Checkpoint 156-215.81 Practice Test - Questions Answers, Page 34

Address translation rules are used to map an IP address space into another by modifying network address information in the IP header of packets.Address translation rules have two elements: original packet and translated packet6. The original packet is the packet before it undergoes address translation, and the translated packet is the packet after it undergoes address translation.The original packet and the translated packet may have different source and destination IP addresses, depending on the type and direction of address translation.

The Threat Prevention policy is a unified policy that manages three software blades: IPS, Anti-Virus, and Threat Emulation7. The Threat Prevention policy enables you to configure settings and actions for detecting and preventing various types of threats, such as malware, exploits, botnets, etc.Application Control and URL Filtering are not part of the Threat Prevention policy, but they are part of a separate policy that controls access to applications and websites based on categories, users, groups, and machines

Identity Awareness is a software blade that lets an administrator easily configure network access and auditing based on three items: network location, the identity of a user, and the identity of a machine. These items are used to identify and authenticate users and machines, and to enforce identity-based policies. Network location refers to the IP address or subnet of the source or destination of the traffic. The identity of a user can be obtained from various sources, such as Active Directory, LDAP, or Captive Portal. The identity of a machine can be verified by using Secure Domain Logon or Identity Agent.

Identity Awareness is the Check Point software blade that provides visibility of users, groups and machines while also providing access control through identity-based policies. Identity Awareness enables administrators to define granular access rules based on user or machine identity, rather than just IP addresses. Identity Awareness also allows administrators to monitor user activity and generate reports based on user or machine identity.

Automatic Hide NAT rules are created by the administrator when they configure NAT for network objects or groups in the object properties. Automatic Hide NAT rules allow multiple private IP addresses to share a single public IP address when accessing external networks. Source Port Address Translation (PAT) is enabled by default for Automatic Hide NAT rules, which means that the Security Gateway assigns a unique source port number for each connection from the same source IP address. This allows the Security Gateway to keep track of the connections and translate the reply packets correctly.

The user ID (UID) of a user that has all the privileges of a root user is 0. The root user is the superuser account that can perform any action on the system, such as changing file ownership, binding to network ports below 1024, or executing any command. The root user is identified by the UID 0, not by the name ''root'', which is just a convention. It is possible to have another user account with the name ''root'', but not with the same UID 0.

The command that shows the installed licenses in Expert mode is cplic print.This command displays information about the licenses that are installed on the local machine or a remote machine1.The other commands are not valid for showing licenses in Expert mode.

Two basic rules that Check Point recommends for building an effective security policy are Cleanup Rule and Stealth Rule.A Cleanup Rule is a rule that is placed at the end of the rule base and drops or logs any traffic that does not match any of the previous rules2.A Stealth Rule is a rule that is placed at the top of the rule base and protects the Security Gateway from direct access by unauthorized users3.The other options are not basic rules for building a security policy, but rather types or categories of rules.

The type of Endpoint Identity Agent that includes packet tagging and computer authentication is Full. The Full Identity Agent is a client-side software that provides full identity awareness features, such as user authentication, computer authentication, packet tagging, identity caching, and identity sharing. The other types of Endpoint Identity Agents are Custom, Complete, and Light, which have different features and capabilities.