Checkpoint 156-315.81 Practice Test - Questions Answers, Page 36

When Identity Awareness is enabled, AD Query and Browser-based Authentication are used as identity sources for Application Control. AD Query allows the Security Gateway to query Active Directory servers for identity information based on IP addresses. Browser-based Authentication allows the Security Gateway to redirect unidentified users to a captive portal where they can authenticate with their credentials. These identity sources provide accurate and up-to-date identity information for Application Control, which can enforce granular policies based on user, group, machine, and domain objects.

Reference:R81 Identity Awareness Administration Guide, page 9.

In R81, more than one administrator can login to the Security Management Server with write permission at the same time. This feature is enabled by default and allows concurrent administration of the security policy. Every administrator works in a session that is independent of the other administrators. Changes made by one administrator are not visible to others until they are published. Administrators can also lock objects to prevent others from editing them until they are unlocked.

Reference:R81 Security Management Administration Guide, page 43.

The utility that allows you to configure the DHCP service on Gaia from the command line is sysconfig. This utility provides a menu-based interface for configuring various system settings, including network interfaces, routing, DNS, NTP, SNMP, SSH, etc. One of the options in sysconfig is DHCP Server Configuration, which allows you to enable or disable the DHCP service, define DHCP scopes, set lease time, etc.

Reference:Gaia Administration Guide R81, page 29.

There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational.

When it re-joins the cluster, it will not become active automatically, since 'maintain current active cluster member' option on the cluster object properties is enabled by default. This option prevents a failback to the original active member after a failover, unless the current active member fails or is manually switched over. This option provides stability and avoids unnecessary failovers.

Reference:R77 ClusterXL Administration Guide, page 23.

DLP and Geo Policy are examples of Shared Policies. Shared Policies are policies that can be applied to multiple gateways or clusters, regardless of their Access Control policy. Shared Policies allow administrators to manage common security settings across different gateways or clusters, such as Data Loss Prevention, Geo Protection, Threat Prevention, HTTPS Inspection, etc.

Reference:R81 Security Management Administration Guide, page 31.

The IPS policy for pre-R81 gateways is installed during the Anti-bot policy install. The Anti-bot policy install includes both Anti-bot and IPS protections for pre-R81 gateways, since they share the same inspection engine. For R81 and above gateways, the IPS policy is installed separately as part of the Threat Prevention policy install, which also includes Anti-virus and Threat Emulation protections.

Reference:R81 Threat Prevention Administration Guide, page 15.

How many users can have read/write access in Gaia at one time? Only one user can have read/write access in Gaia at one time. This is to prevent conflicts and inconsistencies in the configuration changes made by different users. If another user tries to login with read/write access while a user is already logged in, they will receive a warning message and will be given the option to either login with read-only access or force the other user to logout.

Reference: [Gaia Administration Guide R81], page 15.

Which software blade does NOT accompany the Threat Prevention policy? Application Control and URL Filtering software blade does not accompany the Threat Prevention policy. The Threat Prevention policy is a unified policy that includes Anti-virus, IPS, Anti-bot, and Threat Emulation software blades. Application Control and URL Filtering software blade is part of the Access Control policy, which is a separate policy that controls network access based on users, applications, content, and other criteria.

Reference:R81 Security Management Administration Guide, page 29.

Check Point ClusterXL Active/Active deployment is used when there is Load Sharing solution set up. Load Sharing is a ClusterXL mode that allows distributing the network traffic between all cluster members, while still providing high availability in case of failures. Load Sharing can be configured as either Unicast or Multicast, depending on the network topology and switches support.

Reference:R81 ClusterXL Administration Guide, page 9.