Checkpoint 156-315.81 Practice Test - Questions Answers, Page 56

The SmartEvent component that is responsible to collect the logs from different Log Servers is the SmartEvent Correlation Unit. The SmartEvent Correlation Unit is a daemon that runs on the SmartEvent Server and receives logs from one or more Log Servers.The SmartEvent Correlation Unit analyzes the logs and generates correlated events according to the SmartEvent policy2.

Reference:Check Point R81 SmartEvent Administration Guide

The correct Check Point command to verify that the installed tools on the new target security management machine are able to handle the R81.20 release is$FWDIR/scripts/migrate_server print_installed_tools -v R81.20. This command will print the list of installed migration tools and their versions, and check if they match the specified version (R81.20 in this case).If the tools are not installed or do not match, the command will print an error message3.

Reference:Check Point R81 Installation and Upgrade Guide

The valid authentication methods for mutual authenticating the VPN gateways are Pre-shared Secret and PKI Certificates. Pre-shared Secret is a method that uses a secret key that is known only to the two VPN gateways. PKI Certificates is a method that uses digital certificates that are issued by a trusted Certificate Authority (CA) and contain the public key of each VPN gateway. Both methods ensure that the VPN gateways can verify each other's identity before establishing a secure VPN tunnel.

Reference: [Check Point R81 VPN Administration Guide]

The header name-value that has to be in the HTTP Post request after the login when using Web Services to access the API is X-chkp-sid Session Unique Identifier. This header contains the session ID that is returned by the login command and identifies the session for subsequent API commands. The session ID is valid for a limited time and can be extended by using keepalive or logout commands.

Reference: [Check Point R81 Management API Reference Guide]

On R81.20, when configuring Third-Party devices to read the logs using the LEA (Log Export API), the default Log Server uses port18184. This port can be changed using thelea_servercommand in expert mode. The other ports are either not related to LEA, or used for different purposes, such as 18210 for CPMI, 257 for FW1_log, and 18191 for SIC.

Reference: [Check Point R81 Logging and Monitoring Administration Guide], [Check Point Ports Used for Communication by Various Check Point Modules]

The verified answer is C. Identity Awareness.

Identity Awareness is the Check Point software blade that provides detailed visibility of users, groups, and machines, while also providing application and access control through the creation of accurate, identity-based policies1. Identity Awareness allows you to easily configure network access and auditing based on three items: network location, the identity of a user and the identity of a machine1. Identity Awareness integrates with multiple identity sources, such as Microsoft Active Directory, Cisco Identity Services Engine, and RADIUS Accounting23.

Application Control is the Check Point software blade that enables network administrators to identify and control thousands of applications and widgets, and millions of websites, based on categories, risk, and characteristics.

Firewall is the Check Point software blade that provides stateful inspection and enforcement of network traffic, and protects against network and application-level attacks.

URL Filtering is the Check Point software blade that enables secure web access by blocking access to malicious and inappropriate websites, and enforcing compliance with corporate policies.

Identity Awareness - Check Point Software1

Check Point Integrated Security Architecture - Check Point Software2

Cisco Identity Services Engine and Check Point Integration3

Application Control - Check Point Software

Firewall - Check Point Software

URL Filtering - Check Point Software

From SecureXL perspective, the three paths of traffic flow are Firewall Path, Accelerated Path, and Medium Path. Firewall Path is the path that handles packets that are not processed by SecureXL and are sent to the Firewall kernel for inspection. Accelerated Path is the path that handles packets that are processed by SecureXL and bypass the Firewall kernel.Medium Path is the path that handles packets that are partially processed by SecureXL and partially by the Firewall kernel1.

Reference:Check Point R81 Performance Tuning Administration Guide

Using fw monitor, the inspection point notation E and i means that E shows the packet after the VPN encryption, and i shows the packet before the inbound firewall VM. E (for example, eth4:E) is the Post-Outbound inspection point, which captures packets after they are encrypted by VPN Outbound.i (for example, eth4:i) is the Pre-Inbound inspection point, which captures packets before they are inspected by the in-bound FireWall VM2.

Reference:Check Point R81 CLI Reference Guide