156-215.81 Online Practice Questions and Answers

Correct Answer: A

SmartEvent is a unified security management solution that provides real-time visibility into security events across the network. SmartEvent shows correlated logs and aggregated data to provide an overview of potential threats and attack patterns, as well as generate reports and alerts based on predefined or customized indicators. SmartView Tracker, SmartLog, and SmartView Monitor are other SmartConsole applications that can show logs, search queries, and network statistics respectively, but they do not provide the same level of correlation and analysis as SmartEvent. References: [Check Point R81 SmartEvent Administration Guide]

Correct Answer: A

The three types of UserCheck messages are inform, ask, and block. Inform messages notify users about security events and do not require any user action. Ask messages prompt users to choose whether to allow or block an action. Block messages prevent users from performing an action and display a reason. References: Check Point R81 Logging and Monitoring Administration Guide

Correct Answer: C

A clean-up rule is a rule that is placed at the end of the security policy to drop any traffic that is not explicitly allowed by the previous rules. It is a best practice to have a clean-up rule to prevent unauthorized access and log the dropped packets for analysis. The other options are not the purpose of a clean-up rule. References: Clean-up Rule,

Correct Answer: C

The SIC Status "Unknown" means that there is no connection between the gateway and Security Management Server. This can happen if the gateway is down, unreachable, or has not been initialized yet. References: Check Point R81 Security Management Administration Guide, Free Check Point CCSA Sample Questions and Study Guide

Correct Answer: D

The command cplic print displays the installed licenses and their expiration dates on the CLI. References: Check Point CLI Reference Card

Correct Answer: C

An Endpoint identity agent uses a username/password or Kerberos ticket for user authentication, p. 28. An Endpoint identity agent is a lightweight client installed on endpoint computers that communicates with Identity Awareness gateways

and provides reliable identity information. An Endpoint identity agent does not use a shared secret, a token, or a certificate for user authentication.

References: Check Point CCSA - R81:Practice Test and Explanation, [Check Point Identity Awareness Administration Guide R81]

Correct Answer: D

According to the Check Point R81.10 SmartConsole for Windows, to restore a backup, you need to supply the following data: Server, Protocol, Username, Password, and Path. The Server is the IP address or hostname of the Security Management Server. The Protocol is either SCP or SFTP. The Username and Password are the credentials for the Security Management Server. The Path is the location of the backup file on the Security Management Server. References: Check Point R81.10 SmartConsole for Windows

Correct Answer: A

The purpose of the Clean-up Rule is to log all traffic that is not explicitly allowed or denied in the Rule Base. The Clean-up Rule is the last rule in the rulebase and is used to drop and log explicitly unmatched traffic. To improve the rulebase performance, noise traffic that is logged in the Clean-up rule should be included in the Noise rule so it is matched and dropped higher up in the rulebase. The other options are not valid purposes of the Clean- up Rule. References: Using Intune device cleanup rules, Security policy fundamentals, Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

Correct Answer: B

The communication between different Check Point components is secured in R80 by using SIC. SIC stands for Secure Internal Communication and it is a mechanism that ensures the authenticity and confidentiality of communication between Check Point components, such as Security Gateways, Security Management Servers, Log Servers, etc. SIC uses certificates issued by the Internal CA (ICA) and encryption algorithms such as AES-25634. References: Check Point R81 Quantum Security Gateway Guide, Check Point R81 Quantum Security Management Administration Guide

Correct Answer: C

A correlation unit (CU) is a component of SmartEvent that analyzes log entries on log servers and identifies events based on predefined or custom rules. A CU receives logs from one or more log servers and forwards them to the SmartEvent server, where they are stored in the events database