Tag: 156-215 dumps

Checkpoint 156-215 Dumps, First-hand Checkpoint 156-215 Exam Online ShopCheckpoint 156-215 Dumps, First-hand Checkpoint 156-215 Exam Online Shop

Not only will you be given theoretical, but also given practical labs which will give you even more practice than before. Our site offers you a comprehensive look at the best prospects available in Checkpoint 156-215 exam sample questions throughout the Industry. The Checkpoint 156-215 exam sample questions offered by FLYDUMPS is very comprehensive and covers all exam questions that need to be covered to pass the Checkpoint 156-215 exam. Professionals and experts at FLYDUMPS are very dedicated and they prepare Checkpoint 156-215 exam sample questions with great effort. In our Checkpoint 156-215 exam sample questions you will the accurate and up-to-date information.

QUESTION 119
You create implicit and explicit rules for the following network. The group object “internal-networks” include networks 10.10.10.0 and 10.10.20.0. Assume “Accept ICMP requests” is enabled as before last in the Global Properties.

Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet, by IP address? ICMP will be:
A. dropped by rule 0
B. dropped by rule 2, the Cleanup Rule
C. accepted by rule 1
D. dropped by the last implicit rule
E. accepted by the implicit rule

Correct Answer: C
QUESTION 120
What does schema checking do?
A. Authenticates users attempting to access resources protected by an NGX Security Gateway.
B. Verifies that every object class, and its associated attributes, is defined in the directory schema.
C. Maps LDAP objects to objects in the NGX objects_5_0.c files.
D. Verifies the Certificate Revocation List for Certificate Validity.
E. Provides topology downloads for SecuRemote and SecureClient users authenticated by an LDAP server.

Correct Answer: B
QUESTION 121
Jill is about to test some rule and object changes suggested in an NGX newsgroup. Which backup and restore solution should Jill use, to ensure she can most easily restore her Security Policy to its previous configuration, after testing the changes?
A. SecurePlatform backup utilities
B. Manual copies of the $FWDIR/conf directory
C. Upgrade_export and upgrade_import commands
D. Policy Package management
E. Database Revision Control

Correct Answer: E
QUESTION 122
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule
A. internalclear>All-GwToGw
B. Communities>Communities
C. Internalclear>ExternalClear
D. Internalclear>Communities
E. Internalclear>Allcommunities

Correct Answer: E
QUESTION 123
Review the following rules and note the Client Authentication Action properties screen, as shown in the
exhibit.
After being authenticated by the Security Gateway when a user starts an HTTP connection to a Web site
the user tries to FTP to another site using the command line. What happens to the user?
The….

A. FTP session is dropprd by the implicit Cleanup Rule.
B. User is prompted from the FTP site only, and does not need to enter username nad password for the Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.

Correct Answer: B
QUESTION 124
What is the command to see the licenses of the Security Gateway Certkiller from your SmartCenter Server?
A. print Certkiller
B. fw licprint Certkiller
C. fw tab -t fwlic Certkiller
D. cplic print Certkiller
E. fw lic print Certkiller
Correct Answer: D
QUESTION 125
Ophelia is the security Administrator for a shipping company. Her company uses a custom application to update the distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateways Rule Base includes a rule to accept this traffic. Ophelia needs to be notified, via atext message to her cellular phone, whenever traffic is accepted on this rule. Which of the following options is MOST appropriate for Ophelia’s requirement?
A. User-defined alert script
B. Logging implied rules
C. SmartViewMonitor
D. Pop-up API
E. SNMP trap

Correct Answer: A
QUESTION 126
Which of the following is the final step in an NGXbackup?
A. Test restoration in a non-production environment, using the upgradeimport command
B. Move the *.tgz file to another location
C. Run the upgradeexport command
D. Copy the conf directory to another location
E. Run the cpstop command

Correct Answer: B
QUESTION 127
Which mechanism is used to export Check Point logs to third party applications?
A. OPSE
B. CPLogManager
C. LEA
D. SmartViewTracker
E. ELA

Correct Answer: C
QUESTION 128
In NGX, what happens if a Distinguished Name (ON) is NOT found in LADP?
A. NGX takes the common-name value from the Certificate subject, and searches the LADP account unit for a matching user id
B. NGX searches the internal database for the username
C. The Security Gateway uses the subject of the Certificate as the ON for the initial lookup
D. If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute
E. When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the extemal LADP user database
Correct Answer: D
QUESTION 129
Which command allows you to view the contents of an NGX table?
A. fw tab -s <tablename>-
B. fw tab -t <tablename>-
C. fw tab -u <tablename>-
D. fw tab -a <tablename>-
E. fw tab -x <tablename>-

Correct Answer: B QUESTION 130
The following is cphaprobstate command output from a New Mode High Availability cluster member:

Which machine has the highest priority?
A. 192.168.1.2,since its number is 2
B. 192.168.1.1,because its number is 1
C. This output does not indicate which machine has the highest priority
D. 192.168.1.2, because its state is active

Correct Answer: B
QUESTION 131
What do you use to view an NGX Security Gateway’s status, including CPU use, amount of virtual memory, percent of free hard-disk space, and version?
A. SmartLSM
B. SmartViewTracker
C. SmartUpdate
D. SmartViewMonitor
E. SmartViewStatus

Correct Answer: D
QUESTION 132
Which of the following commands is used to restore NGX configuration information?
A. cpcontig
B. cpinfo-i
C. restore
D. fwm dbimport
E. upgradeimport

Correct Answer: E
QUESTION 133
Which of the following commands shows full synchronizalion status?
A. cphaprob -i list
B. cphastop
C. fw ctl pstat
D. cphaprob -a if
E. fw hastat
Correct Answer: C
QUESTION 134
Which VPN Community object is used to configure VPN routing within the SmartDashboard?
A. Star
B. Mesh
C. Remote Access
D. Map

