Category: CheckPoint Certification
100% valid Checkpoint 156-816 brain dumps with more new added questions.By training the Checkpoint 156-816 questions, you will save a lot time in preparing the exam.Visit www.Flydumps.com to get the 100% pass ensure!
QUESTION 77
During MDS installation, you must configure at least one VSX Administrator. After creating the Administrator, you are prompted to perform which task?
A. Grant VSX-specific privileges to the Administrator
B. Assign the Administrator to manage a specific Virtual System
C. Add the Administrator to a group
D. Assign the Administrator to manage a specific interface on the VSX Gateway
E. Assign the Administrator to manage a specific CMA
Correct Answer: C
QUESTION 78
During the initial configuration of a VSX Gateway cluster, the VSX Administrator is prompted to specify each cluster member’s name, as shown below:Which of the following best describes this name?
A. IP address of the individual VSX Gateway in the cluster
B. Any name the VSX Administrator chooses to describe the cluster member
C. Customer for which this VSX Gateway cluster is configured
D. MAC address of the individual VSX Gateway in the cluster
E. Hostname of the individual VSX Gateway in the cluster
Correct Answer: B
QUESTION 79
The VSX Management Server uses which of the following channels to communicate with components of the VSX Gateway?
A. Provisioning and Network Configuration
B. Route Configuration
C. Gateway Inspection Verification
D. Status Verification
E. Policy Verification
Correct Answer: A
QUESTION 80
What is the maximum number of members that can be included in a VSX Gateway cluster?
A. 2
B. 10
C. 50
D. 8
E. 25
Correct Answer: D
QUESTION 81
If two VSX Gateways are deployed in a cluster with one interface defined with a Virtual Switch, how is each Virtual Switch instance defined?
A. Primary: Standby/Secondary: Active
B. Primary: Standby/Secondary: Standby
C. Primary: Active/Secondary: Standby
D. Primary: Active/Secondary: Active
Correct Answer: D
QUESTION 82
What is the term used to describe a port or interface that shares traffic from more than one VLAN?
A. Frame-Strata enabled
B. VLAN riding
C. Comprehensive layer-2 label support
D. VLAN trunking
E. Comprehensive VLAN Tag support
Correct Answer: D
QUESTION 83
The provisioning and network configuration channel does NOT:
A. Install a default Security Policy blocking all traffic.
B. Install Administrator defined Security Policies.
C. Create Virtual Systems and Virtual Routers on a Gateway.
D. Configure interface and routing information on the Gateway.
E. Create a SIC Certificate for new objects, and transfer the Certificate to an object on the VSX Gateway.
Correct Answer: B
QUESTION 84
In a VLAN Tag added to a frame header, the __________ is a 2 byte number that identifies a frame as tagged.
A. user_priority
B. VLAN Identifier
C. Tag Control Information
D. Tag Protocol Identifier
E. Canonical Format Indicator
Correct Answer: D
QUESTION 85
Which of the following VSX components maintain layer 3 connectivity?
A. Virtual System in Bridge mode
B. Internal Virtual Switch
C. External Virtual Switch
D. Virtual Router
E. VLAN interface
Correct Answer: D
QUESTION 86
When configuring a Virtual System interface leading to a Virtual Switch, the default Gateway must be: A. The IP address of the Virtual Switch.
B. The IP address of the Management Virtual System.
C. The IP address of a device outside the VSX Gateway.
D. Excluded. No default Gateway is used when passing traffic through a Virtual Switch.
E. Shared among all systems passing through the switch.
Correct Answer: C
QUESTION 87
Which interface of the Management Virtual System (MVS) can be compared to the external interface of a traditional Security Gateway?
A. Warp interface leading from the MVS to the External Virtual Router
B. None; the External Virtual Router acts as the external interface to all Virtual Systems configured on the VSX Gateway.
C. Dedicated management interface, typically eth0
D. Synchronization interface
E. Virtual interface leading from the MVS to the External Virtual Router
Correct Answer: A
QUESTION 88
When deploying a VSX Gateway managed by a SmartCenter Server, which of the following statements is TRUE?
A. VSX Administrators can configure different domains for each Virtual System.
B. Multiple Administrators can simultaneously connect to the same database, to manage multiple Customers.
C. All Customer objects, rules, and users are shared in a single database.
D. Each Virtual System has its own unique Certificate Authority.
E. VSX superuser Administrators can configure granular permissions for each Customer Administrator.
Correct Answer: C
QUESTION 89
A __________ is a virtual security device configured on a VSX Gateway, which operates as a complete routing and security domain, with firewall and VPN capabilities.
A. Virtual Switch
B. Context Identification Module
C. Virtual System Extension
D. Virtual System
E. External Virtual Router
Correct Answer: D
QUESTION 90
When configuring Virtual Systems with overlapping IP addressing, the Virtual Systems must:
A. Be included in a VPN.
B. Be on the same network.
C. Perform Network Address Translation.
D. Perform in Bridge mode.
E. Define VLAN Tags.
Correct Answer: C QUESTION 91
Consider the following scenario: Your network configuration requires that you configure a single interface on the VSX Gateway to lead to multiple networks. A different Virtual System must protect each network sending traffic through the VSX Gateway. You configured a dedicated management interface on the VSX Gateway, along with 1 External Virtual Router and 4 Virtual Systems, one for each Customer. Which of the following hardware devices must be used to connect the different networks to the single shared interface?
A. Frame cache-redirection enabled switch
B. Content-intelligent switch
C. Jumbo frame-enabled switch
D. Router
E. VLAN-capable switch
Correct Answer: E
QUESTION 92
When configuring the VSX Gateway, it is important to reboot after running which of the following commands for the first time?
A. config
B. cpconfig vsx
C. fwconfig
D. vsx sysconfig
E. sysconfig
Correct Answer: E
QUESTION 93
Bridged Virtual Systems in a cluster monitor which of the following protocols, to fail over a bridged system?
A. VTP
B. MPLS
C. BPDU
D. STP
E. OSPF
Correct Answer: C
QUESTION 94
You need to provide a security layer for an existing core network. You need an inspection module that operates at layer 2, is completely transparent, and does not impact the existing IP structure or different control protocols in use. Which of the following virtual devices will perform the kind of inspection you need?
A. External Virtual Router
B. Virtual Switch
C. Virtual System in Bridge mode
D. Virtual System
E. Internal Virtual Router
Correct Answer: C
QUESTION 95
Which of the following statements is true concerning the default Security Policy of the External Virtual Router?
A. The External Virtual Router performs exactly like an External Virtual Switch.
B. All traffic emanating from networks protected by the VSX Gateway is dropped. All other traffic is accepted.
C. All traffic passing through the External Virtual Router is allowed by default, without inspection by the External Virtual Router’s Security Policy.
D. All traffic bound for the management network is dropped.
E. Virtual Routers do not enforce a Security Policy.
Correct Answer: C
QUESTION 96
Which of the following commands should you run to stop a VSX Gateway cluster?
