CheckPoint 156-215.81 Online Practice Questions and Exam Preparation

CheckPoint 156-215.81 Online Questions & Answers

• Question 161:

  Which of the following is true about Stateful Inspection?

  A. Stateful Inspection tracks state using two tables, one for incoming traffic and one for outgoing traffic
  B. Stateful Inspection looks at both the headers of packets, as well as deeply examining their content.
  C. Stateful Inspection requires that a server reply to a request, in order to track a connection's state
  D. Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.
  B. Stateful Inspection looks at both the headers of packets, as well as deeply examining their content.

  ---

  Explanation/Reference:

  Stateful Inspection is true about looking at both the headers of packets, as well as deeply examining their content. Stateful Inspection inspects packets at all layers of the OSI model and maintains information about the state and context of each connection in a state table. References: Certified Security Administrator (CCSA) R81.20 Course Overview, page 6.

• Question 162:

  Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

  A. Full
  B. Custom
  C. Complete
  D. Light
  A. Full

  ---

  Explanation/Reference:

  The type of Endpoint Identity Agent that includes packet tagging and computer authentication is Full. The Full Identity Agent is a client-side software that provides full identity awareness features, such as user authentication, computer authentication, packet tagging, identity caching, and identity sharing. The other types of Endpoint Identity Agents are Custom, Complete, and Light, which have different features and capabilities.

• Question 163:

  Fill in the blanks: The _______ collects logs and sends them to the _______.

  A. Log server; Security Gateway
  B. Log server; security management server
  C. Security management server; Security Gateway
  D. Security Gateways; log server
  D. Security Gateways; log server

  ---

  Explanation/Reference:

  The Security Gateways collect logs and send them to the log server. The Security Gateways are the components that enforce the security policy on network traffic and generate logs for each connection that matches a rule with a tracking

  option. The log server is the component that receives and stores the logs from the Security Gateways and provides a centralized interface for viewing and analyzing them. The log server can be either a dedicated server or integrated with the

  Security Management Server. References:

  [Check Point R81 Security Management Administration Guide]

• Question 164:

  Fill in the blank RADIUS protocol uses_____to communicate with the gateway A. UDP

  B. CCP
  C. TDP
  D. HTTP
  A

  ---

  Explanation/Reference:

  RADIUS protocol uses UDP (User Datagram Protocol) to communicate with the gateway. UDP is a connectionless protocol that does not require a handshake or acknowledgment before sending or receiving data2. References: [Check Point R81 Identity Awareness Administration Guide], page 14.

• Question 165:

  Which option, when applied to a rule, allows all encrypted and non-VPN traffic that matches the rule?

  A. All Site-to-Site VPN Communities
  B. Accept all encrypted traffic
  C. All Connections (Clear or Encrypted)
  D. Specific VPN Communities
  B. Accept all encrypted traffic

  ---

  Explanation/Reference:

  The option that allows all encrypted and non-VPN traffic that matches the rule is Accept all encrypted traffic. This option enables you to allow traffic to any destination that is encrypted, regardless of whether it is part of a VPN community or not2. Therefore, the correct answer is B. Accept all encrypted traffic.

• Question 166:

  Where can alerts be viewed?

  A. Alerts can be seen in SmartView Monitor
  B. Alerts can be seen in the Threat Prevention policy.
  C. Alerts can be seen in SmartUpdate.
  D. Alerts can be seen from the CLI of the gateway.
  A. Alerts can be seen in SmartView Monitor

  ---

  Explanation/Reference:

  Alerts can be viewed in SmartView Monitor, which is a graphical tool that provides real-time information about the network and security activities, such as traffic, VPN tunnels, threats, and performance. References: Check Point R81 Security Management Administration Guide, page 25.

• Question 167:

  In R80 Management, apart from using SmartConsole, objects or rules can also be modified using:

  A. 3rd Party integration of CLI and API for Gateways prior to R80.
  B. A complete CLI and API interface using SSH and custom CPCode integration.
  C. 3rd Party integration of CLI and API for Management prior to R80.
  D. A complete CLI and API interface for Management with 3rd Party integration.
  B. A complete CLI and API interface using SSH and custom CPCode integration.

  ---

  Explanation/Reference:

  In R80 Management, apart from using SmartConsole, objects or rules can also be modified using a complete CLI and API interface using SSH and custom CPCode integration. This allows you to automate tasks, integrate with third-party tools, and create custom scripts . 3rd Party integration of CLI and API for Gateways or Management prior to R80 is not relevant for R80 Management. A complete CLI and API interface for Management with 3rd Party integration is not a specific option. References: [Check Point R81 Security Management Administration Guide], [Check Point Learning and Training Frequently Asked Questions (FAQs)]

• Question 168:

  Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

  A. Application Control
  B. Threat Emulation
  C. Anti-Virus
  D. Advanced Networking Blade
  D. Advanced Networking Blade

  ---

  Explanation/Reference:

  The Advanced Networking Blade is NOT subscription-based and therefore does not have to be renewed on a regular basis. The Advanced Networking Blade provides advanced routing capabilities such as BGP, OSPF, VRRP, and multicast routing. The other blades are subscription-based and require annual renewal to receive updates and support from Check Point. References: Check Point License Guide, IPS Software Blade contracts, Product Catalog

• Question 169:

  Fill in the blank: Service blades must be attached to a ______________.

  A. Security Gateway
  B. Management container
  C. Management server
  D. Security Gateway container
  A. Security Gateway

  ---

  Explanation/Reference:

  Service blades must be attached to a Security Gateway. A Security Gateway is a device that enforces security policies on traffic that passes through it. A service blade is a software module that provides a specific security function, such as firewall, VPN, IPS, etc. A Security Gateway can have one or more service blades attached to it, depending on the license and hardware capabilities. The other options are incorrect. A management container is a virtualized environment that hosts a Security Management Server or a Log Server. A management server is a device that manages security policies and distributes them to Security Gateways. A Security Gateway container is not a valid term in Check Point terminology. References: [Check Point R81 Security Management Administration Guide], [Check Point R81 CloudGuard Administration Guide]

• Question 170:

  Fill in the blank: It is Best Practice to have a _____ rule at the end of each policy layer.

  A. Explicit Drop
  B. Implied Drop
  C. Explicit Cleanup
  D. Implicit Drop
  C. Explicit Cleanup

  ---

  Explanation/Reference:

  It is Best Practice to have an Explicit CleanUp rule at the end of each policy layer. This rule will log and drop any traffic that does not match any of the preceding rules in the layer, p. 23.