Checkpoint 156-215 Study Guide, Up To Date Checkpoint 156-215 PDF&VCE With Accurate Answers

Welcome to download the newest Pass4itsure 70-470 dumps

We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials.
This Blog provides you everything you will need to take a certification examination and Exam Preparation Material. Like actual certification exams, our Practice Tests are in Flydumps Our Checkpoint 156-215 Exam will provide you with exam questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the Checkpoint 156-215 Exam:100% Guarantee to Pass Your Checkpoint 156-215 exam and get your EMC certification.

QUESTION 197
What information is found in the SmartView Tracker Management log?
A. Destination IP address
B. SIC revoke certificate event
C. Number of concurrent IKE negotiations
D. Most accessed Rule Base rule

Correct Answer: B
QUESTION 198
How do you use SmartView Monitor to compile traffic statistics for your company’s Internet Web activity during production hours?
A. View total packets passed through the Security Gateway.
B. Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway.
C. Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day.
D. Select Tunnels view, and generate a report on the statistics.
Correct Answer: C
QUESTION 199
What happens when you run the commanD. fw sam -J src [Source IP Address]?
A. Connections to and from the specified target are blocked without the need to change the Security Policy.
B. Connections to and from the specified target are blocked with the need to change the Security Policy.
C. Connections from the specified source are blocked without the need to change the Security Policy.
D. Connections to the specified target are blocked without the need to change the Security Policy.

Correct Answer: C
QUESTION 200
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R76 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.
Which of the following is the BEST explanation for this behavior?
A. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
B. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R75 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation.
C. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
D. The Log Server is failing to log GRE traffic properly because itis VPN traffic. Disable all
VPNconfiguration to the partner site to enable proper logging.

Correct Answer: A
QUESTION 201
Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?
A. 256
B. 514
C. 258
D. 257

Correct Answer: D
QUESTION 202
You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter. You select a standard predefined report. As you can see here, you can select the london Gateway.

When you attempt to configure the Express Report, you are unable to select this Gateway.

What is the reason for this behavior? Give the BEST answer.
A. You must enable the Eventia Express Mode on the london Gateway.

B. You must enable Monitoring in the london Gateway object’s General Properties.
C. You have the license for Eventia Reporter in Standard mode only.
D. You must enable the Express Mode inside Eventia Reporter.

Correct Answer: B QUESTION 203
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 0
B. Blank field under Rule Number
C. Cleanup Rule
D. Rule 1

Correct Answer: A QUESTION 204
A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?
A. SmartView Tracker
B. This information can only be viewed with the command fw ctl pstat from the CLI.
C. SmartView Monitor
D. Eventia Analyzer

Correct Answer: C QUESTION 205
You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do
you achieve this?
A. Create a Suspicious Activity Rule in SmartView Monitor.
B. Select Block intruder from the Tools menu in SmartView Tracker.
C. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
D. Add a temporary rule using SmartDashboard and select hide rule.

Correct Answer: A QUESTION 206
In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
A. Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.
B. Use the command fwm logexport to export the old log files to another location.
C. Configure a script to run fw logswitch and SCP the output file to a separate file server.
D. Do nothing. Old logs are deleted, until free space is restored.

Correct Answer: C QUESTION 207
How do you configure an alert in SmartView Monitor?
A. By right-clicking on the Gateway, and selecting Properties.
B. By choosing the Gateway, and Configure Thresholds.
C. An alert cannot be configured in SmartView Monitor.
D. By right-clicking on the Gateway, and selecting System Information.
Correct Answer: B QUESTION 208
True or FalsE. SmartView Monitor can be used to create alerts on a specified Gateway.
A. False, alerts can only be set in SmartDashboard Global Properties.
B. True, by choosing the Gateway and selecting System Information.
C. False, an alert cannot be created for a specified Gateway.
D. True, by right-clicking on the Gateway and selecting Configure Thresholds.

Correct Answer: D QUESTION 209
Which R76 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?
A. SmartUpdate
B. SmartView Status
C. SmartView Monitor
D. None, SmartConsole applications only communicate with the Security Management Server.

Correct Answer: C QUESTION 210
Which R76 GUI would you use to see the number of packets accepted since the last policy install?
A. SmartView Monitor
B. SmartView Status
C. SmartView Tracker
D. SmartDashboard

Correct Answer: A QUESTION 211

Checkpoint 156-215 study materials is a product you can trust for timely, prompt and successful preparation of IT Certifications. Once you go through the Pass4itSure Microsoft certification exam Checkpoint 156-215 study materials thoroughly, it’s guaranteed that you will pass your Checkpoint 156-215 exam at the first shot. The Pass4itSure Checkpoint 156-215 study materials have designed and prepared the training kit for Checkpoint 156-215 test. It’s designed to be relevant in today’s rapidly changing IT marketplace, Checkpoint 156-215 study materials help you utilize evolving technologies, Checkpoint 156-215 study materials you’re troubleshooting skills, and improve your job satisfaction.

Welcome to download the newest Pass4itsure NSE4 dumps: http://www.pass4itsure.com/NSE4.html

EC-COUNCIL 712-50 Practice, Best EC-COUNCIL 712-50 Q&A Guaranteed Success

Checkpoint 156-215 Exam Dumps, Help To Pass Checkpoint 156-215 Study Guides Is What You Need To Take

Welcome to download the newest Examwind 070-487 dumps:

Do not you know how to choose the Checkpoint 156-215 exam dumps? Being worried about the changed questions? Just try Flydumps new version Checkpoint 156-215 exam dumps. All the new questions and answers were added to the new dumps,visit Flydumps.com to free download Checkpoint 156-215 exam!

QUESTION 146

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a
manual Static NAT rule as follows:

“web_public_IP” is the node object that represents the new Web server’s public IP address.
“web_private_IP” is the node object that represents the new Web site’s private IP address. You
enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error “page cannot be
displayed”. Which of the following is NOT a possible reason?

A. There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address.
B. There is no ARP table entry for the protected Web server’s public IP address.
C. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Correct Answer: D
QUESTION 147
You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).
C. Yes, there are always as many active NAT rules as there are connections.
D. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then

the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule. Correct Answer: A QUESTION 148
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.

What is TRUE about the new package’s NAT rules?
A. NAT rules will be empty in the new package.
B. Rules 4 and 5 will appear in the new package.
C. Rules 1, 2, 3 will appear in the new package.
D. Only rule 1 will appear in the new package.

Correct Answer: C
QUESTION 149
What is the default setting when you use NAT?
A. Source Translated on Client side
B. Source Translated on both sides
C. Destination Translated on Client side
D. Destination Translated on Server side

Correct Answer: C
QUESTION 150
A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?
A. SmartView Tracker
B. SmartView Monitor
C. SmartDashboard
D. SmartView Status

Correct Answer: C
QUESTION 151
Which statement below describes the most correct strategy for implementing a Rule Base?
A. Place a network-traffic rule above the administrator access rule.
B. Limit grouping to rules regarding specific access.
C. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down.
D. Add the Stealth Rule before the last rule.
Correct Answer: C
QUESTION 152
Which of the following is a viable consideration when determining Rule Base order?
A. Grouping authentication rules with address-translation rules
B. Grouping rules by date of creation
C. Grouping reject and drop rules after the Cleanup Rule
D. Grouping functionally related rules together
Correct Answer: D
QUESTION 153
Which of the following is a viable consideration when determining Rule Base order?
A. Adding SAM rules at the top of the Rule Base
B. Placing frequently accessed rules before less frequently accessed rules
C. Grouping rules by date of creation
D. Grouping IPS rules with dynamic drop rules

Correct Answer: B
QUESTION 154
Which of the following is a viable consideration when determining Rule Base order?
A. Grouping IPS rules with dynamic drop rules
B. Grouping reject and drop rules after the Cleanup Rule
C. Placing more restrictive rules before more permissive rules
D. Grouping authentication rules with QOS rules

Correct Answer: C
QUESTION 155
You would use the Hide Rule feature to:
A. View only a few rules without the distraction of others.
B. Hide rules from read-only administrators.
C. Hide rules from a SYN/ACK attack.
D. Make rules invisible to incoming packets.
in the Install On check box. What should you look for?

Correct Answer: A
QUESTION 156
You are a Security Administrator using one Security Management Server managing three different firewalls. One firewall does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is a possible cause?
A. The firewall has failed to sync with the Security Management Server for 60 minutes.
B. The firewall object has been created but SIC has not yet been established.
C. The firewall is not listed in the Policy Installation Targets screen for this policy package.
D. The license for this specific firewall has expired.

Correct Answer: C
QUESTION 157
Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway’s Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?
A. SmartView Monitor Threshold
B. SNMP trap
C. Logging implied rules
D. User-defined alert script
Correct Answer: D
QUESTION 158
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear

in the Install On check box. What should you look for?
A. Secure Internal Communications (SIC) not configured for the object.
B. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
C. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
D. Anti-spoofing not configured on the interfaces on the Gateway object.

Correct Answer: C
QUESTION 159
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R76. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R76 Gateway.
B. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
C. The Security Policy installed to the Gateway had no rules in it.
D. The Allow Control Connections setting in Policy > Global Properties has been unchecked.

Correct Answer: D
QUESTION 160
When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R76 topology configuration?
A. Specific
B. External
C. Not Defined
D. Any

Correct Answer: D
QUESTION 161
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?
A. The POP3 rule is disabled.
B. The POP3 rule is hidden.
C. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75.
D. POP3 is accepted in Global Properties.
Correct Answer: B
QUESTION 162
Which rule is responsible for the installation failure?
A. Rule 3
B. Rule 5
C. Rule 6
D. Rule 4
Correct Answer: C
QUESTION 163
Which command allows Security Policy name and install date verification on a Security Gateway?
A. fw ver -p
B. fw stat -l
C. fw show policy
D. fw ctl pstat -policy

Correct Answer: B
QUESTION 164
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
A. Restore the entire database, except the user database, and then create the new user and user group.
B. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.
C. Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.
D. Restore the entire database, except the user database.

Correct Answer: D
QUESTION 165
Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. upgrade_export/upgrade_import
B. dbexport/dbimport
C. Database Revision Control
D. Policy Package management

Correct Answer: C
QUESTION 166
Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote
Gateway after reboot?
A. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway.
B. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway.
C. The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available.
D. Since the Security Management Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.
Correct Answer: C
QUESTION 167
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?
A. Custom scripts cannot be executed through alert scripts.
B. Pop-up alert script
C. SNMP trap alert script
D. User-defined alert script

Correct Answer: D QUESTION 168
Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?
A. fw ctl get string active_secpol
B. cpstat fw -f policy
C. Check the Security Policy name of the appropriate Gateway in SmartView Monitor.
D. fw stat

Correct Answer: A QUESTION 169
Of the following, what parameters will not be preserved when using Database Revision Control?

A. 3, 4, 5, 6, 9, 12, 13
B. 1, 2, 8, 10, 11
C. 5, 6, 9, 12, 13
D. 2, 4, 7, 10, 11

Correct Answer: A
QUESTION 170
You are about to test some rule and object changes suggested in an R76 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?
A. Database Revision Control
B. Manual copies of the directory $FWDIR/conf
C. upgrade_export command
D. SecurePlatform backup utilities

Correct Answer: A
QUESTION 171
You plan to create a backup of the rules, objects, policies, and global properties from an R76 Security Management Server. Which of the following backup and restore solutions can you use?
A. 2, 4, and 5
B. 1, 3, and 4
C. 1, 2, and 3
D. 1, 2, 3, 4, and 5

Correct Answer: C
QUESTION 172
Which R76 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations?
A. Policy Package management
B. Database Revision Control
C. upgrade_export/upgrade_import
D. fwm dbexport/fwm dbimport

Correct Answer: A
QUESTION 173
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?
A. Install the View Implicit Rules package using SmartUpdate.
B. Define two log servers on the R76 Gateway object. Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
C. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
D. Check the Log Implied Rules Globally box on the R76 Gateway object.

Correct Answer: C
QUESTION 174
You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:
Unknown established connection
How do you resolve this problem without causing other security issues? Choose the BEST answer.
A. Increase the service-based session timeout of the default Telnet service to 24-hours.
B. Increase the TCP session timeout under Global Properties > Stateful Inspection.
C. Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

D. Ask the mainframe users to reconnect every time this error occurs.

Correct Answer: C
QUESTION 175
Which SmartConsole tool would you use to see the last policy pushed in the audit log?
A. SmartView Tracker
B. SmartView Status
C. None, SmartConsole applications only communicate with the Security Management Server.
D. SmartView Server

Correct Answer: A
QUESTION 176
SmartView Tracker logs the following Security Administrator activities, EXCEPT:
A. Object creation, deletion, and editing
B. Rule Base changes
C. Administrator login and logout
D. Tracking SLA compliance

Correct Answer: D
QUESTION 177
What happens when you select File > Export from the SmartView Tracker menu?
A. Exported log entries are not viewable in SmartView Tracker.
B. Logs in fw.log are exported to a file that can be opened by Microsoft Excel.
C. Exported log entries are deleted from fw.log.
D. Current logs are exported to a new *.log file.

Correct Answer: B
QUESTION 178
By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:
A. Purges the current log file, and prompts you for the new log’s mode.
B. Purges the current log file, and starts a new log file.
C. Saves the current log file, names the log file by date and time, and starts a new log file.
D. Prompts you to enter a filename, and then saves the log file.

Correct Answer: C
QUESTION 179
You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?
A. Eventia Tracker
B. SmartView Monitor
C. Eventia Monitor
D. SmartView Tracker
Correct Answer: D QUESTION 180

Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?
A. Display Capture Action
B. This is not a SmartView Tracker feature.
C. Display Payload View
D. Network and Endpoint Tab

Correct Answer: B
QUESTION 181
You can include External commands in SmartView Tracker by the menu Tools > Custom Commands.
The Security Management Server is running under SecurePlatform, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address?
A. There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup.
B. Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe
to the list.
C. Use the program GUIdbedit to add the command traceroute to the Security Management Server properties.
D. Go to the menu, Tools > Custom Commands and configure the Linux command traceroute to the list.

Correct Answer: B
QUESTION 182
Where is the easiest and BEST place to find information about connections between two machines?
A. On a Security Gateway Console interface; it gives you detailed access to log files and state table information.
B. On a Security Management Server, using SmartView Tracker.
C. All options are valid.
D. On a Security Gateway using the command fw log.

Correct Answer: B
QUESTION 183
To reduce the information given to you in SmartView Tracker, what can you do to find information about data being sent between pcosaka and pctokyo?
A. Apply a source filter by adding both endpoint IP addresses with the equal option set.
B. Use a regular expression to filter out relevant logging entries.
C. Double-click an entry representing a connection between both endpoints.
D. Press CTRL+F in order to open the find dialog, and then search the corresponding IP addresses.
Correct Answer: A
QUESTION 184
Which of the following can be found in cpinfo from an enforcement point?
A. Policy file information specific to this enforcement point
B. The complete file objects_5_0.c
C. VPN keys for all established connections to all enforcement points
D. Everything NOT contained in the file r2info

Correct Answer: A QUESTION 185
Which R76 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?
A. SmartView Server
B. SmartView Tracker
C. None, SmartConsole applications only communicate with the Security Management Server.
D. SmartUpdate

Correct Answer: B QUESTION 186
You have detected a possible intruder listed in SmartView Tracker’s active pane. What is the fastest method to block this intruder from accessing your network indefinitely?
A. In SmartView Monitor, select Tools > Suspicious Activity Rules.
B. Modify the Rule Base to drop these connections from the network.
C. In SmartView Tracker, select Tools > Block Intruder.
D. In SmartDashboard, select IPS > Network Security > Denial of Service.

