CheckPoint 156-315.81 Check Point Certified Security Expert - R81.20 Exam Practice Test

Answer : A

Identity Awareness uses various methods to acquire identity information. These methods include:

Active Directory Query: Identity Awareness queries Active Directory servers to retrieve user and group information.

Cloud IdP (Identity Provider): Identity Awareness integrates with cloud identity providers such as Microsoft Azure AD, Okta, and Google Workspace.

RADIUS: Identity Awareness can use RADIUS servers to authenticate users.

However,Remote Accessis not a method used by Identity Awareness for acquiring identity. Remote Access typically refers to VPN connections, and while Identity Awareness can be used in conjunction with VPNs, it does not directly acquire identity information from remote access connections.

Check Point Troubleshooting Expert - R81 (CCTE) Reference Materials guides and documents.

Check Point Certified Troubleshooting Expert R81.20 - CCTE

Check Point CCTE Certification Sample Questions and Practice Exam

Answer : C

Answer : C

According to the Check Point R81.20 documentation, the central deployment feature allows you to install up to 10 packages simultaneously on multiple gateways1.

Reference

1:Check Point R81.20 Administration Guide, page 35.

Answer : C

The correct answer is C) CPM (19009), CPMI (18190) https (443).

SmartConsole is a client application that connects to the Security Management Server to manage and configure the security policy and objects. SmartConsole uses three ports to communicate with the Security Management Server1:

CPM (19009): This port is used for the communication between the SmartConsole client and the Check Point Management (CPM) process on the Security Management Server. The CPM process handles the database operations and the policy installation.

CPMI (18190): This port is used for the communication between the SmartConsole client and the Check Point Management Interface (CPMI) process on the Security Management Server. The CPMI process handles the authentication and encryption of the SmartConsole sessions.

https (443): This port is used for the communication between the SmartConsole client and the web server on the Security Management Server. The web server provides the SmartConsole GUI and the SmartConsole extensions.

The other options are incorrect because they either include ports that are not used by SmartConsole or omit ports that are used by SmartConsole.

SmartConsole R81.20 - Check Point Software1

Answer : D

The verified answer is D) Time.

An Access Role object is a logical representation of a set of users, machines, or networks that can be used in the security policy1. An Access Role object can include the following components1:

Networks: IP addresses or network objects that define the source or destination of the traffic.

Machines: Specific hosts or machine groups that are identified by their MAC addresses or certificates.

Users: Specific users or user groups that are authenticated by one or more identity sources, such as Active Directory, LDAP, or Identity Awareness.

Time is not a component of an Access Role object, and it cannot be configured in it. Time is a separate object type that can be used to define the validity period of a rule or a policy2.

LDAP group vs Access role objects - Check Point CheckMates3

THE IMPORTANCE OF ACCESS ROLES - Check Point Software1

Time Objects - Check Point Software2

Answer : A

https://resources.checkpoint.com/datasheet/certified-security-expert-ccse-r8120-course-overview

Dynamic log distribution is a feature that allows you to configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy. This means that each log is sent to only one Log Server and the load is balanced between the primary Log Servers. If all the primary Log Servers are disconnected, the logs are distributed between the backup Log Servers. If no Log Servers are connected, the gateway writes the logs locally. This feature improves the performance and reliability of logging and reduces the network traffic and disk space consumption.You can enable this feature on the SmartConsole -> Gateways & Servers -> Logs -> Dynamic Log Distribution1.

The other options are incorrect because they do not describe the dynamic log distribution feature.Option B is wrong because the Management High Availability does not store the logs dynamically on the member with the most available disk space, but rather synchronizes the logs between the members using the cpd process2. Option C is wrong because the dynamic log distribution feature does not synchronize the logs between the primary and secondary management server, but rather distributes the logs between the Log Servers. Option D is wrong because the dynamic log distribution feature does not save disk space in case of a firewall cluster, but rather distributes the logs between the Log Servers.The firewall cluster members do not store local logs, but rather send them to the Log Servers3.

Answer : A

By default, Threat Emulation updates the engine on the Security Gatewayonce per day. This is the recommended frequency for optimal performance and security. However, the admin can change the update frequency to a different value, such as once an hour, once a week, or twice per day, depending on the network needs and resources. The admin can also manually update the engine at any time using the SmartConsole or the command line interface.Reference:Threat Emulation Engine Release Updates - Check Point Software,Check Point R81.20 Gaia Fresh Install and upgrade