Checkpoint 156-215.81 Practice Test - Questions Answers, Page 3

The purpose of the CPCA process is generating and modifying certificates. CPCA stands for Check Point Certificate Authority and it is a process that runs on the Security Management Server or Log Server. It is responsible for creating and managing certificates for internal communication between Check Point components, such as SIC .

Reference: [Check Point R81 Quantum Security Management Administration Guide], [Check Point R81 Quantum Security Gateway Guide]

To achieve the requirement of giving the Network Operations Center administrator access to Check Point Security devices mostly for troubleshooting purposes, but not to the expert mode, and still allowing her to run tcpdump, you need to:

Add tcpdump to CLISH using add command. This command adds a new command to the Command Line Interface Shell (CLISH) that allows running tcpdump without entering the expert mode .

Create a new access role. This option defines a set of permissions and commands that can be assigned to a user or a group of users.

Add tcpdump to the role. This option grants the permission to run tcpdump to the role.

Create new user with any UID and assign role to the user. This option creates a new user account with any User ID (UID) and assigns the role that has tcpdump permission to the user.

When logging in for the first time to a Security Management Server through SmartConsole, a fingerprint is saved to the SmartConsole cache and is available for future Security Management Server authentications. The fingerprint is a unique identifier of the Security Management Server that is used to verify its identity and prevent man-in-the-middle attacks. The SmartConsole cache is a local folder on the client machine that stores temporary files and settings.

By default, the SIC certificates issued by R80 Management Server are based on the SHA-256 algorithm1. SHA-256 is a secure hash algorithm that produces a 256-bit digest. SHA-200, MD5, and SHA-128 are not valid algorithms for SIC certificates.

Reference:SHA-1 and SHA-256 certificates in Check Point Internal CA (ICA)

Quick Mode Complete is the message that indicates IKE Phase 2 has completed successfully2. IKE Phase 2 is also known as Quick Mode or Child SA in IKEv1 and IKEv2 respectively. Aggressive Mode and Main Mode are part of IKE Phase 1, which establishes the IKE SA. IKE Mode is not a valid term for IKE negotiation.

Reference:How to Analyze IKE Phase 2 VPN Status Messages,IKEv2 Phase 1 (IKE SA) and Phase 2 (Child SA) Message Exchanges,Understand IPsec IKEv1 Protocol

The padlock sign next to the DNS rule in the Rule Base indicates that another administrator is logged into the Management and currently editing the DNS Rule1. This is a feature of R80 that allows multiple administrators to work on the same policy simultaneously.The padlock sign prevents other administrators from modifying the same rule until the editing administrator publishes or discards the changes2. The other options are not valid explanations for the padlock sign.

Reference:156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 19,Multi-User Policy Editing

When tunnel test packets no longer invoke a response, SmartView Monitor displaysDownfor the given VPN tunnel1. This means that the VPN tunnel is not operational and there is no IKE or IPsec traffic passing through it. No Response, Inactive, and Failed are not valid statuses for VPN tunnels in SmartView Monitor.

Reference:Smart View Monitor displays status for all S2S VPN tunnels - Phase1 UP

The commandfwaccel statshows the status of SecureXL, including whether Drop Templates are enabled or not1.

Reference:Check Point SecureXL R81 Administration Guide

The correct syntax for adding a host using GAiA management CLI ismgmt add host name <name> ip-address <ip-address>2.

Reference:Check Point GAiA R81 Command Line Interface Reference Guide