Address translation rules are used to map an IP address space into another by modifying network address information in the IP header of packets.  Address translation rules have two elements: original packet and translated packet 6 . The original packet is the packet before it undergoes address translation, and the translated packet is the packet after it undergoes address translation.  The original packet and the translated packet may have different source and destination IP addresses, depending on the type and direction of address translation. 

The correct answer is A because detecting and blocking malware by correlating multiple detection engines before users are affected is not a feature of the Check Point URL Filtering and Application Control Blade 3 .  This feature is part of the Check Point Anti-Virus and Anti-Bot Blades 3 .  The other options are features of the Check Point URL Filtering and Application Control Blade 3 . References:  Check Point R81 URL Filtering and Application Control Administration Guide

An Access Role Object has four configuration screens: Users, Machines, Networks, and Identity Tags 1 , p. 27. Time is not a valid configuration screen of an Access Role Object. References:  Check Point CCSA - R81: Practice Test & Explanation

 SecureID is the authentication method that requires token authenticator 2 . SecureID is a two-factor authentication method that uses a hardware or software token to generate a one-time password. The user must enter the token code along with their username and password to authenticate. References:  Check Point R81 Identity Awareness Administration Guide

 Threat Prevention is a comprehensive solution that protects networks from malicious attacks by using multiple security blades, such as Anti-Bot, Anti-Virus, IPS, Threat Emulation, and Threat Extraction. A Threat Prevention profile defines the actions and settings for each blade and can be applied to different network segments or scenarios. The Perimeter profile is one of the predefined profiles that uses sanitization technology to protect users from malicious files and links. Sanitization technology includes Threat Emulation and Threat Extraction blades, which can detect and remove malware from files and web content. References: [Check Point R81 Threat Prevention Administration Guide]

The default shell of the Gaia CLI is cli.sh, which provides a limited set of commands for basic configuration and troubleshooting.  To change from the cli.sh shell to the advanced shell (also known as expert mode) to run Linux commands, the administrator needs to execute the command ‘expert’ in the cli.sh shell

The answer is B because Geo policy shared policy is used to create policy for traffic to or from a particular location based on the source or destination country. DLP shared policy is used to prevent data loss by inspecting files and data for sensitive information. Mobile Access software blade is used to provide secure remote access to corporate resources from various devices.  HTTPS inspection is used to inspect encrypted web traffic for threats and compliance 4 References:  Check Point R81 Geo Policy Administration Guide , [Check Point R81 Data Loss Prevention Administration Guide], [Check Point R81 Mobile Access Administration Guide] , [Check Point R81 HTTPS Inspection Administration Guide]

Upgrading the Security Gateway does not require a new license to be generated and installed. The license is tied to the IP address or hostname of the Security Gateway, not the software version.  However, if the IP address or hostname changes, the existing license expires, or the license is upgraded, a new license must be generated and installed 1 2  References:  Check Point R81 ,  Managing and Installing license via SmartUpdate

 Identity Awareness is a blade that enables administrators to define access rules based on the identity of users and machines, rather than just IP addresses. Identity Awareness allows easy configuration for network access and auditing based on three items: network location, the identity of a user, and the identity of a machine. Network location refers to the source or destination network segment of the traffic. The identity of a user refers to the username or group membership of the user who initiates or receives the traffic. The identity of a machine refers to the hostname or certificate of the machine that initiates or receives the traffic. References: [Check Point R81 Identity Awareness Administration Guide]

The back up solution that should be used to ensure your database can be restored on that device is snapshot . A snapshot creates a binary image of the entire root (lv_current) disk partition. This includes Check Point products, configuration, and operating system. A snapshot can be used to restore a Security Gateway or Security Management Server to its previous state at any time . Therefore, the correct answer is D. snapshot.