156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 07
-
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
- Pentagon
- Combined
- Meshed
- Star
Explanation:VPN communities are based on Star and Mesh topologies. In a Mesh community, there are VPN connections between each Security Gateway. In a Star community, satellites have a VPN connection with the center Security Gateway, but not to each other.
-
________information is included in the “Full Log” tracking option, but is not included in the “Log” tracking option?
- File attributes
- Application
- Destination port
- Data type
Explanation:Tracking Options
Network Log – Generates a log with only basic Firewall information: Source, Destination, Source Port, Destination Port, and Protocol.
Log – Equivalent to the Network Log option, but also includes the application name (for example, Dropbox), and application information (for example, the URL of the Website). This is the default Tracking option.
Full Log – Equivalent to the log option, but also records data for each URL request made.
– If suppression is not selected, it generates a complete log (as defined in pre-R80 management).
– If suppression is selected, it generates an extended log (as defined in pre-R80 management).
None – Do not generate a log. -
In the R80 SmartConsole, on which tab are Permissions and Administrators defined?
- Security Policies
- Logs and Monitor
- Manage and Settings
- Gateway and Servers
-
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
- Full
- Light
- Custom
- Complete
Explanation:Endpoint Identity Agents – dedicated client agents installed on users’ computers that acquire and report identities to the Security Gateway.
-
The Application Layer Firewalls inspect traffic through the ________ layer(s) of the TCP/IP model and up to and including the ________ layer.
- Lower; Application
- First two; Internet
- First two; Transport
- Upper; Application
-
There are two R80.X0 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically?
- No, since “maintain current active cluster member” option on the cluster object properties is enabled by default
- No, since “maintain current active cluster member” option is enabled by default on the Global Properties
- Yes, since “Switch to higher priority cluster member” option on the cluster object properties is enabled by default
- Yes, since “Switch to higher priority cluster member” option is enabled by default on the Global Properties
Explanation:
What Happens When a Security Gateway Recovers?In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are redistributed among all active members. High Availability and Load Sharing in ClusterXL ClusterXL Administration Guide R77 Versions | 31 In a High Availability configuration, when the failed Security Gateway in a cluster recovers, the recovery method depends on the configured cluster setting. The options are:
• Maintain Current Active Security Gateway means that if one member passes on control to a lower priority member, control will be returned to the higher priority member only if the lower priority member fails. This mode is recommended if all members are equally capable of processing traffic, in order to minimize the number of failover events.
• Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher priority member is restored, then control will be returned to the higher priority member. This mode is recommended if one member is better equipped for handling connections, so it will be the default Security Gateway. -
After the initial installation the First Time Configuration Wizard should be run.
- First Time Configuration Wizard can be run from the Unified SmartConsole.
- First Time Configuration Wizard can be run from the command line or from the WebUI.
- First time Configuration Wizard can only be run from the WebUI.
- Connection to the internet is required before running the First Time Configuration wizard.
Explanation:Check Point Security Gateway and Check Point Security Management require running the First Time Configuration Wizard in order to be configured correctly. The First Time Configuration Wizard is available in Gaia Portal and also through CLI.
To invoke the First Time Configuration Wizard through CLI, run the config_system command from the Expert shell. -
In order to modify Security Policies the administrator can use which of the following tools? Choose the BEST answer.
- Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
- SmartConsole and WebUI on the Security Management Server.
- mgmt_cli or WebUI on Security Gateway and SmartConsole on the Security Management Server.
- SmartConsole or mgmt_cli on any computer where SmartConsole is installed.
-
Which of the following is NOT an element of VPN Simplified Mode and VPN Communities?
- “Encrypt” action in the Rule Base
- Permanent Tunnels
- “VPN” column in the Rule Base
- Configuration checkbox “Accept all encrypted traffic”
Explanation:
Migrating from Traditional Mode to Simplified Mode
To migrate from Traditional Mode VPN to Simplified Mode:
1. On the Global Properties > VPN page, select one of these options:
• Simplified mode to all new Firewall Policies
• Traditional or Simplified per new Firewall Policy
2. Click OK.
3. From the R80 SmartConsole Menu, select Manage policies.The Manage Policies window opens.
4. Click New.The New Policy window opens.
5. Give a name to the new policy and select Access Control.In the Security Policy Rule Base, a new column marked VPN shows and the Encrypt option is no longer available in the Action column. You are now working in Simplified Mode.
-
A Check Point software license consists of a _______ and _______ .
- Software container; software package
- Software blade; software container
- Software package; signature
- Signature; software blade
Explanation:Check Point’s licensing is designed to be scalable and modular. To this end, Check Point offers both predefined packages as well as the ability to custom build a solution tailored to the needs of the Network Administrator. This is accomplished by the use of the following license components:
– Software Blades
– Container -
Once a license is activated, a ________ should be installed.
- License Management file
- Security Gateway Contract file
- Service Contract file
- License Contract file
Explanation:Service Contract File
Following the activation of the license, a Service Contract File should be installed. This file contains important information about all subscriptions purchased for a specific device and is installed via SmartUpdate. A detailed explanation of the Service Contract File can be found in sk33089. -
Which policy type is used to enforce bandwidth and traffic control rules?
- Threat Emulation
- Access Control
- QoS
- Threat Prevention
Explanation:Check Point’s QoS Solution
QoS is a policy-based QoS management solution from Check Point Software Technologies Ltd., satisfies your needs for a bandwidth management solution. QoS is a unique, software-only based application that manages traffic end-to-end across networks, by distributing enforcement throughout network hardware and software. -
Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in:
- When Joe logs in, Bob will be logged out automatically.
- Since they both are logged in on different interfaces, they both will be able to make changes.
- The database will be locked by Bob and Joe will not be able to make any changes.
- Bob will receive a prompt that Joe has logged in.
-
When LDAP is integrated with Check Point Security Management, it is then referred to as _______
- UserCheck
- User Directory
- User Administration
- User Center
Explanation:Check Point User Directory integrates LDAP, and other external user management technologies, with the Check Point solution. If you have a large user count, we recommend that you use an external user management database such as LDAP for enhanced Security Management Server performance.
-
Which Check Point software blade provides protection from zero-day and undiscovered threats?
- Firewall
- Threat Emulation
- Application Control
- Threat Extraction
-
Which of the completed statements is NOT true? The WebUI can be used to manage Operating System user accounts and:
- assign privileges to users.
- edit the home directory of the user.
- add users to your Gaia system.
- assign user rights to their home directory in the Security Management Server
Explanation:Users
Use the WebUI and CLI to manage user accounts. You can:
– Add users to your Gaia system.
– Edit the home directory of the user.
– Edit the default shell for a user.
– Give a password to a user.
– Give privileges to users. -
Look at the following screenshot and select the BEST answer.
- Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP.
- Internal clients can upload and download any-files to FTP_Ext-server using FTP.
- Internal clients can upload and download archive-files to FTP_Ext server using FTP.
- Clients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP.
-
A security Policy is created in _________ , stored in the _________ , and Distributed to the various __________ .
- Rule base, Security Management Server, Security Gateways
- SmartConsole, Security Gateway, Security Management Servers
- SmartConsole, Security Management Server, Security Gateways
- The Check Point database, SmartConsole, Security Gateways
-
Look at the screenshot below. What CLISH command provides this output?
- show configuration all
- show confd configuration
- show confd configuration all
- show configuration
Explanation:
-
Which Check Point supported authentication scheme typically requires a user to possess a token?
- TACACS
- SecurID
- Check Point password
- RADIUS
Explanation:SecurID
SecurID requires users to both possess a token authenticator and to supply a PIN or password