Home » Checkpoint » CheckPoint 156-215 Study Guide, Real CheckPoint 156-215 Exam Cost On Our Store

Cisco Exam Dumps

Latest Cisco CCNA dumps

Latest Cisco DevNet dumps

Latest Cisco CCNP dumps

Latest Cisco CCIE dumps

Latest Cisco CCDE dumps

Latest Cisco Special dumps

All Cisco dumps

CheckPoint 156-215 Study Guide, Real CheckPoint 156-215 Exam Cost On Our Store

[The Newest Dumps] Real CheckPoint 156-215 exam dumps revised by experts, they were updated with the change of the Software Certifications CSQA,covering all the whole aspects of CheckPoint 156-215 exam. Just have a training of Flydumps CheckPoint 156-215 exam questions to guarantee your 100% pass.

QUESTION 135
In a distributed management environment, the administrator has removed all default check boxes from the Policy / Global Properties / Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.
A. 259
B. 257 “Pass Any Exam. Any Time.” – www.actualtests.com 54 Checkpoint 156-215.75 Exam
C. 900
D. 256

Correct Answer: B
QUESTION 136
Examine the following Security Policy. What, if any, changes could be made to accommodate Rule 4?

A. Nothing at all
B. Modify the Source or Destination columns in Rule 4
C. Remove the service HTTPS from the Service column in Rule A
D. Modify the VPN column in Rule 2 to limit access to specific traffic

Correct Answer: D
QUESTION 137
A Security Policy has several database versions. What configuration remains the same no matter which version is used?
A. Rule Bases_5_0.fws “Pass Any Exam. Any Time.” – www.actualtests.com 55 Checkpoint 156-215.75 Exam
B. Internal Certificate Authority (ICA) certificate
C. Fwauth.NDB
D. Objects_5_0.C

Correct Answer: B
QUESTION 138
You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify Security administration, which one of the following would you choose to do?
A. Create a separate Security Policy package for each remote Security Gateway
B. Run separate SmartConsole instances to login and configure each Security Gateway directly
C. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules
D. Create network objects that restrict all applicable rules to only certain networks

Correct Answer: A
QUESTION 139
You are working with multiple Security Gateways that enforce a common set of rules. To minimize the number of policy packages, which one of the following would you choose to do?
A. Install a separate local Security Management Server and SmartConsole for each remote Security Gateway.
B. Create a separate Security Policy package for each remote Security Gateway and specify Install On / Gateways.
C. Create a single Security Policy package with Install On / Target defined whenever a unique rule is required for a specific Gateway.
D. Run separate SmartDashbord instance to login and configure each Security Gateway directly.

Correct Answer: C
QUESTION 140
Which rules are not applied on a first-match basis?
“Pass Any Exam. Any Time.” – www.actualtests.com 56 Checkpoint 156-215.75 Exam
A. Cleanup
B. User Authentication
C. Session Authentication
D. Client Authentication
Correct Answer: B
QUESTION 141
Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?
A. Users being authenticated by Client Authentication have to re-authenticate.
B. Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.
C. All FTP downloads are reset; users have to start their downloads again.
D. All connections are reset, so a policy install is recommended during announced downtime only.

Correct Answer: A QUESTION 142
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.
B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
C. In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewall to be put into the list via Specific Targets.
D. A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install.

Correct Answer: C
QUESTION 143
Which of these security policy changes optimize Security Gateway performance?
A. Use Automatic NAT rules instead of Manual NAT rules whenever possible
B. Putting the least-used rule at the top of the Rule Base
C. Using groups within groups in the manual NAT Rule Base
D. Using domain objects in rules when possible
Correct Answer: A
QUESTION 144
Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:

RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.
200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add and ARP entry for 200.200.200.5 for the MAC “Pass Any Exam. Any Time.”
-www.actualtests.com 58 Checkpoint 156-215.75 Exam
address of 200.200.200.3.
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D. Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create a manual NAT rule like the following Original source 璯roup object; Destination ?any Service ? any, Translated source ?200.200.200.5; Destination ?original, Service ?original.

Correct Answer: C
QUESTION 145
Because of a pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
A. Allow bi-directional NAT is not checked in Global Properties.
B. Manual NAT rules are not configured correctly.
C. Translate destination on client side is not checked in Global Properties under manual NAT rules.
D. Routing is not configured correctly.