A. vsxhastop
B. vsx cpstop
C. cpstop
D. cphastop
E. vsxstop
Correct Answer: C
QUESTION 97
Which of the following elements is NOT maintained separately by each Virtual System on a VSX Gateway?
A. Configuration parameters
B. Management database
C. Logging parameters
D. Security Policies
E. State tables
Correct Answer: B
QUESTION 98
When configuring a Warp Link, what is the IP address that appears in the topology properties of the External Virtual Router?
A. 255.255.255.255
B. Either the IP address designated as the main IP for the Virtual System to which the link connects, or its Static Network Address Translation IP address
C. Always the IP address designated as the main IP, for the Virtual System to which the link connects
D. Same as the IP address of the External Virtual Router
E. 0.0.0.0
Correct Answer: E
QUESTION 99
If a VSX Gateway is protecting multiple customer networks behind only one shared interface, the VSX Administrator must either configure __________ for source-based routing, or deploy a VLAN solution.
A. An Internal Virtual Router
B. Non-VLAN Interface Trunking
C. VSX Gateway High Availability
D. VSX Gateway Load Sharing
E. Multiple External Virtual Routers
Correct Answer: A
QUESTION 100
Consider the following scenario: A hub connects four hosts to a VLAN-Tagged port on a switch. The hosts have IP addresses ranging from 10.0.0.1 to 10.0.0.4. The switch adds a VLAN Tag of 400 to all communication passing through it. Once communication from the second host on the hub passes through the switch port on the way to its destination on the external network, how does the traffic appear in SmartView Tracker? Assume that traffic enters the Gateway on interface eth3.
A. eth3.2
B. eth3.400.2
C. eth3.400
D. eth3.2.400
E. eth3.402
Correct Answer: C
QUESTION 101
When configuring a VLAN environment for your VSX Gateway, you must associate each VLAN with an interface and an IP address. Where is each VLAN setting configured?
A. System Interfaces tab of the VSX Gateway object
B. Add/Edit Interface screen, accessed from the Topology tab of the Virtual Router object
C. System Interfaces Allocation tab of the VSX Gateway object
D. Add/Edit Interface screen, accessed from the Topology tab of the Virtual System object
E. VLAN Configuration tab of the VSX Gateway object
Correct Answer: D
QUESTION 102
When deploying a VSX Gateway managed by a SmartCenter Server, how many Certificate Authorities will the deployment have?
A. One for each Virtual System and Virtual Router configured on the VSX Gateway
B. One, shared by all components
C. Two; one for the SmartCenter Server, and one shared by all Virtual Systems and Virtual Routers
D. One for each Virtual System configured on the VSX Gateway
E. Three; one for the SmartCenter Server, one shared by all Virtual Systems, and one shared by the Virtual Routers
Correct Answer: B
QUESTION 103
Which of the following MDS types allows you to create and manage a VSX Gateway?
A. MDS Manager station
B. MDS Container station
C. MDS VSX Integrator
D. MDS MLM
E. MDS SmartCenter for VSX
Correct Answer: B
QUESTION 104
Which of the following objects allows you to configure resource settings, to limit the number of concurrent connections?
A. Internal Virtual Router
B. Virtual Systems
C. Virtual Switch
D. External Virtual Router
E. VSX Gateway
Correct Answer: B
QUESTION 105
Where within the frame header is the VLAN Tag inserted?
A. Before Destination information
B. After Type/Length information
C. Before Source information
D. Before Type/Length information
E. Either before Type/Length information or after, depending on the Canonical Format Indicator setting
Correct Answer: D
QUESTION 106
Which two segments make up a VLAN Tag, following the standard IEEE format?
A. Tag Protocol Identifier and VLAN Identifier
B. Tag Protocol Identifier and Traffic Control Information
C. Canonical Format Indicator and Traffic Control Information
D. Traffic Control Information and VLAN Identifier
E. Canonical Format Indicator and Tag Protocol Identifier
Correct Answer: B
QUESTION 107
Which of the following VSX Gateway configurations is valid?
A. A shared NIC assigned to different Virtual Systems, with the same IP addresses on different VLANs
B. A shared NIC assigned to different Virtual Systems, with different IP addresses on the same VLAN
C. A shared NIC assigned to different Virtual Systems, with the same IP addresses on the same VLAN
D. Multiple NICs assigned the same IP addresses, for each Virtual System in the configuration, but with different VLAN Tags
E. Multiple NICs assigned to different Virtual Systems in Bridge Mode, performing Hide NAT
Correct Answer: A
QUESTION 108
A VSX cluster configuration is built from which three components?
A. Management Network, Internal Communications Network, Virtual IP Addresses
B. Synchronization Network, Internal Communications Network, Virtual IP Addresses
C. Management Network, Internal Virtual Network, Virtual IP Addresses
D. Synchronization Network, Internal Network, External Network
E. Synchronization Network, Virtual Network, External Network
Correct Answer: B
QUESTION 109
Which of the following is a type of VLAN membership?
A. Time-based
B. Application-based
C. Port-based
D. Session-based
E. Protocol-based
Correct Answer: E
QUESTION 110
A Warp Link is a virtual point-to-point connection between a:
A. Virtual Router and Virtual System.
B. Virtual Router and Virtual Switch.
C. Virtual System and the management interface.
D. Virtual Router and a physical interface.
E. Virtual System and another Virtual System.
Correct Answer: A
With the products Checkpoint 156-816 for training and preparation of testing you would not only significantly reduce your fees, but pass your exam. We obtain our products from Authorities experts from test center.We give you the best path to successful completion of your exam to the real and original exam questions and answers for Checkpoint 156-816.
New VCE and PDF– If you want to pass CheckPoint 156-706 exam successfully,do not miss to test Cisco latest CheckPoint 156-706 brain dumps.All CheckPoint 156-706 the new questions and answers were timely added, visit Flydumps.com to free download VCE player and PDF files.
QUESTION 90 If a helpdesk user is logged in to webRH and you decide to remove his account, when will the user be notified?
A. Immediately, since he will be thrown off the system when his account is removed
B. When his session times out and he tries to re-authenticate
C. When he reboots his machine
D. Never, it is not possible to remove accounts from webRH
Correct Answer: B
QUESTION 91 What are the names of the Pointsec processes and services that run on a workstation after Pointsec has been installed?
A. Pointsec.exe, psadmin.exe and decrypt.exe
B. Prot_srv.exe, p95tray.exe and pstartsr.exe
C. Pssogina.exe, pointsec.exe and p95tray.exe
D. Decrypt.exe, protect.exe and pssogina.exe, pagents.exe
Correct Answer: B
QUESTION 92
How many authorized users must log in to uninstall Pointsec for PC?
A. One
B. Two
C. Three
D. Four
Correct Answer: B
QUESTION 93
What does Removable Media Manager do?
