Checkpoint 156-215.81 Practice Test - Questions Answers, Page 7

The SmartCenter that should be connected to for making changes is the active SmartCenter. The active SmartCenter is the one that is currently synchronizing its configuration with the secondary SmartCenter and handling the communication with the gateways . The primary SmartCenter is the one that was initially configured as the main server, but it may become inactive if a failover occurs. The virtual IP of SmartCenter HA is used to access the SmartConsole, not to make changes.

Reference: [Security Management Server High Availability (HA) R81 Administration Guide], [Check Point CCSA - R81: Practice Test & Explanation], [How to configure ClusterXL High Availability on Security Management Server]

The path that is available only when CoreXL is enabled is the medium path. The medium path is used to handle packets that require deeper inspection by the Firewall and IPS blades, but do not need to go through the slow path . The slow path is used to handle packets that require stateful or out-of-state inspection by other blades, such as Application Control or VPN . The firewall path and the accelerated path are available regardless of CoreXL status .

Reference: [CoreXL R81 Administration Guide], [Check Point CCSA - R81: Practice Test & Explanation], [Check Point Security Gateway Architecture and Packet Flow], [Free Check Point CCSA Sample Questions and Study Guide]

Threat Extraction delivers PDF versions of original files with active content removed, such as macros, embedded objects, and scripts.This ensures that users receive clean and safe files in seconds12.

Reference:Check Point SandBlast Zero-Day Protection,Check Point Threat Extraction

SmartView is the web application for real-time event monitoring in SmartEvent R80 and above.It provides a unified view of security events across the network and allows for quick investigation and response34.

Reference:SmartEvent R80.40 Administration Guide,SmartView

Smart Cloud Services is an option for deployment of Check Point SandBlast Zero-Day Protection. It is a cloud-based service that provides advanced threat prevention for files and URLs, without requiring any on-premise infrastructure or appliances .

Reference: [Check Point SandBlast Zero-Day Protection], [Smart Cloud Services]

Correlation Unit is the SmartEvent component that creates events. It analyzes logs received from Security Gateways and Servers, and generates security events according to the definitions in the Consolidation Policy.

Reference: [SmartEvent R80.40 Administration Guide], [Correlation Unit]

The default Threat Prevention Profiles in R80 Management are Basic, Optimized, and Strict1. There is no Recommended profile by default. You can create a custom profile and name it Recommended, but it is not included by default.

Reference:Check Point R81 Threat Prevention Administration Guide

When using Monitored circuit VRRP, the priority delta is the value that is subtracted from the priority of a cluster member when one of its monitored interfaces fails2. For example, if the priority of a cluster member is 100 and the priority delta is 10, then when one of its monitored interfaces fails, its priority becomes 90.

Reference:Check Point R81 ClusterXL Administration Guide

The options to calculate the traffic direction are Incoming, Internal, and External3. Outgoing is not an option. Incoming traffic is traffic that enters the Security Gateway from an external network. Internal traffic is traffic that originates and terminates in networks that are directly connected to the Security Gateway. External traffic is traffic that originates or terminates in networks that are not directly connected to the Security Gateway.

Reference:Check Point R81 Security Management Administration Guide