Pass the Checkpoint CCSA R81 156-215.81 Questions and answers with ExamsMirror

The default layers that are included when creating a new policy layer are Access Control, Threat Prevention, and HTTPS Inspection. Access Control is the layer that defines the basic firewall rules. Threat Prevention is the layer that enables the protection against various types of attacks, such as IPS, Anti-Virus, Anti-Bot, etc. HTTPS Inspection is the layer that allows the inspection of encrypted traffic1. The other options are not the default layers that are included when creating a new policy layer.

While enabling the Identity Awareness blade, the Identity Awareness wizard does not automatically detect the Windows domain because the SmartConsole machine is not part of the domain. The SmartConsole machine needs to be a member of the Windows domain or have access to a domain controller in order to detect the domain automatically2.

References: 2: Check Point R81 Identity Awareness Administration Guide, page 10.

Certificate is the most secure means of authentication among the given options2. A certificate is a digital document that contains information about the identity of a user or a device, and is signed by a trusted authority. A certificate can be used to prove the identity of a user or a device without revealing any sensitive information, such as passwords or tokens. Password, token, and pre-shared secret are less secure means of authentication because they can be easily compromised, stolen, or guessed by attackers. References: Secure User Authentication Methods - freeCodeCamp.org, What is the Most Secure Authentication Method for Your Organization …

 SecureID is the authentication method that requires token authenticator2. SecureID is a two-factor authentication method that uses a hardware or software token to generate a one-time password. The user must enter the token code along with their username and password to authenticate. References: Check Point R81 Identity Awareness Administration Guide

The BEST object type to represent an LDAP group in a Security Policy is an Access Role. An Access Role object defines a set of users, machines, or networks that can access a resource or service1, p. 27. An Access Role object can include LDAP groups as one of its components2, p. 10. References: Check Point CCSA - R81: Practice Test & Explanation, Check Point Identity Awareness Administration Guide R81

The Windows Security Event that will NOT map a username to an IP address in Identity Awareness is Kerberos Ticket Timed Out. This event occurs when a Kerberos ticket expires and is not renewed, which means that the user is no longer active on the network. Identity Awareness does not use this event to map a username to an IP address, as it does not indicate a valid user session. The other events are used by Identity Awareness to map a username to an IP address, as they indicate a successful user authentication or activity on the network.

References: [Kerberos Ticket Expiration and Renewal], [Identity Awareness AD Query]

The Application Layer Firewalls inspect traffic through the Lower layer(s) of the TCP/IP model and up to and including the Application layer. The lower layers are the Physical, Data Link, and Network layers, which deal with the transmission and routing of packets. The Application layer is the highest layer of the TCP/IP model, which provides services and protocols for specific applications such as HTTP, FTP, SMTP, etc. The Application Layer Firewalls can inspect the content and context of the traffic and enforce granular security policies based on various criteria such as user identity, application identity, content type, etc. References: [Check Point R81 Firewall Administration Guide]

 The correct answer is B because after installing a new multicore CPU, the administrator needs to configure CoreXL to make use of the additional cores and reboot the Security Gateway. Installing the Security Policy is not necessary because it does not affect the CoreXL configuration1. References: Check Point R81 Security Management Administration Guide

The key that is created during Phase 2 of a site-to-site VPN is a symmetrical IPSec key3. This key is used to encrypt and decrypt the data that is exchanged between the VPN peers3. The symmetrical IPSec key is derived from the shared secret and the Diffie-Hellman public keys that are exchanged during Phase 13. References: Site to Site VPN in R80.x - Tutorial for Beginners

Two basic rules that Check Point recommends for building an effective security policy are Cleanup Rule and Stealth Rule. A Cleanup Rule is a rule that is placed at the end of the rule base and drops or logs any traffic that does not match any of the previous rules2. A Stealth Rule is a rule that is placed at the top of the rule base and protects the Security Gateway from direct access by unauthorized users3. The other options are not basic rules for building a security policy, but rather types or categories of rules.