CheckPoint Check Point Certified Security Administrator R81.20 156-215.81 Exam Practice Test

Answer : C

The position of an implied rule is manipulated in the Global Properties window. Implied rules are predefined rules that are not displayed in the rule base. They allow or block traffic for essential services such as communication with Check Point servers, logging, and VPN traffic.The position of an implied rule can be changed in the Global Properties > Firewall > Implied Rules section56. Reference:How to view Implied Rules in R80.x / R81.x SmartConsole,Implied Rules

Answer : C

To view the policy installation history for each gateway, an administrator would use the Installation history tool1, p. 22.The Installation history tool shows the date and time of each policy installation, the name of the administrator who installed it, and the status of the installation3. Revisions, Gateway installations, and Gateway history are not valid tools in SmartConsole. Reference:Check Point CCSA - R81: Practice Test & Explanation,Check Point SmartConsole R81 Help

Answer : D

Extended Log is a tracking option that enables administrators to see additional information about the traffic that matches a security rule, such as data type, file name, file size, etc. However, to see any data type information, Content Awareness must be enabled on the Security Gateway. Content Awareness is a blade that inspects files based on their type, size, name, and data.Content Awareness is required for Extended Log to work properly3. Reference:Check Point R81 Content Awareness Administration Guide

Answer : A

The three types of UserCheck messages are inform, ask, and block. Inform messages notify users about security events and do not require any user action. Ask messages prompt users to choose whether to allow or block an action.Block messages prevent users from performing an action and display a reason1. Reference:Check Point R81 Logging and Monitoring Administration Guide

Answer : A

The answer is A because Identity Awareness commands are used to support identity sharing between Security Gateways. Policy Decision Point (PDP) is the Security Gateway that collects identities from various sources and shares them with other gateways.Policy Enforcement Point (PEP) is the Security Gateway that enforces the policy based on the identities received from the PDP12Reference:Check Point R81 Identity Awareness Administration Guide,Check Point R81 Security Management Administration Guide

Answer : B

The answer is B because in R80 and above, more than one administrator can login to the Security Management Server with write permission at the same time. Every administrator works in a session that is independent of the other administrators.This is called concurrent administration and it allows multiple administrators to work on the same policy package simultaneously34Reference:Check Point R80.10 Concurrent Administration,Check Point R80.40 Security Management Administration Guide

Answer : B

The answer is B because querying logs now is very fast because the Indexing Engine indexes logs for faster search results. The Indexing Engine is a component of the Smart-1 appliance that creates indexes for log fields and values, such as source, destination, action, and time. The indexes enable quick and efficient searches of large amounts of log data. Reference: [Check Point R81 Logging and Monitoring Administration Guide], [Check Point R81 Indexing Engine]