Correct Answer: A
QUESTION 135
If you are experiencing LDAP issues, which of the following should you check?
A. Secure lnternal Cornrnunicalions(SIC)
B. VPN tunneling
C. Overlapping VPN Domains
D. NGX connectivity
E. VPN Load Balancing

Correct Answer: D
QUESTION 136
Which operating system is not supported byVPN-1 SecureClient?
A. IPS0 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 7 0
E. MacOS X

Correct Answer: A
QUESTION 137
Which Check Point QoS feature issued to dynamically allocate relative portions of available bandwidth?
A. Guarantees
B. Differentiated Services
C. Limits
D. Weighted Fair Queueing
E. Low Latency Queueinq

Correct Answer: D
QUESTION 138
You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade?
A. Only VPN-1 Pro Security Gateway
B. Both the operating system (OS) and all Check Point products
C. All products, except the Policy Server
D. On~ the patch utility is upgraded using this command
E. Only the OS

Correct Answer: B
QUESTION 139
Amanda is compiling traffic statistics for Certkiller .com’s Internet activity during production hours. How could she use SmartView Monitor to find this information? By
A. using the “Traffic Counters” settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day
B. -monitoring each specific user’s Web traffic use.
C. Viewing total packets passed through the Security Gateway
D. selecting the “Tunnels” view, and generating a report on the statistics
E. configuring a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway

Correct Answer: A
QUESTION 140
Certkiller is the Security Administrator for a software-development company. To isolate the corporate network from the developer’s network, Certkiller installs an internal Security Gateway. Jack wants to optimize the performance of this Gateway. Which of the following actions is most likely to improve the Gateway’s performance?
A. Remove unused Security Policies from Policy Packages
B. Clear all Global Properties check boxes, and use explicit rules
C. Use groups within groups in the manual NAT Rule Base
D. Put the least-used rules at the top of the Rule Base
E. Use domain objects in rules, where possible

Correct Answer: A
QUESTION 141
Certkiller is the Security Administrator for a chain of grocery stores. Each grocery store is protected by a Security Gateway. Certkiller is generating a report for the information-technology audit department. The report must include the name of the Security Policy installed on each remote Security Gateway, the date and time the Security Policy was installed, and general performance statistics (CPU Use, average CPU time, active real memory, etc.). Which SmartConsole application should Certkiller use to gather this information?
A. SmartUpdate
B. SmartView Status
C. SmartView Tracker
D. SmartLSM
E. SmartView Monitor

Correct Answer: E
QUESTION 142
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sicreset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security-Gateway from SmartDashboard
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the actrvation key Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC)
C. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of SmartCenter Server>-.
D. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of security Gateway>-.
E. Re-install the Security Gateway
Correct Answer: B QUESTION 143
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgradeexport/upgradeimport
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control

Correct Answer: B
QUESTION 144
Certkiller is the Security Administrator for Certkiller .com’s large geographically distributed network. The internet connection at one of her remote sites failed during the weekend, and the Security Gateway logged locally for over 48 hours. Certkiller is concerned that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application should Certkiller use, to view the percent of free hard-disk space on the remote Security Gateway?
A. SmartView Status
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartLSM

Correct Answer: D
QUESTION 145
Certkiller is recently hired as the Security Administrator for a public relations company. Certkiller’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Certkiller must propose a plan based on the following required and desired results Required Result #1: Do not purchase new hardware Required Result #2: Use configuration changes that do not reduce security Desired Result #1: Reduce the number of explicit rules in the Rule Base Desired Result #2: Reduce the volume of logs Desired Result #3: Improve the Gateway’s performance Proposed Solution: Certkiller recommends the following changes to the Gateway’s configuration:
1.
Replace all domain objects with network and group objects.

2.
Stop logging Domain Name over UDP (queries)

3.
Use Global Properties, instead of explicit rules, to control ICMP. VRRP, and RIP. Does Certkiller’s proposed solution meet the required and desired result s?
A. The solution meets the required results, and two of the desired results
B. The solution does not meet the required results
C. The solution meets all required results, and none of the desired results
D. The solution meets all required and desired results
E. The solution meets the required results, and one of the desired results
Correct Answer: A
QUESTION 146
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter

Correct Answer: B
QUESTION 147
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object Reinstall the Security Policy
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig
D. Change the cluster mode to Unicast on the cluster-member object
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address
Correct Answer: A

Checkpoint 156-215 exam from FLYDUMPS will certainly assist you in gaining the knowledge and experience needed to study. Many of our customers claim that the Checkpoint 156-215 exam included in our study guide are a great compliment to already popular CCB-400 exam sample questions. FLYDUMPS Checkpoint 156-215 exam can guarantee that combined with proper effort, Checkpoint 156-215 exam questions will certainly boost your chance of passing the Checkpoint 156-215 exam. FLYDUMPS Checkpoint 156-215 exam follows the same syllabus followed by actual Checkpoint 156-215 certification exam, we also constantly upgrade our Checkpoint 156-215 exam so you always get the best and updated information.

CheckPoint 156-215 Dumps PDF, Best Quality CheckPoint 156-215 Demo Free Download Online ShopCheckPoint 156-215 Dumps PDF, Best Quality CheckPoint 156-215 Demo Free Download Online Shop

Because CheckPoint 156-215 exam has changed recently,Flydumps presents the new version of CheckPoint 156-215 exam practice test, which helps candidates to pass the CheckPoint 156-215 exam easily.The exam dumps covers all aspect of CheckPoint 156-215 exam.You can visit our website to free CheckPoint 156-215 exam download the New Version VCE Player.