A. Manages what media can be exported to Removable Media
B. Automatically formats and encrypts devices
C. Automatically scans and digitally signs devices
D. Creates a black / white list of what devices can be used on the network
Correct Answer: D
QUESTION 94
Which application can you run to configure webRH settings post installation?
A. webRHconfig.exe
B. addtoken.exe
C. admin.exe
D. none of the above
Correct Answer: A
Flydumps.com is the absolute way to pass your CheckPoint 156-706 exam within no time. An authentic and comprehensive CheckPoint 156-706 exam solution is available at Flydumps.com. With our exclusive online CheckPoint 156-706 braindump you will pass CheckPoint 156-706 exam easily.Flydumps.com guarantees 100% success rate.
Your worries about CheckPoint 156-215 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the CheckPoint 156-215 exam. All the exam questions and answers is the latest and covering each and every aspect of CheckPoint 156-215 exam.It 100% ensure you pass the exam without any doubt.
QUESTION 50
Which utility allows you to configure the DHCP service on SecurePlatform from the command line?
A. cpconfig
B. ifconfig
C. dhcp_cfg
D. sysconfig
Correct Answer: D
QUESTION 51
The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?
A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
B. Type fwm lock_admin -u <account name> from the Security Management Server command line.
C. Type fwm unlock_admin -u from the Security Gateway command line.
D. Type fwm unlock_admin from the Security Management Server command line.
Correct Answer: B
QUESTION 52
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Correct Answer: C
QUESTION 53
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/conf/route.C
B. /etc/sysconfig/network-scripts/ifcfg-ethx
C. /etc/sysconfig/netconf.C
D. /etc/sysconfig/network
Correct Answer: C
QUESTION 54
When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field
B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
C. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
D. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56
Correct Answer: B
QUESTION 55
Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources’ servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.
B. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.
C. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.
D. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets.
Correct Answer: D
QUESTION 56
Where is the IPSO Boot Manager physically located on an IP Appliance?
A. On the platform’s BIOS
B. In the directory /nvram
C. On an external jump drive
D. On built-in compact Flash memory
Correct Answer: D
QUESTION 57
How is wear on the flash storage device mitigated on diskless appliance platforms?
A. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
B. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
C. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
D. PRAM flash devices are used, eliminating the longevity.
Correct Answer: B
QUESTION 58
Your R76 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
A. Create a time object, and add 48 hours as the interval. Select that time object’s Global Properties > Logs and Masters window, to schedule a logswitch.
B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object.
C. On a SecurePlatform Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
D. Create a time object, and add 48 hours as the interval. Open the Security Gateway object’s Logs and Masters window, enable Schedule log switch, and select the Time object.
Correct Answer: B
QUESTION 59
Which of the following methods will provide the most complete backup of an R75 configuration?
A. Execute command upgrade_export
B. Database Revision Control
C. Policy Package Management
D. Copying the directories $FWDIR\conf and $CPDIR\conf to another server
Correct Answer: A
QUESTION 60
Which of the following commands can provide the most complete restoration of a R76 configuration?
A. cpinfo -recover
B. fwm dbimport -p <export file>
C. upgrade_import
D. cpconfig
Correct Answer: C
QUESTION 61
When restoring R76 using the command upgrade_import, which of the following items are NOT restored?
A. Licenses
B. SIC Certificates
C. Global properties
D. Route tables
Correct Answer: D
QUESTION 62
Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the new distributed R76 installation benefits. Your plan must meet the following required and desired objectives:
Required ObjectivE.
The Security Policy repository must be backed up no less frequently than
every 24 hours.
Desired ObjectivE.
The R76 components that enforce the Security Policies should be backed up at
least once a week.
Desired ObjectivE.
Back up R76 logs at least once a week.
Your disaster recovery plan is as follows:
-Use the cron utility to run the command upgrade_export each night on the Security Management Servers.
–
Configure the organization’s routine back up software to back up the files created by the Checkpoint 156-215.13 Exam BrainDumps.com 25 command upgrade_export.
–
Configure the GAiA back up utility to back up the Security Gateways every Saturday night.
-Use the cron utility to run the command upgrade_export each Saturday night on the log servers.
–
Configure an automatic, nightly logswitch.
–
Configure the organization’s routine back up software to back up the switched logs every night.
Upon evaluation, your plan:
A. Meets the required objective and only one desired objective.
B. Meets the required objective but does not meet either desired objective.
C. Meets the required objective and both desired objectives.
D. Does not meet the required objective.
Correct Answer: C
QUESTION 63
Your company is running Security Management Server R76 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?
A. Using cpconfig on the Security Management Server, choose Administrators
B. Using SmartDashboard, under Users, select Add New Administrator
C. Using the Web console on SecurePlatform under Product configuration, select Administrators
D. Using SmartDashboard or cpconfig
Correct Answer: B
QUESTION 64
Peter is your new Security Administrator. On his first working day, he is very nervous and enters the wrong password three times. His account is locked. What can be done to unlock Peter’s account? Give the BEST answer.
A. It is not possible to unlock Peter’s account. You have to install the firewall once again or abstain
B. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Gateway.
C. You can unlock Peter’s account by using the command fwm lock_admin -u Peter on the Security Management Server
D. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Management Server
Correct Answer: C QUESTION 65
Where can you find the Check Point’s SNMP MIB file?
A. $CPDIR/lib/snmp/chkpt.mib
B. There is no specific MIB file for Check Point products.
C. $FWDIR/conf/snmp.mib
D. It is obtained only by request from the TAC.
Correct Answer: A
QUESTION 66
You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
B. Log in as the default user expert and start cpinfo.
C. No action is needed because cpshell has a timeout of one hour by default.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo.
Correct Answer: A
QUESTION 67
Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?
A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.
B. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install.
C. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.
D. In the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator.
Correct Answer: B
QUESTION 68
What is the officially accepted diagnostic tool for IP Appliance Support?
A. ipsoinfo
B. cpinfo
C. uag-diag
D. CST
Correct Answer: D
QUESTION 69
ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:
A. Export setup
B. Time & Date
C. DHCP Server configuration
D. GUI Clients
Correct Answer: D QUESTION 70
Which of the following options is available with the SecurePlatform cpconfig utility?
A. Time & Date
B. GUI Clients
C. DHCP Server configuration
D. Export Setup
Correct Answer: B QUESTION 71
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. cpstat – date.cpstat.txt
B. fw cpinfo
C. cpinfo -o date.cpinfo.txt
D. diag
Correct Answer: C QUESTION 72
Which of the following statements accurately describes the command snapshot?
A. snapshot creates a Security Management Server full system-level backup on any OS.
B. snapshot stores only the system-configuration settings on the Gateway.
C. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.
D. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a SecurePlatform Security Gateway.
Correct Answer: D QUESTION 73
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?
A. fw delete all.all@localhost
B. fw unload policy
C. fwm unloadlocal
D. fw unloadlocal
Correct Answer: D QUESTION 74
How can you check whether IP forwarding is enabled on an IP Security Appliance?