Correct Answer: C QUESTION 187
Which of the following can be found in cpinfo from an enforcement point? Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?
A. SmartView Tracker > Audit Tab > Gateway Counters
B. SmartView Monitor > Gateway Status > Threshold Settings
C. This can only be monitored by a user-defined script.
D. SmartView Monitor > Gateway Status > System Information > Thresholds

Correct Answer: D QUESTION 188
Where can an administrator configure the notification action in the event of a policy install time change?
A. SmartDashboard > Policy Package Manager
B. SmartView Monitor > Gateway Status > System Information > Thresholds
C. SmartDashboard > Security Gateway Object > Advanced Properties Tab
D. SmartView Monitor > Gateways > Thresholds Settings

Correct Answer: B QUESTION 189
Where are custom queries stored in R76 SmartView Tracker?
A. On the Security Management Server tied to the GUI client IP.
B. On the SmartView Tracker PC local file system shared by all users of that local PC.
C. On the Security Management Server tied to the Administrator User Database login name.
D. On the SmartView Tracker PC local file system under the user’s profile.

Correct Answer: C QUESTION 190
How do you view a Security Administrator’s activities with SmartConsole?
A. SmartView Tracker in the Network and Endpoint tabs
B. Eventia Suite
C. SmartView Tracker in the Management tab
D. SmartView Monitor using the Administrator Activity filter

Correct Answer: C QUESTION 191
Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?
A. Network and Endpoint tab
B. Custom filter
C. Management tab
D. Active tab

Correct Answer: C QUESTION 192
You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?
A. SmartView Tracker in Network and Endpoint Mode
B. SmartView Tracker in Management Mode
C. SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on the Security Management Server’s Operating System.
D. SmartView Tracker in Active Mode

Correct Answer: B QUESTION 193
How do you view a Security Administrator’s activities with SmartConsole? Which of the following R76 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?
A. Audit Tab
B. All Records Query
C. Active Tab
D. Account Query

Correct Answer: C QUESTION 194
While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker.
2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.
A. 3, 5, 2, 4
B. 1, 5, 2, 4
C. 1, 2, 5, 4
D. 3, 2, 5, 4

Correct Answer: B
QUESTION 195
SmartView Tracker R76 consists of three different modes. They are:
A. Log, Track, and Management
B. Log, Active, and Management
C. Network and Endpoint, Active, and Management
D. Log, Active, and Audit

Correct Answer: C
QUESTION 196
One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?
A. There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.
B. The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
C. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
D. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.

Correct Answer: A

Checkpoint 156-215 Exam is a milestone in your becoming Microsoft certified professionals. There are hundreds of online sources providing Checkpoint 156-215 exam dumps. You can choose Flydumps Checkpoint 156-215 exam dumps for your Checkpoint 156-215 Certification Exam.Checkpoint 156-215 exam dumps provide you the gateway to success in actual Checkpoint 156-215 Certification Exam.

Welcome to download the newest Examwind 070-487 dumps: http://www.examwind.com/070-487.html

IBM C2040-442 PDF, Help To Pass IBM C2040-442 Dumps Online Store

CheckPoint 156-915 Certification, Best CheckPoint 156-915 Vce & PDF For Sale

Welcome to download the newest Pass4itsure AWS-SYSOPS dumps: http://www.pass4itsure.com/AWS-SysOps.html

Amazing,100% candidates have pass the CheckPoint 156-915 exam by practising the preparation material of Pass4itsure, beacuse the brain dumps are the latest and cover every aspect of CheckPoint 156-915 eaxm. Download the dumps for an undeniable success in CheckPoint 156-915 exams.

QUESTION 144
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
A. VTIs are supported on SecurePlatform
B. VTIs can use an already existing physical-interface IP address
C. VTIs are assigned only local addresses, not remote addresses
D. VITs cannot share IP addresses

Correct Answer: A QUESTION 145
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. diag
B. cpstat >date.cpstat.txt
C. netstat >date.netstat.txt
D. cpinfo date.cpinfo.txt

Correct Answer: D QUESTION 146
How should Check Point Packages be uninstalled?
A. In any order, CPsuite must be the last package uninstalled
B. In the same order in which the installation wrapper initially installed them
C. In the opposite order in which the installation wrapper initially installed them
D. In any order as long as all packages are moved

Correct Answer: C QUESTION 147
How do you view a Security Administrator’s activities, using SmartConsole tools?
A. SmartView Tracker in Audit mode
B. SmartView Monitor using the Administrator Activity filter
C. Eventia Suite
D. SmartView Tracker in Log mode

Correct Answer: A
QUESTION 148
Which specific VPN-1 NGX R65 GUI would you use to view the length of time a TCP connection was open?
A. SmartView Tracker
B. SmartLSM
C. SmartView Status
D. SmartView Monitor

Correct Answer: A
QUESTION 149
If a SmartUpdate upgrade or distribution operation fails on SecurePlatform, how is the system recovered?
A. The Administrator must reinstall the last version via the command cprinstall revert <object name> <file name>
B. The administrator must remove the rpm packages manually and reattempt the upgrade
C. SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade
D. The administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot <object name> <filename>

Correct Answer: C
QUESTION 150
When synchronizing clusters, which of the following statements is NOT true?
A. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization
B. Only cluster members running on the same OS platform can be synchronized
C. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized
D. Client Auth or Session Auth connections through a cluster member will be lost if the cluster member fails

Correct Answer: D
QUESTION 151
you are preparing computers for a new ClusterXL deployment. For your cluster, you plant to use three machines with the following configurations: Cluster Member 1: OS SecurePlatform, NICs: QuadCard, memory, 512 MB, Security Gateway,version:VPN-1 NGX R65 and primary SmartCenter Server installed, version: VPN-1 NGX R65. Cluster member 2: OS SecurePlatform, NICs: 4 Intel 3Com, memory: 512 MB, Security Gateway Only and version: VPN-1 NGX R65 Cluster Member 3: OS SecurePlatform, NICs: 4 other manufacturers, memory: 256MB, Security Gateway only and version: VPN-1 NGX R65
A. No, Cluster Member 3 does not have the required memory
B. Yes, these machines are configured correctly for a ClusterXL deployment
C. No, The security Gateway cannot be installed on the SmartCenter Pro Server
D. No the SmartCenter Pro Server is not running the same operating system as the cluster members

Correct Answer: C
QUESTION 152
You are running the License_upgrade tool on you SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?
A. View the status of currently installed licenses
B. Simulate the license-upgrade process
C. Perform the actual license-upgrade process
D. View the licenses in the SmartUpdate License Repository

Correct Answer: D
QUESTION 153
Which command line interface utility allows the administrator to verify the name and timestamp of the Security Policy currently installed on a firewall module?
A. fw ver
B. fw ctl pstat
C. fw stat
D. cpstat fwd

Correct Answer: C
QUESTION 154
SmartView Tracker logs the following Security Administrator activities, EXCEPT:
A. Tracking SLA compliance
B. Administrator login and logout
C. Rule Base Changes
D. Object creation, deletion and editing

Correct Answer: A
QUESTION 155
Your organization’s disaster recovery plan needs an update to the backup and restore section to realize the benefits of the new distributed VPN-1 NGX R65 installation. You want to document a plan to meet the following required and desired objectives: Required Objective: The security policy repository must be backed up no less frequently than every 24 hoursDesired Objective: The NGX components that enforce the Security Policies should be backed up no less frequently than once a weekDesired Objective: Back up NGX logs no less frequently than once a week Your disaster recovery plan is as follows: Use the cron utility to run the upgrade_export command each night on the SmartCenter Servers. Configure the organization’s routine backup software to back up the files created by the upgrade_export command.Configure the SecurePlatform backup utility to backup the Security Gateways every Saturday nightUse the cron utility to run the upgrade_export command each Saturday night on the Log Severs. Configure an automatic, nightly logswitch Configure the organization’s routine backup software to back up the switched logs every night. Upon evaluation, your plan:
A. Meets the required objective and only one desired objective
B. Does not meet the required objective
C. Meets the required objective and both desired objectives
D. Meets the required objective but does not meet either desired objective
Correct Answer: C QUESTION 156
Where can an administrator configure the notification action in the event of a policy install time change?
A. SmartDashboard: Policy Package Manager
B. SmartView Monitor: Global Threshold
C. SmartDashboard: Security Gateway Object: Advanced Properties tab
D. SmartView Tracker: Audit Log

Correct Answer: B QUESTION 157
Antivirus protection on a VPN-1 Gateway is available for all of the following protocols EXCEPT:
A. POP3
B. HTTP
C. FTP
D. TELNET

Correct Answer: D QUESTION 158
How do you recover communications between your SmartCenter Server and Security Gateway if you “lock” yourself out via a rule or policy mis-configuration?
A. fw unload policy
B. cpstop
C. fw delete all.all
D. fw unloadlocal

Correct Answer: D QUESTION 159
Which command is used to uninstall the security policy directly from the security gateway?
A. fw kill policy
B. fw unloadlocal
C. cpstop
D. fwm unlod.local

Correct Answer: B QUESTION 160
In a VPN-1NGX R65 ClusterXL Load Sharing configuration, which type of ARP related problem sometimes forces the use of unicast mode (Pivot) configuration due to incompatibility on some adjacent routers and switches?
A. Multicast MAC address response to a RARP request
B. MGCP MAC address response to a Multicast IP request
C. Unicast MAC address response to a Multicast IP request
D. Multicast MAC address response to a Unicast IP request

Correct Answer: D QUESTION 161
Your online bookstore has customers connecting to a variety of Web Servers to place or change orders and check order status. You ran penetration tests through the security gateway to determine if the web servers were protected from a recent series of cross-site scripting attacks. The penetration testing indicated the web servers were still vulnerable. You have checked every box in the web intelligence tab and installed the security policy. What else might you do to reduce the vulnerability?
A. Check the “Product” >Web Server” box on the host node objects representing your web servers
B. Configure resource objects as web servers and use them in the rules allowing HTTP traffic to the web servers
C. The penetration software you are using is malfunctioning and is reporting a false-positive
D. Configure the Security Gateway protecting the Web servers as a web server

Correct Answer: B QUESTION 162
What is the command to upgrade an NG with Application Intelligence R55 SmartCenter Server running on SecurePlatorm to VPN-1 NGX R65?
A. patch add cd
B. fwm upgrade_tool
C. upgrade_mgmt
D. fw install_mgmt

Correct Answer: A QUESTION 163
What happens when you select File > Export from the SmartView Tracker Menu?
A. Exported log entries are deleted from fw.log
B. Logs in fw.log are exported to a file that can be opened by Microsoft Excel
C. Current logs are exported to a new *.log file
D. Exported log entries are still viewable in SmartView Tracker

Correct Answer: B QUESTION 164
When launching SmartDashboard, what information is required to log in VPN-1 NGX R65?
A. User Name, Password, SmartCenter Server IP
B. User Name, SmartCenter Server IP, Certificate fingerprint file
C. Password, SmartCenter Server IP , LDAP Server
D. Password, SmartCenter Server IP

Correct Answer: B QUESTION 165
Which of the following does NOT happen when using Pivot Mode in ClusterXL?
A. The Pivot forwards the packet to the appropriate cluster member
B. The Pivot’s Load Sharing decision function decides which cluster member should handle the packet
C. The Security Gateway analyzes the packet and forwards it to the Pivot
D. The packet is forwarded through the same physical interface from which it originally came, not on the sync interface

Correct Answer: C QUESTION 166
After installing VPN-1 Pro NGX R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?
A. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the WebUI
B. The NIC is faulty. Replace it and reinstall
C. Make sure the driver for your particular NIC is available and reinstall. You will be prompted for the driver
D. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA)

Correct Answer: A
QUESTION 167
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. Local IP addresses are not configured, remote IP addresses are configured
B. VTIs are only supported on SecurePlatform
C. VTI specific additional local and remote IP addresses are not configured
D. VTIs cannot be assigned a proxy interface

Correct Answer: C
QUESTION 168
Control connections between the SmartCenter Server and the Gateway are not encryptd by the VPN Community. How are these connections secured?
A. They are not secured
B. They are secured by PPTP
C. They are encrypted and authenticated using SIC
D. They are not encrypted but are authenticated by the Gateway

Correct Answer: C
QUESTION 169
Which of the following statements about file-type recognition in Content Inspection is TRUE?
A. The antivirus engine acts as a Proxy, caching the scanned file before delivering it to the client
B. A scan failure will only occur if the antivirus engine fails to initialize
C. Antivirus status is monitored using SmartView Tracker
D. All file types are considered “at risk” and are not subject to the whims of the administrator or the security policy

Correct Answer: A
QUESTION 170
Your VPN-1 NGX R65 primary SmartCenter Server is installed on SecurePlatform. You plan to schedule the SmartCenter Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
A. Create a time object and add 48 hours as the interval. Select that time object’s Global Properties > Logs and Masters window to schedule a logswitch
B. Create a time object and add 48 hours as the interval. Open the Security Gateway object’s Logs and Masters window, enable “schedule log switch” and select the time object
C. Create a time object and add 48 hours as the interval. Open the primary SmartCenter Server object’s Logs and Masters window, enable “Schedule log switch” and select the Time object
D. On a SecurePlatform SmartCenter server, this can only be accomplished by configuring the fw logswitch command via the cron utility

Correct Answer: C
QUESTION 171
An NGX R65 HA cluster contains two members with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster VIP address is 172.28.108.3 and the internal cluster VIP address is 10.4.8.3. The synchronization interfaces are 192.168.1.1 and 192.168.1.2.
The security administrator discovers state synchronization is not working properly. The cphaprob if command output displays shows: what is causing the state synchronization problem? Exhibit:

A. The synchronization interface on the individual NGX cluster member object’s Topology tab is enabled with “Cluster Interface”. Disable this setting
B. The synchronization network has been defined as “Network objective: Cluster+1st sync” with an IP address 192.168.1.3 defined in the NGX cluster object’s topology. This configuration is supported in NGX and therefore the above screenshot is not relevant to the sync problem
C. Another cluster is using 192.168.1.3 as one of the unprotected interfaces
D. The synchronization network has a cluster VIP address (192.168.1.3) defined in the NGX cluster object’s topology. Remove the 192.168.1.3 VIP interface from the cluster topology

Correct Answer: B
QUESTION 172
Which of the following commands is a CLI command for VPN-1 NGX R65?
A. fw tab -u
B. fwprint
C. fw shutdown
D. fw merge

