156-215.81 Exam Dumps - Check Point Certified Security Administrator R81.20

The three main components of Check Point security management architecture are SmartConsole, Security Management, and Security Gateway5. SmartConsole is the graphical user interface that allows administrators to manage and monitor Check Point products. Security Management is the server that stores the security policy and configuration data. Security Gateway is the device that enforces the security policy on the network traffic. References: Check Point R81 Security Management Administration Guide

To view the policy installation history for each gateway, an administrator would use the Installation history tool1, p. 22. The Installation history tool shows the date and time of each policy installation, the name of the administrator who installed it, and the status of the installation3. Revisions, Gateway installations, and Gateway history are not valid tools in SmartConsole. References: Check Point CCSA - R81: Practice Test & Explanation, Check Point SmartConsole R81 Help

 The product that correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices is SmartEvent. SmartEvent is a software blade that analyzes logs from various sources such as Security Gateways, Endpoint Security Servers, Identity Awareness Servers, etc. and generates security events based on predefined or custom rules. SmartEvent provides a graphical interface for viewing and managing security events in real-time or historical mode. References: [Check Point R81 SmartEvent Administration Guide]

The TCP/IP model is made up of four layers: Application, Transport, Internet, and Network Interface1, p. 10. The TCP/IP model is a simplified version of the OSI model, which has seven layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical. References: Check Point CCSA - R81: Practice Test & Explanation, [TCP/IP Model Explained]

The option that allows traffic to VPN gateways in specific VPN communities is Specific VPN Communities4. This option enables you to define which VPN communities are allowed in the rule. All Connections (Clear or Encrypted) allows traffic to any destination, regardless of whether it is encrypted or not. Accept all encrypted traffic allows traffic to any encrypted destination, regardless of the VPN community. All Site-to-Site VPN Communities allows traffic to any site-to-site VPN gateway, regardless of the VPN community4. Therefore, the correct answer is C. Specific VPN Communities.

Threat Prevention is a comprehensive solution that protects networks from malicious attacks by using multiple security blades, such as Anti-Bot, Anti-Virus, IPS, Threat Emulation, and Threat Extraction. These are the Threat Prevention software components available on the Check Point Security Gateway. IPS (Intrusion Prevention System) is a blade that detects and prevents network attacks by using signatures and behavioral patterns. Anti-Bot is a blade that detects and blocks botnet communications by using reputation services and heuristics. Anti-Virus is a blade that scans files and web content for malware by using signatures and emulation. Threat Emulation is a blade that analyzes suspicious files in a sandbox environment and blocks malicious files from entering the network. Threat Extraction is a blade that removes exploitable content from files and delivers clean files to users2. References: Check Point R81 Threat Prevention Administration Guide

 The answer is B because AES-CBC-256 is not a supported encryption algorithm for IPsec Security Associations (Phase 2) in R81. The supported encryption algorithms are AES-GCM-128, AES-GCM-256, AES-CBC-128, 3DES, and NULL3 References: Check Point R81 VPN Administration Guide

The Application Layer Firewalls inspect traffic through the Lower layer(s) of the TCP/IP model and up to and including the Application layer. The lower layers are the Physical, Data Link, and Network layers, which deal with the transmission and routing of packets. The Application layer is the highest layer of the TCP/IP model, which provides services and protocols for specific applications such as HTTP, FTP, SMTP, etc. The Application Layer Firewalls can inspect the content and context of the traffic and enforce granular security policies based on various criteria such as user identity, application identity, content type, etc. References: [Check Point R81 Firewall Administration Guide]