1. Home
  2. CheckPoint
  3. 156-215.81.20

CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

156-215.81.20 Exam Details

  • Exam Code
    :156-215.81.20
  • Exam Name
    :Check Point Certified Security Administrator - R81.20 (CCSA)
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :677 Q&As
  • Last Updated
    :May 26, 2026

CheckPoint 156-215.81.20 Online Questions & Answers

  • Question 321:

    John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only

    from John's desktop which is assigned a static IP address 10.0.0.19.

    John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a

    rule that lets John Adams access the HR Web Server from his desktop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

    To make this scenario work, the IT administrator:

    1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

    2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

    3) Changes from static IP address to DHCP for the client PC.

    What should John request when he cannot access the web server from his laptop?

    A. John should lock and unlock his computer
    B. Investigate this as a network connectivity issue
    C. The access should be changed to authenticate the user instead of the PC
    D. John should install the Identity Awareness Agent

  • Question 322:

    If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?

    A. Track log column is set to Log instead of Full Log.
    B. Log Implied Rule was not selected on Global Properties.
    C. Track log column is set to none.
    D. Log Implied Rule was not set correctly on the track column on the rules base.

  • Question 323:

    On the following picture an administrator configures Identity Awareness:

    After clicking "Next" the above configuration is supported by:

    A. Kerberos SSO which will be working for Active Directory integration
    B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user
    C. Obligatory usage of Captive Portal
    D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication

  • Question 324:

    Fill in the blank: The _________ software blade enables Application Security policies to allow, block, or limit website access based on user, group, and machine identities.

    A. Application Control
    B. Data Awareness
    C. URL Filtering
    D. Threat Emulation

  • Question 325:

    Which of the following is NOT a valid option when configuring access for Captive Portal?

    A. From the Internet
    B. Through internal interfaces
    C. Through all interfaces
    D. According to the Firewall Policy

  • Question 326:

    Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.

    What is the possible explanation for this?

    A. DNS Rule is using one of the new feature of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important.
    B. Another administrator is logged into the Management and currently editing the DNS Rule.
    C. DNS Rule is a placeholder rule for a rule that existed in the past but was deleted.
    D. This is normal behavior in R80 when there are duplicate rules in the Rule Base.

  • Question 327:

    What are the two high availability modes?

    A. Load Sharing and Legacy
    B. Traditional and New
    C. Active and Standby
    D. New and Legacy

  • Question 328:

    Fill in the blanks: A Check Point software license consists of a _______ and _______ .

    A. Software container; software package
    B. Software blade; software container
    C. Software package; signature
    D. Signature; software blade

  • Question 329:

    Fill in the blanks: A security Policy is created in _________ , stored in the _________ , and Distributed to the various __________ .

    A. Rule base, Security Management Server, Security Gateways
    B. SmartConsole, Security Gateway, Security Management Servers
    C. SmartConsole, Security Management Server, Security Gateways
    D. The Check Point database, SmartConsole, Security Gateways

  • Question 330:

    Which of the following actions do NOT take place in IKE Phase 1?

    A. Peers agree on encryption method.
    B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.
    C. Peers agree on integrity method.
    D. Each side generates a session key from its private key and peer's public key.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81.20 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.