Correct Answer: A
QUESTION 173
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?
A. Manually import your partner’s access control list
B. Manually import your partner’s certificate Revocation list
C. Exchange exported CA keys and uses them to create a new server object to represent your partner’s certificate authority (CA)
D. Create a new logical-server object to represent your partner’s CA
Correct Answer: C
QUESTION 174
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
A. VTIs are supported on SecurePlatform
B. VTIs can use an already existing physical-interface IP address
C. VTIs are assigned only local addresses, not remote addresses
D. VITs cannot share IP addresses

Correct Answer: A
QUESTION 175
The following is cphaprob state command output from a New Mode High Availability cluster member. Which machine has the highest priority? Exhibit:

A. 192.168.1.2,because its state is active
B. This output does not indicate which machine has the highest priority
C. 192.168.1.1, because it is
D. 192.168.1.1, because its number is 1

Correct Answer: D
QUESTION 176
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3 and receives replies. The following is the ARP table from the interval Windows host 10.4.8.208: According to the output, which member is the standby machine? Exhibit:

A. 10.4.8.3
B. The standby machine cannot be determined by this test
C. 10.4.8.2
D. 10.4.8.1

Correct Answer: D
QUESTION 177
What command displays the version of an already installed Security Gateway?
A. cpstat -gw
B. fw stat
C. fw ver
D. fw printver

Correct Answer: C
QUESTION 178
Which VPM-1 NGX R65 component displays the number of packets accepted, rejected and dropped on a specific Security Gateway, in real time?
A. SmartView Monitor
B. SmartUpdate
C. SmartView Status
D. Eventia Analyzer

Correct Answer: D
QUESTION 179
Match the Best Management High Availability synchronization-status descriptions for your SmartCenter
Server(SCS):
Exhibit:
A. A3,B1,C2,D4
B. A4,B3,C1,D2
C. A3,B1,C4,D2
D. A3,B2,C1,D4

Correct Answer: A
QUESTION 180
A security audit determined that your unpatched web application server is revealing the fact that it accesses a SQL server. You believe that you have enabled the proper SmartDefense setting but would like to verify this fact using Smartview Tracker. Which of the following entries confirms the proper blocking of this leaked information to an attacker?
A. “HTTP response spoofing: remove signature [SQL Server]”
B. “Concealed HTTP response [SQL Server]. (Error code WSE0160003)”
C. “ASCII Only Response Header detected: SQL”
D. “Fingerprint scrambling: Changed [SQL] to [Perl]”

Correct Answer: B
QUESTION 181
Control connections between the SmartCenter Server and the Gateway are not encryptd by the VPN Community. How are these connections secured?
A. They are not encrypted but are authenticated by the Gateway
B. They are encrypted and authenticated using SIC
C. They are secured by PPTP
D. They are not secured
Correct Answer: B
QUESTION 182
When upgrading to NGX R65,which Check Point products do not require a License upgrade to b current?
A. VPN-1 NGX (R60) and later
B. VPN-1 NG with Application Intelligence (R54) and later
C. None, all versions require a license upgrade
D. VPN-1 NGX (R65) and later

Correct Answer: B QUESTION 183
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicions?
A. SmartDashboard
B. SmartView Status
C. SmartUpdate
D. SmartView Tracker

Correct Answer: D QUESTION 184
When a user selects to allow HotSpot, SecureClient modifies the Desktop Security Policy and/or Hub Mode routing to enable HotSpot registration. Which of the following is NOT true concerning this modification?
A. The modification is restricted by time
B. IP addresses accessed during registration are recorded
C. The number of IP addresses accessed is not restricted
D. Ports accessed during registration are recorded

Correct Answer: C QUESTION 185
In VPN-1 R65 SmartView Tracker, where are custom queries stored?
A. On the SmartCenter Server tied to the Administrator User Database login name
B. On the SmartTracker PC local file system shared by all users of that local PC
C. On the SmartTracker PC local file system under the user’s profile
D. On the SmartCenter Server tied to the GUI client IP

Correct Answer: A QUESTION 186
State Synchronization is enabled on both members in a cluster and the Security Policy is successfully installed. No protocols or services have been deselected for “selective sync”. The following is the fw tab -t connections -s output from both members: Is state synchronization working properly between the two members? Exhibit:

A. Members A and B are not synchronized, because #VALS in the connections table are not close
B. Members A and B are synchronized, because #SLINKS are identical in the connections table
C. Members A and B are synchronized, because ID for both members is identical in the connection table
D. Members A and B are not synchronized, because #PEAK for both members is not close in the connection table

Correct Answer: A
QUESTION 187
What is a consolidation Policy?
A. The Specific Policy written in SmartDashbord to configure which log data is stored in the Eventia Reporter database
B. A global policy used to share a common enforcement policy for multiple similar security gateways
C. The collective name of the logs generated by Eventia Reporter
D. The collective name of the Security Policy, Address Translation and SmartDefense Policies

Correct Answer: A
QUESTION 188
You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?
A. It is not possible to configure High Availability that is not synchronized
B. Connections cannot be established until cluster members are fully synchronized
C. Old connections are lost but can be reestablished
D. Old connections are lost and but are automatically recovered whenever the failed machine recovers

Correct Answer: C
QUESTION 189
Which utility allows you to configure the DHCP service on SecurePlatform from the command line?
A. Ifconfig
B. WebUI
C. Cpconfig
D. Sysconfig

Correct Answer: D
QUESTION 190
When configuring VPN High Availability (HA) with MEP, which of the following is correct?
A. MEP Gateways must be managed by the same SmartCenter Server
B. MEP VPN Gateways cannot be geographically separated machines
C. If one gateway fails, the synchronized connection fails over to another Gateway and the connection continues
D. The decision on which MEP Security Gateway to use is made on the remote gateway’s side (non-MEP side)

Correct Answer: D
QUESTION 191
Your primary SmartCenter server is installed on a SecurePlatform Pro machine, which is also a VPN-1 Power Gateway, you want to implement Management high availability. You have a spare machine to configure as the secondary SmartCenter Server. How do you configure the new machine to be the standby SmartCenter Server?
A. Install the secondary server on the spare machine. Add the new machine to any network routable to the primary server. Synchronize the machines
B. Use cpprod_until to reconfigure the primary Smartcenter server to become the secondary on the VPN-1 Power Gateway. Install a new primary SmartCenter Server on the spare machine and set to standby. Synchronize the “active” secondary to the “standby” primary in order to migrate the configuration
C. Install the secondary Server on the spare machine. Add the new machine to the same network as the primary server. Synchronize the machines
D. You cannot configure management HA, when either the primary or secondary SmartCenter Server is running on a VPN-1 Pro Gateway

Correct Answer: D
QUESTION 192
When synchronizing clusters, which of the following statements is NOT true?
A. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized
B. Client Auth or Session Auth connections through a cluster member will be lost if the cluster member fails
C. Only cluster members running on the same OS platform can be synchronized
D. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization

Correct Answer: B
QUESTION 193
Which command line interface utility allows the administrator to verify the name and timestamp of the Security Policy currently installed on a firewall module?
A. fw ver
B. cpstat fwd
C. fw ctl pstat
D. fw stat

Correct Answer: D
QUESTION 194
You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?
A. SmartView Tracker in Audit Mode
B. SmartView Tracker cannot display Security Administrator activity, instead, view the system logs on the SmartCenter Server’s Operating System
C. SmartView Tracker in Active Mode
D. SmartView Tracker in Log Mode

Correct Answer: A
QUESTION 195
With Management High Availability, how does a standby SmartCenter Server take over for a failed primary SmartCenter Server?
A. The standby SmartCenter Server sends heartbeat packets, to ensure the active SmartCenter Server is available
B. The active SmartCenter Server cannot take over for the failed primary SmartCenter Server
C. The active SmartCenter Server notifies the standby SmartCenter Server to become active, when the active SmartCenter Server fails over
D. The standby SmartCenter Server becomes active, when the Security Administrator logs into SmartDashboard on the standby SmartCenter Server
Correct Answer: D

The CheckPoint 156-915 certification can make you a competent person.It may enable a technician to know about the CheckPoint 156-915 configurations,get information about the CheckPoint 156-915 products and hardware and knowledge about CheckPoint 156-915 united computing systems.

Welcome to download the newest Pass4itsure AWS-SYSOPS dumps: http://www.pass4itsure.com/AWS-SysOps.html

CheckPoint 156-915 Certification, Best CheckPoint 156-915 Vce & PDF For Sale

CheckPoint 156-915 Study Material, Provides CheckPoint 156-915 Certification Material Is Your Best Choice

Achieving the CheckPoint 156-915 certification is the goal of many IT & Network professionals. The passing rate of the CheckPoint 156-915 Test is incredibly low. The purpose of Flydumps CheckPoint 156-915 practice test is to promote CheckPoint 156-915 Certification. It’s surely not an easy task to do but doing the CheckPoint 156-915 Training by using our CheckPoint 156-915 exam sample questions will ensure and encourage that you can earn the CheckPoint 156-915 Certification. You don’t have to worry about passing your CheckPoint 156-915 exam or completing the latest CheckPoint 156-915 Exam Objectives anymore because Flydumps CheckPoint 156-915 exam sample questions do it all for you.

QUESTION 129
In a Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when:
1.
The Security Policy is installed

2.
The Security Policy is saved

3.
The Security Administrator logs in to the Secondary SmartCenter server and changes its status to active

4.
A scheduled event occurs

5.
The user database is installed
Select the BEST response for the synchronization sequence: Choose ONE:

A. 1,2,4
B. 1,2,5
C. 1,3,4
D. 1,2,4

Correct Answer: D QUESTION 130
When configuring Port Scanning, Which level of sensitivity detects more than 100 inactive ports are tried for a period of 30 seconds?
A. Low
B. High
C. None. Such a level does not exist
D. Medium

Correct Answer: D QUESTION 131
What rules send log information to DShield.org when Strom Center is configured?
A. Determined by the “DShield Strom Center Logging” setting in “Logs and Masters” of the SmartCenter Server object: rules with tracking set to log or none
B. Determined by how web intelligence > Information Disclosure is configured: rules with tracking set to User Defined Alerts or SNMP trap
C. Determined by the Global properties configuration: Logs defined in the Log and Alerts section, rules with tracking set to Account or SNMP trap
D. Determined in SmartDefense > Network Security > DShield Storm Center configuration: SmartCenter sends logs from rules with tracking set to either “Alert” or one of the specific “User Defined Alerts”

Correct Answer: D QUESTION 132
Your bank’s distributed VPN-1 NGX R65 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which security gateways have licenses that will expire within the next 30 days?
A. SmartDashboard
B. SmartUpdate
C. SmartView Tracker
D. SmartPoartal

Correct Answer: D QUESTION 133
Your Organization has many VPN-1 Edge Gateways at various branch offices to allow users to access company resources. For security reasons, your organization’s Security Policy requires all Internet traffic initiated behind the VPN-1 Edge Gateways first be inspected by your headquarter’s VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To the center and other satellites, through the center
B. To the center only
C. To the Internet and other targets only
D. To the center or through the center to other satellites then to the Internet and other VPN tagets

Correct Answer: D QUESTION 134
How do you verify a VPN tunnel interface (VTI) is configured properly?
A. vpn shell display <VTI name > detailed
B. vpn shell show interface detailed <VTI name>
C. vpn shell show <VTI name> detailed
D. vpn shell display interface detailed <VTI name>

Correct Answer: B QUESTION 135
The customer has a small Check Point installation which includes one Window XP workstation working as SmartConsole, one Solaris server working as SmartCenter and a third server running SecurePlatform working as Security Gateway. This is an example of:
A. Distributed Installation
B. Hybrid Installation
C. Unsupported configuration
D. Stand-alone installation

Correct Answer: B QUESTION 136
What port is used for communication to the User Center with SmartUpdate?
A. HTTP
B. CPMI
C. HTTPS
D. TCP 8080

Correct Answer: C
QUESTION 137
You are working in a large hospital, together with three other Security Administrators. How do you use SmartConsole to check changes to rules or object properties other administrators made?
A. SmartView Monitor
B. SmartView Tracker
C. Eventia Monitor
D. Eventia Tracker

Correct Answer: B
QUESTION 138
Which of the following would NOT be a reason for beginning with a fresh installation of VPN-1 NGX R65, instead of upgrading a previous version to VPN-1 NGX R65?
A. Objects and rule’s naming conventions have changed over time
B. Your Security Policy includes rules and objects whose purpose you do not know
C. You see a more logical way to organize your rules and objects
D. You want to keep your Check Point configuration

Correct Answer: D
QUESTION 139
You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?
A. Old connections are lost but can be reestablished
B. It is not possible to configure High Availability that is not synchronized
C. Old connections are lost and but are automatically recovered whenever the failed machine recovers
D. Connections cannot be established until cluster members are fully synchronized

Correct Answer: A
QUESTION 140
Which Smartview Tracker mode allows you to read the SMTP email body sent from the Chief Executive Officier (CEO)?
A. This is not a SmartView Tracker Feature
B. Display Capture Action
C. Account Query
D. Log Tab
Correct Answer: B
QUESTION 141
SmartCenter Server
A. Prompts you to enter a filename, then saves the log file
B. Saves the current log file names the log file by data and time and starts a new log file
C. Purges the current log file and starts a new log file
D. Purges the current log and prompts you for the new log’s mode

Correct Answer: B QUESTION 142
If you are experiencing LDAP issues, which of the following should you check?
A. Overlapping VPN Domains
B. Connectivity between the NGX gateway and LDAP server
C. Secure Internal Communications (SIC)
D. VPN Load Balancing

Correct Answer: D QUESTION 143
How do you define a service object for a TCP port range?
A. Manage Services, New Group, Provide Name and Add all service ports for range individually to the group object
B. Manage Services, New TCP, Provide name and define Port: X-Y
C. Manage Services, New Other, Provide Name and define Protocol: 17,Range: X-Y
D. Manage Services, New Other Provide name and define Protocol: X-Y

Correct Answer: B

It is not easy to achieve success in the field of information technology. This is because CheckPoint 156-915 competition is very rampant in the industry. In order for you to acquire a successful career in this industry, acquiring the best CheckPoint 156-915 certification is the best thing to do. When selecting an information technology CheckPoint 156-915 certification, it is very significant to look for the right Apple 9L0-506 that can help you succeed. Make sure that it relates to your career. Do not just select CheckPoint 156-915 certification without reviewing the CheckPoint 156-915 certification if it can help you or not.

CheckPoint 156-915 Study Material, Provides CheckPoint 156-915 Certification Material Is Your Best Choice

Checkpoint 156-215 Practise Questions, Valid and updated Checkpoint 156-215 Exam Dump With The Knowledge And Skills

Welcome to download the newest Examwind 1y0-a26 VCE dumps: http://www.examwind.com/1y0-a26.html

The Checkpoint 156-215 exam is one of the most popular Juniper Certification exams. If you want to reach a professional or expert level in the IBM Certification career certification tracks, passing Checkpoint 156-215 exam is the first step. We provide professional Checkpoint 156-215 exam sample questions. Checkpoint 156-215 exam details Candidates can become IBM certified professionals by using a general Checkpoint 156-215 Certification test offered by FLYDUMPS. We all know that succeeding in Checkpoint 156-215 Exam is essential in the IT industry. Checkpoint 156-215 Certification is a world-widely recognized certification. In order to enhance your career value, it’s right to get Checkpoint 156-215 certification. We devise FLYDUMPS Checkpoint 156-215 exam sample questions containing various 108 questions in a way that could help you ace the exam without any other books or materials.

