Checkpoint Updated 156-315.81 Exam Questions and Answers by tiana

 The correct query syntax to find records in the logs that show log records from the Application & URL Filtering Software Blade where traffic was dropped is blade;“application control AND action:drop”. This query uses quotation marks to enclose the values of the blade and action fields, and uses a colon to separate the field name from the value. The query also uses AND to combine two conditions that must be met for a log record to match. References: [Searching Logs]

 SmartEvent uses its event policy to identify events. The event policy can be customized by matching logs against event rules. Event rules define the conditions and actions for generating events. You can create, edit, delete, enable, or disable event rules in the SmartEvent Policy tab of the SmartConsole. References: [SmartEvent Administration Guide]

 The command used to manually failover a Multi-Version Cluster during the upgrade is clusterXL_admin down in Clish. This command causes the cluster member to stop passing traffic and switch to the Down state. This triggers a failover to another cluster member that is in the Active or Ready state. This command can be used during a Multi-Version Cluster upgrade to manually control which cluster member handles the traffic. The other options are not valid commands for manually failing over a Multi-Version Cluster. References: : Check Point Software, Getting Started, Manually Failing Over a Cluster Member.

The type of Endpoint Identity Agent that does not exist is Terminal. Endpoint Identity Agent is a software component that runs on Windows or Mac devices and provides identity information to the Check Point Security Gateway. Endpoint Identity Agent allows the Security Gateway to enforce granular access policies based on user identity and device compliance status. There are three types of Endpoint Identity Agent:

• Full Identity Agent - a persistent agent that provides seamless and transparent identity acquisition and SSO (single sign-on) capabilities. It supports various authentication methods, such as Active Directory, LDAP, RADIUS, certificate, etc. It also supports endpoint compliance checks and remediation actions.
• Light Identity Agent - a lightweight agent that provides identity acquisition through a web browser. It supports Active Directory authentication only. It does not support SSO or endpoint compliance features.
• Custom Identity Agent - a customized agent that provides identity acquisition through an API. It allows third-party applications or systems to integrate with Check Point Identity Awareness and provide user identity information.

Terminal is not a type of Endpoint Identity Agent, but it is a type of Terminal Server Agent. Terminal Server Agent is a software component that runs on Windows Terminal Servers or Citrix Servers and provides identity information for multiple concurrent users who connect to these servers using Remote Desktop Protocol (RDP) or Independent Computing Architecture (ICA) protocol. Terminal Server Agent allows the Security Gateway to enforce granular access policies based on user identity and session information.