QUESTION 106
A Security Policy has several database versions. What configuration remains the same no matter which version is used?
A. Objects_5_0.C
B. fwauth.NDB
C. Rule Bases_5_0.fws
D. Internal Certificate Authority (ICA) certificate

Correct Answer: D QUESTION 107
You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify security administration, which one of the following would you choose to do?
A. Create network objects that restrict all applicable rules to only certain networks.
B. Run separate SmartConsole instances to login and configure each Security Gateway directly.
C. Create a separate Security Policy package for each remote Security Gateway.
D. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

Correct Answer: C QUESTION 108
Which rules are not applied on a first-match basis?
A. Client Authentication
B. Session Authentication
C. User Authentication
D. Cleanup

Correct Answer: C QUESTION 109
Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?
A. All connections are reset, so a policy install is recommended during announced downtime only.
B. Users being authenticated by Client Authentication have to re-authenticate.
C. Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.
D. All FTP downloads are reset; users have to start their downloads again.

Correct Answer: B QUESTION 110
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are
defined by the selection in the row Install On of the Rule Base.
B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
C. In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule.
D. A Rule Base can always be installed on any Check Point firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install.

Correct Answer: C
QUESTION 111
A ___________ rule is used to prevent all traffic going to the R75 Security Gateway.
A. Cleanup
B. Stealth
C. Reject
D. IPS

Correct Answer: B
QUESTION 112
In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port __________.
A. 259
B. 256
C. 80
D. 900

Correct Answer: B
QUESTION 113
To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?
A. This cannot be configured since two selections (Service, Action) are not possible.
B. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the Security Management Server cpinfo file.
C. In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. “HTTP_SSH”) and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND.
D. In SmartDashboard, right-click in the column field Service > Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here.
Correct Answer: C
QUESTION 114
What CANNOT be configured for existing connections during a policy install?
A. Reset all connections
B. Re-match connections
C. Keep all connections
D. Keep data connections
Correct Answer: A QUESTION 115
What is the purpose of a Stealth Rule?
A. To permit implied rules.
B. To drop all traffic to the management server that is not explicitly permitted.
C. To prevent users from connecting directly to the gateway.
D. To permit management traffic.

Correct Answer: C QUESTION 116
Which of these Security Policy changes optimize Security Gateway performance?
A. Use Automatic NAT rules instead of Manual NAT rules whenever possible.
B. Using domain objects in rules when possible.
C. Using groups within groups in the manual NAT Rule Base.
D. Putting the least-used rule at the top of the Rule Base.

Correct Answer: A QUESTION 117
Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:Required:
Allow only network 192.168.10.0 and 192.168.20.0 to go out to Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assume you enable all the settings in the NAT page of Global Properties.
How do you achieve this requirement?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter
200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source -groupobject; Destination – any; Service – any; Translated source – 200.200.200.5; Destination -original; Service – original.

Correct Answer: C
QUESTION 118
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
A. Allow bi-directional NAT is not checked in Global Properties.
B. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.
C. Manual NAT rules are not configured correctly.
D. Routing is not configured correctly.

Correct Answer: B
QUESTION 119
You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?
A. Two, one for outbound, one for inbound
B. Only one, inbound
C. Only one, outbound
D. Two, both outbound, one for the real IP connection and one for the NAT IP connection

Correct Answer: C
QUESTION 120
Which of the following statements BEST describes Check Point’s Hide Network Address Translation method?
A. Translates many source IP addresses into one source IP address
B. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
C. Translates many destination IP addresses into one destination IP address
D. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

Correct Answer: A
QUESTION 121
Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?
A. Static Source
B. Static Destination
C. Dynamic Destination
D. Hide

Correct Answer: D
QUESTION 122
NAT can NOT be configured on which of the following objects?
A. Host
B. HTTP Logical Server
C. Address Range
D. Gateway

Correct Answer: B
QUESTION 123
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?
A. Hide Address Translation
B. Static Destination Address Translation
C. Port Address Translation
D. Dynamic Source Address Translation

Correct Answer: B
QUESTION 124
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
B. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
C. Place a static host route on the firewall for the valid IP address to the internal Web server.
D. Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address.

Correct Answer: D
QUESTION 125
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by antispoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal – Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.
C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.
D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal – Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.
Correct Answer: D
QUESTION 126
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
A. Translate destination on client-side
B. Enable IP Pool NAT
C. Allow bi-directional NAT
D. Automatic ARP configuration

Correct Answer: A
QUESTION 127
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
A. Configure Automatic Static NAT on network 10.10.20.0/24.
B. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.
C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
D. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.

Correct Answer: C
QUESTION 128
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?
A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
B. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
C. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ’s
interface. Correct Answer: C QUESTION 129 An internal host initiates a session to and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of ____________.
A. None of these
B. source NAT
C. destination NAT
D. client side NAT

Correct Answer: B QUESTION 130
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.
A. source on client side
B. source on server side
C. destination on client side
D. destination on server side

Correct Answer: C QUESTION 131
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. A static route for the NAT IP must be added to the Gateway’s upstream router.
B. Automatic ARP must be unchecked in the Global Properties.
C. Nothing else must be configured.
D. A static route must be added on the Security Gateway to the internal host.

Correct Answer: D QUESTION 132
When translation occurs using automatic Hide NAT, what also happens?
A. The destination port is modified.
B. Nothing happens.
C. The destination is modified.
D. The source port is modified.

Correct Answer: D QUESTION 133
The fw monitor utility is used to troubleshoot which of the following problems?
A. Address translation
B. Log Consolidation Engine
C. User data base corruption
D. Phase two key negotiation

Correct Answer: A
QUESTION 134
Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

A. This is an example of Hide NAT.
B. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
C. There is not enough information provided in the Wireshark capture to determine the NAT settings.
D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Correct Answer: D
QUESTION 135
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
A. VLAN tagging cannot be defined for any hosts protected by the Gateway.
B. The Security Gateway’s ARP file must be modified.
C. It is not necessary to add a static route to the Gateway’s routing table.
D. It is necessary to add a static route to the Gateway’s routing table.

