Checkpoint 156-315.81 Practice Test - Questions Answers, Page 62

The verified answer is B) Automatic proxy ARP configuration can be enabled.

Proxy ARP is a feature that allows a gateway to respond to ARP requests on behalf of another IP address that is not on the same network segment. Proxy ARP is required for manual NAT rules when the NATed IP addresses are not routed to the gateway1.

By default, proxy ARP for manual NAT rules has to be configured manually by editing the local.arp file or using the CLISH commands on the gateway2. However, since R80.10, there is an option to enable automatic proxy ARP configuration for manual NAT rules by modifying the files $CPDIR/tmp/.CPprofile.sh and $CPDIR/tmp/.CPprofile.csh on the gateway3.

fw ctl proxy is a command that displays the proxy ARP table on the gateway, but it does not configure proxy ARP4.

Translate Destination on Client Side is a NAT option that determines whether the destination IP address is translated before or after the routing decision. It does not affect proxy ARP.

Configuring Proxy ARP for Manual NAT - Check Point Software1

R80.10: Automatic Proxy ARP with Manual NAT rules - checkpoint<dot>engineer2

Automatic creation of Proxy ARP for Manual NAT rules on Security Gateway R80.103

fw ctl proxy - Check Point Software

NAT Properties - Check Point Software

The Threat Prevention software components available on the Check Point Security Gateway are IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction. These components provide comprehensive protection against various types of cyber threats, such as network attacks, malware, ransomware, phishing, zero-day exploits, data leakage, and more. IPS is a network security component that detects and prevents malicious traffic based on signatures, behavioral patterns, and anomaly detection. Anti-Bot is a network security component that detects and blocks botnet communications and command-and-control servers. Anti-Virus is a network security component that scans files for known viruses, worms, and trojans. Threat Emulation is a network security component that emulates files in a sandbox environment to detect unknown malware and prevent zero-day attacks. Threat Extraction is a network security component that removes malicious content from files and delivers clean files to users.

Reference: [Check Point R81 Threat Prevention Administration Guide], page 9-10

Management Data Plane Separation (MDPS) is a feature that allows the separation of the management plane and the data plane on a Security Gateway or a cluster. The management plane is responsible for accessing, provisioning and monitoring the Security Gateway, while the data plane is responsible for all other network traffic and processing.Each network environment is independent and includes interfaces, routes, sockets, and processes1.

Reference:Check Point R81 Administration Guide

In order for changes made to policy to be enforced by a Security Gateway, an administrator must perform the action of installing policy. Installing policy is the process of transferring the policy package from the Security Management Server to the Security Gateway. Publishing changes is the process of saving changes to the database and making them available to other administrators.Saving changes is the process of saving changes to a session without publishing them2.

Reference:Check Point R81 Security Management Guide

The Check Point installation history feature provides the following:

Policy Installation Date: The date and time when the policy was installed on the Security Gateway.

View install changes: The ability to view the differences between two policy versions that were installed on the Security Gateway.

Install specific version: The ability to install a specific policy version from the installation history on the Security Gateway3.

Reference:Check Point R81 SmartConsole Guide

Rugged appliances are small appliances with ruggedized hardware that are designed for harsh environments. Like Quantum Spark appliances, they use Gaia embedded as their operating system. Gaia embedded is a lightweight version of Gaia that supports a subset of features and commands.

Reference: [Check Point R81 Gaia Embedded Administration Guide]

The biggest benefit of policy layers is that they enable flexible control over the security policy. Policy layers and sub-policies allow administrators to break one policy into several virtual policies, each with its own set of rules and actions. Policy layers can be ordered, shared, and reused across different policies. Policy layers can also include Threat Prevention as a sub-policy for the firewall policy.

Reference: [Check Point R81 Security Management Guide]

The correct answer is C) CPM (19009), CPMI (18190) https (443).

SmartConsole is a client application that connects to the Security Management Server to manage and configure the security policy and objects. SmartConsole uses three ports to communicate with the Security Management Server1:

CPM (19009): This port is used for the communication between the SmartConsole client and the Check Point Management (CPM) process on the Security Management Server. The CPM process handles the database operations and the policy installation.

CPMI (18190): This port is used for the communication between the SmartConsole client and the Check Point Management Interface (CPMI) process on the Security Management Server. The CPMI process handles the authentication and encryption of the SmartConsole sessions.

https (443): This port is used for the communication between the SmartConsole client and the web server on the Security Management Server. The web server provides the SmartConsole GUI and the SmartConsole extensions.

The other options are incorrect because they either include ports that are not used by SmartConsole or omit ports that are used by SmartConsole.

SmartConsole R81.20 - Check Point Software1

According to the Check Point R81.20 documentation, the central deployment feature allows you to install up to 10 packages simultaneously on multiple gateways1.

Reference

1:Check Point R81.20 Administration Guide, page 35.