1. Home
  2. CheckPoint
  3. 156-215.81.20

CheckPoint 156-215.81.20 Online Practice Questions and Exam Preparation

156-215.81.20 Exam Details

  • Exam Code
    :156-215.81.20
  • Exam Name
    :Check Point Certified Security Administrator - R81.20 (CCSA)
  • Certification
    :Checkpoint Certifications
  • Vendor
    :CheckPoint
  • Total Questions
    :677 Q&As
  • Last Updated
    :May 26, 2026

CheckPoint 156-215.81.20 Online Questions & Answers

  • Question 81:

    An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets

    are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install). Your partner site indicates they are successfully receiving the GRE

    encapsulated keep-alive packets on the 1-minute interval. If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.

    Which of the following is the BEST explanation for this behavior?

    A. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
    B. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation.
    C. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
    D. The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.

  • Question 82:

    Which firewall daemon is responsible for the FW CLI commands?

    A. fwd
    B. fwm
    C. cpm
    D. cpd

  • Question 83:

    Which of the following is NOT a set of Regulatory Requirements related to Information Security?

    A. ISO 37001
    B. Sarbanes Oxley (SOX)
    C. HIPPA
    D. PCI

  • Question 84:

    Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?

    A. SmartView Tracker
    B. SmartPortal
    C. SmartUpdate
    D. SmartDashboard

  • Question 85:

    Which of the following is NOT an option for internal network definition of Anti-spoofing?

    A. Specific ?derived from a selected object
    B. Route-based ?derived from gateway routing table
    C. Network defined by the interface IP and Net Mask
    D. Not-defined

  • Question 86:

    Which back up method uses the command line to create an image of the OS?

    A. System backup
    B. Save Configuration
    C. Migrate
    D. snapshot

  • Question 87:

    Which encryption algorithm is the least secured?

    A. 3DES
    B. AES-128
    C. DES
    D. AES-256

  • Question 88:

    What are the steps to configure the HTTPS Inspection Policy?

    A. Go to ManageandSettings > Blades > HTTPS Inspection > Configure in SmartDashboard
    B. Go to Applicationandurl filtering blade > Advanced > Https Inspection > Policy
    C. Go to ManageandSettings > Blades > HTTPS Inspection > Policy
    D. Go to Applicationandurl filtering blade > Https Inspection > Policy

  • Question 89:

    Which statement is TRUE of anti-spoofing?

    A. Anti-spoofing is not needed when IPS software blade is enabled
    B. It is more secure to create anti-spoofing groups manually
    C. It is BEST Practice to have anti-spoofing groups in sync with the routing table
    D. With dynamic routing enabled, anti-spoofing groups are updated automatically whenever there is a routing change

  • Question 90:

    Review the rules. Assume domain UDP is enabled in the implied rules.

    What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

    A. can connect to the Internet successfully after being authenticated.
    B. is prompted three times before connecting to the Internet successfully.
    C. can go to the Internet after Telnetting to the client authentication daemon port 259.
    D. can go to the Internet, without being prompted for authentication.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.81.20 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.