The correct answer is A because session unique identifiers are passed to the web api using the X-chkp-sid http header option 1 .  The X-chkp-sid header is used to authenticate and authorize API calls 1 . The other options are not related to session unique identifiers. References:  Check Point R81 Security Management Administration Guide

An Endpoint identity agent uses a username/password or Kerberos ticket for user authentication 3 , p. 28. An Endpoint identity agent is a lightweight client installed on endpoint computers that communicates with Identity Awareness gateways and provides reliable identity information. An Endpoint identity agent does not use a shared secret, a token, or a certificate for user authentication. References:  Check Point CCSA - R81: Practice Test & Explanation , [Check Point Identity Awareness Administration Guide R81]

In order for changes made to policy to be enforced by a Security Gateway, an administrator must perform Install Policy 3 . This action transfers the policy package from the Security Management Server to the Security Gateway and activates it. References:  Check Point R81 Security Management Administration Guide

The TCP/IP model is made up of four layers: Application, Transport, Internet, and Network Interface 1 , p. 10. The TCP/IP model is a simplified version of the OSI model, which has seven layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical. References:  Check Point CCSA - R81: Practice Test & Explanation , [TCP/IP Model Explained]

The INSPECT Engine is a technology that extracts detailed information from packets and stores that information in state tables.  It enables stateful inspection and application layer filtering 1 2  References:  INSPECT Engine ,  Stateful Inspection

The options that are not tracking options are Partial log, Network log, and Full log. Tracking options are settings that determine how the Security Gateway handles traffic that matches a rule in the security policy. The valid tracking options are Log, Detailed Log, Extended Log, Alert, Mail, SNMP trap, User Defined Alert, and None. The other options are incorrect. Log is a tracking option that records basic information about the traffic, such as source, destination, service, action, etc. Detailed Log is a tracking option that records additional information about the traffic, such as NAT details, data amount, etc. Extended Log is a tracking option that records even more information about the traffic, such as matched IPS protections, application details, etc. References: [Logging and Monitoring Administration Guide R80 - Check Point Software]

The command  api status  shows the API server status, including whether it is enabled or not, the port number, and the API version 1 . References:  Check Point R81 API Reference Guide

If there is an Accept Implied Policy set to “First”, Jorge cannot see any logs because Log Implied Rule was not selected on Global Properties. The Log Implied Rule option enables logging for all implied rules, such as DHCP, anti-spoofing, and cleanup rules.

References: :  Check Point R81 Security Management Administration Guide , page 103.

Central licensing is the preferred licensing model because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.  This allows for easier management and distribution of licenses across multiple gateways 1 .

References:  1 :  Check Point R81 Security Management Administration Guide , page 14.

The purpose of the Clean-up Rule is to log all traffic that is not explicitly allowed or denied in the Rule Base 7 8 .  The Clean-up Rule is the last rule in the rulebase and is used to drop and log explicitly unmatched traffic 9 7 .  To improve the rulebase performance, noise traffic that is logged in the Clean-up rule should be included in the Noise rule so it is matched and dropped higher up in the rulebase 8 . The other options are not valid purposes of the Clean-up Rule.

References:  Using Intune device cleanup rules ,  Security policy fundamentals ,  Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services