Correct Answer: C

Each Answers in CheckPoint 156-215 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.com.

CheckPoint 156-215 Dumps PDF, Best Quality CheckPoint 156-215 Demo Free Download Online Shop

Checkpoint 156-215 Dumps, Helpful Checkpoint 156-215 PDF Exams With 100% Pass RateCheckpoint 156-215 Dumps, Helpful Checkpoint 156-215 PDF Exams With 100% Pass Rate

 

Where to free download the new Checkpoint 156-215 exam questions to pass the exam easily? Now,Flydumps has publised the new version of Checkpoint 156-215 exam dumps with new added exam questions.you can also get free VCE and PDF, and the new Checkpoint 156-215 practice tests ensure your exam 100% pass. Visit Flydumps.com to get the 100% pass ensure!

QUESTION 74
You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as the default user expert and start cpinfo.
B. No action is needed because cpshell has a timeout of one hour by default.
C. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinto.

Correct Answer: C
QUESTION 75
Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?
A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.
B. In the General Properties of the object representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator.
C. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced / Permission to Install.
D. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.

Correct Answer: C
QUESTION 76
You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a SecurePlatform. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.
A. cthtool
B. ifconfig a
C. eth_set
D. mii_tool

Correct Answer: C
QUESTION 77
Which command enables IP forwarding on IPSO?
A. echo 1 > /proc/sys/net/ipv4/ip_forward
B. clish -c set routing active enable
C. echo 0 > /proc/sys/net/ipv4/ip_forward
D. ipsofwd on admin

Correct Answer: D QUESTION 78
Looking at an fw monitor capture in Wireshark, the initiating packet in Hide NAT translates on________.
A. I
B. O
C. o
D. i

Correct Answer: B QUESTION 79
You want to create an ASCII formatted output file of the fw monitor command. What is the correct syntax to accomplish this task?
A. fw monitor -e “accept;” > /tmp/monitor.txt
B. fw monitor -e “accept;” -f > /tmp/monitor.txt
C. fw monitor -m iO -e “accept;” -o /tmp/monitor.txt
D. fw monitor -e “accept;” -w /tmp/monitor.txt

Correct Answer: A QUESTION 80
The button Get Address, found on the Host Node Object > General Properties page, will retrieve what?
A. The domain name
B. The fully qualified domain name
C. The Mac address
D. The IP address

Correct Answer: D QUESTION 81
When you change an implicit rule’s order from last to first in global properties, how do you make the change take effect?
A. Select save from the file menu
B. Reinstall the security policy
C. Select install database from the policy menu
D. Run fw fetch from the security gateway

Correct Answer: B QUESTION 82
You create implicit and explicit rules for the following network. The group object internal-networks includes networks 10.10.10.0 and 10.10.20.0. Assume Accept ICMP requests is enabled as Before last in Global Properties.
Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet by IP address? ICMP will be:
A. dropped by rule 0.
B. dropped by rule 2, the Cleanup Rule.
C. accepted by rule 1.
D. dropped by the last Implicit rule.

Correct Answer: C QUESTION 83
Anti-Spoofing is typically set up on which object type?
A. Host
B. Domain
C. Network
D. Security Gateway

Correct Answer: D QUESTION 84
Spoofing is a method of:
A. Hiding your firewall from unauthorized users.
B. Disguising an illegal IP address behind an authorized IP address through port address Translation.
C. Making packets appear as if they come from an authorized IP address
D. Detecting people using false or wrong authentication logins.

Correct Answer: C QUESTION 85
Which of the below is the MOST correct process to reset SIC from SmartDashboard?
A. Run cpconfig, and click Reset.
B. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.
C. Click Communication > Reset on the Gateway object, and type a new activation key.
D. Run cpconfig, and select Secure Internal Communication > Change One Time Password.

Correct Answer: B QUESTION 86
“Pass Any Exam. Any Time.” – www.actualtests.com 49 Checkpoint 156-215.75 Exam You installed Security Management Server on a computer using SecurePlatform in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second SecurePlatform computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?
1) Run cpconfig on the gateway, set secure internal communication, enter the activation key and reconfirm.
2) Initialize internal certificate authority (ICA) on the security Management server.
3) Confirm the gateway object with the host name and IP address for the remote site.
4) Click the communication button in the gateway object’s general screen, enter the activation key, and click initialize and ok.
5) Install the security policy.
A. 2, 3, 4, 5, 1
B. 1, 3, 2, 4, 5
C. 2, 3, 4, 1, 5
D. 2, 1, 3, 4, 5

Correct Answer: B
QUESTION 87
You want to reset SIC between smberlin and sgosaka.
In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:
What is the reason for this behavior?
A. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup / Initialize).
B. The Gateway was not rebooted, which is necessary to change the SIC key.
C. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.

Correct Answer: C
QUESTION 88
Which rule should be the Cleanup Rule in the Rule Base?
A. Last. It serves a logging function before the implicit drop.
B. Last, it explicitly drops otherwise accepted traffic
C. Before last followed by the Stealth Rule.
D. First, it explicitly accepts otherwise dropped traffic.
Correct Answer: A
QUESTION 89
What are the two basic rules which should be used by all Security Administrators?
A. Administrator Access and Stealth rules
B. Cleanup and Administrator Access rules
C. Network Traffic and Stealth rules
D. Cleanup and Stealth rules
Correct Answer: D
QUESTION 90
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Use the search utility in SmartDashboard to view all hidden rules Select the relevant rule and click Disable Rule(s).
B. Right-click on the hidden rule place-holder bar and select Disable Rule(s).
C. Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.
D. Hidden rules are already effectively disabled from Security Gateway enforcement.

