jun 02, 2025

CheckPoint CCSA 156-215.75 Questions & Answers

  • Question 391:

    After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?

    A. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.

    B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External

    C. The Global Properties setting Translate destination on client side is checked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Uncheck the Global Properties setting Translate destination on client side

    D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.

  • Question 392:

    NAT can NOT be configured on which of the following objects?

    A. Address Range

    B. HTTP Logical Server

    C. Host

    D. Gateway

  • Question 393:

    NAT can be implemented on which of the following lists of objects?

    A. Host, Network

    B. Host, User

    C. Domain, Network

    D. Network, Dynamic Object

  • Question 394:

    Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

    A. Static Destination Address Translation

    B. Port Address Translation

    C. Dynamic Source Address Translation

    D. Hide Address Translation

  • Question 395:

    You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

    A. Place a static host route on the firewall for the valid IP address to the internal Web server.

    B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

    C. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.

    D. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

  • Question 396:

    Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?

    A. Static Destination

    B. Hide

    C. Dynamic Destination

    D. Static Source

  • Question 397:

    Which of the following statements BEST describes Check Point's Hide Network Address Translation method?

    A. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

    B. Translates many destination IP addresses into one destination IP address

    C. Translates many source IP addresses into one source IP address

    D. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

  • Question 398:

    You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?

    A. Only one, outbound

    B. Two, one for outbound, one for inbound

    C. Only one, inbound

    D. Two, both outbound, one for the real IP connection and one for the NAT IP connection

  • Question 399:

    Because of a pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?

    A. Allow bi-directional NAT is not checked in Global Properties.

    B. Manual NAT rules are not configured correctly.

    C. Translate destination on client side is not checked in Global Properties under manual NAT rules.

    D. Routing is not configured correctly.

  • Question 400:

    Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:

    RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.

    200.200.5.

    The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you

    enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

    A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add and ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

    C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

    D. Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create a manual NAT rule like the following Original source group object; Destination any Service any, Translated source 200.200.200.5; Destination original, Service original.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.75 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.