QUESTION 117
Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:

RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using
200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source – groupobject; Destination -any; Service – any; Translated source – 200.200.200.5; Destination – original; Service – original.

Correct Answer: C
QUESTION 118
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
A. Allow bi-directional NAT is not checked in Global Properties.
B. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.
C. Manual NAT rules are not configured correctly.
D. Routing is not configured correctly.

Correct Answer: B
QUESTION 119
You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?
A. Two, one for outbound, one for inbound
B. Only one, inbound
C. Only one, outbound
D. Two, both outbound, one for the real IP connection and one for the NAT IP connection

Correct Answer: C
QUESTION 120
Which of the following statements BEST describes Check Point’s Hide Network Address Translation method?
A. Translates many source IP addresses into one source IP address
B. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
C. Translates many destination IP addresses into one destination IP address
D. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both
Source and Destination IP address translation

Correct Answer: A
QUESTION 121
Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?
A. Static Source
B. Static Destination
C. Dynamic Destination
D. Hide
Correct Answer: D
QUESTION 122
NAT can NOT be configured on which of the following objects?
A. Host
B. HTTP Logical Server
C. Address Range
D. Gateway

Correct Answer: B
QUESTION 123
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?
A. Hide Address Translation
B. Static Destination Address Translation
C. Port Address Translation
D. Dynamic Source Address Translation

Correct Answer: B
QUESTION 124
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
B. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
C. Place a static host route on the firewall for the valid IP address to the internal Web server.
D. Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address.

Correct Answer: D
QUESTION 125
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal – Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.
C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.
D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal – Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.
Correct Answer: D QUESTION 126

Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
A. Translate destination on client-side
B. Enable IP Pool NAT
C. Allow bi-directional NAT
D. Automatic ARP configuration

Correct Answer: A
QUESTION 127
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
A. Configure Automatic Static NAT on network 10.10.20.0/24.
B. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.
C. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
D. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.

Correct Answer: C
QUESTION 128
You have three servers located in a DMZ, using private IP addresses. You want internal users from
10.10.10.x
to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.

A.
When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.

B.
When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface

C.
When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.

D.
When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ’s interface

Correct Answer: C
QUESTION 129
An internal host initiates a session to and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of .
A. None of these
B. source NAT
C. destination NAT
D. client side NAT

Correct Answer: B
QUESTION 130
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the .
A. source on client side
B. source on server side
C. destination on client side
D. destination on server side

Correct Answer: C QUESTION 131
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. A static route for the NAT IP must be added to the Gateway’s upstream router.
B. Automatic ARP must be unchecked in the Global Properties.
C. Nothing else must be configured.
D. A static route must be added on the Security Gateway to the internal host.

Correct Answer: D QUESTION 132
When translation occurs using automatic Hide NAT, what also happens?
A. The destination port is modified.
B. Nothing happens.
C. The destination is modified.
D. The source port is modified.

Correct Answer: D QUESTION 133
The fw monitor utility is used to troubleshoot which of the following problems?
A. Address translation
B. Log Consolidation Engine
C. User data base corruption
D. Phase two key negotiation

Correct Answer: A QUESTION 134
Looking at the SYN packets in the Wireshark output,
select the statement that is true about NAT.

A. This is an example of Hide NAT.
B. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
C. There is not enough information provided in the Wireshark capture to determine the NAT settings.
D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Correct Answer: D QUESTION 135
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
A. VLAN tagging cannot be defined for any hosts protected by the Gateway.
B. The Security Gateway’s ARP file must be modified.
C. It is not necessary to add a static route to the Gateway’s routing table.
D. It is necessary to add a static route to the Gateway’s routing table.

Correct Answer: C QUESTION 136
Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:
A. SIC names.
B. MAC addresses.
C. IP addresses.
D. SIC is not NAT-tolerant.

Correct Answer: A QUESTION 137
Static NAT connections, by default, translate on which firewall kernel inspection point?
A. Post-inbound
B. Eitherbound
C. Inbound
D. Outbound

Correct Answer: C QUESTION 138
You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the best answer.
A. The Administrator decides the rule order by shifting the corresponding rules up and down.
B. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.
C. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.
D. The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.

Correct Answer: C QUESTION 139
Which answers are TRUE? Automatic Static NAT CANNOT be used when:
1) NAT decision is based on the destination port.
2) Both Source and Destination IP’s have to be translated.
3) The NAT rule should only be installed on a dedicated Gateway.
4) NAT should be performed on the server side.

A. 2 and 3
B. 1, 3, and 4
C. 1 and 2
D. 2 and 4

Correct Answer: C QUESTION 140
In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?
A. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway’s internal interface IP address.
B. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.
C. If you chose Automatic NAT instead, all necessary entries are done for you.
D. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.

Correct Answer: A QUESTION 141
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?
A. A SmartDefense module has blocked the packet.
B. It is due to NAT.
C. An IPSO ACL has blocked the packet’s outbound passage.
D. The packet has been sent out through a VPN tunnel unencrypted.

Correct Answer: B QUESTION 142
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R76 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
A. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
C. Use automatic Static NAT for network 10.1.1.0/24.
D. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

Correct Answer: D QUESTION 143
You are a Security Administrator who has installed Security Gateway R76 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:

-Allow bi-directional NAT

Translate destination on client side Do the above settings limit the partner’s access?

A.
No. The first setting is not applicable. The second setting will reduce performance.

B.
Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

C.
Yes. Both of these settings are only applicable to automatic NAT rules.

D.
No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.

Correct Answer: D QUESTION 144
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R76 Security Gateway and then start a new HTTP connection from host
10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
A. O=outbound kernel, after the virtual machine
B. i=inbound kernel, before the virtual machine
C. I=inbound kernel, after the virtual machine
D. o=outbound kernel, before the virtual machine

Correct Answer: C QUESTION 145
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?
A. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s external interface.
B. No extra configuration is needed.
C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway’s internal interface.

Correct Answer: D

All our Cisco products are up to date! When you buy any Checkpoint 156-215 product from Certpaper, as “Checkpoint 156-215 Questions & Answers with explanations”, you are automatically offered the Checkpoint 156-215 updates for a total of 90 days from the day you bought it. If you want to renew your Checkpoint 156-215 purchase during the period of these 90 days, your Checkpoint 156-215 product is renewed and you are further enabled to enjoy the free Cisco updates.

Welcome to download the newest Examwind 1y0-a26 VCE dumps: http://www.examwind.com/1y0-a26.html

Checkpoint 156-215 Practise Questions, Valid and updated Checkpoint 156-215 Exam Dump With The Knowledge And Skills

Checkpoint 156-110 Guide Provider, 100% Pass Guarantee Checkpoint 156-110 Demos Is Your Best Choice

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

There is No need to hassle if you are stuck in the Checkpoint 156-110 exam difficulties,Flydumps will assist you right through exam specific preparation material.Flydumps delivers the most comprehensive preparation material,covering each and every aspect of Checkpoint 156-110 exam curriculum.

QUESTION 89
Which types of security solutions should a home user deploy? (Choose TWO.)
A. Managed Security Gateway
B. Access control lists on a router
C. Personal firewall
D. Network intrusion-detection system
E. Anti-virus software
Correct Answer: CE QUESTION 90
You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first?
A. Run the sample exploit against a test server.
B. Run the sample exploit against a production server.
C. Apply the patch to all production servers.
D. Test the patch on a production server.
E. Test the patch on a non-production server.

Correct Answer: A
QUESTION 91
_______ is a method of tricking users into revealing passwords, or other sensitive information.
A. Dumpster diving
B. Means testing
C. Social engineering
D. Risk
E. Exposure

Correct Answer: C
QUESTION 92
Which of the following equations results in the Single Loss Expectancy for an asset?
A. Asset Value x % Of Loss From Realized Exposure
B. Asset Value x % Of Loss From Realized Threat
C. Annualized Rate of Occurrence / Annualized Loss Expectancy
D. Asset Value x % Of Loss From Realized Vulnerability
E. Annualized Rate of Occurrence x Annualized Loss Expectancy

Correct Answer: B
QUESTION 93
Which encryption algorithm has the highest bit strength?
A. AES
B. Blowfish
C. DES
D. CAST
E. Triple DES

Correct Answer: A
QUESTION 94
_________________ is a type of cryptography, where letters of an original message are systematically rearranged into another sequence.
A. Symmetric-key exchange
B. Steganography
C. Transposition cipher
D. Asymmetric-key encryption
E. Simple substitution cipher
Correct Answer: C QUESTION 95
Which of the following are appropriate uses of asymmetric encryption? (Choose THREE.)
A. Authentication
B. Secure key-exchange mechanisms
C. Public Web site access
D. Data-integrity checking
E. Sneaker net

Correct Answer: ABD
QUESTION 96
What is the purpose of resource isolation?
A. To reduce the level of broadcast traffic on physical segments.
B. To ensure that anyone accessing a resource has appropriate integrity.
C. To automate the creation of access control lists and Trusted Computing Bases.
D. To enforce access controls, and clearly separate resources from each other.
E. To make people buy more computers than they really need.

Correct Answer: D
QUESTION 97
Why should user populations be segmented?
A. To allow resources to be shared among employees
B. To allow appropriate collaboration, and prevent inappropriate resource sharing
C. To prevent appropriate collaboration
D. To provide authentication services
E. To prevent the generation of audit trails from gateway devices

Correct Answer: B
QUESTION 98
A(n) _______________ is an abstract machine, which mediates all access subjects have to objects.
A. ACL
B. Reference monitor
C. State machine
D. TCB
E. Router
Correct Answer: B
QUESTION 99
Who should have physical access to network-connectivity devices and corporate servers?
A. Customers and clients
B. Accounting, information-technology, and auditing staff
C. Managers and C-level executives
D. Only appropriate information-technology personnel
E. Only the maintenance staff
Correct Answer: D
QUESTION 100

Which of the following represents a valid reason for testing a patch on a nonproduction system, before applying it to a production system?
A. Patches may re-enable services previously disabled.
B. Patches are a kind of virus.
C. Patches always overwrite user data.
D. Only patches on vendor-pressed CDs can be trusted.
E. Patches usually break important system functionality.

Correct Answer: A
QUESTION 101
How do virtual corporations maintain confidentiality?
A. Encryption
B. Checksum
C. Data hashes
D. Redundant servers
E. Security by obscurity

Correct Answer: A
QUESTION 102
Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?
A. Delegating risk to another entity, such as an insurer
B. Manual procedures; alternative solution to technology available
C. Deferring action; action waiting until a later date
D. Reciprocal agreements with another organization
E. Doing nothing; no action taken to recover the technology

Correct Answer: A
QUESTION 103
Which of the following is an example of a simple, physical-access control?
A. Lock
B. Access control list
C. Background check
D. Token
E. Firewall

Correct Answer: A
QUESTION 104
Which of the following represents a valid reason for testing a patch on a nonproduction system, before applying it to a production system?
A. Patches may re-enable services previously disabled.
B. Patches are a kind of virus.
C. Patches always overwrite user data.
D. Only patches on vendor-pressed CDs can be trusted.
E. Patches usually break important system functionality.
Correct Answer: A
QUESTION 105
How do virtual corporations maintain confidentiality?
A. Encryption
B. Checksum
C. Data hashes
D. Redundant servers
E. Security by obscurity

Correct Answer: A
QUESTION 106
A _______ attack uses multiple systems to launch a coordinated attack.
A. Distributed denial-of-service
B. Teardrop
C. Birthday
D. FTP Bounce
E. Salami

Correct Answer: A
QUESTION 107
Which of the following can be stored on a workstation? (Choose TWO.)
A. Payroll information
B. Data objects used by many employees
C. Databases
D. Interoffice memo
E. Customer correspondence

Correct Answer: DE
QUESTION 108
Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?
A. Delegating risk to another entity, such as an insurer
B. Manual procedures; alternative solution to technology available
C. Deferring action; action waiting until a later date
D. Reciprocal agreements with another organization
E. Doing nothing; no action taken to recover the technology
Correct Answer: A
QUESTION 109
The items listed below are examples of ___________________ controls.
*Procedures and policies *Employee security-awareness training *Employee background checks *Increasing management security awareness
A. Technical
B. Administrative
C. Role-based
D. Mandatory
E. Physical

Correct Answer: B
QUESTION 110
Which of the following is a cost-effective solution for securely transmitting data between remote offices?
A. Standard e-mail
B. Fax machine
C. Virtual private network
D. Bonded courier
E. Telephone

Correct Answer: C
QUESTION 111
Which of these metrics measure how a biometric device performs, when attempting to authenticate subjects? (Choose THREE.)
A. False Rejection Rate
B. User Acceptance Rate
C. Crossover Error Rate
D. False Acceptance Rate
E. Enrollment Failure Rate

Correct Answer: ACD
QUESTION 112
Which of these choices correctly describe denial-of-service (DoS) attacks? (Choose THREE.)
A. DoS attacks do not require attackers to have any privileges on a target system.
B. DoS attacks are nearly impossible to stop, once they begin.
C. DoS attacks free the target system of excessive overhead.
D. DoS ties up a system with so many requests, system resources are consumed, and performance degrades.
E. DoS attacks cause the attacked system to accept legitimate access requests.

Correct Answer: ABD
QUESTION 113
_______________________________ occurs when an individual or process acquires a higher level of privilege, or access, than originally intended.
A. Security Triad
B. Privilege aggregation
C. Need-to-know
D. Privilege escalation
E. Least privilege
Correct Answer: D
QUESTION 114
A(n) _______ occurs when intrusion-detection measures fail to recognize suspicious traffic or activity.
A. False positive
B. False negative
C. CIFS pop-up
D. Threshold
E. Alarm

Correct Answer: B
QUESTION 115
Organizations _______ risk, when they convince another entity to assume the risk for them.
A. Elevate
B. Assume
C. Deny
D. Transfer
E. Mitigate
Correct Answer: D

We are committed on providing you with the latest and most Checkpoint 156-110 exam preparation products.If you want to pass Checkpoint 156-110 exam successfully, do not miss to read latest Checkpoint 156-110 Questions Answers on Flydumps.

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

Checkpoint 156-110 Guide Provider, 100% Pass Guarantee Checkpoint 156-110 Demos Is Your Best Choice

CheckPoint 156-110 Real Exam Questions And Answers, First-hand CheckPoint 156-110 Certification With Accurate Answers

Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html

Flydumps CheckPoint 156-110 exam material details are researched and created by the Most Professional Certified Authors who are regularly using current exams experience to create precise and logical dumps.You can get questions and answers from many other websites or books,but logic is the main key of success,and Flydumps will give you this key of success.

