Checkpoint 156-215.81 Practice Test - Questions Answers, Page 11

The BEST immediate action to take when you have discovered suspicious activity in your network is to create a suspicious action rule to block that traffic.A suspicious action rule is a special type of rule that is triggered when a predefined condition is met, such as a malicious file download, a ransomware attack, or a data exfiltration attempt13. A suspicious action rule can block the traffic, quarantine the source, or send an alert to the administrator. Creating a policy rule to block the traffic may not be effective if the traffic does not match the rule criteria or if the policy installation is delayed. Waiting until traffic has been identified before making any changes may allow the threat to spread or cause more damage. Contacting ISP to block the traffic may not be feasible or timely, and may also affect legitimate traffic.

Reference:Check Point R81 Security Gateway Technical Administration Guide,Check Point CCSA - R81: Practice Test & Explanation | Udemy

Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.This is because SmartConsole uses a session mechanism that allows users to work offline and save their changes locally until they are ready to publish them to the Management13. If Tom loses connectivity, he can resume his session when he reconnects and continue working on his Rule Base changes. He does not need to reboot his SmartConsole computer, clear the cache, or restore changes. His changes will not be lost since he lost connectivity.

Reference:Check Point R81 Security Management Administration Guide,Check Point CCSA - R81: Practice Test & Explanation | Udemy

The GUI tool that can be used to view and apply Check Point licenses is SmartUpdate.SmartUpdate is a centralized tool that allows you to manage licenses, software packages, and hotfixes for multiple gateways and clusters12. cpconfig, Management Command Line, and SmartConsole are not tools for license management.

Reference:Check Point R81 SmartUpdate Administration Guide,Check Point CCSA - R81: Practice Test & Explanation | Udemy

The command that can be used to determine the software version from the CLI is fw ver.This command displays the version of the firewall module and the build number3. fw stat, fw monitor, and cpinfo are not commands for software version identification.

Reference:Check Point R81 Command Line Interface Reference Guide, [156-315.81 Checkpoint Exam Info and Free Practice Test - ExamTopics]

In R80 Management, apart from using SmartConsole, objects or rules can also be modified using a complete CLI and API interface using SSH and custom CPCode integration. This allows you to automate tasks, integrate with third-party tools, and create custom scripts . 3rd Party integration of CLI and API for Gateways or Management prior to R80 is not relevant for R80 Management. A complete CLI and API interface for Management with 3rd Party integration is not a specific option.

Reference: [Check Point R81 Security Management Administration Guide], [Check Point Learning and Training Frequently Asked Questions (FAQs)]

The answer is D because in R80 and above, the first administrator to connect to the Management Server using SmartConsole gets a lock on only the objects being modified in his session of the Management Database. Other administrators can connect to make changes using different sessions, but they cannot modify the same objects as the first administrator until he publishes his changes.This is called concurrent administration and it allows multiple administrators to work on the same policy package simultaneously12Reference:Check Point R80.10 Concurrent Administration,Check Point R80.40 Security Management Administration Guide

The answer is B because AES-CBC-256 is not a supported encryption algorithm for IPsec Security Associations (Phase 2) in R81.The supported encryption algorithms are AES-GCM-128, AES-GCM-256, AES-CBC-128, 3DES, and NULL3Reference:Check Point R81 VPN Administration Guide

The answer is B because Geo policy shared policy is used to create policy for traffic to or from a particular location based on the source or destination country. DLP shared policy is used to prevent data loss by inspecting files and data for sensitive information. Mobile Access software blade is used to provide secure remote access to corporate resources from various devices.HTTPS inspection is used to inspect encrypted web traffic for threats and compliance4

Reference:Check Point R81 Geo Policy Administration Guide, [Check Point R81 Data Loss Prevention Administration Guide], [Check Point R81 Mobile Access Administration Guide], [Check Point R81 HTTPS Inspection Administration Guide]

The answer is A because changing the Security Gateway IP-address requires re-establishing the trust with the Security Management Server by initializing the Secure Internal Communication (SIC). Changing the Security Gateway name in command line or changing the Security Management Server name or IP-address in SmartConsole does not require re-establishing the trust, but it may require updating the topology and pushing the policy.

Reference: [Check Point R81 Security Management Administration Guide], [Check Point R81 Security Gateway Administration Guide]