A. clish -c show routing active enable
B. ipsofwd list
C. cat /proc/sys/net/ipv4/ip_forward
D. echo 1 > /proc/sys/net/ipv4/ip_forward
Correct Answer: B QUESTION 75
Which command allows you to view the contents of an R76 table?
A. fw tab -s <tablename>
B. fw tab -t <tablename>
C. fw tab -x <tablename>
D. fw tab -a <tablename>
Correct Answer: B
QUESTION 76
Which of the following tools is used to generate a Security Gateway R76 configuration report?
A. infoCP
B. cpinfo
C. infoview
D. fw cpinfo
Correct Answer: B
QUESTION 77
Which of the following is a CLI command for Security Gateway R76?
A. fw merge
B. fw tab -u
C. fw shutdown
D. fwm policy_print <policyname>
Correct Answer: B
QUESTION 78
You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in Expert Mode to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.
A. eth_set
B. mii_tool
C. ifconfig -a
D. ethtool
Correct Answer: A
QUESTION 79
Which command enables IP forwarding on IPSO?
A. echo 1 > /proc/sys/net/ipv4/ip_forward
B. ipsofwd on admin
C. echo 0 > /proc/sys/net/ipv4/ip_forward
D. clish -c set routing active enable
Correct Answer: B
QUESTION 80
When you change an implicit rule’s order from Last to First in Global Properties, how do you make the change take effect?
A. Run fw fetch from the Security Gateway.
B. Select Install Database from the Policy menu.
C. Reinstall the Security Policy.
D. Select Save from the File menu.
Correct Answer: C QUESTION 81
The actual CheckPoint 156-215 exam questions and answers will sharpen your skills and expand your knowledge to obtain a definite success.save your money and time on your preparation for your CheckPoint 156-215 certification exam. You will find we are a trustful partner if you choose us as your assistance on your CheckPoint 156-215 certification exam. Now we add the latest CheckPoint 156-215 content and to print and share content.
Flydumps bring you the best CheckPoint 156-215 exam preparation materials which will make you pass in the first attempt.And we also provide you all the CheckPoint 156-215 exam updates as Microsoft announces a change in its CheckPoint 156-215 exam syllabus,we inform you about it without delay.
QUESTION 75
“Pass Any Exam. Any Time.” – www.actualtests.com 30 Checkpoint 156-215.75 Exam Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates are created:
A. And used for securing internal network communications between SmartView Tracker and an OPSEC device.
B. For the Security Management Server during the Security Management Server installation.
C. For Security Gateways during the Security Gateway installation.
D. To decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.
Correct Answer: B
QUESTION 76
Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:
A. Increase network security by securing administrative communication with a two-factor challenge response authentication.
B. Uniquely identify machines installed with Check Point software only. They have the same function as RSA Authentication Certificates.
C. Are for Security Gateways created during the Security Management Server installation.
D. Can be used for securing internal network communications between the Security Gateway and an OPSEC device.
Correct Answer: D
QUESTION 77
Which of the following statements regarding SecureXL and CoreXL is TRUE?
A. SecureXL is an application for accelerating connections.
B. CoreXL enables multi-core processing for program interfaces.
C. SecureXL is only available in R75.
D. CoreXL is included in SecureXL.
Correct Answer: A
QUESTION 78
Beginning with R75, Software Blades were introduced. One of the Software Blades is the IPS Software Blade as a replacement for SmartDefense. When buying or upgrading to a bundle, some blades are included, e.g. FW, VPN, IPS in SG103. Which statement is NOT true?
A. The license price includes IPS Updates for the first year.
B. The IPS Software Blade can be used for an unlimited time.
C. There is no need to renew the service contract after one year.
D. After one year, it is mandatory to renew the service contract for the IPS Software Blade because it has been bundled with the license when purchased.
Correct Answer: D
QUESTION 79
You need to plan the company’s new security system. The company needs a very high level of security and also high performance and high throughput for their applications. You need to turn on most of the integrated IPS checks while maintaining high throughput. What would be the BEST solution for this scenario?
A. You need to buy a strong multi-core machine and run R70 or later on SecurePlatform with CoreXL technology enabled.
B. Bad luck, both together can not be achieved.
C. The IPS does not run when CoreXL is enabled.
D. The IPS system does not affect the firewall performance and CoreXL is not needed in this scenario.
Correct Answer: A
QUESTION 80
John is the Security Administrator in his company. He needs to maintain the highest level of security on the firewalls he manages. He is using Check Point R75. Does he need the IPS Software Blade for achieving this goal?
“Pass Any Exam. Any Time.” – www.actualtests.com 32 Checkpoint 156-215.75 Exam
A. No, all IPS protections are active, but can’t be uploaded without the license like SmartDefense.
B. Yes, otherwise no protections can be enabled.
C. Yes, otherwise the firewall will pass all traffic unfiltered and unchecked.
D. No, the Gateway will always be protected and the IPS checks can’t be managed without a license.
Correct Answer: B
QUESTION 81
Which command allows you to view the contents of an R75 table?
A. fw tab -x <tablename>
B. fw tab -a <tablename>
C. fw tab -s <tablename>
D. fw tab -t <tablename>
Correct Answer: D
QUESTION 82
Your R75 enterprise Security Management Server is running abnormally on Windows 2003 Server. You decide to try reinstalling the Security Management Server, but you want to try keeping the critical Security Management Server configuration settings intact (i.e., all Security Policies, databases, SIC, licensing etc.) What is the BEST method to reinstall the Server and keep its critical configuration?
A. 1) Run the latest upgrade_export utility to export the configuration 2) Leave the exported – tgz file in %FWDIR\bin. 3) Install the primary security Management Server on top of the current installation 4) Run upgrade_import to Import the configuration.
B. 1) Insert the R75 CD-ROM. and select the option to export the configuration into a . tgz file 2) Skip any upgrade verification warnings since you are not upgrading. 3) Transfer the. tgz file to another networked machine. 4) Download and run the cpclean utility and reboot. 5) Use the R75 CD_ROM to select the upgrade__import option to import the c
C. 1) Download the latest upgrade_export utility and run it from a \ temp directory to export the Configuration. 2) Perform any requested upgrade verification suggested steps. “Pass Any Exam. Any Time.” – www.actualtests.com 33 Checkpoint 156-215.75 Exam 3) Uninstall all R75 packages via Add/Remove Programs and reboot 4) Use smartUpdate to reinstall the Security Management server and reboot 5) Transfer the .tgz file back to the local \ temp. 6) Run upgrade_import to import the configuration.
D. 1) Download the latest upgrade_export utility and run it from a \ temp directory to export the Configuration. 2) Transferee .tgz file to another network machine 3) Uninstall all R75 packages via Add/Remove Programs and reboot 4) Install again using the R75 CD ROM as a primary security management server 5) Reboot and than transfer the .tgz file back to the local\ tem p 6) Run upgcade_import to import the configuration.