QUESTION 70
How is bogus information disseminated?
A. Adversaries sort through trash to find information.
B. Adversaries use anomalous traffic patterns as indicators of unusual activity. They will employ other methods, such as social engineering, to discover the cause of the noise.
C. Adversaries use movement patterns as indicators of activity.
D. Adversaries take advantage of a person’s trust and goodwill.
E. Seemingly, unimportant pieces of data may yield enough information to an adversary, for him to disseminate incorrect information and sound authoritative.

Correct Answer: E
QUESTION 71
Which type of access management allows subjects to control some access of objects for other subjects?
A. Discretionary
B. Hybrid
C. Mandatory
D. Role-based
E. Nondiscretionary

Correct Answer: A
QUESTION 72
Which of the following are enterprise administrative controls? (Choose TWO.)
A. Network access control
B. Facility access control
C. Password authentication
D. Background checks
E. Employee handbooks

Correct Answer: DE
QUESTION 73
You are preparing a machine that will be used as a dedicated Web server.
Which of the following services should NOT be removed?
A. E. IRC
B. SMTP
C. FTP
D. HTTP
E. PVP

Correct Answer: D
QUESTION 74
A new U.S. Federal Information Processing Standard specifies a
cryptographic algorithm. This algorithm is used by U.S. government organizations to protect sensitive,
but unclassified, information. What is the name of this Standard?

A. Triple DES
B. Blowfish
C. AES
D. CAST
E. RSA
Correct Answer: C
QUESTION 75
If a firewall receives traffic not explicitly permitted by its security policy, what should the firewall do?
A. Nothing
B. Do not log and drop the traffic.
C. Log and drop the traffic.
D. Log and pass the traffic.
E. Do not log and pass the traffic.

Correct Answer: C
QUESTION 76
Which of the following statements about encryption’s benefits is false? Encryption can: (Choose TWO.)
A. significantly reduce the chance information will be modified by unauthorized entities.
B. only be used to protect data in transit. Encryption provides no protection to stored data.
C. allow private information to be sent over public networks, in relative safety.
D. significantly reduce the chance information will be viewed by unauthorized entities.
E. prevent information from being destroyed by malicious entities, while in transit.

Correct Answer: BE
QUESTION 77
Which principle of secure design states that a security mechanism’s methods must be testable?
A. Separation of privilege
B. Least common mechanism
C. Complete mediation
D. Open design
E. Economy of mechanism

Correct Answer: D
QUESTION 78
What type of document contains information on alternative business locations, IT resources, and personnel?
A. End-user license agreement
B. Nondisclosure agreement
C. Acceptable use policy
D. Security policy
E. Business continuity plan

Correct Answer: E
QUESTION 79
A(n) ______________________________ is a quantitative review of risks, to determine how an organization will continue to function, in the event a risk is realized.
A. Monitored risk process
B. Disaster-recovery plan
C. Business impact analysis
D. Full interruption test
E. Information security audit
Correct Answer: C
QUESTION 80
Internal intrusions are loosely divided into which categories? (Choose TWO.)
A. Attempts by insiders to perform appropriate acts, on information assets to which they have been given rights or permissions.
B. Attempts by insiders to access resources, without proper access rights.
C. Attempts by insiders to access external resources, without proper access rights.
D. Attempts by insiders to perform inappropriate acts, on external information assets to which they have been given rights or permissions.
E. Attempts by insiders to perform inappropriate acts, on information assets to which they have been given rights or permissions.

Correct Answer: BE
QUESTION 81
A security administrator implements Secure Configuration Verification (SCV), because SCV: (Choose THREE.)
A. Does not enable the administrator to monitor the configuration of remote computers.
B. Can block connectivity for machines that do not comply with the organization’s security policy.
C. Enables the administrator to monitor the configuration of remote computers.
D. Prevents attackers from penetrating headquarters’ Security Gateway.
E. Confirms that a remote configuration complies with the organization’s security policy.

Correct Answer: BCE
QUESTION 82
Which of the following is likely in a small-business environment?
A. Most small businesses employ a full-time information-technology staff.
B. Resources are available as needed.
C. Small businesses have security personnel on staff.
D. Most employees have experience with information security.
E. Security budgets are very small.

Correct Answer: E
QUESTION 83
ABC Corporation’s network is configured such that a user must log in individually at each server and access control. Which type of authentication is in use?
A. Role-based access control
B. Three-factor authentication
C. Single sign-on
D. Hybrid access control
E. Mandatory sign-on

Correct Answer: E
QUESTION 84
Which type of Business Continuity Plan (BCP) test involves shutting down a primary site, bringing an alternate site on-line, and moving all operations to the alternate site?
A. Parallel
B. Full interruption
C. Checklist
D. Structured walkthrough
E. Simulation
Correct Answer: B
QUESTION 85
A(n) _______ is the first step for determining which technical information assets should be protected.
A. Network diagram
B. Business Impact Analysis
C. Office floor plan
D. Firewall
E. Intrusion detection system

Correct Answer: A
QUESTION 86
Which of the following is an example of a simple, physical-access control?
A. Lock
B. Access control list
C. Background check
D. Token
E. Firewall

Correct Answer: A
QUESTION 87
Which of the following best describes an external intrusion attempt on a local-area network (LAN)?
A. Internal users try to gain unauthorized access to information assets outside the organizational perimeter.
B. External-intrusion attempts from sources outside the LAN are not granted permissions or rights to an organization’s information assets.
C. External users attempt to access public resources.
D. External intruders attempt exploitation of vulnerabilities, to remove their own access.
E. Internal users perform inappropriate acts on assets to which they have been given rights or permissions.

Correct Answer: B
QUESTION 88
Maintenance of the Business Continuity Plan (BCP) must be integrated with an organization’s _______________ process.
A. Change-control
B. Disaster-recovery
C. Inventory-maintenance
D. Discretionary-budget
E. Compensation-review
Correct Answer: A
QUESTION 89
Which types of security solutions should a home user deploy? (Choose TWO.)
A. Managed Security Gateway
B. Access control lists on a router
C. Personal firewall
D. Network intrusion-detection system
E. Anti-virus software
Correct Answer: CE QUESTION 90
You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first?
A. Run the sample exploit against a test server.
B. Run the sample exploit against a production server.
C. Apply the patch to all production servers.
D. Test the patch on a production server.
E. Test the patch on a non-production server.

Correct Answer: A
QUESTION 91
_______ is a method of tricking users into revealing passwords, or other sensitive information.
A. Dumpster diving
B. Means testing
C. Social engineering
D. Risk
E. Exposure

Correct Answer: C
QUESTION 92
Which of the following equations results in the Single Loss Expectancy for an asset?
A. Asset Value x % Of Loss From Realized Exposure
B. Asset Value x % Of Loss From Realized Threat
C. Annualized Rate of Occurrence / Annualized Loss Expectancy
D. Asset Value x % Of Loss From Realized Vulnerability
E. Annualized Rate of Occurrence x Annualized Loss Expectancy

Correct Answer: B
QUESTION 93
Which encryption algorithm has the highest bit strength?
A. AES
B. Blowfish
C. DES
D. CAST
E. Triple DES

Correct Answer: A
QUESTION 94
_________________ is a type of cryptography, where letters of an original message are systematically rearranged into another sequence.
A. Symmetric-key exchange
B. Steganography
C. Transposition cipher
D. Asymmetric-key encryption
E. Simple substitution cipher
Correct Answer: C QUESTION 95
Which of the following are appropriate uses of asymmetric encryption? (Choose THREE.)
A. Authentication
B. Secure key-exchange mechanisms
C. Public Web site access
D. Data-integrity checking
E. Sneaker net

Correct Answer: ABD
QUESTION 96
What is the purpose of resource isolation?
A. To reduce the level of broadcast traffic on physical segments.
B. To ensure that anyone accessing a resource has appropriate integrity.
C. To automate the creation of access control lists and Trusted Computing Bases.
D. To enforce access controls, and clearly separate resources from each other.
E. To make people buy more computers than they really need.

Correct Answer: D
QUESTION 97
Why should user populations be segmented?
A. To allow resources to be shared among employees
B. To allow appropriate collaboration, and prevent inappropriate resource sharing
C. To prevent appropriate collaboration
D. To provide authentication services
E. To prevent the generation of audit trails from gateway devices

Correct Answer: B
QUESTION 98
A(n) _______________ is an abstract machine, which mediates all access subjects have to objects.
A. ACL
B. Reference monitor
C. State machine
D. TCB
E. Router
Correct Answer: B
QUESTION 99
Who should have physical access to network-connectivity devices and corporate servers?
A. Customers and clients
B. Accounting, information-technology, and auditing staff
C. Managers and C-level executives
D. Only appropriate information-technology personnel
E. Only the maintenance staff
Correct Answer: D
QUESTION 100

Which of the following represents a valid reason for testing a patch on a nonproduction system, before applying it to a production system?
A. Patches may re-enable services previously disabled.
B. Patches are a kind of virus.
C. Patches always overwrite user data.
D. Only patches on vendor-pressed CDs can be trusted.
E. Patches usually break important system functionality.

Correct Answer: A
QUESTION 101
How do virtual corporations maintain confidentiality?
A. Encryption
B. Checksum
C. Data hashes
D. Redundant servers
E. Security by obscurity

Correct Answer: A
QUESTION 102
Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?
A. Delegating risk to another entity, such as an insurer
B. Manual procedures; alternative solution to technology available
C. Deferring action; action waiting until a later date
D. Reciprocal agreements with another organization
E. Doing nothing; no action taken to recover the technology

Correct Answer: A
QUESTION 103
Which of the following is an example of a simple, physical-access control?
A. Lock
B. Access control list
C. Background check
D. Token
E. Firewall

Correct Answer: A
QUESTION 104
Which of the following represents a valid reason for testing a patch on a nonproduction system, before applying it to a production system?
A. Patches may re-enable services previously disabled.
B. Patches are a kind of virus.
C. Patches always overwrite user data.
D. Only patches on vendor-pressed CDs can be trusted.
E. Patches usually break important system functionality.
Correct Answer: A
QUESTION 105
How do virtual corporations maintain confidentiality?
A. Encryption
B. Checksum
C. Data hashes
D. Redundant servers
E. Security by obscurity

Correct Answer: A
QUESTION 106
A _______ attack uses multiple systems to launch a coordinated attack.
A. Distributed denial-of-service
B. Teardrop
C. Birthday
D. FTP Bounce
E. Salami

Correct Answer: A
QUESTION 107
Which of the following can be stored on a workstation? (Choose TWO.)
A. Payroll information
B. Data objects used by many employees
C. Databases
D. Interoffice memo
E. Customer correspondence
Correct Answer: DE
QUESTION 108
Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?
A. Delegating risk to another entity, such as an insurer
B. Manual procedures; alternative solution to technology available
C. Deferring action; action waiting until a later date
D. Reciprocal agreements with another organization
E. Doing nothing; no action taken to recover the technology
Correct Answer: A

CheckPoint 156-110 exam is a hot Microsoft certification test. It is the choice of a great number of IT professionals. After using Passcert Latest CheckPoint 156-110 dumps,you don’t need to make other effort to take any other books or courses.Latest CheckPoint 156-110 dumps help you in keeping yourself up-to-date with the latest Latest CheckPoint 156-110 dumps available in the market. Flydumps Latest Cisco 642-436 dumps are designed to make individuals feel confident after your studying about Flydumps products.

Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html

CheckPoint 156-110 Real Exam Questions And Answers, First-hand CheckPoint 156-110 Certification With Accurate Answers

CheckPoint 156-215 Dumps PDF, Most Popular CheckPoint 156-215 Exam practice

Welcome to download the newest Pass4itsure hp0-m52 VCE dumps: http://www.pass4itsure.com/hp0-m52.html

Flydumps.com guarantee your CheckPoint 156-215 exam success with our Exam Resources.Our CheckPoint 156-215 exam Flydumps.com are the latest and developed by experience’s IT certification Professionals working in today’s prospering companies and data centers.All our CheckPoint 156-215 exam Flydumps.com including CheckPoint 156-215 exam questions which guarantee you can 100% success CheckPoint 156-215 exam in your first try exam.

QUESTION 95
Amy is configuring a User Authentication rule for the technical-support department to access an intranet server. What is the correct statement?
A. The Security Server first checks if there is any rule tat does not require authentication for this type of connection.
B. The User Authentication rule must be placed above the Stealth Rule.
C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
D. Amy can only use the rule for Telnet, FTP, and rlogin services.
E. Amy can limit the authentication attempts in the Authentication tab of the User Properties screen.

Correct Answer: A
QUESTION 96
How can you unlock an administrator’s account, which was been locked due to SmartCenter Access settings in Global Properties?
A. Type fwm lock_admin -ua from the command line of the SmartCenter Server.
B. Clear the “locked” box from the user’s General Properties in SmartDashboard.
C. Type fwm unlock_admin -ua from the command line of the SmartCenter Server.
D. Type fwm unlock_admin -ua from the command line of the Security Gateway.
E. Delete the file admin.lock in the $FWDIR/tmp/ directory of the SmartCenter Server.

Correct Answer: A
QUESTION 97
How many administrators can be created during installation of the SmartCenter Server?
A. Only one
B. Only one with full access and one with read-only access
C. As many as you want
D. Depends on the license installed on the SmartCenter Server
E. Specified in the Global Properties
Correct Answer: A
QUESTION 98
Which SmartConsole tool verifies the installed Security Policy name?
A. SmartView Status
B. Eventia Reporter
C. SmartView Server
D. SmartUpdate
E. SmartView Tracker

Correct Answer: E
QUESTION 99
Ilse manages a distributed NGX installation for Certkiller .com. Ilse needs to know which Security
Gateways have licenses that will expire within the next 30 days.
Which SmartConsole application should Ilse use to gather this information?

