156-215.81 Free Practice Test

Which two Identity Awareness daemons are used to support identity sharing?

1. A. Policy Activation Point (PAP) and Policy Decision Point (PDP)
2. B. Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
3. C. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
4. D. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

Correct Answer: D
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

1. A. Security Gateway IP-address cannot be changed without re-establishing the trust
2. B. The Security Gateway name cannot be changed in command line without re-establishing trust
3. C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust
4. D. The Security Management Server IP-address cannot be changed without re-establishing the trust

Correct Answer: A

Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

1. A. All Connections (Clear or Encrypted)
2. B. Accept all encrypted traffic
3. C. Specific VPN Communities
4. D. All Site-to-Site VPN Communities

Correct Answer: B
The first rule is the automatic rule for the Accept All Encrypted Traffic feature. The Firewalls for the Security Gateways in the BranchOffices and LondonOffices VPN communities allow all VPN traffic from hosts in clients in these communities. Traffic to the Security Gateways is dropped. This rule is installed on all Security Gateways in these communities.
* 2. Site to site VPN - Connections between hosts in the VPN domains of all Site to Site VPN communities are allowed. These are the only protocols that are allowed: FTP, HTTP, HTTPS and SMTP.
* 3. Remote access - Connections between hosts in the VPN domains of RemoteAccess VPN community are allowed. These are the only protocols that are allowed: HTTP, HTTPS, and IMAP.

When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security Policy?

1. A. Access Role
2. B. User Group
3. C. SmartDirectory Group
4. D. Group Template

Correct Answer: A

What is the difference between SSL VPN and IPSec VPN?

1. A. IPSec VPN does not require installation of a resident VPN client
2. B. SSL VPN requires installation of a resident VPN client
3. C. SSL VPN and IPSec VPN are the same
4. D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser

Correct Answer: D