Pass the Checkpoint CCSE R81 156-315.81 Questions and answers with CertsForce

Check Point currently supports four types of APIs: R81 Management API, Identity Awareness Web Services API, OPSEC SDK, and Gaia REST API. The Open REST API is not a valid option. References: Check Point APIs

 Connections to the Check Point R81 Web API use the HTTPS protocol. The Web API is a RESTful web service that allows you to perform management tasks on the Security Management Server using HTTP requests. References: Check Point Management APIs

Which software blade does NOT accompany the Threat Prevention policy? Application Control and URL Filtering software blade does not accompany the Threat Prevention policy. The Threat Prevention policy is a unified policy that includes Anti-virus, IPS, Anti-bot, and Threat Emulation software blades. Application Control and URL Filtering software blade is part of the Access Control policy, which is a separate policy that controls network access based on users, applications, content, and other criteria. References: R81 Security Management Administration Guide, page 29.

 The attribute that is not used for identifying a connection by packet acceleration (SecureXL) is TCP Acknowledgment Number. SecureXL identifies connections by using a hash function that takes into account the following attributes: source address, destination address, source port, destination port, protocol, and VPN ID. The TCP Acknowledgment Number is not part of the hash function and does not affect the connection identification. References: [SecureXL Mechanism]

https //sc1.checkpoint.com/documents/R77/CP R77_Firewall_WebAdmm/92711.htm

 What is the default shell for the command line interface? The default shell for the command line interface is Clish. Clish is a shell that provides a menu-based interface for configuring various system settings, such as network interfaces, routing, DNS, NTP, SNMP, SSH, etc. Clish also provides help and completion features for easier navigation. To switch from Clish to Expert mode, which allows running Linux commands, use the command expert. References: Gaia Administration Guide R81, page 29.

Browser-Based Authentication is an identity awareness method that enables you to identify users who are not authenticated by other methods, such as Active Directory or VPN. Browser-Based Authentication redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity.

Browser-Based Authentication is suitable for scenarios where users can use company issued or personal laptops, since it does not require any installation or configuration on the user’s device. It also supports various operating systems and browsers, and can be customized to match the company’s branding.

The references are:

Check Point R81 Identity Awareness Administration Guide, page 9

Configuring Browser-Based Authentication in SmartConsole

Check Point Certified Security Expert R81.20 (CCSE) Core Training, slide 13

 The TCP port that the CPM process listens on is 19009. The CPM process is the Check Point Management process that handles all management operations on the Security Management Server, such as policy installation, database synchronization, logging, etc. It communicates with other processes and clients using TCP port 19009. The other ports are used by different processes or services. TCP port 18191 is used by the FWM process for management communication. TCP port 18190 is used by the CPD process for inter-process communication. TCP port 8983 is used by the Solr process for SmartLog indexing. References: [Check Point Ports]

The correct Check Point command to verify that the installed tools on the new target security management machine are able to handle the R81.20 release is $FWDIR/scripts/migrate_server print_installed_tools -v R81.20. This command will print the list of installed migration tools and their versions, and check if they match the specified version (R81.20 in this case). If the tools are not installed or do not match, the command will print an error message3. References: Check Point R81 Installation and Upgrade Guide

Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly. According to the Check Point R81 Security Management Administration Guide1, Accelerated Install Policy is a new feature in R81 that optimizes common use-cases and drastically speeds up the installation with up to 90% improvement. Policy installation is accelerated depending on the changes that were made to the Access Control policy since the last installation. When the policy installation is accelerated, the icon will appear under the “Install Policy Acceleration” column in the Install Policy window.

References:

Accelerated Install Policy - Check Point Software, section “Accelerated Install Policy”

The type of Endpoint Identity Agent that does not exist is Terminal. Endpoint Identity Agent is a software component that runs on Windows or Mac devices and provides identity information to the Check Point Security Gateway. Endpoint Identity Agent allows the Security Gateway to enforce granular access policies based on user identity and device compliance status. There are three types of Endpoint Identity Agent:

Full Identity Agent - a persistent agent that provides seamless and transparent identity acquisition and SSO (single sign-on) capabilities. It supports various authentication methods, such as Active Directory, LDAP, RADIUS, certificate, etc. It also supports endpoint compliance checks and remediation actions.

Light Identity Agent - a lightweight agent that provides identity acquisition through a web browser. It supports Active Directory authentication only. It does not support SSO or endpoint compliance features.

Custom Identity Agent - a customized agent that provides identity acquisition through an API. It allows third-party applications or systems to integrate with Check Point Identity Awareness and provide user identity information.

Terminal is not a type of Endpoint Identity Agent, but it is a type of Terminal Server Agent. Terminal Server Agent is a software component that runs on Windows Terminal Servers or Citrix Servers and provides identity information for multiple concurrent users who connect to these servers using Remote Desktop Protocol (RDP) or Independent Computing Architecture (ICA) protocol. Terminal Server Agent allows the Security Gateway to enforce granular access policies based on user identity and session information. 

The correct steps for upgrading a HA cluster using MVC are as follows:

Upgrade the passive node M2 to R81.20 using CPUSE or CLI.

Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 using the command cphaconf mvc on.

In SmartConsole, change the version of the cluster object to R81.20.

Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails.

After examining the cluster states, upgrade node M1 to R81.20 using CPUSE or CLI.

On each Cluster Member, disable the MVC mechanism using the command cphaconf mvc off and install the Access Control Policy.

References: : Multi-Version Cluster (MVC) Upgrade

 The CLI utility that runs connectivity tests from a Security Gateway to an AD domain controller is test_ad_connectivity -d . This command tests the connectivity between the gateway and the domain controller using LDAP, Kerberos, and WMI protocols. It also verifies the identity awareness configuration and shows the relevant logs3. The other options are not valid commands for testing AD connectivity. References: 3: Check Point Software, Getting Started, Testing Active Directory Connectivity.

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to fwm via cpd. The fwm process is responsible for managing the log files and the cpd process is responsible for communication between processes. The other options are incorrect because they involve processes that are not related to logging or communication. References: Check Point Certified Security Expert R81.20 Course Overview, sk163413: Support, Support Requests, Training … - Check Point Software, Check Point Certified Security Expert R81.20

The cpprod_util command is a utility that provides information about the installed Check Point products and their versions. The cpprod_util MgmtIsPrimary option checks if the Security Management Server is installed as a primary or a secondary server in a High Availability cluster2. If the server is primary, the command returns “yes”. If the server is secondary, the command returns “no”. Therefore, Bob can use this command to verify the provisioning of the secondary Security Management Server.

References: 2: cpprod_util