Checkpoint 156-315.81 Practice Test - Questions Answers, Page 21

The Check Point R81 Identity Awareness Web API uses theRESTweb services protocol to communicate with external identity sources. REST stands for Representational State Transfer, and it is an architectural style for designing web services that use HTTP methods to access and manipulate resources.The Identity Awareness Web API allows external identity sources to send identity and session information to the Security Gateway, which can then use this information for policy enforcement.

For ClusterXL to work properly, one of the mandatory requirements is that theMagic MAC numbermust be unique per cluster node. The Magic MAC number is a MAC address that is used by ClusterXL to hide the physical MAC addresses of the cluster members from the network. This way, the cluster can present a single virtual MAC address to the network, and avoid ARP issues when a failover occurs. The Magic MAC number is derived from the Cluster Virtual IP address, which must also be unique per cluster.

The correct command to add an ''emailserver1'' host with IP address 10.50.23.90 using GAiA management CLI ismgmt: add host name emailserver1 ip-address 10.50.23.90. This command will create a new host object in the Security Management Server database, with the specified name and IP address. Themgmt:prefix indicates that the command is executed on the Security Management Server, and not on the local GAiA machine. The other commands are either missing themgmt:prefix, or have incorrect syntax or parameters.

The best way to block .exe and .bat file types using Threat Emulation technologies is toenable DLP and select .exe and .bat file type. DLP stands for Data Loss Prevention, and it is a feature that allows administrators to define rules and actions to protect sensitive data from unauthorized access or transfer. One of the DLP rule conditions is File Type, which can be used to block or alert on specific file types, such as .exe and .bat, that may contain malicious code or scripts. The other options are either not related to Threat Emulation technologies, or not effective in blocking .exe and .bat file types.

Topic 3, Exam Pool C

According to the Check Point R81 Mobile Access Administration Guide, the recommended number of physical network interfaces in a Mobile Access cluster deployment isthree. One interface should be connected to the organization network, one interface should be connected to the Internet, and one interface should be used for synchronization between cluster members.This configuration provides optimal performance and security for Mobile Access traffic.

The process that handles connection from SmartConsole R81 iscpm. Cpm stands for Check Point Management, and it is the main process that runs on the Security Management Server and interacts with SmartConsole clients. Cpm is responsible for managing policies, objects, logs, tasks, and other management functions.The other processes are either obsolete or irrelevant for SmartConsole connection.

The command to show SecureXL status isfwaccel stat. This command displays information about SecureXL acceleration, such as the number of accelerated and non-accelerated connections, the reason for non-acceleration, and the SecureXL device name and mode.The other commands are either invalid or show different statistics.

The SmartEvent R81 Web application for real-time event monitoring is calledSmartEventWeb. SmartEventWeb is a web-based interface that allows administrators to view and analyze security events from various sources, such as logs, reports, incidents, and indicators. SmartEventWeb provides dashboards, widgets, filters, and drill-down options to help administrators gain insights into their security posture. The other options are either incorrect or refer to different applications.

SmartEvent automatically defines events based onIPS(Intrusion Prevention System) alerts. IPS is a feature that detects and prevents malicious network traffic based on predefined or custom signatures. IPS alerts are generated when IPS detects an attack or an anomaly that matches a signature. SmartEvent collects and correlates IPS alerts from different gateways and displays them as events in SmartEventWeb. The other options are not automatically defined as events by SmartEvent.