Checkpoint 156-315.81 Practice Test - Questions Answers, Page 55

The ''unknown'' SIC status shown on SmartConsole means that there is no connection between the Security Gateway and Security Management Server. SIC stands for Secure Internal Communication, which is a mechanism that ensures secure communication between Check Point components using certificates and encryption. SIC status can be one of the following: Trust established, Trust expired, Uninitialized, or Unknown. Trust established means that SIC is working properly and the components can communicate securely. Trust expired means that the SIC certificate has expired and needs to be renewed. Uninitialized means that SIC has not been configured yet and needs to be initialized with an activation key. Unknown means that the Security Management Server cannot reach the Security Gateway or vice versa, and therefore cannot verify the SIC status. This could be due to network issues, firewall rules, routing problems, or other causes that prevent connectivity between the components.

Reference:Check Point R81 Security Management Administration Guide, page 32-33

Gaia has two default user accounts that cannot be deleted: Admin and Monitor. Admin is a superuser account that has full access to all Gaia features and commands. Monitor is a read-only account that can view Gaia configuration and status but cannot make any changes. Both accounts have predefined passwords that can be changed by the Admin user.

Reference: [Check Point R81 Gaia Administration Guide], page 29

SRC: GAIA R81.20 Administration Guide User Management -> Users These users are created by default and cannot be deleted: admin and monitor

In a Standalone deployment, a Check Point computer runs both the Security Gateway and Security Management Server products. This means that the same appliance performs both network security functions and security policy management functions. A Standalone deployment is suitable for small or branch offices that do not require a separate management server.

Reference:Check Point R81 Installation and Upgrade Guide, page 10

Proxy ARP is a technique that allows a device to respond to ARP requests on behalf of another IP address. Proxy ARP is required for Manual Static NAT when the translated IP address does not belong to one of the firewall's interfaces. This is because the firewall needs to intercept the packets destined to the translated IP address and forward them to the original IP address after applying the NAT rule. Without Proxy ARP, the packets would not reach the firewall and the NAT would not work. Proxy ARP is not required for Automatic Static NAT or Automatic Hide NAT, because these types of NAT use IP addresses that belong to the firewall's interfaces. Proxy ARP is also not required for Manual Hide NAT, because this type of NAT does not change the destination IP address of the packets, only the source IP address.

Reference:Check Point R81 Security Management Administration Guide, page 115

Central Licensing is the preferred and recommended method of licensing because it simplifies the license management process and reduces the risk of license issues. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes. This means that you can easily add, remove, or replace gateways without affecting your license status. Central Licensing also allows you to view and manage all your licenses from one central location using SmartConsole or SmartUpdate. Central Licensing is supported with Gaia and is not the only option when deploying Gaia. Central Licensing does not tie to the IP address of a gateway and cannot be changed to any gateway if needed.

Reference:Check Point R81 Licensing and Contract Administration Guide, page 7

The command switch to specify the Gaia API context ismgmt_cli --context gaia_api <Command>. This switch allows the user to execute Gaia OS commands through the management API.The Gaia API context is different from the default management API context, which is used to execute commands related to the security policy and objects1.

Reference:Check Point R81 Management API Reference Guide

The main objective when using Application Control is to ensure security and privacy of information. Application Control is a blade that enables administrators to control access to web applications and web sites based on categories, users, groups, machines, and time.Application Control can also block or limit usage of applications that pose security risks or consume excessive bandwidth2.

Reference:Check Point R81 Application Control Administration Guide

The correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster (MVC) Upgrade are:

In SmartConsole, change the version of the cluster object to R81.20.

Upgrade the passive node M2 to R81.20 using CPUSE or CLI.

Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 using the commandcphaconf mvc on.

Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails by selectingContinue installing on other Gatewaysin thePolicy Installation Settingsdialog box.

After examining the cluster states usingcphaprob statand verifying that both members are synchronized, upgrade node M1 to R81.20 using CPUSE or CLI.

On each Cluster Member, disable the MVC mechanism using the commandcphaconf mvc offand Install the Access Control Policy3.

The two Identity Awareness daemons that are used to support identity sharing are Policy Decision Point (PDP) and Policy Enforcement Point (PEP). PDP is a daemon that runs on Security Gateways that acquire identities from various sources, such as AD Query, Identity Agent, Captive Portal, etc. PEP is a daemon that runs on Security Gateways that enforce the security policy based on identities received from PDPs. Identity sharing is a feature that allows PDPs to share identities with other PDPs or PEPs in different gateways or domains.

Reference: [Check Point R81 Identity Awareness Administration Guide]