Free Practice Questions for Checkpoint 156-215.81 Exam

The correct answer is B because Threat Extraction always delivers a file and takes less than a second to complete2. Threat Extraction removes exploitable content from files and delivers a clean and safe file to the user2. Threat Emulation analyzes files in a sandbox environment and delivers a verdict of malicious or benign2. Threat Emulation can take more than 3 minutes to complete depending on the file size and complexity2. References: Check Point R81 Threat Prevention Administration Guide

 If AdminB sees a lock icon on a rule, it means that the rule is locked by AdminA and will be made available if the session is published. A session is a set of changes made by an administrator in SmartConsole. A session can be published to save and share the changes with other administrators, or discarded to cancel the changes and unlock the objects1.

References: 1: Check Point R81 Security Management Administration Guide, page 18.

An Endpoint identity agent uses a username/password or Kerberos ticket for user authentication3, p. 28. An Endpoint identity agent is a lightweight client installed on endpoint computers that communicates with Identity Awareness gateways and provides reliable identity information. An Endpoint identity agent does not use a shared secret, a token, or a certificate for user authentication. References: Check Point CCSA - R81: Practice Test & Explanation, [Check Point Identity Awareness Administration Guide R81]

The two Identity Awareness daemons that are used to support identity sharing are Policy Decision Point (PDP) and Policy Enforcement Point (PEP). PDP is a daemon that runs on the Security Management Server or a dedicated Identity Awareness Server and provides identity information to other components. PEP is a daemon that runs on the Security Gateway and enforces identity-based rules based on the information received from the PDP. Identity sharing is a feature that allows PDPs and PEPs to exchange identity information across different domains or networks. References: [Check Point R81 Identity Awareness Administration Guide]

 Check Point technologies that deny or permit network traffic are packet filtering, stateful inspection, and application layer firewall1, p. 15-16. Packet filtering is a basic firewall technique that examines packets based on their source and destination addresses and ports2, p. 13. Stateful inspection is an advanced firewall technique that tracks the state and context of network connections and inspects packets based on their content and sequence2, p. 13. Application layer firewall is a firewall technique that operates at the application layer of the OSI model and inspects packets based on their application protocols and data2, p. 14. References: Check Point CCSA - R81: Practice Test & Explanation, 156-315.81 Checkpoint Exam Info and Free Practice Test

 Authentication rules are defined for user groups rather than individual users1. To define authentication rules, you must first define users and groups. You can define users with the Check Point user database, or with an external server, such as LDAP1. UserCheck is a feature that enables user interaction with security events2. Individual users and all users in the database are not valid options for defining authentication rules. References: How to Configure Client Authentication, UserCheck

CPUSE - Check Point Upgrade Service Engine is the tool that allows for the automatic updating of the Gaia OS and Check Point products installed on the Gaia OS. CPUSE is a web-based tool that simplifies the installation of software updates, hotfixes, and upgrade packages on Gaia OS2. The other options are not valid tools for updating Gaia OS and Check Point products.

A Check Point Software license consists of two components, the Software Blade and the Software Container. There are three types of Software Containers: Security Management, Security Gateway, and Endpoint Security1. A Software Blade is a specific security function that can be enabled or disabled on a Software Container. A Software Container is a platform that runs one or more Software Blades. Security Management is a container that manages the security policy and configuration of Security Gateways. Security Gateway is a container that enforces the security policy on network traffic. Endpoint Security is a container that protects endpoints from threats and data loss. References: Check Point Licensing and Contract Operations User Guide

 In Office mode, a Security Gateway assigns a remote client to an IP address once the user connects and authenticates. Office mode allows a remote client to get an IP address from the internal network of the organization. The IP address is assigned during the IKE negotiation, after the user has successfully authenticated with the Security Gateway3. The other options are not correct timings for assigning an IP address in Office mode. References: Office Mode