CheckPoint Check Point Certified Security Administrator R81.20 156-215.81 Exam Questions

Answer : B

src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop is the correct log query to show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1. The AND operator means that all conditions must be true for the query to match.The OR operator means that any condition can be true for the query to match3. The other queries will either show packets that are not dropped or packets that have different source or destination addresses.

Answer : C

A Distinguished Name (DN) is a unique identifier for an entry in an LDAP directory. A DN consists of a sequence of relative distinguished names (RDNs) separated by commas. Each RDN is composed of an attribute type and an attribute value, such as cn=John Smith or ou=Sales. A DN can have different components depending on the structure and schema of the LDAP directory, but some common components are: Common Name (cn), Country , Organizational Unit (ou), Organization (o), State or Province (st), and Locality (l).User container is not a component of a DN3. Reference:Check Point R81 Identity Awareness Administration Guide

Answer : C

This answer is correct because these are the two forms of Check Point licenses that are used to activate the software blades on the Security Gateways and the Security Management Servers1.A central license is a license that is attached to a Security Management Server and can be used to manage multiple Security Gateways1.A local license is a license that is attached to a specific Security Gateway and can only be used by that gateway1.

The other answers are not correct because they are either irrelevant or inaccurate options for Check Point licenses forms.Security Gateway and Security Management are not license forms, but software components that provide firewall, VPN, and other security features2.On-premise and Public Cloud are not license forms, but deployment options for Check Point products3. Access Control and Threat Prevention are not license forms, but software blades that provide different security functions.

Check Point License Guide

Check Point Software Blade Quick Licensing Guide

Check Point CloudGuard Network Security

[Check Point Software Blades]

Answer : C

In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, the Monitoring Blade feature needs to be enabled on the Security Gateway. The Monitoring Blade is a software blade that collects and displays network and security performance data from the Security Gateway, such as traffic, throughput, connections, CPU usage, memory usage, etc. The Monitoring Blade can be enabled or disabled on each Security Gateway from the SmartConsole. Reference: [Monitoring Blade], [SmartView Monitor]

Answer : B

Log query results can be exported to Comma Separated Value (csv) file format. CSV is a file format that stores tabular data in plain text. It is compatible with various applications, such as Excel, Google Sheets, etc. The other options are not valid file formats for exporting log query results.

Answer : A

From the Gaia web interface, the operation that CANNOT be performed on a Security Management Server is Verify a Security Policy.This operation can only be done from SmartConsole4. Reference:Check Point R81 SmartConsole Online Help

Answer : C

Endpoint Identity Agent and Browser-Based Authentication are the identity sources that provide the highest level of security for sensitive servers, as they require user authentication and can enforce granular access rules based on user identity.AD Query, Terminal Servers Endpoint Identity Agent, and RADIUS and Account Logon are less secure, as they rely on passive methods of identity acquisition or do not support identity-based access control12.