Exactprep 156-315.81 Questions

 To override Bob’s configuration database lock, Alice can use the command lock database override in the clish shell. This command will transfer the lock from Bob to Alice and allow her to make the urgent configuration changes. However, this command should be used with caution, as it may cause conflicts or inconsistencies if Bob and Alice are working on the same objects or policies. It is recommended to communicate with other administrators before using this command and to release the lock as soon as possible after finishing the changes1. The other commands are not valid in clish and will result in an error message.

Authentication rules are defined for user groups, not individual users or all users in the database. Authentication rules allow you to control which user groups can access specific resources or services through the Security Gateway. You can define different authentication methods and schemes for different user groups, such as Check Point Password, OS Password, RADIUS, TACACS, SecurID, LDAP, or Certificate. You can also define different session timeouts and source restrictions for different user groups. Authentication rules are processed before the network access rules in the rule base.

 The correct description for the Dynamic Balancing / Split feature is:

• Dynamic Balancing / Split dynamically change the number of SND’s and firewall instances based on the current load.
• It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

The Dynamic Balancing / Split feature is a performance-enhancing daemon that balances the load between CoreXL SNDs and CoreXL Firewalls. It monitors the average CPU utilization of CoreXL Firewall and SND instances and automatically increases or decreases the number of CoreXL Firewall instances. The Dynamic Balancing Daemon (dsd) has three stages in each iteration: Examine the current CPU utilization, Calculate the optimal split, and Apply the new split1.

The Dynamic Balancing / Split feature is supported on Check Point Appliances, such as Quantum Appliances, Quantum Maestro, Quantum Security Gateways, and Quantum LightSpeed Appliances in KPPAK mode2. It is not supported on Quantum Spark appliances, which are designed for small and medium businesses. It is also not supported on Open Server platforms, which are general-purpose servers that run Check Point software on top of third-party operating systems.

References: Dynamic Balancing for CoreXL; Maestro and Dynamic Balancing (Dynamic Split); Dynamic Balancing available on R80.40; [Quantum Spark Appliances]; [Open Server]

Captive Portal is one of the authentication methods used for Identity Awareness, which is a feature of Check Point that enables you to identify users and apply security policy rules based on their identity. Captive Portal redirects users to a web page where they can enter their credentials and be authenticated by an external server, such as LDAP or RADIUS. After authentication, users can access the Internet and corporate resources according to the security policy rules that apply to their identity.

The references are:

• Machine Authentication & Identity Awareness - Check Point CheckMates
• Check Point Certified Security Expert R81.20, slide 13
• Check Point R81 Identity Awareness Administration Guide, page 9