A. SmartView Monitor
B. SmartUpdate
C. SmartDashboard
D. SmartView Tracker
E. SmartView Status

Correct Answer: B
QUESTION 100
Herman is attempting to configure a site-to-site VPN with one of his firm’s business partner. Herman thinks Phase 2 negotiations are failing. Which SmartConsole application should Herman use to confirm his suspicions?
A. SmartUpdate
B. SmartView Tracker
C. SmartView Monitor
D. SmartDashboard
E. SmartView Status

Correct Answer: C
QUESTION 101
How can you reset the password of the Security Administrator, which was created during initial installation of the SmartCenter Server on SecurePlatform?
A. Launch cpconfig and select “Administrators”.
B. Launch SmartDashboard, click the admin user account, and overwrite the existing Check Point Password.
C. Type cpm -a, and provide the existing administration account name. Reset the Security Administrator’s password.
D. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the “Password” portion of the file. The log in to the account without password. You will be prompted to assign a new password.
E. Launch cpconfig and delete the Administrator’s account. Recreate the account with the same name.
Correct Answer: E
QUESTION 102
What happens when you select File > Export from the SmartView Tracker menu?
A. It is not possible to export an old log file, only save and switch in SmartView Tracker.
B. Current logs are exported to a new *.log file.
C. Exported log entries are still viewable in SmartView Tracker.
D. Exported log entries are deleted from fw.log.
E. Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

Correct Answer: C QUESTION 103
Which type of TCP attack is a bandwidth attack, where a client fools a server into sending large amount of data, using small packets?
A. SMURF
B. Small PMTU
C. Host System Hogging
D. LAN
E. SYN-Flood

Correct Answer: B QUESTION 104
What is the proper command for exporting users in LDAP format?
A. fw dbexport -f c:\temp\users.txt
B. fw dbimport -f c:\temp\users.ldif -l -s “o=YourCity.com,c=YourCountry”
C. fw dbimport -f c:\temp\users.ldap
D. fw dbexport -f c:\temp\users.ldap -l -s
E. fw dbexport -f c:\temp\users.ldif -l -s “o=YourCity.com,c=YourCountry”
Correct Answer: E QUESTION 105
Shauna is troubleshooting a Security Gateway that is dropping all traffic whenever the most recent Security Policy is installed. Working at the Security Gateway, Shauna needs to uninstall the Policy, but keep the processes running so she can see if there is an issue with the Gateway’s firewall tables. Which of the following commands will do this?
A. fw dbload 10.1.1.5
B. fw unload 10.1.1.5
C. cprestart
D. fw tab -x -u
E. cpstop
Correct Answer: D QUESTION 106
You have blocked an IP address via the Block Intruder feature of SmartView Tracker. How can you see the addresses you have blocked?
A. In SmartView Status click the Blocked Intruder tab.
B. Run fwm blocked_view.
C. Run fw sam -va.
D. Run fw tab -t sam_blocked_ips.
E. In SmartView Tracker, click the Active tab, and the actively blocked connections display.
Correct Answer: D QUESTION 107
Your internal Web server in the DMZ has IP address 172.16.10.1/24. A particular network from the Internet tries to access this Web server. You need to set up some type of Network Address Translation (NAT), so that NAT occurs only from the HTTP service, and only from the remote network as the source. The public IP address for the Web server is 200.200.200.1. All properties in the NAT screen of Global Properties are enabled. Select the correct NAT rules, so NAT happens ONLY between “web_dallas” and the remote network.
A. 1. Create another node object named “web_dallas_valid”, and enter “200.200.200.1” in the General Properties screen.
2.
Create two manual NAT rules above the automatic Hide NAT rules for the 172.16.10.0 network.

3.
Select “HTTP” in the Service column of both manual NAT rules.

4.
Enter an ARP entry and route on the Security Gateway’s OS.
B. 1. Enable NAT on the web_dallas object, select “static”, and enter “200.200.200.1” in the General Properties screen.
2.
Specify “HTTP” in the automatic Static Address Translation rules.

3.
Create incoming and outgoing rules for the web_dallas server, for the HTTP service only.
C. 1. Enable NAT on the web_dallas object, select “hide”, and enter “200.200.200.1” for the Hide NAT IP address.
2.
Specify “HTTP” in the Address Translation rules that are generated automatically.

3.
Create incoming and outgoing rules for the web_dallas server, for the HTTP service only.
D. 1. Create another node object named “web_dallas_valid”, and enter “200.200.200.1” in the General Properties screen.
2.
Create two manual NAT rules below the Automatic Hide NAT rules for network 172.16.10.0, in the Address Translation Rule Base.

3.
Select “HTTP” in the Service column of both manual NAT rules.

4.
Enter an ARP entry and route on the Security Gateway’s OS.

Correct Answer: A
QUESTION 108
Using SmartDefense how do you notify the Security Administrator that malware is
scanning specific ports? By enabling:
A. Network Port scan
B. Host Port scan
C. Malware Scan protection
D. Sweep Scan protection
E. Malicious Code Protector

Correct Answer: D
QUESTION 109
Jack’s project is to define the backup and restore section of his organization’s disaster recovery plan for his
organization’s distributed NGX installation. Jack must meet the following required and desired objectives:
Required objective: The security policy repository must be backed up no less frequently than every 24
hours.
Desired objective: The NGX components that enforce the Security Policies should be backed up no less
frequently than once a week.
Desired objective: Back up NGX logs no less frequently than once a week.
Administrators should be able to view backed up logs in SmartView Tracker.
Jack’s disaster recovery plan is as follows:
Use the cron utility to run the upgrade_export command each night on the SmartCenter Servers. Configure
the organization’s routine backup software to back up the files created by the upgrade_export command.
Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night.
Use the cron utility to run the upgrade_export command each Saturday night on the Log Servers.
Configure an automatic, nightly logexport. Configure the organization’s routine backup software to back up
the export log every night.
Jack’s plan:

A. Meets the required objective but does not meet either desired objective.
B. Meets the required objective and both desired objectives.
C. Meets the required objective and only one desired objective.
D. Does not meet the required objective.
Correct Answer: B QUESTION 110
Anna is working at Certkiller .com, together with three other Security Administrators. Which SmartConsole tool should she use to check changes to rules
or object properties other administrators made?
A. SmartDashboard
B. SmartView Tracker
C. Eventia Tracker
D. Eventia Monitor
E. SmartView Monitor

Correct Answer: B QUESTION 111
When you find a suspicious connection from a problematic host, you want to block everything from that whole network, not just the host. You want to block this for an hour, but you do not want to add any rules to the Rule Base. How do you achieve this?
A. Create a Suspicious Activity rule in SmartView Tracker.
B. Create a Suspicious Activity Rule in SmartView Monitor.
C. Create an “FW SAM” rule in SmartView Monitor.
D. Select “block intruder” from the Tools menu in the SmartView Tracker.

Correct Answer: B QUESTION 112
Your internal network is using 10.1.1.0/24. This network is behind your perimeter NGX VPN-1 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
A. Use automatic Static NAT for network 10.1.1.0/24.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
C. Use manual Static NAT on the client side for network 10.1.1.0/24
D. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
E. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
Correct Answer: D QUESTION 113
Which of these changes to a Security Policy optimizes Security Gateway performance?
A. Using domain objects in rules when possible
B. Using groups within groups in the manual NAT Rule Base
C. Putting the least-used rule at the top of the Rule Base
D. Logging rules as much as possible E. Removing old or unused Security Policies from Policy Packages
Correct Answer: E QUESTION 114
Nelson is a consultant. He is at a customer’s site reviewing configuration and logs as a part of a security audit. Nelson sees logs accepting POP3 traffic, but he does not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause? The POP3:
A. service is a VPN-1 Control Connection.
B. rule is hidden.
C. service is accepted in Global Properties.
D. service cannot be controlled by NGX.
E. rule is disabled.

Correct Answer: B QUESTION 115
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and View hidden rules. Select the rule, right-click, and select Disable.
B. Uninstall the Security Policy, and the disable the rule.
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again.
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule.
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rule(s)”.
Correct Answer: E QUESTION 116
Certkiller is the IT auditor for a bank. One of her responsibilities is reviewing the Security Administrators activity and comparing it to the change log. Which application should Certkiller use to view Security Administrator activity?
A. NGX cannot display Security Administrator activity
B. SmartView Tracker in Real-Time Mode
C. SmartView Tracker in Audit Mode
D. SmartView Tracker in Log Mode
E. SmartView Tracker in Activity Mode
Correct Answer: C QUESTION 117
Andrea has created a new gateway object that she will be managing at a remote location. She attempts to install the Security Policy to the new gateway object, but the object does not appear in the “install on” box. Which of the following is the most likely cause?
A. Andrea has created the object using “New Check Point > VPN-1 Edge Embedded Gateway”
B. Andrea created the gateway object using the “New Check Point > Externally Managed VPN Gateway” option from the Network Objects dialog box.
C. Andrea has not configured anti-spoofing on the interfaces on the gateway object.
D. Andrea has not configure Secure Internal Communications (SIC) for the oject.
E. Andrea created the Object using “New Check Point > VPN-1 Pro/Express Security Gateway” option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.

Correct Answer: B
QUESTION 118
Certkiller is recently hired as the Security Administrator for Certkiller .com. Jack Bill’s manager has asked
her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Certkiller
must propose a plan based on the following required and desired results:
Required Result #1: Do not purchase new hardware.
Required Result #2: Use configuration changes the do not reduce security.
Desired Result #1: Reduce the number of explicit rules in the Rule Base.
Desired Result #2: Reduce the volume of logs.
Desired Result #3: Improve the Gateway’s performance.
Proposed solution:

*
Replace all domain objects with network and group objects.

*
Check “Log implied rules” and “Accept ICMP requests” in Global Properties.

*
Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP. Does Certkiller’s proposed solution meet the required and desired results?

A.
The solution meets all required and desired results.

B.
The solution meets all required, and one of the desired results.

C.
The solution meets all required, and two of the desired results.

D.
The solution meets all required, and none of the desired results.

E.
The solution does not meet the required results.
Correct Answer: E
QUESTION 119
You create implicit and explicit rules for the following network. The group object
“internal-networks” include networks 10.10.10.0 and 10.10.20.0. Assume “Accept ICMP requests” is enabled as before last in the Global Properties.

Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet, by IP address? ICMP will be:
A. dropped by rule 0
B. dropped by rule 2, the Cleanup Rule
C. accepted by rule 1
D. dropped by the last implicit rule
E. accepted by the implicit rule
Correct Answer: C QUESTION 120
What does schema checking do?
A. Authenticates users attempting to access resources protected by an NGX Security Gateway.
B. Verifies that every object class, and its associated attributes, is defined in the directory schema.
C. Maps LDAP objects to objects in the NGX objects_5_0.c files.
D. Verifies the Certificate Revocation List for Certificate Validity.
E. Provides topology downloads for SecuRemote and SecureClient users authenticated by an LDAP server.

Correct Answer: B QUESTION 121
Certkiller is about to test some rule and object changes suggested in an NGX newsgroup. Which backup and restore solution should Certkiller use, to ensure she can most easily restore her Security Policy to its previous configuration, after testing the changes?
A. SecurePlatform backup utilities
B. Manual copies of the $FWDIR/conf directory
C. Upgrade_export and upgrade_import commands
D. Policy Package management
E. Database Revision Control

Correct Answer: E QUESTION 122
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule
A. internal_clear>All-GwToGw
B. Communities>Communities
C. Internal_clear>External_Clear
D. Internal_clear>Communities
E. Internal_clear>All_communities
Correct Answer: E QUESTION 123
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit.

After being authenticated by the Security Gateway when a user starts an HTTP connection to a Web site the user tries to FTP to another site using the command line. What happens to the user? The….
A. FTP session is dropprd by the implicit Cleanup Rule.
B. User is prompted from the FTP site only, and does not need to enter username nad password for the Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.

Correct Answer: B

You will pass your CheckPoint 156-215 exam GUARANTEED using our accurate CheckPoint 156-215 practice questions and answers PDF&VCE dumps. Flydumps exam dumps will help you not only pass in the first try, but also save your valuable time. Give your career a boost and start earning your Microsoft certification today!

Pass4itsure hp0-m52 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/hp0-m52.html

CheckPoint 156-215 Dumps PDF, Most Popular CheckPoint 156-215 Exam practice

CheckPoint 156-215 Certification Exam, Best Quality CheckPoint 156-215 Exam Dumps With The Knowledge And Skills

Welcome to download the newest Pass4itsure eada10 VCE dumps: http://www.pass4itsure.com/eada10.html

Flydumps CheckPoint 156-215 exam questions and answers in PDF are prepared by our expert,Moreover,they are based on the recommended syllabus covering all the  CheckPoint 156-215 exam objectives.You will find them to be very helpful and precise in the subject matter since all the CheckPoint 156-215 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.

QUESTION 109
Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?
A. 514
B. 256
C. 257
D. 258

Correct Answer: C
QUESTION 110
In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port_____.
A. 256
B. 80
C. 900
D. 259

Correct Answer: A
QUESTION 111
What port is used for communication to the User Center with SmartUpdate?
A. CPMI 200
B. HTTPS 443
C. HTTP 80
D. TCP 8080

Correct Answer: B
QUESTION 112
The security gateway is installed on Secure Platform R71. The default port for the web user is _______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443

Correct Answer: D
QUESTION 113
In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the SeiNrity Gateway to communicate to the Security Management Server on port______.
A. 259
B. 257
C. 900
D. 256
Correct Answer: B

QUESTION 114
Identify the ports to which the Client authentication daemon listens default?
A. 256, 600
B. 80, 256
C. 8080, 529
D. 259, 900
Correct Answer: D Exam C

QUESTION 1
If you run fw monitor without any parameters, what does the output display?
A. In /var/adm/monitor. Out
B. On the console
C. In /tmp/log/monitor ?out
D. In / var/log/monitor. out

Correct Answer: A QUESTION 2
Which statement defines Public Key Infrastructure? Security is provided:
A. By authentication
B. By Certificate Authorities, digital certificates, and two-way symmetric- key encryption
C. By Certificate Authorities, digital certificates, and public key encryption.
D. Via both private and public keys, without the use of digital Certificates.

Correct Answer: D QUESTION 3
As a Security Administrator, you are required to create users for authentication. When you create a user for user authentication, the data is stored in the ___________.
A. SmartUpdate repository
B. User Database
C. Rules Database
D. Objects Database

Correct Answer: B QUESTION 4
Why are certificates preferred over pre-shared keys in an IPsec VPN?
A. Weak scalability: PSKs need to be set on each and every Gateway
B. Weak performance: PSK takes more time to encrypt than Drffie-Hellman
C. Weak security: PSKs can only have 112 bit length.
D. Weak Security. PSK are static and can be brute-forced

Correct Answer: D QUESTION 5
If you are experiencing LDAP issues, which of the following should you check?
A. Domain name resolution
B. Overlapping VPN Domains
C. Secure Internal Communications (SIC)
D. Connectivity between the R71 Gateway and LDAP server

Correct Answer: D QUESTION 6
Choose the BEST sequence for configuring user management in SmartDashboard, Using an LDAP server.
A. Enable LDAP in Global Properties; configure a host-node object for the LDAP server, a Unit.
B. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.

Correct Answer: B QUESTION 7
You have configured automatic static NAT on an internal host-node object. You clear the box Translate destination on client site from global properties Nat. assuming all other settings on all properties are selected, what else must be configured so that a host on internet can initiate an inbound connection to this host.
A. A static route to ensure packets destined for the public NAT IP address will reach the Gateway’s internal interface.
B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s external interface.
C. The NAT IP address must be added to the anti-spoofing group of the external gateway interface
D. No extra configuration is needed

Correct Answer: B QUESTION 8
Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard?
A. Mesh
B. Star
C. Routed
D. Remote Access

Correct Answer: B QUESTION 9
You have blocked an IP address via the Block Intruder feature of SmartView Tracker How can you view the blocked addresses’?
A. Run f wm blockedview.
B. In SmartView Monitor, select the Blocked Intruder option from the query tree view
C. In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list
D. In SmartView Tracker, click the Active tab. and the actively blocked connections displays

Correct Answer: C QUESTION 10
John is the Security Administrator in his company He installs a new R71 Security Management Server and a new R71 Gateway He now wants to establish SIC between them. After entering the activation key, the message “Trust established” is displayed in SmartDashboard, but SIC still does not seem to work because the policy won’t install and interface fetching still does not work. What might be a reason for this?
A. This must be a human error.
B. The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.
C. SIC does not function over the network.
D. It always works when the trust is established.