Correct Answer: C
QUESTION 83
Your primary Security Management Server runs on SecurePlatform. What is the easiest way to back up your Security Gateway R75 configuration, including routing and network configuration files?
A. Using the upgrade_export command.
B. Copying the $FWDIR/conf and $FWDIR/lib directory to another location.
C. Run the pre_upgrade_verifier and save the .tgz file to the /temp directory.
D. Using the native SecurePlatform backup utility from command line or in the Web based user interface.
Correct Answer: D QUESTION 84
You need to back up the routing, interface, and DNS configuration information from your R75 SecurePlatform Security Gateway. Which backup-and-restore solution do you use?
A. SecurePlatform backup utilities
B. upgrade_export and upgrade_import commands
C. Database Revision Control
D. Manual copies of the $FWDIR/conf directory
Correct Answer: A QUESTION 85
Your R75 primary Security Management Server is installed on SecurePlatform. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours.
How do you create this schedule?
A. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object.
B. Create a time object, and add 48 hours as the interval. Open the Security Gateway object’s Logs and Masters window, enable Schedule log switch, and select the Time object.
C. Create a time object, and add 48 hours as the interval. Select that time object’s Global Properties > Logs and Masters window, to schedule a logswitch.
D. On a SecurePlatform Security Management Server, this can only be accomplished by configuring the fw logswitch command via the cron utility.
Correct Answer: A QUESTION 86
Which of the following methods will provide the most complete backup of an R75 configuration?
A. Policy Package Management
B. Copying the $PWDIR\conf and $CPDIR\conf directories to another server
C. upgrade_export command
D. Database Revision Control
Correct Answer: C QUESTION 87
Which of the following commands can provide the most complete restoration of an R75 configuration?
“Pass Any Exam. Any Time.” – www.actualtests.com 35 Checkpoint 156-215.75 Exam
A. Cpconfig
B. Upgrade_import
C. fwm dbimport -p
D. cpinfo -recover
Correct Answer: B QUESTION 88
When restoring R75 using the command upgrade > Port. Which of the following items is NOT restored?
A. Licenses
B. Global properties
C. SIC Certificates
D. Route tables
Correct Answer: D QUESTION 89
Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R75 installation. Your plan must meet the following required and desired objectives:
Required Objective: The Security Policy repository must be backed up no less frequently than every 24
hours.
Desired Objective: The R75 components that enforce the Security Polices should be blocked up at least
once a week.
Desired Objective: Back up R75 logs at least once a week
Your disaster recovery plan is as follows:
Use the cron utility to run the upgrade_ export command each night on the Security Management Servers.
Configure the organization’s routine backup software to back up the files created by the upgrade_
“Pass Any Exam. Any Time.” – www.actualtests.com 36
Checkpoint 156-215.75 Exam
export command.
Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night
Use the cron utility to run the upgrade export: command each Saturday niqht on the log servers
Configure an automatic, nightly loqswitch
Configure the organization’s routine backup software to back up the switched logs every night
Upon evaluation, your plan:
A. Meets the required objective but does not meet either desired objective.
B. Does not meet the required objective.
C. Meets the required objective and only one desired objective.
D. Meets the required objective and both desired objectives.
Correct Answer: D QUESTION 90
Your company is running Security Management Server R75 on SecurePlatform, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?
A. Using SmartDashboard, under Users, select Add New Administrator
B. Using the Web console on SecurePlatform under Product configuration, select Administrators
C. Using SmartDashboard or cpconf ig
D. Using cpconftg on the Security Management Server, choose Administrators
Correct Answer: A QUESTION 91
Which of the following tools is used to generate a Security Gateway R75 configuration report?
A. ethereal
B. cpinfo “Pass Any Exam. Any Time.” – www.actualtests.com 37 Checkpoint 156-215.75 Exam
C. licview
D. infoview
Correct Answer: B QUESTION 92
Which of the following is a CLI command for Security Gateway R75?
A. fwm policy_print <policyname>
B. fw shutdown
C. fw merge
D. fw tab -u
Correct Answer: D QUESTION 93
What information is provided from the options in this screenshot?
(i)Whether a SIC certificate was generated for the Gateway
(ii)Whether the operating system is SecurePlatform or SecurePlatform Pro
“Pass Any Exam. Any Time.” – www.actualtests.com 38 Checkpoint 156-215.75 Exam (iii)Whether this is a standalone or distributed installation
A. (i), (ii) and (iii)
B. (i) and (iii)
C. (i) and (ii)
D. (ii) and (iii)
Correct Answer: D QUESTION 94
Peter is your new Security Administrator. On his first working day, he is very nervous and sets the wrong password three times. His account is locked. What can be done to unlock Peter’s account? Give the BEST answer.
A. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Gateway.
B. It is not possible to unlock Peter’s account. You have to install the firewall once again or abstain from Peter’s help.
C. You can unlock Peter’s account by using the command fwm lock_admin -u Peter on the Security Management Server.
D. You can unlock Peter’s account by using the command fwm unlock_admin -u Peter on the Security Management Server.
Correct Answer: C
QUESTION 95
Which CLI command verifies the number of cores on your firewall machine?
A. fw ctl pstat
B. fw ctl core stat
C. fw ctl multik stat
D. cpstat fw -f core
Correct Answer: C
QUESTION 96
John currently administers a network using NGX R65.4 on the Security Management Server and NGX R65.2.100 (the VOIP release with the VOIP plug-ins enabled). He wants to upgrade to R75 to get the benefits of Check Point’s Software Blades. What would be the best way of doing this?
A. This can not be done yet as R75 can not manage NGX R65 Gateways due to SmartDefense and IPS mismatch problems.
B. Run upgrade_export on R65 management, then install R75 on this machine and run upgrade_import and re-license the systems to use software blades.
C. Just insert the R75 CD-ROM and run the in-place upgrade.
D. This is not supported today as currently the VOIP Software Blade and VOIP plug-in is not available in R75.
Correct Answer: D
QUESTION 97
John currently administers a network using single CPU single core servers for the Security Gateways and is running R75. His company is now going to implement VOIP and needs more performance on the Gateways. He is now adding more memory to the systems and also upgrades the CPU to a modern quad core CPU in the server. He wants to use CoreXL technology to benefit from the new performance benchmarks of this technology. How can he achieve this?
A. Nothing needs to be done. SecurePlatform recognized the change during reboot and adjusted all the settings automatically.
B. He just needs to go to cpconfig on the CLI and enable CoreXL. Only a restart of the firewall is required to benefit from CoreXL technology.
C. He needs to reinstall the Gateways because during the initial installation, it was a single-core CPU but the wrong Linux kernel was installed. There is no other upgrade path available.
D. He just needs to go to cpconfig on the CLI and enable CoreXL. After the required reboot he will benefit from the new technology.
