Checkpoint 156-215.81 - Check Point Certified Security Administrator R81.20 CCSA (156-215.81.20)

The Threat Prevention Software Blade that provides protection from malicious software that can infect your network computers is Anti-Virus. Anti-Virus is a software blade that scans files and traffic for viruses, worms, trojans, spyware, and other malware. Anti-Virus can block or clean infected files and prevent malware outbreaks. IPS is a software blade that provides protection from network attacks and exploits. Anti-Malware is not a software blade, but rather a term that refers to any software that can detect and remove malware. Content Awareness is a software blade that provides visibility and control over data that enters or leaves the network based on file types, data types, and keywords.

References: [Anti-Virus Software Blade], [IPS Software Blade], [What is Anti-Malware?], [Content Awareness Software Blade]

Stateful Inspection compiles and registers connections in the State Table. The State Table is a database that stores information about active connections and sessions on the Security Gateway. The other options are not valid names for the database that stores connection information.

References: 1: Policy Types 2: CPUSE 3: SIC : [Software Containers] : [Stateful Inspection]

By default, the WebUI listens on port 80. The WebUI is a web-based interface that allows administrators to configure and monitor Gaia OS settings and features from a web browser. The WebUI uses the HTTP protocol to communicate with the Gaia machine, which by default uses port 80 as the standard port number. The other port numbers are not used by the WebUI by default, but they can be changed by modifying the Gaia configuration file or using CLISH commands. 

 SmartUpdate is the application that is used for the central management and deployment of licenses and packages. SmartUpdate allows administrators to manage licenses, software updates, and hotfixes for multiple Security Gateways and cluster members from one central location2. SmartProvisioning is an application that enables centralized management of network devices. SmartLicense is a feature that simplifies license management by using a cloud-based portal. Deployment Agent is a component that enables automatic deployment of software packages3.

Using AD Query, the security gateway connections to the Active Directory Domain Controllers using LDAP (Lightweight Directory Access Protocol). The other protocols are not used for this purpose.

References: : [Check Point R81 Identity Awareness Administration Guide], page 14.

The three deployment considerations for a secure network are Remote, Standalone, and Distributed3. Remote deployment means that the Security Management Server and Security Gateway are installed on different machines. Standalone deployment means that the Security Management Server and Security Gateway are installed on the same machine. Distributed deployment means that there are multiple Security Gateways managed by one or more Security Management Servers3. Therefore, the correct answer is C. Remote, Standalone, and Distributed.

 Captive Portal is a feature of Identity Awareness that allows you to authenticate users through a web browser before they access the Internet or corporate resources. Captive Portal can be used for various authentication methods, such as user name and password, one-time password (OTP), or certificate3. Captive Portal does not manage user permission in SmartConsole, provide remote access to SmartConsole, or authenticate users to the Gaia OS. Those are different functions that are not related to Captive Portal. References: Check Point R81 Identity Awareness Administration Guide

The difference between SSL VPN and IPSec VPN is that IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed browser5 . IPSec VPN uses a pre-shared key or certificates to authenticate the endpoints and encrypts the data at the network layer. SSL VPN uses SSL/TLS protocols to authenticate the endpoints and encrypts the data at the application layer. References: Check Point Remote Access VPN Administration Guide R81, [Free Check Point CCSA Sample Questions and Study Guide]

The policy type that is used to enforce bandwidth and traffic control rules is QoS. QoS stands for Quality of Service and is a software blade that allows administrators to prioritize network traffic according to various criteria such as source, destination, service, application, user, etc. QoS can also limit the bandwidth consumption of certain traffic types or guarantee a minimum bandwidth for critical applications. References: [Check Point R81 QoS Administration Guide]

Check Point Security Management supports two types of Policy Layers:

Ordered Layers – Enforced in sequential order, where each rule is evaluated before moving to the next layer.

Inline Layers – A sub-layer within a rule that adds additional inspection without affecting other rules.

Option A (incorrect): "Inbound Layers and Outbound Layers" is not a Check Point terminology.

Option C (incorrect): "Structured Layers and Overlap Layers" do not exist in Check Point policy management.

Option D (incorrect): Check Point R81.X fully supports Policy Layers.

Thus, the correct answer is B. Ordered Layers and Inline Layers.