Correct Answer: B QUESTION 11
What are you required to do before running upgrade__ export?
A. Run cpconfig and set yourself up as a GUI client.
B. Run a cpstop on the Security Management Server
C. Run a cpstop on the Security Gateway.
D. Close all GUI clients

Correct Answer: BCD
QUESTION 12
You are installing a Security Management Server Your security plan calls for three administrators for this particular server. How many can you create during installation’?
A. Depends on the license installed on the Security Management Server
B. Only one with full access and one with read-only access
C. One
D. As many as you want

Correct Answer: C
QUESTION 13
You are installing your R71Security Gateway. Which is NOT a valid option for the hardware platform?
A. Crossbeam
B. Solaris
C. Windows
D. IPSO

Correct Answer: B
QUESTION 14
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R71. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R71 Gateway.
B. The Allow control connections setting in Policy > Global Properties has been unchecked.
C. The Security Policy installed to the Gateway had no rules in it
D. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.

Correct Answer: B
QUESTION 15
In previous version, the full TCP three-way handshake was sent to the firewall kernel for inspection. How is this improved in current Flows/SecureXL?
A. Only the initial SYN packet is inspected The rest are handled by IPSO
B. Packets are offloaded to a third-party hardware card for near-line inspection 46
C. Packets are virtualized to a RAM drive-based FW VM
D. Resources are proactively assigned using predictive algorithmic techniques
Correct Answer: A

QUESTION 16
Which command displays the installed Security Gateway version?
A. fw stat
B. cpstat -gw
C. fw ver
D. tw printver

Correct Answer: C QUESTION 17
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and IPS Policies.
B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
C. The collective name of the logs generated by SmartReporter.
D. A global Policy used to share a common enforcement policy for multiple Security Gateways.

Correct Answer: B QUESTION 18
What CANNOT be configured for existing connections during a policy install?
A. Keep all connections
B. Keep data connections
C. Reset all connections
D. Re-match connections

Correct Answer: C QUESTION 19
Which OPSEC server can be used to prevent users from accessing certain Web sites?
A. LEA
B. AMON
C. UFP
D. CVP

Correct Answer: C QUESTION 20
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access after the next Phase 2 exchange occurs?
A. Perfect Forward Secrecy
B. SHA1 Hash Completion
C. Phase 3 Key Revocation
D. M05 Hash Completion

Correct Answer: A QUESTION 21
You are trying to save a custom log query in R71 SmartView Tracker, but getting the following error “Could not save ‘query-name’ (Error Database is Read only).Which of the following is a likely explanation for this?
A. You have read-only rights to the Security Management Server database.
B. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization
C. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally
D. Another administrator is currently connected to the Security Management Server with read/write 48 permissions which impacts your ability to save custom log queries to the Security Management Server.

Correct Answer: A
QUESTION 22
Your company’s Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:
A. Client Authentication for fully automatic sign on
B. Client Authentication rule using the manual sign-on method, using HTTP on port 900
C. Client Authentication rule, using partially automatic sign on
D. Session Authentication rule

Correct Answer: B
QUESTION 23
Which rule is responsible for the installation failure?

A. Rule 4
B. Rule 3
C. Rule 5
D. Rule 6

Correct Answer: A
QUESTION 24
If you experience unwanted traffic from a specific IP address, how can you stop it most quickly?
A. Check anti-spoofing settings
B. Configure a rule to block the address
C. Create a SAM rule
D. Activate an IPS protection

Correct Answer: C
QUESTION 25
You are evaluating the configuration of a mesh VPN Community used to create a site-to-site VPN. This
graphic displays the VPN properties in this mesh Community

Which of the following would be a valid conclusion?
A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key Security Gateway R71 supports.
B. Changing the setting Perform IPsec data encryption with from AES-128 to 3DES will increase the encryption overhead.
C. Changing the setting Perform key exchange encryption with 3DES to DES will enhance the VPN Community’s security, and reduce encryption overhead.
D. Change the data-integrity settings for this VPN CommunitybecauseMD5 is incompatible with AES.

Correct Answer: A
QUESTION 26
You just installed a new Web server in the DMZ that must be reachable from the Internet You create a manual Static NAT rule as follows:

“web_publicIP” is the node Object that represents the public IP address of the new Web server. “web_privateIP” is the node object that represents the new Web site’s private P address You enable all settings from Global Properties > NAT.When you try to browse the Web server from the Internet, you see
the error ‘page cannot be displayed” Which of the following is NOT a possible reason?
A. There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.
B. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
C. There is an ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration are enabled in Global Properties. The Security Gateway ignores manual ARP entries.
D. There is no ARP table entry for the public IP address of the protected Web server

Correct Answer: A
QUESTION 27
Which of the following SSL Network Extender server-side prerequisites is NOT correct?
A. The Gateway must be configured to work with Visitor Mode.
B. There are distinctly separate access rules required for SecureClient users vs. SSL Network Extender users.
C. To use Integrity Clientless Security (ICS), you must install the IC3 server or configuration tool.
D. The specific Security Gateway must be configured as a member of the Remote Access Community

Correct Answer: B
QUESTION 28
You need to determine if your company’s Web servers are accessed an excessive number of times from the same host. How would you configure this in the IPS tab?
A. Successive multiple connections
B. Successive alerts
C. Successive DoS attacks
D. HTTP protocol inspection

Correct Answer: A
QUESTION 29
What does it indicate when a Check Point product name includes the word “SMART”?
A. Stateful Management of all Routed Traffic.
B. This Check Point product is a GUI Client.
C. Security Management Architecture.
D. The Check Point product includes Artificial Intelligence.
Correct Answer: C

QUESTION 30
How many times is the firewall kernel invoked for a packet to be passed through a VPN connection?
A. Three times
B. Twice
C. Once
D. None The IPSO kernel handles it

Correct Answer: C
QUESTION 31
When attempting to connect with SecureClient Mobile the following error message is received. The certificate provided is invalid. Please provide the username and password.What is the probable cause of the error?
A. The certificate provided is invalid.
B. The user’s credentials are invalid.
C. The user attempting to connect is not configured to have an office mode IP address so the connection failed.
D. There is no connection to the server, and the client disconnected.

Correct Answer: A
QUESTION 32
The fw stat -l command includes all of the following except:
A. The number of packets that have been inspected
B. The date and time of the policy that is installed.
C. The number of times the policy has been installed
D. The number of packets that have been dropped

Correct Answer: A
QUESTION 33
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway’s side with the cpconfig command and put in the same activation key in the Gateway’s object on the Security Management Server Unfortunately SIC cannot be established. What is a possible reason for the problem?
A. The installed policy blocks the communication.
B. Joe forgot to reboot the Gateway.
C. Joe forgot to exit from cpconfig.
D. The old Gateway object should have been deleted and recreated.

Correct Answer: C
QUESTION 34
The TotallyCoolSecurity Company has a large security staff. Bob configured a new IPS Chicago_Profile for fw-chicago using Detect mode. After reviewing logs, Matt noticed that fw- chicago is not detecting any of the IPS protections that Bob had previously setup. Analyze the output below and determine how can correct the problem.

A. Matt should re-create the Chicago_Profile and select Activate protections manually Instead of per the IPS Policy
B. Matt should activate the Chicago_Profile as it is currently not activated
C. Matt should assign the fw-chicago Security Gateway to the Chicago_Profile
D. Matt should change the Chicago_Profile to use Protect mode because Detect mode will not work.

Correct Answer: C
QUESTION 35
Which statement below describes the most correct strategy for implementing a Rule Base?
A. Add the Stealth Rule before the last rule.
B. Umit grouping to rules regarding specific access.
C. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down.
D. Place a network-traffic rule above the administrator access rule.

Correct Answer: C
QUESTION 36
An Administrator without access to SmartDashboard installed a new IPSO-based R71 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
A. You first need to create a new UTM-1 Gateway object, establish SIC via the Communication button, and define the Gateway’s topology.
B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server You must initialize SIC on the Security Management Server.
C. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance Resolve by running the tw unloadlocal command on the local Security Gateway.
D. You first need to run the fw unloadlocal command on the R71 Security Gateway appliance in order to remove the restrictive default policy.

Correct Answer: B
QUESTION 37
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. diag
B. cpinfo -o date.cpinfo.txt
C. netstat > date.netstat.txt
D. cpstat > date.cpatat.txt
Correct Answer: B

QUESTION 38
R71’s INSPECT Engine inserts itself into the kernel between which tow layers of the OSl model?
A. Physical and Data
B. Session and Transport
C. Presentation and Application
D. Data and Network

Correct Answer: C
QUESTION 39
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the “I”, “I”, and ‘o’ inspection points, but not in the ‘O’ inspection. Which is the likely source of the issue?
A. The packet has been sent out through a VPN tunnel unencrypted.
B. An IPSO ACL has blocked the outbound passage of the packet.
C. A SmartDefense module has blocked the packet
D. It is an issue with NAT

Correct Answer: D
QUESTION 40
Your company has two headquarters, one in London, and one in New York Each office includes several branch offices. The branch offices need to rate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the center of the Community and its branches as satellites The mesh Community includes only New York and London Gateways.
B. One star Community with the option to “mesh” the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite window.
C. Two mesh and one star Community One mesh Community is set up for each of the 57 headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite.
D. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.

Correct Answer: A
QUESTION 41
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped Security Policy?
A. Pop-up alert script
B. User-defined alert script
C. Custom scripts cannot be executed through alert scripts
D. SNMP trap alert script

Correct Answer: B
QUESTION 42
The command fw fetch causes the:
A. Security Management Server to retrieve the IP addresses of the target Security Gateway.
B. Security Gateway to retrieve the compiled policy and inspect code from the Security Management Server and install it to the kernel
C. Security Gateway to retrieve the user database information from the tables on the Security Management Server
D. Security Management Server to retrieve the debug logs of the target Security Gateway

Correct Answer: B
QUESTION 43
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credential. What must happen after authentication that allows the client to connect to the Security Gateway’s VPN domain?
A. Active-X must be allowed on the client.
B. An office mode address must be obtained by the client.
C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
D. The SNX client application must be installed on the client.

Correct Answer: A
QUESTION 44
Which authentication type requires specifying a contact agent in the Rule Base?
A. Client Authentication with Partially Automatic Sign On
B. User Authentication
C. Session Authentication
D. Client Authentication with Manual Sign On

Correct Answer: C
QUESTION 45
You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it m real time and verify it is successfully blocked?
A. Highlight the suspicious connection in SmartView Tracker > Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
B. Highlight the suspicious connection in SmartView Tracker > Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
C. Highlight the suspicious connection in SmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
D. Highlight the suspicious connection in SmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.

Correct Answer: B
QUESTION 46
How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Rule as the first explicit rule?
A. You can access the Revocation list by means of a browser using the URL: <https: //IP-FW:18264/ ICA_CRLI.crl> provided the implied rules are activated per default
B. The CRL is encrypted, so it is useless to attempt to access it.
C. You cannot access the CRL, since the Stealth Rule will drop the packets
D. You can only access the CRI via the Security Management Server as the internal CA is located on that server

Correct Answer: A
QUESTION 47
You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interface and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/conf/route.C
B. /etc/sysconfig/netconf.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
Correct Answer: B
QUESTION 48
You are Security Administrator preparing to deploy a new HFA (HOTfix Accumulator) to ten Security Gateways at five geographically separate locations.What is the BEST method to implement this HFA?
A. Send a Certified Security Engineer to each site to perform the update.
B. Use SmartUpdate to install the packages to each of the Security Gateways remotely
C. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, imitate a remote installation command and monitor the installation progress with SmartView Monitor
D. Send a CD-ROM with the HFA to each location and have local personnel install it.

Correct Answer: B QUESTION 49
You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as the default user expert and start cpinfo.
B. No action is needed because cpshell has a timeout of one hour by default.
C. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinto.

Correct Answer: C QUESTION 50
Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. Policy Package management
B. dbexport/dbimport
C. Database Revision Control
D. upgrade_export/upgrade_import

Correct Answer: C QUESTION 51
Your Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker’s IP at a peak time of day?
A. SAM – Block Intruder feature of SmartView Tracker
B. Intrusion Detection System (IDS) Policy install
C. SAM – Suspicious Activity Rules feature of SmartView Monitor
D. Change the Rule Base and install the Policy to all Security Gateways

Correct Answer: C QUESTION 52
Which of the following statements about the Port Scanning feature of IPS is TRUE?
A. The default scan detection is when more than 500 open inactive ports are open for a period of 120 seconds
B. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
C. Port Scanning does not block scanning; it detects port scans with one of three levels of detection sensitivity.
D. When a port scan is detected, only a log is issued, never an alert

Correct Answer: C QUESTION 53
Reviews the following rules and note the Client Authentication Action properties screen, as shown below:

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:
A. User is prompted from that FPT site only, and does not need to enter his user name and password for Client Authentication.
B. User is prompted for Authentication by the Security Gateway again.
C. FTP data connection is dropped after the user is authenticated successfully.
D. FTP connection is dropped by rules 2.

Correct Answer: A QUESTION 54
A Web server behind the Security Gateway is set to Automatic Static NAT Client side NAT is enabled in the Global Properties. A client on the Internet initiates a session to the Web Server. On the initiating packet, NAT occurs on which inspection point?
A. I B. O
B. o
C. i

Correct Answer: B QUESTION 55
Which of the following statements about file-type recognition in Content Inspection is TRUE?
A. Antivirus status is monitored using SrnartView Tracker.
B. A scan failure will only occur if the antivirus engine fails to initialize.
C. All file types are considered “at risk”, and are not configurable by the Administrator or the Security Policy.
D. The antivirus engine acts as a proxy, caching the scanned file before delivering it to the client.

Correct Answer: D QUESTION 56
Which Security Gateway R71 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:
A. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment
B. Time properties, adjusted on the user objects for each user, in the source of the Client Authentication rule
C. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled
D. Refreshable Timeout setting, in the Limits tab of the Client Authentication Action Properties screen

Correct Answer: D
QUESTION 57
What information is found in the SmartView Tracker Management log?
A. Most accessed Rule Base rule
B. Number of concurrent IKE negotiations
C. SIC revoke certificate event
D. Destination IP address

Correct Answer: C
QUESTION 58
When configuring objects in SmartMap, it helps if you________ the objects so that they may be used in a policy rule.
A. Expand
B. Actualize
C. Physically connect to
D. Save

Correct Answer: B
QUESTION 59
You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?
A. First
B. Before Last
C. Last
D. After Stealth Rule

Correct Answer: C
QUESTION 60
Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R71 installation. Your plan must meet the following required and desired objectives:
Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours. Desired Objective: The R71 components that enforce the Security Polices should be blocked up at least once a week. Desired Objective: Back up R71 logs at least once a week
Your disaster recovery plan is as follows:
Use the cron utility to run the upgrade_ export command each night on the Security Management Servers. Configure the organization’s routine backup software to back up the files created by the upgrade_ export command.
Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night Use the cron utility to run the upgrade export: command each Saturday niqht on the log servers Configure an automatic, nightly loq switch Configure the organization’s routine backup software to back up the switched logs every night
Upon evaluation, your plan:
A. Meets the required objective but does not meet either desired objective.
B. Does not meet the required objective.
C. Meets the required objective and only one desired objective.
D. Meets the required objective and both desired objectives.

