156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 09
-
A(n) _____ rule is created by an administrator and is located before the first and before last rules in the Rule Base.
- Firewall drop
- Explicit
- Implicit accept
- Implicit drop
- Implied
Explanation:
This is the order that rules are enforced:
1. First Implied Rule: You cannot edit or delete this rule and no explicit rules can be placed before it.
2. Explicit Rules: These are rules that you create.
3. Before Last Implied Rules: These implied rules are applied before the last explicit rule.
4. Last Explicit Rule: We recommend that you use the Cleanup rule as the last explicit rule.
5. Last Implied Rules: Implied rules that are configured as Last in Global Properties.
6. Implied Drop Rule: Drops all packets without logging -
The IPS policy for pre-R80 gateways is installed during the _______ .
- Firewall policy install
- Threat Prevention policy install
- Anti-bot policy install
- Access Control policy install
-
RADIUS Accounting gets ______ data from requests generated by the accounting client
- Destination
- Identity
- Payload
- Location
Explanation:How RADIUS Accounting Works with Identity Awareness
RADIUS Accounting gets identity data from RADIUS Accounting Requests generated by the RADIUS accounting client. -
The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows them as prioritized security events.
- SmartMonitor
- SmartView Web Application
- SmartReporter
- SmartTracker
Explanation:Event Analysis with SmartEvent
The SmartEvent Software Blade is a unified security event management and analysis solution that delivers real-time, graphical threat management information. SmartConsole, SmartView Web Application, and the SmartEvent GUI client consolidate billions of logs and show them as prioritized security events so you can immediately respond to security incidents, and do the necessary actions to prevent more attacks. You can customize the views to monitor the events that are most important to you. You can move from a high level view to detailed forensic analysis in a few clicks. With the free-text search and suggestions, you can quickly run data analysis and identify critical security events. -
Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?
- Firewall
- Identity Awareness
- Application Control
- URL Filtering
Explanation:Check Point Identity Awareness Software Blade provides granular visibility of users, groups and machines, providing unmatched application and access control through the creation of accurate, identity-based policies. Centralized management and monitoring allows for policies to be managed from a single, unified console.
-
How many users can have read/write access in Gaia Operating System at one time?
- Infinite
- One
- Three
- Two
-
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?
- She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
- She needs to run sysconfig and restart the SSH process.
- She needs to edit /etc/scpusers and add the Standard Mode account.
- She needs to run cpconfig to enable the ability to SCP files.
-
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join’s desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?
- John should install the identity Awareness Agent
- The firewall admin should install the Security Policy
- John should lock and unlock the computer
- Investigate this as a network connectivity issue
-
Which feature in R77 permits blocking specific IP addresses for a specified time period?
- Suspicious Activity Monitoring
- HTTP Methods
- Local Interface Spoofing
- Block Port Overflow
-
MyCorp has the following NAT rules. You need to disable the NAT function when Alpha-internal networks try to reach the Google DNS (8.8.8.8) server.
What can you do in this case?
- Use manual NAT rule to make an exception
- Use the NAT settings in the Global Properties
- Disable NAT inside the VPN community
- Use network exception in the Alpha-internal network object
-
What is the potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?
- degrades performance as the Security Policy grows in size
- requires additional Check Point appliances
- requires additional software subscription
- increases cost
-
Which of the following statements accurately describes the command snapshot?
- snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway.
- snapshot creates a Security Management Server full system-level backup on any OS
- snapshot stores only the system-configuration settings on the Gateway
- A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server
-
The Captive Portal tool:
- Acquires identities from unidentified users.
- Is only used for guest user authentication.
- Allows access to users already identified.
- Is deployed from the Identity Awareness page in the Global Properties settings.
-
Where do we need to reset the SIC on a gateway object?
- SmartDashboard > Edit Gateway Object > General Properties > Communication
- SmartUpdate > Edit Security Management Server Object > SIC
- SmartUpdate > Edit Gateway Object > Communication
- SmartDashboard > Edit Security Management Server Object > SIC
-
Anti-Spoofing is typically set up on which object type?
- Security Gateway
- Host
- Security Management object
- Network
-
What happens if the identity of a user is known?
- If the user credentials do not match an Access Role, the system displays the Captive Portal.
- If the user credentials do not match an Access Role, the system displays a sandbox.
- If the user credentials do not match an Access Role, the traffic is automatically dropped.
- If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.
-
Message digests use which of the following?
- DES and RC4
- IDEA and RC4
- SSL and MD4
- SHA-1 and MD5
-
When using LDAP as an authentication method for Identity Awareness, the query:
- Requires client and server side software.
- Prompts the user to enter credentials.
- Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.
- Is transparent, requiring no client or server side software, or client intervention.
-
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?
- The POP3 rule is disabled.
- POP3 is accepted in Global Properties.
- The POP3 rule is hidden.
- POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.
-
What action can be performed from SmartUpdate R77?
-
upgrade_export
-
fw stat -1
-
cpinfo
-
remote_uninstall_verifier
-