Correct Answer: C QUESTION 91
A Stealth rule is used to:
A. Use the Security Gateway to hide the border router from internal attacks.
B. Cloak the type of Web server in use behind the Security Gateway.
C. Prevent communication to the Security Gateway itself.
D. Prevent tracking of hosts behind the Security Gateway.

Correct Answer: C QUESTION 92
A Clean-up rule is used to:
A. Drop without logging connections that would otherwise be dropped and logged fry default
B. Log connections that would otherwise be accepted without logging by default.
C. Log connections that would otherwise be dropped without logging by default.
D. Drop without logging connections that would otherwise be accepted and logged by default

Correct Answer: C QUESTION 93
Which statement is TRUE about implicit rules?
A. They are derived from Global Properties and explicit object properties.
B. The Gateway enforces implicit rules that enable outgoing packets only.
C. You create them in SmartDashboard.
D. Changes to the Security Gateway’s default settings do not affect implicit rules.

Correct Answer: A QUESTION 94
You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?
A. First
B. Before Last
C. Last
D. After Stealth Rule

Correct Answer: C QUESTION 95
In a distributed management environment, the administrator has removed all default check boxes from the Policy / Global Properties / Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.
A. 259
B. 257
C. 900
D. 256

Correct Answer: B QUESTION 96
Examine the following Security Policy. What, if any, changes could be made to accommodate Rule 4?

A. Nothing at all
B. Modify the Source or Destination columns in Rule 4
C. Remove the service HTTPS from the Service column in Rule A
D. Modify the VPN column in Rule 2 to limit access to specific traffic

Correct Answer: D
QUESTION 97
A Security Policy has several database versions. What configuration remains the same no matter which version is used?
A. Rule Bases_5_0.fws
B. Internal Certificate Authority (ICA) certificate
C. Fwauth.NDB
D. Objects_5_0.C

Correct Answer: B
QUESTION 98
You are working with multiple Security Gateways that enforce a common set of rules. To minimize the number of policy packages, which one of the following would you choose to do?
A. Install a separate local Security Management Server and SmartConsole for each remote Security Gateway.
B. Create a separate Security Policy package for each remote Security Gateway and specify Install On / Gateways.
C. Create a single Security Policy package with Install On / Target defined whenever a unique rule is required for a specific Gateway.
D. Run separate SmartDashbord instance to login and configure each Security Gateway directly.

Correct Answer: C QUESTION 99
Which rules are not applied on a first-match basis?
A. Cleanup
B. User Authentication
C. Session Authentication
D. Client Authentication

Correct Answer: B QUESTION 100
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.
B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
C. In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewall to be put into the list via Specific Targets.
D. A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install.

Correct Answer: C QUESTION 101
Which of these security policy changes optimize Security Gateway performance?
A. Use Automatic NAT rules instead of Manual NAT rules whenever possible
B. Putting the least-used rule at the top of the Rule Base
C. Using groups within groups in the manual NAT Rule Base
D. Using domain objects in rules when possible

Correct Answer: A QUESTION 102
Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows: RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.

200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add and ARP entry for 200.200.200.5 for the MAC “Pass Any Exam. Any Time.”
-www.actualtests.com 58
Checkpoint 156-215.75 Exam
address of 200.200.200.3.

B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D. Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create a manual NAT rule like the following Original source group object; Destination any Service -any, Translated source 200.200.200.5; Destination original, Service original.

Correct Answer: C
QUESTION 103
You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?
A. Only one, outbound
B. Two, one for outbound, one for inbound
C. Only one, inbound
D. Two, both outbound, one for the real IP connection and one for the NAT IP connection
Correct Answer: A QUESTION 104
Which of the following statements BEST describes Check Point’s Hide Network Address Translation method?
A. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
B. Translates many destination IP addresses into one destination IP address
C. Translates many source IP addresses into one source IP address
D. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

Correct Answer: C
QUESTION 105
Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?
A. Static Destination
B. Hide
C. Dynamic Destination
D. Static Source

Correct Answer: B
QUESTION 106
NAT can be implemented on which of the following lists of objects?
A. Host, Network
B. Host, User
C. Domain, Network
D. Network, Dynamic Object

Correct Answer: A
QUESTION 107
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
A. Place a static host route on the firewall for the valid IP address to the internal Web server.
B. Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address.
C. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
D. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

Correct Answer: B
QUESTION 108
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External.Change topology to Others +.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External
C. The Global Properties setting Translate destination on client side is checked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Uncheck the Global Properties setting Translate destination on client side
D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal – Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.

Correct Answer: D
QUESTION 109
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
A. Allow bi-directional NAT
B. Automatic ARP configuration
C. Enable IP Pool NAT
D. Translate destination on client-side

Correct Answer: D
QUESTION 110
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service
B. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24
C. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule
D. Configure Automatic Static NAT on network 10.10.20.0/24
Correct Answer: B
QUESTION 111
You have three servers located in a DMZ, using private IP addresses. You want internal users from
10.10.10.x
to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.

A.
When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers

B.
When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.

C.
When connecting to internal network 10 10.10 x. configure Hide NAT for the DMZ servers.

D.
When connecting to the internal network 10.10.10x, configure Hide Nat for the DMZ network behind the DMZ interface of the Security Gateway
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?
Correct Answer: B
QUESTION 112
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the_________.
A. source on client side
B. destination on server side
C. destination on client side
D. source on server side

Correct Answer: C
QUESTION 113
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. Automatic ARP must be unchecked in the Global Properties.
B. A static route must be added on the Security Gateway to the internal host.
C. Nothing else must be configured.
D. A static route for the NAT IP must be added to the Gateway’s upstream router.
Correct Answer: B
QUESTION 114
When translation occurs using automatic Hide NAT, what also happens?
A. Nothing happens.
B. The source port is modified.
C. The destination port is modified.
D. The destination is modified.