Correct Answer: D
QUESTION 98
“Pass Any Exam. Any Time.” – www.actualtests.com 40 Checkpoint 156-215.75 Exam You are running a R75 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What backup method could be used to quickly put the secondary firewall into production?
A. upgrade_export
B. manual backup
C. snapshot
D. backup
Correct Answer: C
QUESTION 99
Before upgrading SecurePlatform, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?
A. The restore can be done easily by the command restore and selecting the appropriate backup file.
B. A backup cannot be restored, because the binary files are missing.
C. The restore is not possible because the backup file does not have the same build number (version).
D. The restore is done by selecting Snapshot Management from the boot menu of SecurePlatform.
Correct Answer: A
QUESTION 100
Which operating systems are supported by a Check Point Security Gateway on an open server?
A. Check Point SecurePlatform and Microsoft Windows
B. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows
C. Check Point SecurePlatform, IPSO, Sun Solaris, Microsoft Windows
D. Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO “Pass Any Exam. Any Time.” -www.actualtests.com 41 Checkpoint 156-215.75 Exam
Correct Answer: A
QUESTION 101
You intend to upgrade a Check Point Gateway from R65 to R75. Prior to upgrading, you want to backup the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
A. Backup
B. Snapshot
C. Upgrade_export
D. Database_revision
Correct Answer: A
QUESTION 102
Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service?
A. fw fwd routing
B. ipsofwd on admin
C. fw load routed
D. ipsofwd slowpath
Correct Answer: B QUESTION 103
Where can you find the Check Point’s SNMP MIB file?
“Pass Any Exam. Any Time.” – www.actualtests.com 42 Checkpoint 156-215.75 Exam
A. $FWDIR/conf/snmp.mib
B. It is obtained only by request from the TAC.
C. $CPDIR/lib/snmp/chkpt.mib
D. There is no specific MIB file for Check Point products.
Correct Answer: C
QUESTION 104
You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as the default user expert and start cpinfo.
B. No action is needed because cpshell has a timeout of one hour by default.
C. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinto.
Correct Answer: C
QUESTION 105
Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?
A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.
B. In the General Properties of the object representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator.
C. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced / Permission to Install.
D. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.
Correct Answer: C
We provide thoroughly reviewed CheckPoint 156-215 using the training resources which are the best for CheckPoint 156-215,and to get certified by Microsoft Windows Store apps.It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest CheckPoint 156-215 content and to print and share content.
Flydumps is one of the leading exam preparation material providers.We have a complete range of exams offered by the top vendors of their respective industries. You can download CheckPoint 156-210 free demos in PDF files that are the latest.QUESTION 11
What function does the Audit mode of SmartView Tracker perform?
A. It tracks detailed information about packets traversing the Enforcement Modules.
B. It maintains a detailed log of problems with VPN-1/FireWall-1 services on the SmartCenter Server.
C. It is used to maintain a record of the status of each Enforcement Module and SmartCenter server.
D. It maintains a detailed record of status of each Enforcement Module and SmartCenter Server.
E. It tracks changes and Security Policy installations, per Security Administrator, performed in SmartDashboard.
Correct Answer: E
QUESTION 12
In the SmartView Tracker, what is the difference between the FireWall-1 and VPN-1 queries? Choose three.
A. A VPN-1 query only displays encrypted and decrypted traffic.
B. A FireWall-1 query displays all traffic matched by rules, which have logging activated.
C. A FireWall-1 query displays all traffic matched by all rules.
D. A FireWall-1 query also displays encryption and decryption information.
E. Implied rules, when logged, are viewed using the VPN-1 query.
Correct Answer: ABD
QUESTION 13
Network topology exhibit
You want hide all localnet and DMZ hosts behind the Enforcemenet Module, except for the HTTP Server
(192.9.200.9). The HTTP Server will be providing public services, and must be accessible from the
Internet.
Select the two BEST Network Address Translation (NAT) solutions for this scenario,
A. To hide Local Network addresses, set the address translation for 192.9.0.0
B. To hide Local Network addresses, set the address translation for 192.9.200.0
C. Use automatic NAT rule creation to hide both DMZ and Local Network.
D. To hide Local Network addresses, set the address translation for privatenet.
E. Use automatic NAT rule creation, to statically translate the HTTP Server address.
Correct Answer: CE
QUESTION 14
The SmartDefense Storm Center Module agent receives the Dshield.org Block List, and:
A. Populates CPDShield with blocked address ranges, every three hours.
B. Generates logs from rules tracking internal traffic.
C. Submits the number of authentication failures, and drops, rejects, and accepts.
D. Generates regular and compact log digest.
E. Populates the firewall daemon with log trails.
Correct Answer: A QUESTION 15
What are the advantages of central licensing? Choose three.
A. Only the IP address of a SmartCenter Server is needed for all licences.
B. A central licence can be removed from one Enforcement Module, and installe don another Enforcement Module.
C. Only the IP address of an Enforcement Module is needed for all licences.
D. A central license remains valid, when you change the IP address of an Enforcemente Module.
E. A central license can be converted into a local license.
Correct Answer: ABD
QUESTION 16
A security Administrator wants to review the number of packets accepted by each of the Enforcement modules. Which of the following viewers is the BEST source for viewing this information?
A. SmartDashboard
B. SmartUpdate
C. SmartMap
D. SmartView Status
E. SmartView Tracker
Correct Answer: D
QUESTION 17
Hidden (or masked) rules are used to:
A. Hide rules from administrators with lower privileges.
B. View only a few rules, without distraction of others.
C. Temporarily disable rules, without having to reinstall the Security Policy.
D. Temporarily convert specifically defined rules to implied rules.
E. Delete rules, without having to reinstall the Security Policy.
Correct Answer: B
QUESTION 18
Which of the following characteristics BEST describes the behaviour of Check Point NG with Application Intelligence?
A. Traffic not expressly permitted is prohibited.
B. All traffic is expressly permitted by explicit rules.
C. Secure connections are authorized by default. Unsecured connectdions are not.
D. Traffic is filtered using controlled ports.
E. TELNET, HTTP; and SMTP are allowed by default.
Correct Answer: A
QUESTION 19
SmartUpdate CANNOT be used to:
A. Track installed versions of Check Point and OPSEC products.
B. Manage licenses centrally.
C. Update installed Check Point and OPSEC software remotely, from a centralized location.
D. Uninstall Check Point and OPSEC software remotely, from a centralized location.
E. Remotely install NG with Application Intelligence for the first time, on a new machine.
Correct Answer: E
QUESTION 20
Which of the following statements about Client Authentication is FALSE?
A. In contrast to User Authentication that allows access per user. Client Authentication allows access per IP address.
B. Client Authentication is more secure than User Authentication, because it allows multiple users and connections from an authorized IP address or host.
C. Client Authentication enables Security Administrators to grant access privileges to a specific IP address, after successful authentication.
