156-215.81 Online Practice Questions and Answers

Correct Answer: B

A stateful inspection firewall works by registering connection data and compiling this information in state tables. State tables are data structures that store information about the state and context of each connection, such as source, destination, service, protocol, sequence number, flags, etc. State tables enable the firewall to inspect both the header and the payload of each packet and apply security policies accordingly.References: [Stateful Inspection], [State Tables]

Correct Answer: A

Active Directory Query is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers. Active Directory Query enables the Security Gateway to query the Active Directory Domain Controllers for user and computer information, such as IP addresses, group memberships, and login events. References: Check Point R81 Identity Awareness Administration Guide, page 14.

Correct Answer: A

The correct answer is A because renaming the hostname of the Standby member to match exactly the hostname of the Active member is not a recommended step to prevent data loss. The hostname of the Standby member should be different from the hostname of the Active member. The other steps are necessary to ensure a smooth failover and synchronization between the Active and Standby Security Management Servers. References: Check Point R81.20 Administration Guide, 156-315.81 Checkpoint Exam Info and Free Practice Test

Correct Answer: B

Identity Awareness is a blade that enables administrators to define access rules based on the identity of users and machines, rather than just IP addresses. Identity Awareness allows easy configuration for network access and auditing based on three items: network location, the identity of a user, and the identity of a machine. Network location refers to the source or destination network segment of the traffic. The identity of a user refers to the username or group membership of the user who initiates or receives the traffic. The identity of a machine refers to the hostname or certificate of the machine that initiates or receives the traffic. References: [Check Point R81 Identity Awareness Administration Guide]

Correct Answer: B

The answer is B because querying logs now is very fast because the Indexing Engine indexes logs for faster search results. The Indexing Engine is a component of the Smart-1 appliance that creates indexes for log fields and values, such as source, destination, action, and time. The indexes enable quick and efficient searches of large amounts of log data.References: [Check Point R81 Logging and Monitoring Administration Guide], [Check Point R81 Indexing Engine]

Correct Answer: B

The tool that is used to enable ClusterXL is cpconfig. ClusterXL is a software-based Load Sharing and High Availability solution that distributes network traffic between clusters of redundant Security Gateways. To enable ClusterXL, you need to run the cpconfig command on each cluster member and select Enable Cluster membership for this gateway. Therefore, the correct answer is B. cpconfig.

Correct Answer: A

In R80, IPS is managed by the Threat Prevention Policy. The Threat Prevention Policy defines how to protect the network from malicious traffic using IPS, Anti-Bot, Anti-Virus, and Threat Emulation software blades. The IPS layer in the Threat Prevention Policy allows configuring IPS protections and actions for different network segments. The other options are not true about the IPS-Blade. References: Check Point IPS Datasheet, Check Point IPS Software Blade, Quantum Intrusion Prevention System (IPS)

Correct Answer: A

The actions available in the "Actions" column of a rule in HTTPS Inspection policy are "Inspect" and "Bypass". "Inspect" means that the HTTPS traffic will be decrypted and inspected according to the Access Control policy. "Bypass" means that the HTTPS traffic will not be decrypted and will be allowed without inspection. The other options are not valid actions for HTTPS Inspection policy.

Correct Answer: D

Stateful Inspection is a firewall technology that inspects both the header and the payload of each packet and keeps track of the state and context of each connection. Packet Filtering is a firewall technology that inspects only the header of each packet and does not keep track of the state or context of each connection. A benefit that Stateful Inspection offers over Packet Filtering is that only one rule is required for each connection, whereas Packet Filtering requires two rules for each connection (one for each direction). Stateful Inspection also offers other benefits over Packet Filtering, such as enhanced security, performance, and flexibility. Stateful Inspection does not offer unlimited connections because of virtual memory usage, nor does it avoid using memory to record the protocol used by the connection.References: [Stateful Inspection], [Packet Filtering], [Firewall Technologies]

Correct Answer: C

The tracking actions that can be selected when configuring Spoof Tracking are Log, alert, none. Spoof Tracking is a feature that detects packets with spoofed source IP addresses and logs them in SmartView Tracker. The administrator can

choose to log only, log and alert, or do nothing when spoofed packets are detected. The other options are not valid tracking actions for Spoof Tracking, as they are either not available or not relevant for this feature.

References: [Spoof Tracking], [Firewall Administration Guide]