Checkpoint 156-215.81 Practice Test - Questions Answers, Page 25

Log, Alert, and None are the tracking options that an Administrator can select when configuring Anti-Spoofing. Log means that the packet will be logged in SmartView Tracker. Alert means that the packet will trigger an alert in SmartView Monitor.None means that no action will be taken2. The other options are not valid tracking options.

src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop is the correct log query to show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1. The AND operator means that all conditions must be true for the query to match.The OR operator means that any condition can be true for the query to match3. The other queries will either show packets that are not dropped or packets that have different source or destination addresses.

Core Protections are installed as part of the Threat Prevention Policy.Core Protections are a set of IPS protections that are essential for securing your network against malicious traffic4. The other policies do not include Core Protections.

The actions available in the ''Actions'' column of a rule in HTTPS Inspection policy are ''Inspect'' and ''Bypass''. ''Inspect'' means that the HTTPS traffic will be decrypted and inspected according to the Access Control policy.''Bypass'' means that the HTTPS traffic will not be decrypted and will be allowed without inspection1. The other options are not valid actions for HTTPS Inspection policy.

Browser-based Authentication sends users to a web page to acquire identities using Captive Portal and Transparent Kerberos Authentication. Captive Portal is a web page that prompts users to enter their credentials.Transparent Kerberos Authentication is a method that automatically authenticates users who have a valid Kerberos ticket from the Active Directory domain controller2. UserCheck is a feature that allows users to interact with the security policy, not a method of authentication. User Directory is a component that integrates with external user databases, not a web page for authentication. Captive Portal alone is not enough to fill in the blank, as it is only one of the methods used by Browser-based Authentication.

With URL Filtering, only the host portion of the URL is sent to the Check Point Online Web Service for analysis. The host portion is the part of the URL that identifies the web server, such as www.example.com.The Check Point Online Web Service uses this information to categorize the URL and return the appropriate action to the Security Gateway3. The other options are not sent to the Check Point Online Web Service for analysis, as they may contain sensitive or irrelevant data.

The reason why querying logs now are very fast is that Indexing Engine indexes logs for faster search results.Indexing Engine is a component of R81 Management that creates and maintains an index of log data, which enables quick and efficient log searches4. The other options are not related to the speed of log querying. The amount of logs being stored may vary depending on the log retention settings. New Smart-1 appliances may have improved hardware specifications, but they do not affect the log querying process directly. SmartConsole queries results from the Security Management Server, not from the Security Gateway.

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use Gaia embedded as the operating system.Gaia embedded is a lightweight version of Gaia that is designed for small and medium businesses1. Centos Linux, Gaia, and Red Hat Enterprise Linux version 5 are not the operating systems used by Rugged appliances.

SmartUpdate is the application that is used for the central management and deployment of licenses and packages.SmartUpdate allows administrators to manage licenses, software updates, and hotfixes for multiple Security Gateways and cluster members from one central location2. SmartProvisioning is an application that enables centralized management of network devices. SmartLicense is a feature that simplifies license management by using a cloud-based portal.Deployment Agent is a component that enables automatic deployment of software packages3.