CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 611:

  An administrator wishes to enable Identity Awareness on the Check Point firewalls. However, they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?

  A. AD Query

  B. Terminal Servers Agent

  C. Identity Agents

  D. Browser-Based Authentication

  Correct Answer: D

  Browser-Based Authentication is an identity awareness method that enables you to identify users who are not authenticated by other methods, such as Active Directory or VPN. Browser-Based Authentication redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity. Browser-Based Authentication is suitable for scenarios where users can use company issued or personal laptops, since it does not require any installation or configuration on the user's device. It also supports various operating systems and browsers, and can be customized to match the company's branding. The references are: Check Point R81 Identity Awareness Administration Guide, page 9 Configuring Browser-Based Authentication in SmartConsole Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 13

• Question 612:

  What object type would you use to grant network access to an LDAP user group?

  A. Access Role

  B. Group Template

  C. SmartDirectory Group

  D. User Group

  Correct Answer: A

• Question 613:

  At what point is the Internal Certificate Authority (ICA) created?

  A. Upon creation of a certificate.

  B. During the primary Security Management Server installation process.

  C. When an administrator decides to create one.

  D. When an administrator initially logs into SmartConsole.

  Correct Answer: B

  The Internal Certificate Authority (ICA) is created during the primary Security Management Server installation process. The ICA is responsible for issuing and managing certificates for all Check Point components in the network. The ICA is automatically installed as an integral part of the Security Management Server and can be managed from SmartConsole. References: R81 Security Management Administration Guide, page 113.

• Question 614:

  How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?

  A. By dropping traffic from websites identified through ThreatCloud Verification and URL Caching

  B. By dropping traffic that is not proven to be from clean websites in the URL Filtering blade

  C. By allowing traffic from websites that are known to run Antivirus Software on servers regularly

  D. By matching logs against ThreatCloud information about the reputation of the website

  Correct Answer: D

  The Anti-Virus feature of the Threat Prevention policy blocks traffic from infected websites by matching logs against ThreatCloud information about the reputation of the website. ThreatCloud is a collaborative network that collects and analyzes threat data from millions of sources worldwide. It assigns a reputation score to each website based on its malicious activity and behavior. If a website has a low reputation score, it is considered infected and blocked by the Anti-Virus blade. References: Training and Certification | Check Point Software, CCSE section

• Question 615:

  What a valid SecureXL paths in R81.20?

  A. F2F (Slow path). Templated Path. PQX and F2V

  B. F2F (Slow path). PXL, QXL and F2V

  C. F2F (Slow path), Accelerated Path, PQX and F2V

  D. F2F (Slow path), Accelerated Path, Medium Path and F2V

  Correct Answer: D

  The valid SecureXL paths in R81.20 are F2F (Slow path), Accelerated Path, Medium Path and F2V1. SecureXL is a technology that accelerates the performance of the Security Gateway by offloading CPU-intensive operations to the

  SecureXL device2. SecureXL uses different paths to process packets, depending on the type and state of the connection3. The SecureXL paths are3:

  F2F (Slow path): This path handles packets that require a full inspection by the Firewall kernel. It is the slowest path, but it supports all features and blades. Examples of packets that use this path are packets that belong to a new connection,

  packets that match a rule with UTM blades, or packets that require address translation.

  Accelerated Path: This path handles packets that belong to an established connection that does not require any further inspection by the Firewall kernel. It is the fastest path, but it supports only a limited set of features and blades. Examples

  of packets that use this path are packets that match an accept rule with no UTM blades, or packets that match a rule with SecureXL acceleration enabled. Medium Path: This path handles packets that belong to an established connection that

  requires some inspection by the Firewall kernel, but not a full inspection. It is faster than the F2F path, but slower than the Accelerated path. It supports more features and blades than the Accelerated path, but less than the F2F path.

  Examples of packets that use this path are packets that match a rule with IPS or Anti-Bot blades, or packets that require NAT templates. F2V: This path handles packets that are encapsulated or decapsulated by the VPN kernel. It is faster

  than the F2F path, but slower than the Accelerated path. It supports VPN features such as encryption, decryption, encapsulation, and decapsulation. References: R81.x Security Gateway Architecture (Logical Packet Flow) - Check Point CheckMates, SecureXL Mechanism in R80.10 and above - Check Point Software, SecureXL - Check Point Software

• Question 616:

  Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?

  A. UserCheck

  B. Active Directory Query

  C. Account Unit Query

  D. User Directory Query

  Correct Answer: B

  Active Directory Query is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers by querying domain controllers for security event logs. The Security Gateway sends a WMI query to each domain controller and receives a WMI event when a user logs in, logs out, or unlocks their computer. The Security Gateway then maps IP addresses to user names based on these events. Active Directory Query does not require any software installation on domain controllers or clients, but it requires certain permissions and configurations on the domain controllers Reference : https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htm

• Question 617:

  What traffic does the Anti-bot feature block?

  A. Command and Control traffic from hosts that have been identified as infected

  B. Command and Control traffic to servers with reputation for hosting malware

  C. Network traffic that is directed to unknown or malicious servers

  D. Network traffic to hosts that have been identified as infected

  Correct Answer: A

  The traffic that the Anti-bot feature blocks is command and control traffic from hosts that have been identified as infected. Anti-bot is a blade that detects and prevents botnet attacks by using a cloud-based service that provides up-to-date threat intelligence. When Anti-bot detects a host that is communicating with a malicious command and control server, it blocks the traffic and generates an alert. The other options are not the types of traffic that Anti-bot blocks. References: Check Point Software, Getting Started, Anti-Bot.