Correct Answer: B
QUESTION 115
The fw monitor utility is used to troubleshoot which of the following problems?
A. Phase two key negotiation
B. User data base corruption
C. Address translation
D. Log Consolidation Engine

Correct Answer: C
QUESTION 116
Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

A. There is not enough information provided in the Wireshark capture to determine NAT settings.
B. This is an example hide NAT.
C. There is an example of Static NAT and translate destination on client side unchecked in Global Properties.
D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Correct Answer: D
QUESTION 117
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
A. It is necessary to add a static route to the Gateway’s routing table.
B. The Security Gateway’s ARP file must be modified.
C. It is not necessary to add a static route to the Gateway’s routing table.
D. VLAN tagging cannot be defined for any hosts protected by the Gateway.

Correct Answer: C QUESTION 118
Static NAT connections, by default, translate on which firewall kernel inspection point?
A. Post-inbound
B. Eitherbound
C. Inbound
D. Outbound

Correct Answer: C QUESTION 119
In a Hide NAT connection outbound, which portion of the packet is modified?
A. Source IP address and destination port
B. Destination IP address and destination port
C. Source IP address and source port
D. Destination IP address and destination port

Correct Answer: C QUESTION 120
You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the order of the rules if both methods are used together? Give the best answer.
A. The Administrator decides on the order of the rules by shifting the corresponding rules up and down.
B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range
C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range
D. The position of the rules depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.

Correct Answer: B QUESTION 121
Which answers are TRUE? Automatic Static NAT CANNOT be used when: i) NAT decision is based on the destination port ii) Source and Destination IP both have to be translated iii) The NAT rule should only be installed on a dedicated Gateway only iv) NAT should be performed on the server side
A. (i), (ii), and (iii)
B. (i), and (ii)
C. (ii) and (iv)
D. only (i)

Correct Answer: D QUESTION 122
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?
A. The packet has been sent out through a VPN tunnel unencrypted.
B. An IPSO ACL has blocked the outbound passage of the packet.
C. A SmartDefense module has blocked the packet
D. It is an issue with NAT

Correct Answer: D
QUESTION 123
A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?
A. SmartView Tracker
B. SmartView Status
C. SmartView Monitor
D. SmartDashboard

Correct Answer: D
QUESTION 124
Which of the following is a viable consideration when determining Rule Base order?
A. Grouping authentication rules with address-translation rules
B. Grouping rules by date of creation
C. Grouping reject and drop rules after the Cleanup Rule
D. Grouping functionally related rules together

Correct Answer: D
QUESTION 125
Which of the following is a viable consideration when determining Rule Base order?
A. Adding SAM rules at the top of the Rule Base
B. Placing frequently accessed rules before less frequently accessed rules
C. Grouping rules by date of creation
D. Grouping IPS rules with dynamic drop rules
Correct Answer: B

Flydumps.com provides you with the most reliable practice exams to master Checkpoint 156-215 Certification. Our Microsoft questions and answers are certified by the senior lecturer and experienced technical experts in the Microsoft field. These test questions provide you with the experience of taking the Checkpoint 156-215 actual test.

Checkpoint 156-215 Dumps, Helpful Checkpoint 156-215 PDF Exams With 100% Pass Rate

CheckPoint 156-215 Dumps PDF, Download Latest CheckPoint 156-215 Answers Is Your Best ChoiceCheckPoint 156-215 Dumps PDF, Download Latest CheckPoint 156-215 Answers Is Your Best Choice

Your worries about CheckPoint 156-215 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the CheckPoint 156-215 exam. All the exam questions and answers is the latest and covering each and every aspect of CheckPoint 156-215 exam.It 100% ensure you pass the exam without any doubt.

QUESTION 50
Which utility allows you to configure the DHCP service on SecurePlatform from the command line?
A. cpconfig
B. ifconfig
C. dhcp_cfg
D. sysconfig

Correct Answer: D
QUESTION 51
The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?
A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
B. Type fwm lock_admin -u <account name> from the Security Management Server command line.
C. Type fwm unlock_admin -u from the Security Gateway command line.
D. Type fwm unlock_admin from the Security Management Server command line.

Correct Answer: B
QUESTION 52
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.

Correct Answer: C
QUESTION 53
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/conf/route.C
B. /etc/sysconfig/network-scripts/ifcfg-ethx
C. /etc/sysconfig/netconf.C
D. /etc/sysconfig/network

Correct Answer: C
QUESTION 54
When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field
B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
C. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
D. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56

Correct Answer: B
QUESTION 55
Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources’ servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.
B. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.
C. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.
D. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets.
Correct Answer: D
QUESTION 56
Where is the IPSO Boot Manager physically located on an IP Appliance?
A. On the platform’s BIOS
B. In the directory /nvram
C. On an external jump drive
D. On built-in compact Flash memory
Correct Answer: D
QUESTION 57
How is wear on the flash storage device mitigated on diskless appliance platforms?
A. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
B. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
C. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
D. PRAM flash devices are used, eliminating the longevity.

Correct Answer: B
QUESTION 58
Your R76 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
A. Create a time object, and add 48 hours as the interval. Select that time object’s Global Properties > Logs and Masters window, to schedule a logswitch.
B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object.
C. On a SecurePlatform Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
D. Create a time object, and add 48 hours as the interval. Open the Security Gateway object’s Logs and Masters window, enable Schedule log switch, and select the Time object.

