156-315.81 Practice Test

Explanation:

The command migrate import can be used to restore a backup of Check Point configurations without the OS information. This command imports the configuration from a file that was created using the migrate export command, which backs up only the Check Point configuration and not the OS settings. The other commands are either not valid or not suitable for restoring a backup without the OS information. References: Check Point R81 Installation and Upgrade Guide

Explanation:

Full synchronization between cluster members is handled by Firewall Kernel using TCP port 256 by default. Full synchronization occurs when a cluster member joins or rejoins the cluster and needs to receive the entire state table from another member. References: [ClusterXL Administration Guide]

Explanation:

AppWiki is the Check Point feature that enables application scanning and the detection. AppWiki is an easy to use tool that lets you search and filter Check Point’s Web 2.0 Applications Database to find out information about internet applications, including social network widgets; filter by a category, tag, or risk level; and search for a keyword or application1. AppWiki helps you to identify and control the applications on your network, and to apply granular policies based on the application type, risk, and characteristics1. AppWiki is integrated with the Check Point Application Control Software Blade, which provides the industry’s strongest application security and identity control to organizations of all sizes1.

References:
1: AppWiki | Check Point Software

Explanation:

Identity Awareness maps usernames to IP addresses by collecting Windows Security Events from Active Directory Domain Controllers. These events include Account Logon, Kerberos Ticket Requested, and Kerberos Ticket Renewed. These events indicate that a user has successfully authenticated to the domain and obtained a Kerberos ticket for accessing network resources. Identity Awareness can use these events to associate the username with the source IP address of the authentication request.

However, Kerberos Ticket Timed Out is not a Windows Security Event that Identity Awareness can use to map usernames to IP addresses. This event indicates that a user’s Kerberos ticket has expired and needs to be renewed. This event does not contain the source IP address of the user, only the username and the ticket information. Therefore, Identity Awareness cannot use this event to map a username to an IP address.

References:

• 1, Training & Certification | Check Point Software, section “Security Expert R81.20 (CCSE) Core Training”

• 2, Certified Security Expert (CCSE) R81.20 Course Overview, page 1

• 3, Check Point Certified Security Expert R81, page 5

• 5, Identity Awareness Administration Guide R81, section “How Identity Awareness Collects Identities”

Explanation:

The option that is NOT an option to calculate the traffic direction is Outgoing. Traffic direction is a parameter that determines how traffic is classified as internal or external based on its source and destination. Traffic direction can be calculated using three options: Incoming, Internal, or External. Incoming means that traffic is classified as internal if its destination is one of the Security Gateway’s interfaces, and external otherwise. Internal means that traffic is classified as internal if its source or destination belongs to one of the internal networks defined in the topology, and external otherwise. External means that traffic is classified as internal if both its source and destination belong to one of the internal networks defined in the topology, and external otherwise. Outgoing is not a valid option to calculate traffic direction.