1. Home
  2. CheckPoint
  3. 156-215.81.20

CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

156-215.81.20 Exam Details

  • Exam Code
    :156-215.81.20
  • Exam Name
    :Check Point Certified Security Administrator - R81.20 (CCSA)
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :677 Q&As
  • Last Updated
    :May 26, 2026

CheckPoint 156-215.81.20 Online Questions & Answers

  • Question 121:

    Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

    A. SmartView Monitor
    B. SmartEvent
    C. SmartUpdate
    D. SmartDashboard

  • Question 122:

    What type of NAT is a one-to-one relationship where each host is translated to a unique address?

    A. Source
    B. Destination
    C. Hide
    D. Static

  • Question 123:

    In SmartConsole, on which tab are Permissions and Administrators defined?

    A. MANAGE and SETTINGS
    B. SECURITY POLICIES
    C. GATEWAYS and SERVERS
    D. LOGS and MONITOR

  • Question 124:

    How many layers make up the TCP/IP model?

    A. 2
    B. 7
    C. 6
    D. 4

  • Question 125:

    You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.

    A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };
    B. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to ‘User defined’ and put in the local network.
    C. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };
    D. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies / Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column.

  • Question 126:

    Where can administrator edit a list of trusted SmartConsole clients in R80?

    A. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.
    B. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
    C. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients.
    D. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients, via cpconfig on a Security Gateway.

  • Question 127:

    Fill in the blanks: The Application Layer Firewalls inspect traffic through the ________ layer(s) of the TCP/IP model and up to and including the ________ layer.

    A. Lower; Application
    B. First two; Internet
    C. First two; Transport
    D. Upper; Application

  • Question 128:

    Which of the following is NOT a component of a Distinguished Name?

    A. Organization Unit
    B. Country
    C. Common name
    D. User container

  • Question 129:

    Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?

    A. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
    B. She needs to run sysconfig and restart the SSH process.
    C. She needs to edit /etc/scpusers and add the Standard Mode account.
    D. She needs to run cpconfig to enable the ability to SCP files.

  • Question 130:

    On the following graphic, you will find layers of policies.

    What is a precedence of traffic inspection for the defined polices?

    A. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if implicit Drop Rule drops the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer.
    B. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer
    C. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to Threat Prevention layer and then after accepting the packet it passes to IPS layer.
    D. A packet arrives at the gateway, it is checked against the rules in IPS policy layer and then it comes next to the Network policy layer and then after accepting the packet it passes to Threat Prevention layer.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81.20 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.