Checkpoint 156-215.81 - Check Point Certified Security Administrator R81.20 CCSA (156-215.81.20)

 ThreatWiki is a web-based tool that provides statistics on detected threats, such as attack types, sources, destinations, and severity. It also allows the administrator to search for specific threats and view their details and mitigation methods. The other options are not tools for viewing statistics on detected threats. References: [ThreatWiki], [ThreatWiki - Threat Emulation]

An explicit rule is created by an administrator and configured to allow or block traffic based on specified criteria. Explicit rules are displayed in the Rule Base and can be modified by the administrator. References: Certified Security Administrator (CCSA) R81.20 Course Overview, page 12.

The best sync method in the ClusterXL deployment is to use one dedicated sync interface56. This method provides optimal performance and reliability for synchronization traffic. Using multiple sync interfaces is not recommended as it increases CPU load and does not provide 100% sync redundancy5. Using multiple clusters is not a sync method, but a cluster topology. References: Sync Redundancy in ClusterXL, Best Practice for HA sync interface

 It is possible to have more than one administrator connected to a Security Management Server at once, but objects edited by one administrator will be locked for editing by others until the session is published. This feature is called concurrent administration and it allows multiple administrators to work on the same security policy at the same time. However, when one administrator edits an object, such as a gateway, a rule, or a network, that object is locked for other administrators until the change is published or discarded. The lock icon shows which objects are being edited by other administrators and prevents conflicts or overwrites.References: [Concurrent Administration], [SmartConsole Overview]

 The answer is A because changing the Security Gateway IP-address requires re-establishing the trust with the Security Management Server by initializing the Secure Internal Communication (SIC). Changing the Security Gateway name in command line or changing the Security Management Server name or IP-address in SmartConsole does not require re-establishing the trust, but it may require updating the topology and pushing the policy.References: [Check Point R81 Security Management Administration Guide], [Check Point R81 Security Gateway Administration Guide]

The correct command to show detailed information about VPN tunnels is vpn tu.

vpn tu is an interactive command that provides detailed VPN tunnel status and allows you to clear specific VPN-related connections.

vpn tu tlist (Option B) is not a valid command.

cat $FWDIR/conf/vpn.conf (Option A) only displays configuration settings but does not provide real-time VPN tunnel details.

cpview (Option D) is a general system monitoring tool and does not focus specifically on VPN tunnels.

Thus, the correct answer is C. vpn tu.

 Phase 1 of the two-phase negotiation process conducted by IKE operates in Main mode or Aggressive mode12. Main mode is more secure than Aggressive mode, as it protects the identities of the peers and uses six messages to establish the IKE SA13. Authentication, Quick, and High Alert are not valid modes for IKE phase 1.

References: Understand IPsec IKEv1 Protocol, Internet Key Exchange for IPsec VPNs Configuration Guide, Internet Key Exchange

Accounting is the option in tracking that allows you to see the amount of data passed in the connection. Accounting tracks the number of bytes and packets for each connection and generates reports based on the collected data. References: Certified Security Administrator (CCSA) R81.20 Course Overview, page 14.

The two ordered layers that make up the Access Control Policy Layer are Network and Threat Prevention. Network layer contains rules that define how traffic is inspected and handled by the Security Gateway. Threat Prevention layer contains rules that define how traffic is inspected by the Threat Prevention Software Blades2. References: Check Point R81 Security Management Administration Guide

This answer is correct because these are the software components that are used by the pre-defined Autonomous Threat Prevention Profiles in R81.20 and higher1. These profiles provide zero-maintenance protection from zero-day threats and continuously and autonomously ensure that your protection is up-to-date with the latest cyber threats and prevention technologies2.

The other answers are not correct because they either include software components that are not part of the Autonomous Threat Prevention Profiles, such as Sandbox, ThreatCloud, Zero Phishing, Sanitization, C&C Protection, JPS, File and URL Reputation, or they omit some of the software components that are part of the Autonomous Threat Prevention Profiles, such as Anti-Bot, Anti-Virus, and Macro Extraction.

Autonomous Threat Prevention Management - Check Point Software

Check Point Quantum R81.20 (Titan) Release

Threat Prevention R81.20 Best Practices - Check Point Software

Check Point R81