CheckPoint Checkpoint Certifications 156-215.81.20 Questions & Answers

• Question 241:

  Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?

  A. AD Query

  B. Terminal Servers Endpoint Identity Agent

  C. Endpoint Identity Agent and Browser-Based Authentication

  D. RADIUS and Account Logon

  Correct Answer: C

  Endpoint Identity Agents and Browser-Based Authentication - When a high level of security is necessary. The Captive Portal is used for distributing the Endpoint Identity Agent. IP Spoofing protection can be set to prevent packets from being IP spoofed.

  Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/101858

• Question 242:

  What is Identity Sharing?

  A. Management servers can acquire and share identities with Security Gateways

  B. Users can share identities with other users

  C. Security Gateways can acquire and share identities with other Security Gateways

  D. Administrators can share identifies with other administrators

  Correct Answer: C

  Identity Sharing

  Best Practice - In environments that use many Security Gateways and AD Query, we recommend that you set only one Security Gateway to acquire identities from a given Active Directory domain controller for each physical site. If more than

  one Security Gateway gets identities from the same AD server, the AD server can become overloaded with WMI queries.

  Set these options on the Identity Awareness > Identity Sharing page of the Security Gateway object:

  1.

  One Security Gateway to share identities with other Security Gateways. This is the Security Gateway that gets identities from a given domain controller.

  2.

  All other Security Gateways to get identities from the Security Gateway that acquires identities from the given domain controller.

  Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/63005

• Question 243:

  What is the most recommended installation method for Check Point appliances?

  A. SmartUpdate installation

  B. DVD media created with Check Point ISOMorphic

  C. USB media created with Check Point ISOMorphic

  D. Cloud based installation

  Correct Answer: C

• Question 244:

  Which of the following is NOT a role of the SmartCenter:

  A. Status monitoring

  B. Policy configuration

  C. Certificate authority

  D. Address translation

  Correct Answer: C

  Reference: www.checkfirewalls.com/datasheets/smartcenter_datasheet.pdf

• Question 245:

  Which of the following is NOT a valid application navigation tab in the R80 SmartConsole?

  A. Manage and Command Line

  B. Logs and Monitor

  C. Security Policies

  D. Gateway and Servers

  Correct Answer: A

  

  

  Reference: https://sc1.checkpoint.com/documents/R80.10/SmartConsole_OLH/EN/html_frameset.htm?topic=documents/R80.10/SmartConsole_OLH/EN/4x3HIUbSkxYhtcFgIKlg0w2

• Question 246:

  Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.

  A. Main

  B. Authentication

  C. Quick

  D. High Alert

  Correct Answer: A

  Phase I modes

  Between Security Gateways, there are two modes for IKE phase I. These modes only apply to IKEv1:

  1.

  Main Mode

  2.

  Aggressive Mode

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13847.htm

• Question 247:

  What is the BEST method to deploy Identity Awareness for roaming users?

  A. Use Office Mode

  B. Use identity agents

  C. Share user identities between gateways

  D. Use captive portal

  Correct Answer: B

  Using Endpoint Identity Agents give you:

  1.

  User and machine identity

  2.

  Minimal user intervention ?all necessary configuration is done by administrators and does not require user input.

  3.

  Seamless connectivity ?transparent authentication using Kerberos Single Sign-On (SSO) when users are logged in to the domain. If you do not want to use SSO, users enter their credentials manually. You can let them save these credentials.

  4.

  Connectivity through roaming ?users stay automatically identified when they move between networks, as the client detects the movement and reconnects.

  Reference: https://www.checkpoint.com/products/identity-awareness-software-blade/

• Question 248:

  What is the purpose of the Clean-up Rule?

  A. To log all traffic that is not explicitly allowed or denied in the Rule Base

  B. To clean up policies found inconsistent with the compliance blade reports

  C. To remove all rules that could have a conflict with other rules in the database

  D. To eliminate duplicate log entries in the Security Gateway

  Correct Answer: A

  These are basic access control rules we recommend for all Rule Bases:

  1.

  Stealth rule that prevents direct access to the Security Gateway.

  2.

  Cleanup rule that drops all traffic that is not allowed by the earlier rules.

  There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.

  Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92703.htm

• Question 249:

  Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

  A. Application Control

  B. Threat Emulation

  C. Anti-Virus

  D. Advanced Networking Blade

  Correct Answer: B

• Question 250:

  Fill in the blank: Back up and restores can be accomplished through_________.

  A. SmartConsole, WebUI, or CLI

  B. WebUI, CLI, or SmartUpdate

  C. CLI, SmartUpdate, or SmartBackup

  D. SmartUpdate, SmartBackup, or SmartConsole

  Correct Answer: A

  Backup and Restore These options let you:

  1.

  Back up the Gaia OS configuration and the firewall database to a compressed file

  2.

  Restore the Gaia OS configuration and the firewall database from a compressed file To back up a configuration:

  1.

  Right-click the Security Gateway.

  2.

  Select Backup and Restore > Backup. The Backup window opens.

  3.

  Select the backup location.

  Reference: https://community.checkpoint.com/thread/5375-checkpoint-gateway-firewall-backup-through-smart-console