Checkpoint 156-215.81 Practice Test - Questions Answers, Page 6

The R80.10 management server can manage gateways with versions R76 and higher34. Versions lower than R76 are not supported by the R80.10 management server.

Reference:Check Point R80.10 Release Notes,Free Check Point CCSA Sample Questions and Study Guide

The commandshow config-statecan be used to verify if there are unsaved changes in GAiA that will be lost with a reboot . The other commands are not valid in GAiA.

Reference: [Check Point GAiA Administration Guide], [Check Point CCSA - R81: Practice Test & Explanation]

The Secure Network Distributor (SND) is a feature of the Security Gateway that is used to distribute packets among Firewall instances . It improves the performance and scalability of the Firewall by utilizing multiple CPU cores. The other options are not related to SND.

Reference: [Check Point Security Gateway Architecture and Packet Flow], [Free Check Point CCSA Sample Questions and Study Guide]

The Sticky Decision Function (SDF) is required to preventfailoversin an Active-Active cluster. The SDF ensures that the same cluster member handles all connections that belong to a certain session.If the SDF is not enabled, different cluster members may handle different connections of the same session, which may cause a failover or a drop12.

Reference:ClusterXL Administration Guide R81,Check Point CCSA - R81: Practice Test & Explanation

The steps to configure the HTTPS Inspection Policy are as follows34:

Go toManage & Settings>Blades>HTTPS Inspection>Policy.

Click onNew HTTPS Inspection Ruleor select an existing rule and click onEdit Rule.

Define theSource,Destination, andActionfor the rule. The action can be eitherInspect,Bypass, orAsk.

Click onOKand then onInstall Policyto apply the changes.

Reference:HTTPS Inspection R81 Administration Guide,Check Point CCSA - R81: Practice Test & Explanation

The difference between SSL VPN and IPSec VPN is that IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed browser5. IPSec VPN uses a pre-shared key or certificates to authenticate the endpoints and encrypts the data at the network layer. SSL VPN uses SSL/TLS protocols to authenticate the endpoints and encrypts the data at the application layer.

Reference:Check Point Remote Access VPN Administration Guide R81, [Free Check Point CCSA Sample Questions and Study Guide]

The statement that is not true about Delta synchronization is that it uses UDP Multicast or Broadcast on port8161.The correct port number for Delta synchronization is811612. The other statements are true about Delta synchronization.

Reference:ClusterXL Administration Guide R81,Check Point CCSA - R81: Practice Test & Explanation

The file that stores the proxy arp configuration is$FWDIR/conf/local.arpon the gateway3. The other files are not related to proxy arp configuration.

Reference:How to configure Proxy ARP for Manual NAT on Security Gateway, [Check Point CCSA - R81: Practice Test & Explanation]

The best upgrade method when the management server is not connected to the Internet is CPUSE offline upgrade . This method allows you to download the upgrade package from another source and install it manually on the management server. The other methods require Internet connection or are not supported for R80.10.

Reference: [R80.10 Upgrade Verification and FAQ], [Check Point CCSA - R81: Practice Test & Explanation]