Checkpoint 156-215.81 Practice Test - Questions Answers, Page 28

The Accounting tracking option is used to monitor the amount of data that passes through a connection. When this option is enabled on a traffic rule, the involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.This information can be used for billing or auditing purposes3.

Reference:Check Point R81 Logging and Monitoring Administration Guide

Application Control is a blade that enables administrators to control access to applications and web sites by users, groups, machines, and time.Application Control can eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk, identify and control which applications are in your IT environment and which to add to the IT environment, and automatically identify trusted software that has authorization to run1. However, Application Control cannot scan the content of files being downloaded by users in order to make policy decisions.That is the function of another blade called Content Awareness, which can inspect files based on their type, size, name, and data2.

Reference:Check Point R81 Application Control Administration Guide,Check Point R81 Content Awareness Administration Guide

Captive Portal is a feature of Identity Awareness that allows you to authenticate users through a web browser before they access the Internet or corporate resources.Captive Portal can be used for various authentication methods, such as user name and password, one-time password (OTP), or certificate3. Captive Portal does not manage user permission in SmartConsole, provide remote access to SmartConsole, or authenticate users to the Gaia OS. Those are different functions that are not related to Captive Portal.

Reference:Check Point R81 Identity Awareness Administration Guide

Check Point licenses are divided into two types: central and local. Central licenses are managed by a Security Management Server and can be attached to any Security Gateway managed by that server. Local licenses are tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address. Formal and corporate are not types of Check Point licenses.

Reference: [Check Point R81 Licensing and Contract Administration Guide]

Bridge Mode is a deployment option for Check Point Security Gateway that allows it to act as a transparent bridge between two network segments, without changing the IP addressing scheme. Bridge Mode supports most of the security features, such as Data Loss Prevention, Antivirus, Application Control, etc.However, Bridge Mode does not support NAT, because NAT requires modifying the IP addresses or ports of the packets, which contradicts the transparent nature of Bridge Mode1.

Reference:Check Point R81 Security Gateway Technical Administration Guide

SmartConsole is a unified graphical user interface that allows administrators to manage multiple Check Point security products from a single console. More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time. Every administrator works in a session that is independent of the other administrators.The changes made by one administrator are not visible to others until they are published2.

Reference:Check Point R81 SmartConsole R81 User Guide

LDAP (Lightweight Directory Access Protocol) is a protocol that allows accessing and maintaining distributed directory information services over a network. User Directory integration is a feature of Identity Awareness that allows Check Point products to use LDAP servers as identity sources. When configuring LDAP with User Directory integration, changes applied to a User Directory template are reflected immediately for all users who are using that template.A User Directory template defines the settings for connecting to an LDAP server and retrieving user information3.

Reference:Check Point R81 Identity Awareness Administration Guide

Threat Prevention is a comprehensive solution that protects networks from malicious attacks by using multiple security blades, such as Anti-Bot, Anti-Virus, IPS, Threat Emulation, and Threat Extraction. A Threat Prevention profile defines the actions and settings for each blade and can be applied to different network segments or scenarios. The Perimeter profile is one of the predefined profiles that uses sanitization technology to protect users from malicious files and links. Sanitization technology includes Threat Emulation and Threat Extraction blades, which can detect and remove malware from files and web content.

Reference: [Check Point R81 Threat Prevention Administration Guide]

Stateful Inspection and Proxies are two different technologies for implementing firewall security. Stateful Inspection is a technique that inspects packets at the network layer and maintains a state table that tracks the status of each connection. Proxies are applications that act as intermediaries between clients and servers, and inspect packets at the application layer. The competition between stateful inspection and proxies was based on performance, protocol support, and security.When it comes to performance, stateful inspection was significantly faster than proxies, because it did not have to process the payload of each packet and could handle more concurrent connections1.

Reference:Check Point R81 Security Gateway Technical Administration Guide