Free Checkpoint 156-215.81 Practice Exam with Questions & Answers | Set: 12

 Check Point ClusterXL Active/Active deployment is used when there is Load Sharing solution set up. Load Sharing enables multiple Security Gateways to share traffic and provide high availability12. References: Check Point R81, Check Point R81 ClusterXL Administration Guide

The steps you will need to do in SmartConsole in order to get the connection working behind the Internet Security Gateway are:

Define an accept rule in Security Policy. This rule allows the traffic from your internal networks to pass through the Security Gateway.

Define automatic NAT for each network to NAT the networks behind a public IP. This option translates the private IP addresses of your internal networks to a public IP address assigned by your ISP router. This way, your internal networks can communicate with the Internet using a valid IP address.

Publish and install the policy. This step applies the changes you made to the Security Gateway and activates the security and NAT rules.

References: Check Point R81 Quantum Security Gateway Guide

An LDAP server holds one or more Account Units. An Account Unit is a logical representation of an LDAP server in the Check Point database. It defines the connection parameters, authentication methods, and user and group information that are retrieved from the LDAP server. An Account Unit allows the Security Gateway to use the LDAP server for user authentication and identity awareness. The other options are incorrect. A Server Unit is a logical representation of a Check Point server in the Check Point database. An Administrator Unit is a logical representation of an administrator or an administrator group in the Check Point database. An Account Server is not a valid term in Check Point terminology. References: [Check Point R81 Identity Awareness Administration Guide], [Check Point R81 Security Management Administration Guide], [Check Point R81 SmartConsole R81 Resolved Issues]

The command api status shows the API server status, including whether it is enabled or not, the port number, and the API version1. References: Check Point R81 API Reference Guide

The best way to restrict access to a network resource only allowing certain users to access it, and only when they are on a specific network, is to create an Access Role object, with specific users or user groups specified, and specific networks defined. Then, use this access role as the “Source” of an Access Control rule. This allows for granular control over network traffic based on user identity and location3.

References: 3: Check Point R81 Security Gateway Administration Guide, page 13.

The following is considered a “Subscription Blade”, requiring renewal every 1-3 years: IPS blade4. The IPS blade is a software blade that provides protection against network attacks and exploits by inspecting traffic and blocking malicious packets. The IPS blade requires a subscription license that includes updates for the IPS signatures and Geo Protection database. Other subscription blades include Anti-Bot, Anti-Virus, URL Filtering, Application Control, Threat Emulation, and Threat Extraction. References: Check Point Licensing and Contract Operations User Guide

In Check Point Gaia OS, the default command-line shell is Clish (B).

Clish (Command Line Shell) is a restricted shell used in Gaia for role-based administration. It controls user access and limits the number of available commands.

Expert mode (C) is an elevated shell that provides full system root access, but it is not the default shell. Users must explicitly enter expert mode.

Bash (D) is the underlying Linux shell, but it is not the default.

Admin (A) is not a shell but rather a user role in Gaia.

Thus, the correct answer is B. Clish.

With the User Directory Software Blade, you can create user definitions on a(n) LDAP Server2. LDAP stands for Lightweight Directory Access Protocol and is a protocol for accessing and managing user information stored in a directory service. The User Directory Software Blade enables integration with LDAP servers such as Microsoft Active Directory, Novell eDirectory, and OpenLDAP. References: Check Point R81 Identity Awareness Administration Guide

 To use Application objects in a rule, the “Applications & URL Filtering” blade should be enabled on the policy layer where the rule is being created. Enabling the “Application Control” blade on a gateway is not enough3.

References: 3: Check Point R81 Security Management Administration Guide, page 102.

The purpose of the Clean-up Rule is to log all traffic that is not explicitly allowed or denied in the Rule Base78. The Clean-up Rule is the last rule in the rulebase and is used to drop and log explicitly unmatched traffic97. To improve the rulebase performance, noise traffic that is logged in the Clean-up rule should be included in the Noise rule so it is matched and dropped higher up in the rulebase8. The other options are not valid purposes of the Clean-up Rule.

References: Using Intune device cleanup rules, Security policy fundamentals, Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services