CCSA Exam 156-215.81 Questions V9.02 CCSA Topics - Check Point Certified Security Administrator R81 Pass 156-215.81 Exam With Killtest Real Exam Questions 1.URL Filtering cannot be used to: A. Control Bandwidth issues B. Control Data Security C. Improve organizational security D. Decrease legal liability Answer: D Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Security Management_AdminGuide/Topics-SECMG/Creating-Application-Control-and-URL- Filtering-Rules.htm 2.Fill in the blanks: The _______ collects logs and sends them to the _______. A. Log server; Security Gateway B. Log server; security management server C. Security management server; Security Gateway D. Security Gateways; log server Answer: D Explanation: Gateways send their logs to the log server. 3.To view statistics on detected threats, which Threat Tool would an administrator use? A. Protections B. IPS Protections C. Profiles D. ThreatWiki Answer: D 4.Which statement is TRUE of anti-spoofing? A. Anti-spoofing is not needed when IPS software blade is enabled B. It is more secure to create anti-spoofing groups manually C. It is BEST Practice to have anti-spoofing groups in sync with the routing table D. With dynamic routing enabled, anti-spoofing groups are updated automatically whenever there is a routing change Answer: C 5.What kind of NAT enables Source Port Address Translation by default? A. Automatic Static NAT B. Manual Hide NAT Pass 156-215.81 Exam With Killtest Real Exam Questions C. Automatic Hide NAT D. Manual Static NAT Answer: C Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Security Management_AdminGuide/Topics-SECMG/NAT-Rules.htm 6.From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server? A. Verify a Security Policy B. Open a terminal shell C. Add a static route D. View Security Management GUI Clients Answer: B 7.You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them? A. fw ctl multik dynamic_dispatching on B. fw ctl multik dynamic_dispatching set_mode 9 C. fw ctl multik set_mode 9 D. fw ctl miltik pq enable Answer: C 8.Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade? A. Detects and blocks malware by correlating multiple detection engines before users are affected. B. Configure rules to limit the available network bandwidth for specified users or groups. C. Use UserCheck to help users understand that certain websites are against the company’s security policy. D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. Answer: A 9.With URL Filtering, what portion of the traffic is sent to the Check Point Online Web Pass 156-215.81 Exam With Killtest Real Exam Questions Service for analysis? A. The complete communication is sent for inspection. B. The IP address of the source machine. C. The end user credentials. D. The host portion of the URL. Answer: D Explanation: "A local cache that gives answers to 99% of URL categorization requests. When the cache does not have an answer, only the host name is sent to the Check Point Online Web Service for categorization. " https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/24853/FILE/CP_R77_ ApplicationControlURLFiltering_AdminGuide.pdf 10.Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base. What is the possible explanation for this? A. DNS Rule is using one of the new feature of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important. B. Another administrator is logged into the Management and currently editing the DNS Rule. C. DNS Rule is a placeholder rule for a rule that existed in the past but was deleted. D. This is normal behavior in R80 when there are duplicate rules in the Rule Base. Answer: B 11.True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time. A. True, every administrator works on a different database that Is independent of the other administrators B. False, this feature has to be enabled in the Global Properties. C. True, every administrator works in a session that is independent of the other Pass 156-215.81 Exam With Killtest Real Exam Questions administrators D. False, only one administrator can login with write permission Answer: C Explanation: Multiple R/W admins can log into SmartConsole and edit rules but they can't edit a rule that is being worked on by another admin. 