Last Updated on September 23, 2021 by Admin 3
156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 02
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret, the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?
- IPsec VPN blade should be enabled on both Security Gateway.
- Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
- Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
- The Security Gateways are pre-R75.40.
You are the senior Firewall administrator for Alpha Corp, and have recently returned from a training course on Check Point’s new advanced R80 management platform. You are presenting an in-house overview of the new features of Check Point R80 Management to the other administrators in Alpha Corp.
How will you describe the new “Publish” button in R80 Management Console?
- The Publish button takes any changes an administrator has made in their management session, publishes a copy to the Check Point Cloud of R80, and then saves it to the R80 database.
- The Publish button takes any changes an administrator has made in their management session and publishes a copy to the Check Point Cloud of R80 and but does not save it to the R80 database.
- The Publish button saves any changes an administrator has made in their management session. After saving to the database, any changes are now visible to all other administrator sessions.
- The Publish button saves any changes an administrator has made in their management session. After saving to the database, any changes are now visible to any new Unified Policy sessions.
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
- High Availability
- Load Sharing Multicast
- Load Sharing Pivot
ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluster.
With the User Directory Software Blade, you can create R80 user definitions on a(an) ___________ Server.
- NT domain
Which of the following is NOT a component of a Distinguished Name?
- Organizational Unit
- Common Name
- User container
Distinguished Name Components
CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name
What are the three authentication methods for SIC?
- Passwords, Users, and standards-based SSL for the creation of secure channels
- Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption
- Packet Filtering, certificates, and 3DES or AES128 for encryption
- Certificates, Passwords, and Tokens
Secure Internal Communication (SIC)
Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between gateways, management servers and other Check Point components. SIC is required to install polices on gateways and to send logs between gateways and management servers.
These security measures make sure of the safety of SIC:
– Certificates for authentication
– Standards-based SSL for the creation of the secure channel
– 3DES for encryption
You have enabled “Extended Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
- Logging has disk space issues.
- Content Awareness is not enabled.
- Identity Awareness is not enabled.
- Log Trimming is enabled.
The most likely reason for the logs data to stop is the low disk space on the logging device, which can be the Management Server or the Gateway Server.
What is the order of NAT priorities?
- Static NAT, IP pool NAT, hide NAT
- IP pool NAT, static NAT, hide NAT
- Static NAT, automatic NAT, hide NAT
- Static NAT, hide NAT, IP pool NAT
The order of NAT priorities is:
1. Static NAT
2. IP Pool NAT
3. Hide NAT
Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority than the other NAT methods.
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
- Active Directory Query
- Account Unit Query
- User Directory Query
AD Query extracts user and computer identity information from the Active Directory Security Event Logs. The system generates a Security Event log entry when a user or computer accesses a network resource. For example, this occurs when a user logs in, unlocks a screen, or accesses a network drive.
Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server Operating System. He can do this via WebUI or via CLI. Which command should he use in CLI?
- remove database lock
- The database feature has one command: lock database override.
- override database lock
- The database feature has two commands: lock database override and unlock database. Both will work.
Use the database feature to obtain the configuration lock. The database feature has two commands:
lock database [override].
The commands do the same thing: obtain the configuration lock from another administrator.
Examine the following Rule Base.
What can we infer about the recent changes made to the Rule Base?
- Rule 7 was created by the ‘admin’ administrator in the current session
- 8 changes have been made by administrators since the last policy installation
- Te rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator
- Rule 1 and object webserver are locked by another administrator
On top of the print screen there is a number “8” which consists for the number of changes made and not saved.
Session Management Toolbar (top of Smart Console)
ALPHA Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes that even though he has logged in as an administrator, he is unable to make any changes because all configuration options are greyed out as shown in the screenshot image below. What is the likely cause for this?
- The Gaia /bin/confd is locked by another administrator from a SmartConsole session.
- The database is locked by another administrator SSH session.
- The Network address of his computer is in the blocked hosts.
- The IP address of his computer is not in the allowed hosts.
There is a lock on top left side of the screen. B is the logical answer.
Administrator Kofi has just made some changes on his Management Server and then clicks on the Publish button in SmartConsole but then gets the error message shown in the screenshot below.
Where can the administrator check for more information on these errors?
- The Log and Monitor section in SmartConsole
- The Validations section in SmartConsole
- The Objects section in SmartConsole
- The Policies section in SmartConsole
The validations pane in SmartConsole shows configuration error messages. Examples of errors are object names that are not unique, and the use of objects that are not valid in the Rule Base.
To publish, you must fix the errors.
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
- Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
- Create a separate Security Policy package for each remote Security Gateway.
- Create network objects that restrict all applicable rules to only certain networks.
- Run separate SmartConsole instances to login and configure each Security Gateway directly.
Harriet wants to protect sensitive information from intentional loss when users browse to a specific URL: https://personal.mymail.com, which blade will she enable to achieve her goal?
- SSL Inspection
- Application Control
- URL Filtering
Check Point revolutionizes DLP by combining technology and processes to move businesses from passive detection to active Data Loss Prevention. Innovative MultiSpect™ data classification combines user, content and process information to make accurate decisions, while UserCheck™ technology empowers users to remediate incidents in real time. Check Point’s self-educating network-based DLP solution frees IT/security personnel from incident handling and educates users on proper data handling policies – protecting sensitive corporate information from both intentional and unintentional loss.
To optimize Rule Base efficiency the most hit rules should be where?
- Removed from the Rule Base.
- Towards the middle of the Rule Base.
- Towards the top of the Rule Base.
- Towards the bottom of the Rule Base.
It is logical that if lesser rules are checked for the matched rule to be found the lesser CPU cycles the device is using. Checkpoint match a session from the first rule on top till the last on the bottom.
Which of the following is NOT a license activation method?
- SmartConsole Wizard
- Online Activation
- License Activation Wizard
- Offline Activation
Which policy type has its own Exceptions section?
- Thread Prevention
- Access Control
- Threat Emulation
- Desktop Security
The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending on necessity
By default, which port does the WebUI listen on?
To configure Security Management Server on Gaia:
– Open a browser to the WebUI: https://<Gaia management IP address>
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
- None, Security Management Server would be installed by itself.
- Security Gateway
There are different deployment scenarios for Check Point software products.
– Standalone Deployment – The Security Management Server and the Security Gateway are installed on the same computer or appliance.