CheckPoint 156-215.81 Check Point Certified Security Administrator R81.20 Exam Practice Test

Answer : C

This answer is correct because DES (Data Encryption Standard) is the least secured encryption algorithm among the options given.DES uses a 56-bit key, which is too short and can be easily cracked by brute force attacks1.DES also suffers from other weaknesses, such as weak keys, complementation property, and linear cryptanalysis2.

The other answers are not correct because they are more secured encryption algorithms than DES.3DES (Triple DES) is an improvement over DES that applies DES three times with different keys, resulting in a 168-bit key3. AES-128 and AES-256 are variants of AES (Advanced Encryption Standard) that use 128-bit and 256-bit keys respectively. AES is considered to be the most secure symmetric encryption algorithm and is widely used for data protection.

What is DES encryption, and why was it replaced?

Data Encryption Standard - Wikipedia

What is 3DES encryption?

[What is AES encryption and how does it work?]

Answer : C

This answer is correct because these are the two forms of Check Point licenses that are used to activate the software blades on the Security Gateways and the Security Management Servers1.A central license is a license that is attached to a Security Management Server and can be used to manage multiple Security Gateways1.A local license is a license that is attached to a specific Security Gateway and can only be used by that gateway1.

The other answers are not correct because they are either irrelevant or inaccurate options for Check Point licenses forms.Security Gateway and Security Management are not license forms, but software components that provide firewall, VPN, and other security features2.On-premise and Public Cloud are not license forms, but deployment options for Check Point products3. Access Control and Threat Prevention are not license forms, but software blades that provide different security functions.

Check Point License Guide

Check Point Software Blade Quick Licensing Guide

Check Point CloudGuard Network Security

[Check Point Software Blades]

Answer : D

This answer is correct because a standalone deployment is a valid option for installing a Check Point Security Gateway and a Security Management Server on the same machine1.This option is suitable for small or medium-sized networks that do not require high availability or load balancing1.

The other answers are not correct because they are either invalid or irrelevant options for deployment.CloudSec deployment is not a valid option, but it might be confused with CloudGuard, which is a Check Point solution for securing cloud environments2.Disliked deployment is not a valid option, but it might be a typo for Distributed deployment, which is a valid option for installing a Check Point Security Gateway and a Security Management Server on separate machines1.Router only deployment is not a valid option, but it might be confused with Router mode, which is a configuration option for a Check Point Security Gateway that enables it to act as a router and forward packets between interfaces3.

Gaia R81.20 Administration Guide

CloudGuard Network Security

Configuring Router Mode in Gaia Clish

Answer : A

This answer is correct because these are two valid methods for mutually authenticating the VPN gateways, which means that both sides of the communication verify each other's identity using a shared secret or a public key certificate1.A pre-shared secret is a password or a passphrase that both gateways know and use to encrypt and decrypt the VPN traffic2.A PKI certificate is a digital document that contains the public key and other information that helps identify the gateway, such as the issuer, the subject, and the expiration date3.The certificate is signed by a trusted certificate authority (CA) that vouches for the authenticity of the gateway3.

The other answers are not correct because they either include invalid or irrelevant methods for mutual authentication.PKI certificates and Kerberos tickets are not compatible methods for mutual authentication, because Kerberos tickets are issued by a Kerberos server and not by a CA4.Pre-shared secrets and Kerberos tickets are also not compatible methods for mutual authentication, because they use different protocols and encryption algorithms4.PKI certificates and DynamiciD OTP are not valid methods for mutual authentication, because DynamiciD OTP is a one-time password that is used for user authentication, not for gateway authentication5.

What is mutual authentication? | Two-way authentication

Mutual authentication - AWS Client VPN

VPN authentication options - Windows Security

Mutual Authentication | Top 3 Methods of Mutual Authentication

Authentication methods and features - Microsoft Entra

Answer : C

This answer is correct because thevpn tucommand is used for VPN tunnel management and shows detailed information about VPN tunnels, such as the tunnel ID, peer IP, encryption domain, and status1.This command will bring up a menu for you to choose from, such as list all IPsec SAs, delete all IPsec SAs, or delete IPsec SA for given peer1.

The other answers are not correct because they either show different information or do not exist as commands.Thecat $FWDlR/conf/vpn.confcommand shows the VPN configuration file, which contains the VPN domains, communities, and encryption settings2.Thevpn tu tlistcommand does not exist, but it might be confused with thevpn tunnelutil tlistcommand, which shows the tunnel utilization statistics3.Thecpviewcommand shows the Check Point real-time performance monitoring tool, which displays various system and network parameters, such as CPU, memory, disk, interfaces, and VPN4.

How to use the ''vpn tu'' command for VPN tunnel management

New VPN daemons in R81.10 / R81.20 - Check Point CheckMates

Remote Access VPN R81.20 Administration Guide - Check Point Software

Remote Access VPN R81 Administration Guide - Check Point Software

Answer : D

This answer is correct because these are the software components that are used by the pre-defined Autonomous Threat Prevention Profiles in R81.20 and higher1.These profiles provide zero-maintenance protection from zero-day threats and continuously and autonomously ensure that your protection is up-to-date with the latest cyber threats and prevention technologies2.

The other answers are not correct because they either include software components that are not part of the Autonomous Threat Prevention Profiles, such as Sandbox, ThreatCloud, Zero Phishing, Sanitization, C&C Protection, JPS, File and URL Reputation, or they omit some of the software components that are part of the Autonomous Threat Prevention Profiles, such as Anti-Bot, Anti-Virus, and Macro Extraction.

Autonomous Threat Prevention Management - Check Point Software

Check Point Quantum R81.20 (Titan) Release

Threat Prevention R81.20 Best Practices - Check Point Software

Check Point R81

Answer : B

Aggressive Mode in IKEv1 usesthree packetsfor negotiation, with all data required for the SA passed by the initiator1. The responder sends the proposal, key material, and ID, and authenticates the session in the next packet.The initiator replies and authenticates the session1.

The other answers are not correct because they either refer to the Main Mode in IKEv1, which uses six packets for negotiation2, or they are irrelevant to the number of packets used in Aggressive Mode.

Understand IPsec IKEv1 Protocol - Cisco

Negotiation modes for phase 1 - IBM

FAQ-What are the differences between IKEv1 and IKEv2- Huawei