12.Under which file is the proxy arp configuration stored? A. $FWDIR/state/proxy_arp.conf on the management server B. $FWDIR/conf/local.arp on the management server C. $FWDIR/state/_tmp/proxy.arp on the security gateway D. $FWDIR/conf/local.arp on the gateway Answer: D 13.In which scenario is it a valid option to transfer a license from one hardware device to another? A. From a 4400 Appliance to a 2200 Appliance B. From a 4400 Appliance to an HP Open Server C. From an IBM Open Server to an HP Open Server D. From an IBM Open Server to a 2200 Appliance Answer: A Explanation: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsol utiondetails=&solutionid=sk56300 14.Check Point licenses come in two forms. What are those forms? A. Central and Local. B. Access Control and Threat Prevention. C. On-premise and Public Cloud. D. Security Gateway and Security Management. Answer: A 15.What Check Point technologies deny or permit network traffic? A. Application Control, DLP B. Packet Filtering, Stateful Inspection, Application Layer Firewall. C. ACL, SandBlast, MPT D. IPS, Mobile Threat Protection Answer: B Pass 156-215.81 Exam With Killtest Real Exam Questions 16.What are the three main components of Check Point security management architecture? A. SmartConsole, Security Management, and Security Gateway B. Smart Console, Standalone, and Security Management C. SmartConsole, Security policy, and Logs & Monitoring D. GUI-Client, Security Management, and Security Gateway Answer: A 17.To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from ‘Medium’ to ‘High’ Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes? A. The Access Control and Threat Prevention Policies. B. The Access Control Policy. C. The Access Control & HTTPS Inspection Policy. D. The Threat Prevention Policy. Answer: D Explanation: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchRes ultMainAction&eventSubmit_doGoviewsolutiondetails=&solutionid=sk110873 18.In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule? A. "Inspect", "Bypass" B. "Inspect", "Bypass", "Categorize" C. "Inspect", "Bypass", "Block" D. "Detect", "Bypass" Answer: A Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Security Management_AdminGuide/Topics-SECMG/HTTPS- Inspection.htm#HTTPS_Inspection_Policy 19.Fill in the blank: ____________ is the Gaia command that turns the server off. A. sysdown B. exit C. halt D. shut-down Answer: C Pass 156-215.81 Exam With Killtest Real Exam Questions 20.Name the authentication method that requires token authenticator. A. SecureID B. Radius C. DynamicID D. TACACS Answer: A Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Security Management_AdminGuide/Topics-SECMG/Configuring-SecurID-Authentication.htm 21.Which GUI tool can be used to view and apply Check Point licenses? A. cpconfig B. Management Command Line C. SmartConsole D. SmartUpdate Answer: D Explanation: SmartUpdate GUI is the recommended way of managing licenses. 22.Fill in the blank: To create policy for traffic to or from a particular location, use the _____________. A. DLP shared policy B. Geo policy shared policy C. Mobile Access software blade D. HTTPS inspection Answer: B Explanation: Shared Policies The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. They are shared between all Policy packages. Shared policies are installed with the Access Control Policy. Software Blade Description Mobile Access Launch Mobile Access policy in a SmartConsole. Configure how your remote users access internal resources, such as their email accounts, when they are mobile. DLP Launch Data Loss Prevention policy in a SmartConsole. Configure advanced tools to automatically identify data that must not go outside the network, to block the leak, and to educate users. Pass 156-215.81 Exam With Killtest Real Exam Questions Geo Policy Create a policy for traffic to or from specific geographical or political locations. 23.Which of the following methods can be used to update the trusted log server regarding the policy and configuration changes performed on the Security Management Server? A. Save Policy B. Install Database C. Save session D. Install Policy Answer: D 24.Which part of SmartConsole allows administrators to add, edit delete, and clone objects? A. Object Browser B. Object Editor C. Object Navigator D. Object Explorer Answer: D 25.What is the purpose of a Clean-up Rule? A. Clean-up Rules do not server any purpose. B. Provide a metric for determining unnecessary rules. C. To drop any traffic that is not explicitly allowed. D. Used to better optimize a policy. Answer: C Explanation: These are basic access control rules we recommend for all Rule Bases: There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic. 26.An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE? A. Section titles are not sent to the gateway side. B. These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement. C. A Sectional Title can be used to disable multiple rules by disabling only the sectional title. Pass 156-215.81 Exam With Killtest Real Exam Questions D. Sectional Titles do not need to be created in the SmartConsole. Answer: C Explanation: Section titles are only for visual categorization of rules. 27.Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks? A. Go to clash-Run cpstop | Run cpstart B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores D. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy Answer: B 28.Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this? A. UDP port 265 B. TCP port 265 C. UDP port 256 D. TCP port 256 Answer: B 29.Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)? A. AES-GCM-256 B. AES-CBC-256 C. AES-GCM-128 Answer: B 30.Stateful Inspection compiles and registers connections where? A. Connection Cache B. State Cache C. State Table D. Network Table Answer: C Pass 156-215.81 Exam With Killtest Real Exam Questions 31.John is using Management HA. Which Smartcenter should be connected to for making changes? A. secondary Smartcenter B. active Smartcenter C. connect virtual IP of Smartcenter HA D. primary Smartcenter Answer: B 32.Which of the following are types of VPN communities? A. Pentagon, star, and combination B. Star, octagon, and combination C. Combined and star D. Meshed, star, and combination Answer: D 33.Can you use the same layer in multiple policies or rulebases? A. Yes - a layer can be shared with multiple policies and rules. B. No - each layer must be unique. C. No - layers cannot be shared or reused, but an identical one can be created. D. Yes - but it must be copied and pasted with a different name. Answer: A Explanation: https://community.checkpoint.com/t5/Management/Sharing-a-layer-across-different- policies/td-p/1660 34.After trust has been established between the Check Point components, what is TRUE about name and IP-address changes? A. Security Gateway IP-address cannot be changed without re-establishing the trust B. The Security Gateway name cannot be changed in command line without re- establishing trust C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust D. The Security Management Server IP-address cannot be changed without re- establishing the trust Answer: A 35.Which Threat Prevention profile uses sanitization technology? A. Cloud/data Center Pass 156-215.81 Exam With Killtest Real Exam Questions B. perimeter C. Sandbox D. Guest Network Answer: B Explanation: Strict Security for Perimeter Profile & Perimeter Profile use sanitization as a technology in Threat prevention profile 36.Of all the Check Point components in your network, which one changes most often and should be backed up most frequently? A. SmartManager B. SmartConsole C. Security Gateway D. Security Management Server Answer: D 37.Fill in the blank: An identity server uses a ___________ for user authentication. A. Shared secret B. Certificate C. One-time password D. Token Answer: A 38.Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server. A. SecurID B. LDAP C. NT domain D. SMTP Answer: B Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Security Management_AdminGuide/Topics-SECMG/LDAP-and-User-Directory.htm 39.Which tool is used to enable cluster membership on a Gateway? A. SmartUpdate B. cpconfig C. SmartConsole D. sysconfig Pass 156-215.81 Exam With Killtest Real Exam Questions Answer: B Explanation: References: 40.What are the three components for Check Point Capsule? A. Capsule Docs, Capsule Cloud, Capsule Connect B. Capsule Workspace, Capsule Cloud, Capsule Connect C. Capsule Workspace, Capsule Docs, Capsule Connect D. Capsule Workspace, Capsule Docs, Capsule Cloud Answer: D 41.Which message indicates IKE Phase 2 has completed successfully? A. Quick Mode Complete B. Aggressive Mode Complete C. Main Mode Complete D. IKE Mode Complete Answer: A 42.True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway A. True, CLI is the prefer method for Licensing B. False, Central License are handled via Security Management Server C. False, Central License are installed via Gaia on Security Gateways D. True, Central License can be installed with CPLIC command on a Security Gateway Answer: D 43.Fill in the blank: SmartConsole, SmartEvent GUI client, and ___________ allow viewing of billions of consolidated logs and shows them as prioritized security events. A. SmartView Web Application B. SmartTracker C. SmartMonitor D. SmartReporter Answer: A Explanation: "The SmartEvent Software Blade is a unified security event management and analysis solution that delivers real-time, graphical threat management information. SmartConsole, SmartView Web Application, and the SmartEvent GUI client consolidate billions of logs and show them as prioritized security events so you can Pass 156-215.81 Exam With Killtest Real Exam Questions immediately respond to security incidents" https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_fra meset.htm?topic=documents/R80/ CP_R80_LoggingAndMonitoring/131915 44.Most Check Point deployments use Gaia but which product deployment utilizes special Check Point code (with unification in R81.10)? A. Enterprise Network Security Appliances B. Rugged Appliances C. Scalable Platforms D. Small Business and Branch Office Appliances Answer: A 45.DLP and Geo Policy are examples of what type of Policy? A. Inspection Policies B. Shared Policies C. Unified Policies D. Standard Policies Answer: B Explanation: https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Ne xtGenSecurityGateway_Guide/html_frameset.htm?topic=documents/R80.30/WebAdm inGuides/EN/CP_R80.30_NextGenSecurityGateway_Guide/137006 46.What is the purpose of the CPCA process? A. Monitoring the status of processes B. Sending and receiving logs C. Communication between GUI clients and the SmartCenter server D. Generating and modifying certificates Answer: D 47.What type of NAT is a one-to-one relationship where each host is translated to a unique address? A. Source B. Static C. Hide D. Destination Answer: B Pass 156-215.81 Exam With Killtest Real Exam Questions 48.Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers? A. AD Query B. Terminal Servers Endpoint Identity Agent C. Endpoint Identity Agent and Browser-Based Authentication D. RADIUS and Account Logon Answer: C Explanation: Endpoint Identity Agents and Browser-Based Authentication - When a high level of security is necessary. The Captive Portal is used for distributing the Endpoint Identity Agent. IP Spoofing protection can be set to prevent packets from being IP spoofed. 49.A SAM rule Is implemented to provide what function or benefit? A. Allow security audits. B. Handle traffic as defined in the policy. C. Monitor sequence activity. D. Block suspicious activity. Answer: D Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingA ndMonitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm 50.Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages. A. Concurrent policy packages B. Concurrent policies C. Global Policies D. Shared policies Answer: D Explanation: "The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. They are shared between all Policy packages." https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Security Management_AdminGuide/Topics-SECMG/SmartConsole-Toolbars-Shared- Policies.htm 51.Using ClusterXL, what statement is true about the Sticky Decision Function? A. Can only be changed for Load Sharing implementations B. All connections are processed and synchronized by the pivot C. Is configured using cpconfig Pass 156-215.81 Exam With Killtest Real Exam Questions D. Is only relevant when using SecureXL Answer: A 52.Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance? A. Application Control B. Threat Emulation C. Logging and Status D. Monitoring Answer: D Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_NextGen SecurityGateway_Guide/Topics-FWG/Monitoring-Blade.htm 53.How are the backups stored in Check Point appliances? A. Saved as*.tar under /var/log/CPbackup/backups B. Saved as*tgz under /var/CPbackup C. Saved as*tar under /var/CPbackup D. Saved as*tgz under /var/log/CPbackup/backups Answer: B Explanation: Backup configurations are stored in: /var/CPbackup/backups/ 54.Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis? A. Application Control B. Threat Emulation C. Anti-Virus D. Advanced Networking Blade Answer: B 55.Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes? A. All options stop Check Point processes B. backup C. migrate export D. snapshot Answer: D Pass 156-215.81 Exam With Killtest Real Exam Questions 56.What is the purpose of the Stealth Rule? A. To prevent users from directly connecting to a Security Gateway. B. To reduce the number of rules in the database. C. To reduce the amount of logs for performance issues. D. To hide the gateway from the Internet. Answer: A 57.When configuring Anti-Spoofing, which tracking options can an Administrator select? A. Log, Alert, None B. Log, Allow Packets, Email C. Drop Packet, Alert, None D. Log, Send SNMP Trap, Email Answer: A Explanation: Configure Spoof Tracking - select the tracking action that is done when spoofed packets are detected: Log - Create a log entry (default) Alert - Show an alert None - Do not log or alert https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Security Management_AdminGuide/Topics-SECMG/Preventing-IP-Spoofing.htm 58.When an encrypted packet is decrypted, where does this happen? A. Security policy B. Inbound chain C. Outbound chain D. Decryption is not supported Answer: A 59.Which type of attack can a firewall NOT prevent? A. Network Bandwidth Saturation B. Buffer Overflow C. SYN Flood D. SQL Injection Answer: A 60.If the Active Security Management Server fails or if it becomes necessary to Pass 156-215.81 Exam With Killtest Real Exam Questions change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsible, which of these steps should NOT be performed: A. Rename the hostname of the Standby member to match exactly the hostname of the Active member. B. Change the Standby Security Management Server to Active. C. Change the Active Security Management Server to Standby. D. Manually synchronize the Active and Standby Security Management Servers. Answer: A 61.Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________. A. On all satellite gateway to satellite gateway tunnels B. On specific tunnels for specific gateways C. On specific tunnels in the community D. On specific satellite gateway to central gateway tunnels Answer: C Explanation: Each VPN tunnel in the community may be set to be a Permanent Tunnel. Since Permanent Tunnels are constantly monitored, if the VPN tunnel is down, then a log, alert, or user defined action, can be issued. A VPN tunnel is monitored by periodically sending "tunnel test" packets. As long as responses to the packets are received the VPN tunnel is considered "up." If no response is received within a given time period, the VPN tunnel is considered "down." Permanent Tunnels can only be established between Check Point Security Gateways. The configuration of Permanent Tunnels takes place on the community level and: 62.Security Zones do no work with what type of defined rule? A. Application Control rule B. Manual NAT rule C. IPS bypass rule D. Firewall rule Answer: B Explanation: https://community.checkpoint.com/t5/Management/Workaround-for-manual-NAT- when-security-zones-are-used/td-p/9915 63.Fill in the blanks: A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway. Pass 156-215.81 Exam With Killtest Real Exam Questions A. Formal; corporate B. Local; formal C. Local; central D. Central; local Answer: D 64.A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic? A. Anti-Bot protection B. Anti-Malware protection C. Policy-based routing D. Suspicious Activity Monitoring (SAM) rules Answer: D Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingA ndMonitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm 65.View the rule below. What does the pen-symbol in the left column mean? A. Those rules have been published in the current session. B. Rules have been edited by the logged in administrator, but the policy has not been published yet. C. Another user has currently locked the rules for editing. D. The configuration lock is present. Click the pen symbol in order to gain the lock. Answer: B 66.What is the default shell of Gaia CLI? A. clish B. Monitor Pass 156-215.81 Exam With Killtest Real Exam Questions C. Read-only D. Bash Answer: A Explanation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_Ad minGuide/Topics-GAG/CLI-Reference-_interface_.htm 67.What is the purpose of Captive Portal? A. It manages user permission in SmartConsole B. It provides remote access to SmartConsole C. It authenticates users, allowing them access to the Internet and corporate resources D. It authenticates users, allowing them access to the Gaia OS Answer: C Explanation: Captive Portal is a simple method that authenticates users with a web interface. When users try to access a protected web resource, they enter authentication information in a form that shows in their web browser. https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Ide ntityAwareness_AdminGuide/html_frameset.htm?topic=documents/R80.30/WebAdmi nGuides/EN/CP_R80.30_IdentityAwareness_AdminGuide/148468 68.When using Automatic Hide NAT, what is enabled by default? A. Source Port Address Translation (PAT) B. Static NAT C. Static Route D. HTTPS Inspection Answer: A Explanation: Hiding multiple IP addresses behind one, gateway, IP address requires PAT to differentiate between traffic. 69.Fill in the blank: Back up and restores can be accomplished through_________. A. SmartConsole, WebUI, or CLI B. WebUI, CLI, or SmartUpdate C. CLI, SmartUpdate, or SmartBackup D. SmartUpdate, SmartBackup, or SmartConsole Answer: A Explanation: Backup and RestoreThese options let you: Pass 156-215.81 Exam With Killtest Real Exam Questions To back up a configuration: The Backup window opens. 70.What is the Transport layer of the TCP/IP model responsible for? A. It transports packets as datagrams along different routes to reach their destination. B. It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application. C. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer. D. It deals with all aspects of the physical components of network connectivity and connects with different network types. Answer: B 71.From SecureXL perspective, what are the tree paths of traffic flow: A. Initial Path; Medium Path; Accelerated Path B. Layer Path; Blade Path; Rule Path C. Firewall Path; Accept Path; Drop Path D. Firewall Path; Accelerated Path; Medium Path Answer: D 72.Choose what BEST describes the reason why querying logs now is very fast. A. New Smart-1 appliances double the physical memory install B. Indexing Engine indexes logs for faster search results C. SmartConsole now queries results directly from the Security Gateway D. The amount of logs been store is less than the usual in older versions Answer: B Explanation: Ref: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Lo ggingAndMonitoring_AdminGuide/Topics-LMG/Enabling-log-indexing.htm 73.An administrator wishes to enable Identity Awareness on the Check Point firewalls. However they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company? A. AD Query B. Browser-Based Authentication C. Identity Agents D. Terminal Servers Agent