CCSA R81 156-215.81 Full Course Free

Manual NAT can offer more flexibility than Automatic NAT because it allows the administrator to define the NAT rules in any order and position1. Automatic NAT creates the NAT rules automatically and places them at the top or bottom of the NAT Rule Base2. References: Check Point R81 Firewall Administration Guide, Check Point R81 Security Management Administration Guide

The statement that best describes Secure Internal Communication (SIC) is: After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA. SIC is a mechanism that ensures secure communication between Check Point components by using certificates that are issued by an Internal Certificate Authority (ICA)3. The other statements are not accurate descriptions of SIC.

The port used for full synchronization between cluster members is TCP port 2654. This port is used by the Firewall Kernel to send and receive synchronization data, such as connection tables, NAT tables, and VPN keys4. UDP port 8116 is used by the Cluster Control Protocol (CCP) for internal communications between cluster members4. References: How does the Cluster Control Protocol function in working and failure scenarios for gateway clusters?

 A SAM (Suspicious Activity Monitoring) rule is implemented to provide the function or benefit of blocking suspicious activity. A SAM rule is a rule that defines an action to be taken by the firewall when it detects a suspicious activity, such as an attack, a scan, or a policy violation. The action can be blocking, dropping, rejecting, or logging the traffic that triggered the suspicious activity. A SAM rule can be created manually or automatically by other security features, such as IPS, Anti-Bot, or SmartEvent.References: [SAM Rules], [Suspicious Activity Rules]