D. Authentication is by user name and password, but it is the host machine (client) that is granted access.
E. Client Authentication is not restricted to a limited set of protocols.
Correct Answer: B
QUESTION 21
Why is Application Layer particularly vulnerable to attacks? Choose three
A. Malicious Java, ActiveX, and VB Scripts can exploit host system simply by browsing.
B. The application Layer performs access-control and legitimate-use checks.
C. Defending against attacks at the Application Layer is more difficult, than at lower layers of the OSI model.
D. The Application Layer does not perform unauthorized operations.
E. The application Layer supports many protocols.
Correct Answer: ACE
QUESTION 22
You have created a rule that requires users to be authenticated, when connecting to the Internet using HTTP. Which is the BEST authentication method for users who must use specific computers for Internet access?
A. Client
B. Session
C. User
Correct Answer: A
QUESTION 23
What function does the Active mode of SmartView Tracker perform?
A. It displays the active Security Policy.
B. It displays active Security Administrators currently logged into a SmartCenter Server.
C. It displays current active connections traversing Enforcement Modules.
D. It displays the current log file, as it is stored on a SmartCenter Server.
E. It displays only current connections between VPN-1/FireWall-1 modules.
Correct Answer: C
QUESTION 24
You are importing product data from modules, during a VPN-1/Firwall-1 Enforcement Module upgrade. Which of the following statements are true? Choose two.
A. Upgrading a single Enforcement Module is recommended by Check Point, since there is no chance of mismatch between installed product versions.
B. SmartUpdate queries license information, from the SmartConsole runging locally on the Enforcement Module.
C. SmartUpdate queries the SmartCenter Server and Enforcement Module for product information.
D. If SmartDashboard and all SmartConsoles must be open during input, otherwise the product-data retrieval process will fail
Correct Answer: AC
QUESTION 25
Which if the following components functions as the Internal Certificate Authority for all modules in the VPN-1/FireWall-1 configuration?
A. Enforcement Module
B. INSPECT Engine
C. SmartCenter Server
D. SmartConsole
E. Policy Server
Correct Answer: C
QUESTION 26
Which of the following is NOT a security benefit of Check Point’s Secure Internal Communications (SIC)?
A. Generates VPN certificates for IKE clients.
B. Allows the Security Administrator to confirm that the Security Policy on an Enforcement Module came from an authorized Management Server.
C. Confirms that a SmartConsole is authorized to connect a SmartCenter Server
D. Uses SSL for data encryption.
E. Maintains data privacy and integrity.
Correct Answer: A
QUESTION 27
You are administering one SmartCenter Server that manages three Enforcement Modules. One of the Enforcement Modules does not appear as a target in the Install Policy screen, when you attempt to install the Security Policy. What is causing this to happen?
A. The license for the Enforcement Module has expired.
B. The Enforcement Module requires a reboot.
C. The object representing the Enforcement Module was created as a Node->Gateway.
D. The Enforcement Module was not listed in the Install On column of its rule.
E. No Enforcement Module Master filer was created, designating the SmartCenter Server
Correct Answer: C
QUESTION 28
You are the Security Administrator with one SmartCenter Server managing one Enforcement Moduel. SmartView Status displayes a computer icon with an “I” in the Status column. What does this mean?
A. You have entered the wrong password at SmartView Status login.
B. Secure Internal Communications (SIC) has not been established between the SmartCenter Server and the Enforcement Module.
C. The SmartCenter Server cannot contact a gateway.
D. The VPN-1/Firewall-1 Enforcement Module has been compromised and is no longer controlled by this SmartCenter Sever.
E. The Enforcement Module is installed and responding to status checks, but the status is problematic.
Correct Answer: E
QUESTION 29
Check Point’s NG with Application Intelligence protects against Network and Transport layer attacks by: (Choose two)
A. Preventing protocol-anomaly detection-
B. Allowing IP fragmentation-
C. Preventing validation of compliance to standards.
D. Preventing non-TCP denial-of-service attacks, and port scanning.
E. Preventing malicious manipulation of Network Layer protocols.
Correct Answer: DE
QUESTION 30
Which of the following locations is Static NAT processed by the Enforcement Module on packets from an external source to an internal statically translated host? Static NAT occurs.
A. After the inbound kernel, and before routing.
B. After the outbound kernel, and before routing.
C. After the inbound kernel, and aftter routing.
D. Before the inbound kernel, and after routing.
E. Before the outbound kernel, and before routing.
Correct Answer: C
QUESTION 31
Which of the following does a Check Point security gateway access, analyze, and use? Choose three.
A. Communications information
B. Communication-derivec state
C. Packet sniffing
D. Information mapping
E. Application-derived state
Correct Answer: ABE
QUESTION 32
Which NG with Application Intelligence feature allows a Security Administrator to granularly control acceptable FTP commands?
A. FTP Security Server object settings
B. Check Point Gateway object, Security Server settings
C. SmartDefense, FTP Security Server settings
D. Rule Base Service field
E. Global Properties, Security Server settings.
Correct Answer: C
QUESTION 33
You are Security Administrator preparing to deploy a new hot-fix to ten Enforcement Modules at five geographically separated locations. What is the BEST method to implement this hot-fix?
A. Use SmartView installer to deploy the hot-fix to each Enforcement Module.
B. Send a CDROM with the hot-fix to each location, and have local personnel install it.
C. Send a Certified Security Engineer to each site to perform the update.
D. Use SmartInstaller to install the packages to each of the Enforcement Models remotely.
E. Use SmartUpdate to install the packages to each of the Enforcement Models remotely.
Correct Answer: E QUESTION 34
Implicit rules do NOT allow what types of VPN-1/FireWall-1 Control Connections by default?
A. Outgoing traffic, originating from the gateway
B. RIP for routing configuration
C. IKE and RDP-traffic, for communication and encryption
D. VPN-1/Firewall-1 specific traffic, such as logging, management, and key exchange
E. RADIOUS; CVP, UFP, and LDAP
Correct Answer: B
QUESTION 35
In Secure Internal Communicators (SIC), the SmartCenter Server and its components are identified by a (n):
A. SIC entry in the host file
B. Random seed
C. Port number
D. Distinguished Name
E. IP address
Correct Answer: D
QUESTION 36
Which of the following statements BEST describes Dynamic Network Address Translation (Hide NAT)?
A. Allow you to hide an entire network behind one IP address.
B. Translates private external IP addresses to public IP addresses.
C. Allows you to hide an entire network behind public IP addresses.
D. Translates public internal IP addresses to private IP addresses.
E. Allow you to hide an entire network behind random IP addresses.
Correct Answer: A
QUESTION 37
What type of TCP attack is a bandwidth attack, where a client fools a server into sending large amount of data, using small packets?
A. SMURF
B. SYN-Flood
C. Host System Hogging
D. Small PMTU
E. LAND
Correct Answer: D
QUESTION 38
How is the Block Intruder request used?