Correct Answer: B
QUESTION 59
Which of the following methods will provide the most complete backup of an R75 configuration?
A. Execute command upgrade_export
B. Database Revision Control
C. Policy Package Management
D. Copying the directories $FWDIR\conf and $CPDIR\conf to another server

Correct Answer: A
QUESTION 60
Which of the following commands can provide the most complete restoration of a R76 configuration?
A. cpinfo -recover
B. fwm dbimport -p <export file>
C. upgrade_import
D. cpconfig

Correct Answer: C
QUESTION 61
When restoring R76 using the command upgrade_import, which of the following items are NOT restored?
A. Licenses
B. SIC Certificates
C. Global properties
D. Route tables

Correct Answer: D
QUESTION 62
Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the new distributed R76 installation benefits. Your plan must meet the following required and desired objectives:
Required ObjectivE.
The Security Policy repository must be backed up no less frequently than
every 24 hours.

Desired ObjectivE.
The R76 components that enforce the Security Policies should be backed up at
least once a week.

Desired ObjectivE.
Back up R76 logs at least once a week.

Your disaster recovery plan is as follows:

-Use the cron utility to run the command upgrade_export each night on the Security Management Servers.

Configure the organization’s routine back up software to back up the files created by the Checkpoint 156-215.13 Exam BrainDumps.com 25 command upgrade_export.


Configure the GAiA back up utility to back up the Security Gateways every Saturday night.
-Use the cron utility to run the command upgrade_export each Saturday night on the log servers.

Configure an automatic, nightly logswitch.


Configure the organization’s routine back up software to back up the switched logs every night.
Upon evaluation, your plan:
A. Meets the required objective and only one desired objective.
B. Meets the required objective but does not meet either desired objective.
C. Meets the required objective and both desired objectives.
D. Does not meet the required objective.

Correct Answer: C
QUESTION 63
Your company is running Security Management Server R76 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?
A. Using cpconfig on the Security Management Server, choose Administrators
B. Using SmartDashboard, under Users, select Add New Administrator
C. Using the Web console on SecurePlatform under Product configuration, select Administrators
D. Using SmartDashboard or cpconfig

Correct Answer: B
QUESTION 64
Peter is your new Security Administrator. On his first working day, he is very nervous and enters the wrong password three times. His account is locked. What can be done to unlock Peter’s account? Give the BEST answer.
A. It is not possible to unlock Peter’s account. You have to install the firewall once again or abstain
B. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Gateway.
C. You can unlock Peter’s account by using the command fwm lock_admin -u Peter on the Security Management Server
D. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Management Server
Correct Answer: C QUESTION 65
Where can you find the Check Point’s SNMP MIB file?
A. $CPDIR/lib/snmp/chkpt.mib
B. There is no specific MIB file for Check Point products.
C. $FWDIR/conf/snmp.mib
D. It is obtained only by request from the TAC.

Correct Answer: A
QUESTION 66
You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
B. Log in as the default user expert and start cpinfo.
C. No action is needed because cpshell has a timeout of one hour by default.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo.

Correct Answer: A
QUESTION 67
Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?
A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.
B. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install.
C. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.
D. In the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator.
Correct Answer: B
QUESTION 68
What is the officially accepted diagnostic tool for IP Appliance Support?
A. ipsoinfo
B. cpinfo
C. uag-diag
D. CST
Correct Answer: D
QUESTION 69
ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:
A. Export setup
B. Time & Date
C. DHCP Server configuration
D. GUI Clients

Correct Answer: D QUESTION 70
Which of the following options is available with the SecurePlatform cpconfig utility?
A. Time & Date
B. GUI Clients
C. DHCP Server configuration
D. Export Setup

Correct Answer: B QUESTION 71
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. cpstat – date.cpstat.txt
B. fw cpinfo
C. cpinfo -o date.cpinfo.txt
D. diag

Correct Answer: C QUESTION 72
Which of the following statements accurately describes the command snapshot?
A. snapshot creates a Security Management Server full system-level backup on any OS.
B. snapshot stores only the system-configuration settings on the Gateway.
C. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.
D. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a SecurePlatform Security Gateway.

Correct Answer: D QUESTION 73
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?
A. fw delete all.all@localhost
B. fw unload policy
C. fwm unloadlocal
D. fw unloadlocal

Correct Answer: D QUESTION 74
How can you check whether IP forwarding is enabled on an IP Security Appliance?
A. clish -c show routing active enable
B. ipsofwd list
C. cat /proc/sys/net/ipv4/ip_forward
D. echo 1 > /proc/sys/net/ipv4/ip_forward

Correct Answer: B QUESTION 75
Which command allows you to view the contents of an R76 table?
A. fw tab -s <tablename>
B. fw tab -t <tablename>
C. fw tab -x <tablename>
D. fw tab -a <tablename>

Correct Answer: B
QUESTION 76
Which of the following tools is used to generate a Security Gateway R76 configuration report?
A. infoCP
B. cpinfo
C. infoview
D. fw cpinfo

Correct Answer: B
QUESTION 77
Which of the following is a CLI command for Security Gateway R76?
A. fw merge
B. fw tab -u
C. fw shutdown
D. fwm policy_print <policyname>

Correct Answer: B
QUESTION 78
You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in Expert Mode to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.
A. eth_set
B. mii_tool
C. ifconfig -a
D. ethtool
Correct Answer: A
QUESTION 79
Which command enables IP forwarding on IPSO?
A. echo 1 > /proc/sys/net/ipv4/ip_forward
B. ipsofwd on admin
C. echo 0 > /proc/sys/net/ipv4/ip_forward
D. clish -c set routing active enable

Correct Answer: B
QUESTION 80
When you change an implicit rule’s order from Last to First in Global Properties, how do you make the change take effect?
A. Run fw fetch from the Security Gateway.
B. Select Install Database from the Policy menu.
C. Reinstall the Security Policy.
D. Select Save from the File menu.

