Checkpoint 156-315.81 Practice Test - Questions Answers, Page 28

The Software Container is a logical component in the Software Blade Architecture. There are three types of Software Containers: Security Management, Security Gateway, and Endpoint Security. The container enables the server functionality, and defines its purpose -- e.g, management or gateway. https://downloads.checkpoint.com/dc/download.htm?ID=11608

According to the Check Point website, INSPECT Engine is the technology that extracts detailed information from packets and stores that information in state tables. INSPECT Engine is the core of Check Point's Stateful Inspection technology, which enables Security Gateways to inspect traffic at multiple layers and enforce security policies. The other technologies are either not related or not specific enough.

Reference: INSPECT Engine

According to the Check Point website, Whitelist Files is the tool that provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed. Whitelist Files can be configured in SmartConsole under Threat Prevention > Policy > Whitelist Files. The other tools are either not related or not valid tools.

Reference: Whitelist Files

Application Control is the software blade that provides Application Security and identity control. It allows administrators to define granular policies based on users or groups to identify, block or limit the usage of web applications and widgets. Application Control also integrates with Identity Awareness to provide user-level visibility and control.

Reference:Training & Certification | Check Point Software,Check Point Resource Library

UserCheck is a communication tool used to inform a user about a website or application they are trying to access. UserCheck allows administrators to interact with users in real time, informing them of the security policy and the actions they need to take. UserCheck can also enable users to self-remediate incidents or request exceptions from the administrator.

Reference:Training & Certification | Check Point Software,Check Point Resource Library

High alert is not an alert option in Check Point. Alert options are ways to notify the administrator or other parties when a security event occurs. The available alert options are SNMP, Mail, User defined alert, Log, Popup alert, and User alert.

Reference:Training & Certification | Check Point Software,Check Point Resource Library

If Deyra sees the gateway status as shown in the image, it means that there is a blade reporting a problem. The red exclamation mark indicates that one or more blades on the gateway have an issue that needs attention. The issue could be related to configuration, license, policy, or other factors. Deyra can hover over the icon to see more details about the problem.

Reference:Training & Certification | Check Point Software,New Courses and Certificates for R81.20 - Check Point CheckMates

When using the Mail Transfer Agent, the debug logs are stored in /var/log/mail.mta.elg. This file contains information about the email messages that are processed by the Mail Transfer Agent, such as sender, recipient, subject, size, action, etc. You can use the command mailq to view the current mail queue and the command maild -d to enable debug mode for the Mail Transfer Agent.

Reference: [Mail Transfer Agent]

The action that is not supported in UserCheck objects is Reject. UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users and display messages or requests on their browsers. The supported actions in UserCheck objects are Ask, Inform, Block, and Continue. The Ask action prompts the user to confirm or cancel an action. The Inform action notifies the user about an event or a policy. The Block action prevents the user from accessing a resource or performing an action. The Continue action allows the user to access a resource or perform an action after displaying a message.

Reference: [UserCheck]