156-215.81 Exam Dumps - Check Point Certified Security Administrator R81.20 CCSA (156-215.81.20)

Identity Sharing is a feature that allows Security Gateways to acquire and share identities with other Security Gateways, enabling identity-based access control across different network segments or domains13. Management servers, users, and administrators do not share identities with Security Gateways.

References: Identity Awareness R81.10 Administration Guide, Check Point R81.10

 Identity Awareness is a blade that enables administrators to define access rules based on the identity of users and machines, rather than just IP addresses. Identity Awareness allows easy configuration for network access and auditing based on three items: network location, the identity of a user, and the identity of a machine. Network location refers to the source or destination network segment of the traffic. The identity of a user refers to the username or group membership of the user who initiates or receives the traffic. The identity of a machine refers to the hostname or certificate of the machine that initiates or receives the traffic. References: [Check Point R81 Identity Awareness Administration Guide]

Each cluster, at a minimum, should have at least three interfaces4. These are:

A sync interface for synchronizing state information between cluster members.

A cluster interface for sending and receiving cluster control packets.

A production interface for handling regular traffic that passes through the cluster4. References: Check Point R80.20 – How to configure Cluster firewalls – First Time Setup

The selected option “Accept Domain Name over UDP (Queries)” means that UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule written by Administrator in a Security Policy. This option enables the Security Gateway to accept DNS queries from external hosts and forward them to internal DNS servers. The queries are accepted by an implied rule that is applied before the explicit rules in the Security Policy. The implied rule only allows queries from interfaces that have external anti-spoofing groups defined . References: Check Point R81 Quantum Security Gateway Guide, Implied Rules

 The BEST immediate action to take when you have discovered suspicious activity in your network is to create a suspicious action rule to block that traffic. A suspicious action rule is a special type of rule that is triggered when a predefined condition is met, such as a malicious file download, a ransomware attack, or a data exfiltration attempt13. A suspicious action rule can block the traffic, quarantine the source, or send an alert to the administrator. Creating a policy rule to block the traffic may not be effective if the traffic does not match the rule criteria or if the policy installation is delayed. Waiting until traffic has been identified before making any changes may allow the threat to spread or cause more damage. Contacting ISP to block the traffic may not be feasible or timely, and may also affect legitimate traffic. References: Check Point R81 Security Gateway Technical Administration Guide, Check Point CCSA - R81: Practice Test & Explanation | Udemy

 The command cplic print displays the installed licenses and their expiration dates on the CLI1. References: Check Point CLI Reference Card

Application information is included in the “Extended Log” tracking option, but is not included in the “Log” tracking option4. The “Extended Log” option provides additional information about the application, such as name, category, risk, and technology4. References: LOGGINGAND MONITORING R80

 The correct answer is A because session unique identifiers are passed to the web api using the X-chkp-sid http header option1. The X-chkp-sid header is used to authenticate and authorize API calls1. The other options are not related to session unique identifiers. References: Check Point R81 Security Management Administration Guide