Checkpoint 156-315.81 Practice Test - Questions Answers, Page 34

The default shell of Gaia CLI is clish. Clish stands for Command Line Interface Shell and it is a restrictive shell that controls the number of commands available in the CLI. Clish provides a user-friendly interface that supports command completion, history, and help functions. Clish also supports role-based administration, which means that different users can have different levels of access to Gaia features and commands based on their roles.

The correct way to enable Identity Captive Portal for a specific rule is to right click Accept in the rule, select ''More'', and then check 'Enable Identity Captive Portal'. This will allow guest users to see the splash page and accept the Terms of Service before accessing the Internet. Identity Captive Portal is a feature that enables identity awareness for guest users who are not authenticated by other methods, such as Active Directory or Identity Agent. Identity Captive Portal can be enabled globally or per rule, depending on the security policy requirements.

A new license should be generated and installed in all of the following situations except when the IP address of the Security Management or Security Gateway has changed. This is because Check Point licenses are not bound to IP addresses, but to other parameters such as MAC addresses, CPU IDs, or hostnames. Therefore, changing the IP address of a licensed machine does not affect the validity of the license. However, changing other parameters, such as replacing a network card or renaming a machine, may require a new license. Additionally, when the existing license expires or the license is upgraded to a higher level or a different package, a new license is needed.

The Check Point software blade that provides protection from zero-day and undiscovered threats is Threat Emulation. Threat Emulation is a sandboxing technology that inspects files for malicious behavior in a virtual environment before they reach the end user. Threat Emulation can detect and block malware that tries to evade traditional signature-based solutions by using unknown or obfuscated techniques. Threat Emulation can also generate forensic reports and provide actionable intelligence on the malware origin and behavior.

The only way to make objects locked for editing available for other administrators is to publish or discard the session that contains the changes. Publishing the session will save and share the changes with other administrators, while discarding the session will undo and discard the changes. Saving the session will only save the changes locally, but not share them with others or release the locks. Reverting the session will restore a previous version of the session, but not affect the locks. Saving and installing the policy will only install the policy on the gateways, but not share or discard the changes in SmartConsole. Deleting older versions of database will only free up disk space, but not affect the locks.

A central license requires an administrator to designate a gateway for attachment whereas a local license is automatically attached to a Security Gateway. A central license is managed by a Security Management Server or a Multi-Domain Security Management Server and can be attached to any gateway that is managed by that server. A local license is managed by a local license server on each gateway and cannot be moved to another gateway. Central licenses are more flexible and scalable than local licenses, as they can be easily transferred between gateways without generating new licenses.

When two Security Gateways are managed by the same Security Management Server, they use certificate based authentication to establish a VPN tunnel. This is because the Security Management Server acts as an internal certificate authority (ICA) that can issue and revoke certificates for the Security Gateways. The Security Management Server also maintains a trust relationship with the Security Gateways, which is based on a one-time password (OTP) that is used to initialize secure internal communication (SIC). Therefore, there is no need to use a pre-shared secret for authentication between two Security Gateways managed by the same SMS.

Authentication rules are defined for user groups, not individual users or all users in the database. Authentication rules allow you to control which user groups can access specific resources or services through the Security Gateway. You can define different authentication methods and schemes for different user groups, such as Check Point Password, OS Password, RADIUS, TACACS, SecurID, LDAP, or Certificate. You can also define different session timeouts and source restrictions for different user groups. Authentication rules are processed before the network access rules in the rule base.

Communication between different Check Point components is secured by using SIC, which stands for secure internal communication. SIC is a certificate-based channel that uses standards-based TLS 1.2 for creating secure connections and AES128 for encryption. SIC ensures that only authorized components can communicate with each other and that the communication is protected from eavesdropping and tampering. SIC is established by using a one-time password (OTP) that is generated when a Check Point component is created or installed. The OTP is used to initialize the trust relationship between the component and the Security Management Server, which acts as an internal certificate authority (ICA) that issues and revokes certificates for the components.