Correct Answer: C
QUESTION 146
You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?
A. Only one, outbound
B. Two, one for outbound, one for inbound “Pass Any Exam. Any Time.” – www.actualtests.com 59 Checkpoint 156-215.75 Exam
C. Only one, inbound
D. Two, both outbound, one for the real IP connection and one for the NAT IP connection

Correct Answer: A
QUESTION 147
Which of the following statements BEST describes Check Point’s Hide Network Address Translation method?
A. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
B. Translates many destination IP addresses into one destination IP address
C. Translates many source IP addresses into one source IP address
D. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

Correct Answer: C
QUESTION 148
Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?
A. Static Destination B. Hide
C. Dynamic Destination
D. Static Source

Correct Answer: B QUESTION 149
NAT can NOT be configured on which of the following objects?
“Pass Any Exam. Any Time.” – www.actualtests.com 60 Checkpoint 156-215.75 Exam
A. Address Range
B. HTTP Logical Server
C. Host
D. Gateway

Correct Answer: B QUESTION 150
NAT can be implemented on which of the following lists of objects?
A. Host, Network
B. Host, User
C. Domain, Network
D. Network, Dynamic Object

Correct Answer: A QUESTION 151
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?
A. Static Destination Address Translation
B. Port Address Translation
C. Dynamic Source Address Translation
D. Hide Address Translation

Correct Answer: A QUESTION 152
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet.
“Pass Any Exam. Any Time.” – www.actualtests.com 61 Checkpoint 156-215.75 Exam What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
A. Place a static host route on the firewall for the valid IP address to the internal Web server.
B. Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address.
C. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
D. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

Correct Answer: B QUESTION 153
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External.Change topology to Others +.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External
C. The Global Properties setting Translate destination on client side is checked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Uncheck the Global Properties setting Translate destination on client side
D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal – Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.

Correct Answer: D
QUESTION 154
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
A. Allow bi-directional NAT
B. Automatic ARP configuration
C. Enable IP Pool NAT
D. Translate destination on client-side “Pass Any Exam. Any Time.” – www.actualtests.com 62 Checkpoint 156-215.75 Exam

Correct Answer: D
QUESTION 155
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service
B. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24
C. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule
D. Configure Automatic Static NAT on network 10.10.20.0/24
Correct Answer: B
QUESTION 156
You have three servers located in a DMZ, using private IP addresses. You want internal users from
10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?
“Pass Any Exam. Any Time.” – www.actualtests.com 63 Checkpoint 156-215.75 Exam A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers

B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
C. When connecting to internal network 10 10.10 x. configure Hide NAT for the DMZ servers.
D. When connecting to the internal network 10.10.10x, configure Hide Nat for the DMZ network behind the DMZ interface of the Security Gateway

Correct Answer: B
QUESTION 157
An internal host initiates a session to and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.
A. None of these
B. source NAT
C. destination NAT
D. client side NAT

Correct Answer: B
QUESTION 158
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the_________.
A. source on client side
B. destination on server side
C. destination on client side
D. source on server side

Correct Answer: C
QUESTION 159
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. Automatic ARP must be unchecked in the Global Properties.
B. A static route must be added on the Security Gateway to the internal host.
C. Nothing else must be configured.
D. A static route for the NAT IP must be added to the Gateway’s upstream router.

Correct Answer: B QUESTION 160
When translation occurs using automatic Hide NAT, what also happens?
A. Nothing happens.
B. The source port is modified.
C. The destination port is modified.
D. The destination is modified. “Pass Any Exam. Any Time.” – www.actualtests.com 65 Checkpoint 156-215.75 Exam

Correct Answer: B
QUESTION 161
The fw monitor utility is used to troubleshoot which of the following problems?
A. Phase two key negotiation
B. User data base corruption
C. Address translation
D. Log Consolidation Engine

Correct Answer: C QUESTION 162
The fw monitor utility would be best to troubleshoot which of the following problems?
A. An error occurs when editing a network object in SmartDashboard
B. A statically NATed Web server behind a Security Gateway cannot be reached from the Internet.
C. You get an invalid ID error in SmartView Tracker for phase 2 IKE key negotiations.
D. A user in the user database is corrupt.

Correct Answer: B QUESTION 163
Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.
“Pass Any Exam. Any Time.” – www.actualtests.com 66 Checkpoint 156-215.75 Exam

A. There is not enough information provided in the Wireshark capture to determine NAT settings.
B. This is an example hide NAT.
C. There is an example of Static NAT and translate destination on client side unchecked in Global Properties.
D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Correct Answer: D QUESTION 164
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
A. It is necessary to add a static route to the Gateway’s routing table.
B. The Security Gateway’s ARP file must be modified.
C. It is not necessary to add a static route to the Gateway’s routing table.
D. VLAN tagging cannot be defined for any hosts protected by the Gateway.

Correct Answer: C QUESTION 165
Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:
A. MAC addresses.
B. SIC names.
C. SIC is not NAT-tolerant. “Pass Any Exam. Any Time.” – www.actualtests.com 67 Checkpoint 156-215.75 Exam
D. IP addresses.

Correct Answer: B QUESTION 166
Static NAT connections, by default, translate on which firewall kernel inspection point?
A. Post-inbound
B. Eitherbound
C. Inbound
D. Outbound

Correct Answer: C QUESTION 167
In a Hide NAT connection outbound, which portion of the packet is modified?
A. Source IP address and destination port
B. Destination IP address and destination port
C. Source IP address and source port
D. Destination IP address and destination port

Correct Answer: C QUESTION 168
You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the order of the rules if both methods are used together? Give the best answer.
A. The Administrator decides on the order of the rules by shifting the corresponding rules up and down. “Pass Any Exam. Any Time.” – www.actualtests.com 68
Checkpoint 156-215.75 Exam
B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range
C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range
D. The position of the rules depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.