A. It is used in place of the HTTP Security Server.
B. SmartDefense automatically uses this capability.
C. It is used in the Log mode of SmartView Tracker to kill active connections.
D. It is activated in SmartDashboard through the Security Policy.
E. It blocks access from a Source, or to a Destination, for a specified amount of time, or indefinitely.
Correct Answer: E QUESTION 39
A conflict between anti-spoofing and Network Address Translation (NAT) occurs when:
A. The Translate destination on the client-side option is not enabled when using Static NAT:
B. NAT is performed on the client side.
C. Manual NAT rules are used.
D. The Translate destination on the client-side option is enabled.
E. The Translate destination on the server-side option is enabled.
Correct Answer: A
QUESTION 40
One of the most important tasks Security Adminstrators perform is log maintenance. By default, when an administrator clicks File > Switch Active file from SmartView Tracker, the SmartCenter server:
A. Purges the current log file, and prompts the Security Administrator for the mode of the new log.
B. Opens a new window with a previously saved log for viewing.
C. Saves the current log file, names the save file by date and time and starts a new log.
D. Prompts the Security Administrator for the name of the current log, saves it, and then prompts the Security Administrator for the mode of the new log.
E. Purges the current log file, and starts a new log.
Correct Answer: C
QUESTION 41
A VPN-1/FireWall-1 SmartDashboard is used to perform which of the following tasks? Choose two.
A. Allows the Security Administrator to configure Network Address Translation.
B. Stores VPN-1/Firewall-1 logs
C. Compiles the Rule Base into an enforceable Security Policy.
D. Stores the User Database.
E. It is used to crate and define a Security Policy.
Correct Answer: AE
QUESTION 42
Assuming the default settings in the Global Properties have not changed, which of the following types of traffic will be allowed through a firewall with the Rule Base displayed in the exhibit?
A. VPN-1/Firewall-1 Control Connections.
B. HTTP from anywhere to Web Server.
C. HTTP from network out.
D. FTP from anywhere to Web Server.
E. RIP traffic to the gateway.
Correct Answer: AB
QUESTION 43
In SmartView Status, what does a status of Untrusted tell you?
A. The Enforcement Module is offline.
B. The Security Administrator has entered the wrong password at SmartView Status login.
C. Secure Internal Communications (SIC) has not been established between the SmartCenter Server and the Enforcement Module
D. The SmartCenter Server cannot contact a gateway
E. An Enforcement Module is installed and responding to status checks, but the status is problematic.
Correct Answer: C
QUESTION 44
For which of the following objectd types can Network Address Translation be configured?
A. Domains, host nodes, network.
B. Domains, networks, users
C. Host nodes, networks, OSE devices
D. Host nodes, networks, address ranges
E. Networks, OSE Devices logical servers.
Correct Answer: D
QUESTION 45
Howa CK Storm Center Block Lists activated? Choose the correction order.
1.
Security Adminstrators define a CPDShield object and place it in the Rule Base appropriately.
2.
The Storm Center Module agent on the Enforcement Module retrieves the Block list, and replaces the CPDSHield object with a list of blocked IP addresses.
3.
The Storm Center Module agent periodically checks for updates to the Block list.
A. 3, 2, 1
B. 1, 2, 3
C. 2, 3, 1
D. 3, 1, 2
E. 2, 1, 3
Correct Answer: B
QUESTION 46
Network topology exhibit In the network displayed in the exhibit, the public servers accept and initiate connections from the Internet. The public servers must:
A. Be moved to the other side of the Enforcement Module, and give public addresses.
B. Use Reverse Network Address Translation.
C. Use Static Network Address Translation.
D. Use Dynamic Network Address Translation
E. Network Address Translation is not required.
Correct Answer: C
QUESTION 47
What Blocking Scope options are available when using Block Intruder? Choose three.
A. Block access from this Source.
B. Block source and destination
C. Block access to this Destination.
D. Block only this connection
E. Block all traffic
Correct Answer: ACD
QUESTION 48
TO be MOST effective, where should Anti-Spoofing be configured?
A. Only on interfaces facing internal networks.
B. Only on external and DMZ interfaces.
C. Only on DMZ interfaces
D. Only on external interfaces.
E. On all interfaces.
Correct Answer: E QUESTION 49
Choose the two responses that BEST describe a VPN-1/Firewall-1 Rule Base. A Rule Base is:
A. A collection of corporate guidelines used to structure the network Security Policies for users operating behind the firewall.
B. A collection of system settings that make up implicit rules defining network security.
C. The process by which secure communications are established between different VPN-1/Firewall-1 Modules, operating within an enterprise security environment.
D. A repository of DLL files, each provides a specific security function.
E. A set of explicitly and implicitly defined rules used to define network security.
Correct Answer: AE
QUESTION 50
When defining objects, why should you NOT change the name or IP address of the system-created SmartCenter Server objects? Choose two.
A. Changes the certificate of the system-created object
B. Causes a fault-tolerance error on the VPN-1/Firewall-1 Enforcement Module
C. Interferes with Security Policy Installation
D. Does not change the object name in the Rule Base.
E. Negatively affects the Internal Certificate Authority.
Correct Answer: AE
QUESTION 51
You are the Security Administrator with one SmartCenter Server managing one Enforcement Module.
SmartView Status displays a computer icon with an “?” in the Status column.
What does this mean?
A. The VPN-1/FireWall-1 Enforcement Module has been compromised and is no longer controlled by this SmartCenter Server.
B. Secure Internal Communications (SIC) has not been established between the SmartCenter Server and the Enforcement Module.
C. The Enforcement Module is installed and responding to status checks, but the status is problematic.
D. You have entered the wrong password at SmartView Status login.
E. The SmartCenter Server cannot contact the gateway.
Correct Answer: E
QUESTION 52
Which statement below BEST describes how VPN-1/FireWall-1 handles hidden rules? Hidden rules are:
A. Not included when the Security Policy is installed.
B. Removed from the existing Security Policy.
C. Enforced when the Security Policy is installed.
D. Automatically installed, when the Unhide All option is selected from the Hide Rules menu.
E. Enforced as implied rules, before the explicitly defined Rule Base.
Correct Answer: C
QUESTION 53
Which of the following is NOT included in SVN Foundation?
A. Watch Dog for Critical Services
B. License Utilities
C. CPShared Daemon
D. SmartDefense
E. SNMP Daemon
Correct Answer: D
QUESTION 54
Which of the following BEST describes the function of Dynamic Network Address Translation (Dynamic
NAT)?
Dynamic NAT:
A. Allows you to configure more public IP addresses than you have hosts.
B. Reduces the load on the Enforcement Module.
C. Limits the number of internal hosts that may access the Internet.
D. Reduces the number of connections to your Web server.
E. Allows you to configure for more hosts than you have public IP addresses.
Correct Answer: E
The CheckPoint 156-210 certification can make you a competent person.It may enable a technician to know about the CheckPoint 156-210 configurations,get information about the CheckPoint 156-210 data center products and hardware and knowledge about CheckPoint 156-210 united computing systems.