Correct Answer: C QUESTION 81

The actual CheckPoint 156-215 exam questions and answers will sharpen your skills and expand your knowledge to obtain a definite success.save your money and time on your preparation for your CheckPoint 156-215 certification exam. You will find we are a trustful partner if you choose us as your assistance on your CheckPoint 156-215 certification exam. Now we add the latest CheckPoint 156-215 content and to print and share content.

Checkpoint 156-215 PDF Dumps, The Most Recommended Checkpoint 156-215 Exam Dump Covers All Key PointsCheckpoint 156-215 PDF Dumps, The Most Recommended Checkpoint 156-215 Exam Dump Covers All Key Points

FLYDUMPS bring you the best Checkpoint 156-215 exam preparation materials which will make you pass in the first attempt.And we also provide you all the Checkpoint 156-215 exam updates as Microsoft announces a change in its Checkpoint 156-215 exam syllabus,we inform you about it without delay.

QUESTION 30
Which utility allows you to configure the DHCP service on SecurePlatform from the command line?
A. sysconfig
B. dhcp_cfg
C. cpconfig
D. ifconfig

Correct Answer: A QUESTION 31
Which utility is necessary for reestablishing SIC?
A. fwm sic_reset
B. cpconfig
C. cplic
D. sysconfig

Correct Answer: B QUESTION 32
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.

Correct Answer: C QUESTION 33
The third shift administrator was updating security management server access setting in global properties. He managed to lock the entire Administrator out of their accounts. How should you unlock these accounts?
A. Logging to smart dash board as special cpconfig_admin account. Right click on each administrator object and select Unlock.
B. Type fwm lock_admin ua from the command line of the security management server
C. Reinstall the security management Server and restore using upgrade _imort
D. Delete the file admin .lock in the sfwdir/ tmp/directory of the security managem,ent server.

Correct Answer: B QUESTION 34
You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/conf/route.C
B. /etc/sysconfig/netconf.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network

Correct Answer: B
QUESTION 35
When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
C. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56
D. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field (conf : (conns 🙁 conn :hwaddr (“00:0C:29:12:34:56”)
Correct Answer: B
QUESTION 36
Where is the IPSO Boot Manager physically located on an IP Appliance?
A. In the / nvram directory
B. On an external jump drive
C. On the platform’s BIOS
D. On built-in compact Flash memory
Correct Answer: D

QUESTION 37
ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:
A. DHCP Server configuration
B. GUI Clients
C. Time & Date
D. Export setup
Correct Answer: B
QUESTION 38
Which of the following options is available with the SecurePlatform cpconfig utility?
A. GUI Clients
B. Time & Date
C. Export setup
D. DHCP Server configuration
Correct Answer: A QUESTION 39
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. diag
B. cpinfo -o date.cpinfo.txt
C. netstat > date.netstat.txt
D. cpstat > date.cpatat.txt

Correct Answer: B QUESTION 40
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out via a rule or policy mis-configuration?
A. fw delete all.all@localhost
B. cpstop
C. fw unloadlocal
D. fw unload policy

Correct Answer: C QUESTION 41
How can you check whether IP forwarding is enabled on an IP Security Appliance?
A. clish c show routing active enable
B. echo 1 > /proc/sys/net/ipv4/ip_forwarding
C. ipsofwd list
D. cat/proc/sys/net/ipv4/ip_forward

Correct Answer: C QUESTION 42
For normal packet transmission of an accepted communication to a host protected by a Security Gateway, how many lines per packet are recorded on a packet analyzer like Wireshark using fw monitor?
A. 2
B. 4
C. 3
D. None

Correct Answer: B QUESTION 43
How can I verify the policy version locally installed on the Firewall?
A. fw ver
B. fw ctl iflist
C. fw ver -k
D. fw stat

Correct Answer: D QUESTION 44
If you run fw monitor without any parameters, what does the output display?
A. In /var/adm/monitor. Out
B. On the console
C. In /tmp/log/monitor out
D. In / var/log/monitor. out

Correct Answer: B QUESTION 45
Another administrator accidentally installed a Security Policy on the wrong firewall. Having done this, you are both locked out of the firewall that is called myfw1. What command would you execute on your system console on myfw1 in order for you to push out a new Security Policy?
A. fw dbloadlocal
B. fw unloadlocal
C. cpstop
D. fw ctl filter

Correct Answer: B QUESTION 46
Which of the following commands will completely remove the Security Policy from being enforced on a Security Gateway?
A. fw unload
B. fw unloadlocal
C. cpstop
D. fw unload local

Correct Answer: B QUESTION 47
Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the initial policy?
A. fw monitor
B. fw ctl pstat
C. cp stat
D. fw stat

Correct Answer: D QUESTION 48
To monitor all traffic between a network and the Internet on a SecurePlatform Gateway, what is the BEST utility to use?
A. snoop
B. cpinfo
C. infoview
D. tcpdump

Correct Answer: D QUESTION 49
You are creating an output file with the following command:
fw monitor -e “accept (src=10.20.30.40 or dst=10.20.30.40);” -o ~/output Which tool do you use to analyze this file?
A. You can analyze it with Wireshark or Ethereal.
B. You can analyze the output file with any ASCI editor.
C. The output file format is CSV, so you can use MS Excel to analyze it.
D. You cannot analyze it with any tool as the syntax should be:fw monitor -e accept ([12,b]=10.20.30.40 or [16,b]=10.20.30.40); -o ~/output.

Correct Answer: A
QUESTION 50
You issue the fw monitor command with no arguments. Which of the following inspection points will be displayed?
A. Before the virtual machine, in the inbound direction
B. After the virtual machine, in the outbound direction
C. All inspection points
D. Before the virtual machine, in the outbound direction

Correct Answer: C

We help you do exactly that with our high quality Checkpoint 156-215 Certification using the above training materials.Regardless of whichever computer you have, you just need to download one of the many Checkpoint 156-215 PDF readers that are available for free.