Correct Answer: B
QUESTION 169
Which answers are TRUE? Automatic Static NAT CANNOT be used when:
i) NAT decision is based on the destination port
ii) Source and Destination IP both have to be translated
iii) The NAT rule should only be installed on a dedicated Gateway only
iv) NAT should be performed on the server side
A. (i), (ii), and (iii)
B. (i), and (ii)
C. (ii) and (iv)
D. only (i)

Correct Answer: D
QUESTION 170
In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?
A. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway’s internal interface IP address.
B. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.
C. If you chose Automatic NAT instead, all necessary entries are done for you.
D. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, “Pass Any Exam. Any Time.” – www.actualtests.com 69 Checkpoint 156-215.75 Exam you need to add a proxy ARP entry for that address.

Correct Answer: A
QUESTION 171
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?
A. The packet has been sent out through a VPN tunnel unencrypted.
B. An IPSO ACL has blocked the outbound passage of the packet.
C. A SmartDefense module has blocked the packet
D. It is an issue with NAT

Correct Answer: D
QUESTION 172
A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?
A. SmartView Tracker
B. SmartView Status
C. SmartView Monitor
D. SmartDashboard

Correct Answer: D
QUESTION 173
Which statement below describes the most correct strategy for implementing a Rule Base?
A. Add the Stealth Rule before the last rule. “Pass Any Exam. Any Time.” – www.actualtests.com 70 Checkpoint 156-215.75 Exam
B. Umit grouping to rules regarding specific access.
C. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down.
D. Place a network-traffic rule above the administrator access rule.

Correct Answer: C
QUESTION 174
Which of the following is a viable consideration when determining Rule Base order?
A. Grouping authentication rules with address-translation rules
B. Grouping rules by date of creation
C. Grouping reject and drop rules after the Cleanup Rule
D. Grouping functionally related rules together

Correct Answer: D
QUESTION 175
Which of the following is a viable consideration when determining Rule Base order?
A. Adding SAM rules at the top of the Rule Base
B. Placing frequently accessed rules before less frequently accessed rules
C. Grouping rules by date of creation
D. Grouping IPS rules with dynamic drop rules
Correct Answer: B
QUESTION 176
Which of the following is a viable consideration when determining Rule Base order?
A. Grouping IPS rules with dynamic drop rules
B. Grouping reject and drop rules after the Cleanup Rule “Pass Any Exam. Any Time.” -www.actualtests.com 71 Checkpoint 156-215.75 Exam
C. Placing more restrictive rules before more permissive rules
D. Grouping authentication rules with QOS rules
Correct Answer: C
QUESTION 177
You would use the Hide Rule feature to:
A. Make rules invisible to incoming packets.
B. View only a few rules without the distraction of others
C. Hide rules from read-only administrators.
D. Hide rules from a SYN/ACK attack.

Correct Answer: B QUESTION 178
When you add a resource object to a rule, which of the following occurs?
A. All packets that match the resource will be dropped.
B. All packets matching that rule are either encrypted or decrypted by the defined resource.
C. All packets matching the resource service are analyzed through an application-layer proxy.
D. Users attempting to connect to the destination of the rule will be required to authenticate.

Correct Answer: C QUESTION 179
You are a Security Administrator using one Security Management Server managing three different firewalls. One of the firewalls does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is a possible cause?
A. The firewall object has been created but SIC has not yet been established.
B. The license for this specific firewall has expired. “Pass Any Exam. Any Time.” – www.actualtests.com 72 Checkpoint 156-215.75 Exam
C. The firewall has failed to sync with the Security Management Server for 60 minutes.
D. The firewall is not listed in the Policy Installation Targets screen for this policy package.

Correct Answer: D QUESTION 180
Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway’s Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?
A. SmartView Monitor Threshold
B. SNMP trap
C. Logging implied rules
D. User-defined alert script

Correct Answer: D QUESTION 181

Flydumps.com takes in the latest CheckPoint 156-215 questions in the CheckPoint 156-215 exam materials so that our material should be always the latest and the most relevant. We know that CheckPoint 156-215 examination  wouldn’t repeat the same set of questions all the time. Microsoft certification examinations are stringent and focus is often kept on updated technology trends. The CheckPoint 156-215 exam questions organized by the professionals will help to condition your mind to promptly grasp what you could be facing in the CheckPoint 156-215 cert examination.

CheckPoint 156-215 Study Guide, Real CheckPoint 156-215 Exam Cost On Our Store

Categories

Microsoft Exam Dumps

microsoft azure exam dumps

microsoft data exam dumps

microsoft dynamics 365 exam dumps

microsoft 365 exam dumps

microsoft fundamentals exam dumps

microsoft certified exam dumps

microsoft mta exam dumps

more… microsoft exam dumps