Bridge Mode is a deployment option for Check Point Security Gateway that allows it to act as a transparent bridge between two network segments, without changing the IP addressing scheme. Bridge Mode supports most of the security features, such as Data Loss Prevention, Antivirus, Application Control, etc.  However, Bridge Mode does not support NAT, because NAT requires modifying the IP addresses or ports of the packets, which contradicts the transparent nature of Bridge Mode 1 . References:  Check Point R81 Security Gateway Technical Administration Guide

The communication between different Check Point components is secured in R80 by using SIC. SIC stands for Secure Internal Communication and it is a mechanism that ensures the authenticity and confidentiality of communication between Check Point components, such as Security Gateways, Security Management Servers, Log Servers, etc.  SIC uses certificates issued by the Internal CA (ICA) and encryption algorithms such as AES-256 3 4 . References:  Check Point R81 Quantum Security Gateway Guide ,  Check Point R81 Quantum Security Management Administration Guide

 Bridge Mode Check Point Security Gateway does not support NAT. Bridge Mode is a deployment option that allows the Security Gateway to inspect traffic without being a routing hop.  In Bridge Mode, the Security Gateway does not have an IP address and cannot perform NAT 1 . Therefore, the correct answer is C.  NAT. 

You should generate new licenses when the existing license expires, the license is upgraded, or the IP address associated with the license changes. These situations invalidate the current license and require a new one to be obtained from the Check Point User Center and installed on the Security Management Server or Security Gateway.  Installing contract files or upgrading devices do not affect the validity of the license 1 2  References:  Check Point R81 ,  Managing and Installing license via SmartUpdate

Manual NAT can offer more flexibility than Automatic NAT because it allows the administrator to define the NAT rules in any order and position 1 .  Automatic NAT creates the NAT rules automatically and places them at the top or bottom of the NAT Rule Base 2 . References:  Check Point R81 Firewall Administration Guide ,  Check Point R81 Security Management Administration Guide

The command  show cluster state  is used to monitor cluster members in CLI. It displays information such as the cluster mode, the cluster members, their status, their priority, and their interfaces. References: [ClusterXL Administration Guide], [Check Point CLI Reference Card]

A layer can support different combinations of blades, but the supported blades are Firewall (Network Access Control), Application & URL Filtering, and Content Awareness.  These blades provide granular control over network traffic based on applications, users, content, and risk 1 .  Mobile Access is not a supported blade in a layer 2 .

References:  1 :  Check Point R81 Security Management Administration Guide , page 101.  2 :  Check Point R81 Security Gateway Administration Guide , page 11.

An LDAP server holds one or more Account Units. An Account Unit is a logical representation of an LDAP server in the Check Point database. It defines the connection parameters, authentication methods, and user and group information that are retrieved from the LDAP server. An Account Unit allows the Security Gateway to use the LDAP server for user authentication and identity awareness. The other options are incorrect. A Server Unit is a logical representation of a Check Point server in the Check Point database. An Administrator Unit is a logical representation of an administrator or an administrator group in the Check Point database. An Account Server is not a valid term in Check Point terminology. References: [Check Point R81 Identity Awareness Administration Guide], [Check Point R81 Security Management Administration Guide] , [Check Point R81 SmartConsole R81 Resolved Issues]

 Authentication rules are defined for  user groups  rather than individual users 1 . To define authentication rules, you must first define users and groups.  You can define users with the Check Point user database, or with an external server, such as LDAP 1 .  UserCheck is a feature that enables user interaction with security events 2 . Individual users and all users in the database are not valid options for defining authentication rules. References:  How to Configure Client Authentication ,  UserCheck

 In order to modify Security Policies, the administrator can use SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed. SmartConsole is a graphical tool that allows the administrator to create, edit, and manage security policies using a web browser. mgmt_cli (API) is a command-line tool that allows the administrator to perform the same tasks using commands and scripts. Both tools can connect to the Security Management Server remotely from any computer that has SmartConsole installed. References: [SmartConsole Overview], [mgmt_cli (API)]