Exam 156-215.81 topic 1 question 113 discussion

Protection Types The IPS protections are divided into two main types: Core protections - These protections are included in the product and are assigned per gateway. They are part of the Access Control policy. ThreatCloud protections - Updated from the Check Point cloud, (see Updating IPS Protections). These protections are part of the Threat Prevention policy.

correct B

https://support.checkpoint.com/results/sk/sk162493

It is the Access control policy. Core Protection are installed via ACL see: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics-TPG/IPS_Protections.htm

They are installed after installing the access control poicy

The question asks about which policy should be installed, not which policy should the change be made on. You have to install the access policy to effect a core policy change made in the TP policy.

Core Protections are installed via Access policy installation. This is even visible in the screenshot from sk110873 which is mentioned in an older comment.

https://community.checkpoint.com/t5/Threat-Prevention/Exceptions-on-IPS-Core-Protections/td-p/63103

Check Point Certified Security Administrator (CCSA) R81.10 Guide (page 644): "Core Protections are configured by selecting the Inspection Settings hyperlink in the Threat Prevention Policy. However, they are installed as part of the Access Control Policy."

correct is B. In the past it was under IPS. Now on R80.x this "ex-IPS" part of policy called CORE were moved to ACCESS CONTROL The IPS protections are divided into two main types: Core protections - These protections are included in the product and are assigned per gateway. They are part of the Access Control policy. ThreatCloud protections - Updated from the Check Point cloud, (see Updating IPS Protections). These protections are part of the Threat Prevention policy. Here is table , how it was change https://community.checkpoint.com/t5/Management/Where-did-all-my-IPS-Protections-go/m-p/3497?searchId=396ad4e8-2509-4862-b15f-61fb6460769e&searchIndex=1&sr=searc

I would say D. IPS is a threat prevention blade. Enable Intrusion Prevention System (IPS) protection "Host Port Scan" to detect port scan: https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eventSubmit_doGoviewsolutiondetails=&solutionid=sk110873

Ans: ACCESS CONTROL POLICY

Should be correct. Host port scan falls under Threat Prevention Policy according to: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk110873 https://community.checkpoint.com/t5/Threat-Prevention/Port-scan-from-external-network/td-p/65445

The answer is Access Control Policy. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics-TPG/IPS_Protections.htm