Correct Answer: D QUESTION 61
Your Rule Base includes a Client Authentication rule, using partial authentication and standard sign-on for HTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted for authentication, and they see error “page cannot be displayed” in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What caused Client Authentication to fail?
A. You added a rule below the Client Authentication rule, blocking HTTP from the internal network.
B. You added the Stealth Rule before the Client Authentication rule.
C. You disabled R71 Control Connections in Global Properties.
D. You enabled Static NAT on the problematic machines.

Correct Answer: B QUESTION 62
Which of the following statements regarding SecureXL and CoreXL is TRUE?
A. SecureXL is an application for accelerating connections.
B. CoreXL enables multi-core processing for program interfaces.
C. SecureXL is only available in R71.
D. CoreXL is included in SecureXL.

Correct Answer: A QUESTION 63
Your perimeter Security Gateway’s external IP is 200 200.200.3. Your network diagram shows: Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using

200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.

Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add and ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for
200.200.200.5 for the MAC address of 200.200.200.3.
D. Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create a manual NAT rule like the following Original source group object; Destination any Service -any, Translated source 200.200.200.5; Destination original, Service original.

Correct Answer: C
QUESTION 64
During which step in the installation process is it necessary to note the fingerprint for first-time verification?
A. When establishing SIC between the Security Management Server and the Gateway
B. When configuring the Security Management Server using cpconfig
C. When configuring the Security Gateway object in SmartDashboard
D. When configuring the Gateway in the WebUl

Correct Answer: B
QUESTION 65
What’s the difference between the SmartView Tracker Tool section in R71 and NGX R65?
A. Tools section in R71 is exactly the same as the tools section in R65
B. Using R71. You can choose a program to view captured packets.
C. Enable Warning Dialogs option is not available in R71
D. R71 adds a new option to send ICMP packets to the source/destination address of the log event

Correct Answer: B
QUESTION 66
Your organization has many Edge Gateways at various branch offices allowing users to access company resources. For security reasons, your organization’s Security Policy requires all Internet traffic initiated behind the Edge Gateways first be inspected by your headquarters’ R71 Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To Internet and other targets only
B. To center or through the center to other satellites, to Internet and other VPN targets
C. To center and other satellites, through center
D. To center only

Correct Answer: B
QUESTION 67
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.
B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
C. In the SmartDashboard main menu go to Policy > Policy Installation > Targets and select the correct firewall to be put into the list via Specific Targets
D. A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install.

Correct Answer: C
QUESTION 68

A. Nothing at all
B. Modify the Source 01 Destination columns in Rule 4
C. Remove the service HTTPS from the Service column in Rule A
D. Modify the VPN column in Rule 2 to limit access to specific traffic

Correct Answer: D
QUESTION 69
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External.Change topology to Others +.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External
C. The Global Properties setting Translate destination on client side is checked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Uncheck the Global Properties setting Translate destination on client side
D. The Global Properties setting Translate destination on client side is unchecked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Check the Global Properties setting Translate destination on client side.
Correct Answer: D
QUESTION 70
What information is provided from the options in this screenshot?

(i)Whether a SIC certificate was generated for the Gateway (ii)Whether the operating system is SecurePlatform or SecurePlatform Pro (iii)Whether this is a standalone or distributed installation
A. (i), (ii) and (iii)
B. (i) and (iii)
C. (i) and (ii)
D. (ii) and (iii)

Correct Answer: D
QUESTION 71
Which type of R71 Security Server does not provide User Authentication?
A. FTP Security Server
B. SMTP Security Server
C. HTTP Security Server
D. HTTPS Security Server

Correct Answer: B
QUESTION 72
Which of the following is true regarding configuration of clustering nodes?
A. Cluster nodes do not have to run exactly the same version of CheckPoint package
B. Each node must have exactly the same set of packages as all the other nodes
C. Each cluster node must run exactly the same version of R71
D. You must enable state synchronization
E. You must install R71 as an enforcement module (only) on each node
Correct Answer: BCDE

QUESTION 73
Using the Backup and Restore operation on R71, it is possible to:
A. Link the all cluster members for failover
B. Upgrade the SmartDashboard
C. Maintain a backup of the SmartCenter Management Server to be used in case of failover
D. Replace the original SmartCenter Management Server with another clone SmartCenter Management Server, while the original is being serviced
E. Upgrade the SmartCenter Management Server

Correct Answer: CDE
QUESTION 74
What directory in R71 contains all of the Rule Bases, objects, and the user database files?
A. $FWDIR/bin directory
B. Winnt/Config directory
C. $FWDIR/etc directory
D. $FWDIR/conf directory
E. $FWDIR/bin/etc directory

Correct Answer: D
QUESTION 75
Platforms IP290, IP390 and IP560 are flash-based, diskless platforms. And what do you have to do prior to upgrading their images to R71?
A. Backup old images
B. Do nothing
C. Delete old images
D. Backup their images
E. Restore old images

Correct Answer: C
QUESTION 76
You have not performed software upgrade to NGX R71. You have upgraded your license and every time you try to run commands such as cplic print; cpstop, you receive all sort of errors. In order to resolve this you will have to:
A. Remove the software
B. Do nothing. The error will go away with time
C. Remove the upgraded license
D. Upgrade the software to version NGX
E. Re-upgrade the license to the version before the upgrade

Correct Answer: D
QUESTION 77
What two conditions must be met when you are manually adding CheckPoint appliances to an existing cluster?
A. You must configure interfaces with IP addresses in each of the networks the cluster will connect to
B. R71 is not running on the system you are adding
C. The IP address should be the real IP address of a cluster interface
D. R71 is running on the system you are adding
E. The existing nodes must be running R71 and firewall monitoring is enabled on them
Correct Answer: BE

QUESTION 78
When carrying out a backup operation on R71, you will have to backup which of the following files?
A. $FWDIR/conf/objects_5_0.C
B. $FWDIR/conf/rule.fws
C. $FWDIR/database/fwauth.NDB*
D. $FWDIR/conf/rulebases_5_0.fws
E. $FWDIR/database/control.map

Correct Answer: ACD
QUESTION 79
Which tool will you use prior to installation to reduce the risk of incompatibility with the deployment to R71?
A. Compatibility Tool
B. cpconfig
C. Post-Upgrade Verification Tool
D. Pre-Upgrade Verification Tool
E. cpinfo

Correct Answer: D
QUESTION 80
In the RuleBase, which element determines what Firewall should do with a packet?
A. Destination
B. Source
C. Action
D. No
E. Service

Correct Answer: C
QUESTION 81
To distribute or upgrade a package, you must first add it to the Package Repository. You can add packages to the Package Repository from which of the following three locations?
A. User Center
B. Certificate Key
C. Check Point CD
D. Download Center
E. SmartDashboard
Correct Answer: ACD

QUESTION 82
How will you install a rule base? Choose the best answer.
A. After defining your rules in SmartDashboard , choose install from File menu
B. After defining your rules in SmartDashboard, choose Install from Policy menu
C. Before defining your rules in SmartDashboard , choose Install from View menu
D. After defining your rules in SmartDashboard, choose Install from View menu
E. Before defining your rules in SmartDashboard , choose Install from Policy menu
Correct Answer: B
QUESTION 83
How would you disable a rule?

A. By selecting the rule, then select “Disable Rule” option from Topology menu in CheckPoint SmartDashboard
B. By selecting the rule, then select “Disable Rule” option from Rules menu in SmartView Tracker
C. By selecting the rule, then select “Disable Rule” option from Rules menu in CheckPoint SmartDashboard
D. By selecting the rule, then select “Disable Rule” option from File menu in CheckPoint SmartDashboard
E. By selecting the rule, then select “Disable Rule” option from Rules menu in SmartView Status

Correct Answer: C
QUESTION 84
Which of the options below best describes the difference between the Drop action and Reject action? ( assume TCP is specified in the service column of your rulebase)
A. Drop action is the same as Reject action
B. With Drop action, the sender is not notified but with Reject action, the user is notified
C. Reject action is the same as Drop action
D. With Drop action, the sender is authenticated but with Reject action, the user is not authenticated
E. With Drop action, the sender is notified but with Reject action, the user is not Notified

Correct Answer: B
QUESTION 85
Your company has headquarters in two countries: Toronto (Canada) and Washington (USA). Each headquarter has a number of branch offices. The branch offices only need to communicate with the headquarter in their country, not with each other i.e. no branch office should communicate with another branch office.

A. You need to define two stars and a mesh
B. You need to define a star and two meshes
C. You need to define two stars and two mesh
D. You need to define three stars and two meshes
E. You need to define a star and a mesh

Correct Answer: A
QUESTION 86
The negotiation prior to the establishment of a VPN tunnel might result in the production of large packets. Some NAT devices may not fragment large packets correctly making the connection impossible. Which of the following is true as to the resolving this issue?
A. IKE over TCP can be used to solve the problem, though this problem is resolved during IKE phase 2
B. If using NAT-T, you can use Aggressive Mode
C. UDP Encapsulation method uses port number 2746 to resolve this problem
D. If using NAT-T, port 4500 must be enabled
E. IKE over TCP can be used to solve the problem, though this problem is resolved during IKE phase I
Correct Answer: CDE
QUESTION 87
How can you delete an automatic NAT rule? See the diagram if you choose wrong answer.

A. By highlighting the rule, click on Rules menu and select delete
B. By highlighting the rule and hit Delete button on your keyboard
C. By highlighting the rule, right-click and select Delete option from the emerging menu
D. By highlighting the rule, click on Edit menu and select delete
E. By modifying the object’s configuration

Correct Answer: E
QUESTION 88
The SmartUpdate command line “cprinstall get” will:
A. Install Check Point products on remote Check Point gateways
B. Verify if a specific product can be installed on the remote Check Point gateway
C. Obtain details of the products and the Operating System installed on the specified Check Point gateway, and to update the database
D. Verify that the Operating System and currently installed products are appropriate for the package
E. Delete Check Point products on remote Check Point gateways

Correct Answer: C
QUESTION 89
You ran a certain SmartUpdate command line in order to find out the location of the product repository, and the result was “Current repository root is set to : /var/suroot/”. What is the command likely to be?
A. cppkg delete
B. cppkg getroot
C. cppkg setroot
D. cppkg add
E. cppkg print

Correct Answer: B
QUESTION 90
You use the cplic db_rm command to remove a license from the license repository on the Security Management server and receive an error message stating that only detached licenses can be removed. How will you go about this in order to get license removed?
A. Go to License Tree in the SmartView Monitor, highlight the license to be removed and then detach it, then re- run cplic db_rm command
B. Run cplic db_rm twice to solve the problem
C. Manually detach the license by using the control panel and the re-run the cplic db_rm command
D. Go to License Tree in the SmartDashboard, highlight the license to be removed and then detach it, then re- run cplic db_rm command
E. Firstly, use cplic del command to detach the license then re-run the cplic db_rm Command
Correct Answer: E

QUESTION 91
What is the difference between the commands cplic db_print and cplic print?
A. cplic print will print licenses on local machine and cplic db_print will display details of licenses in repository on the Security Management server
B. Both commands do the same job
C. cplic db_print will print licenses on local machine and cplic print will display details of licenses in repository on the Security Gateway
D. cplic print will print licenses on local machine and cplic db_print will print details of licenses in repository on any components
E. cplic db_print will display licenses on local machine and cplic print will display details of licenses in repository on the SmartConsole

Correct Answer: A
QUESTION 92
The SmartUpdate command line ” cprinstall transfer” will:
A. Transfers a package from the repository to a Check Point Security Gateway without installing the package
B. Verify that the Operating System and currently installed products are appropriate for the package
C. Transfers a package from the repository to a Check Point Security Gateway and install the package
D. Obtain details of the products and the Operating System installed on the specified Check Point gateway, and to update the database
E. Verify if a specific product can be installed on the remote Check Point gateway

Correct Answer: A
QUESTION 93
What command prints the details of the Check Point licenses?
A. Pkgadd -d
B. Setup
C. Print
D. fw print
E. cplic print

Correct Answer: E
QUESTION 94
How can you reset the password of the Security Administrator that was created during initial installation of the security management sever on Secure Platform?
A. Type fwm -a, and provide the existing administrator’s account name. Reset the Security administrator’s password.
B. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the password portion of the file. Then log in to the account without a password You will be prompted to assign a new password.
C. Type cpm -a, and provide the existing administrator’s account name. Reset the Security administrator’s password.
D. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.

Correct Answer: D
QUESTION 95
You believe Phase 2 negotiations are railing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicions?
A. SmartDashboard
B. SmartView Tracker
C. SmartUpdate
D. SmartView Status

Correct Answer: B
QUESTION 96
When doing a stand-alone installation, you should install the security Management which other checkpoint architecture component?
A. Secure Client
B. Security Gateway
C. Smart Console
D. None, Security Management Server would install itself

Correct Answer: B QUESTION 97
Which component functions as the Internal Certificate Authority for R71?
A. Security Gateway
B. Management Server
C. Policy Server
D. SmartLSM

Correct Answer: B QUESTION 98
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?
A. SmartLSM and SmartUpdate
B. SmartView Tracker and SmartView Monitor
C. SmartView Monitor and SmartUpdate
D. SmartDashboard and SmartView Tracker

Correct Answer: C QUESTION 99
Your bank’s distributed R71 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?
A. SmartView Tracker
B. Smart Portal
C. SmartUpdate
D. SmartDashboard

Correct Answer: B QUESTION 100
You are reviving the security administrator activity for a bank and comparing it to the change log.How do you view Security Administrator activity?
A. SmartView Tracker cannot display Security Administrator activity: instead, view the system logs on the Security Management Server’s Operating System
B. SmartView Tracker in Management Mode
C. SmartView Tracker in Active Mode
D. SmartView Tracker in Network and Endpoint Mode

Correct Answer: D QUESTION 101
Which R71 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?
A. SmartView Status
B. SmartView Monitor
C. None, SmartConsole applications only communicate with the Security Management Server.
D. SmartUpdate

Correct Answer: C QUESTION 102
Which can an administrator configure the notification action of a policy install time change?
A. SmartView Tracker I Audit Log
B. SmartView Monitor/ Gateways I Thresholds Settings
C. SmartDashboard / Security Gateway Object I Advanced Properties Tail
D. SmartDashboard / Policy Package Manager

Correct Answer: B QUESTION 103
Which R71 GUI would you use to see the number of packets accepted since the last policy install?
A. SmartView Monitor
B. SmartView Status
C. SmartView Tracker
D. SmartDashboard

Correct Answer: C QUESTION 104
From the output below, where is the fingerprint generated?

A. SmartUpdate
B. Security Management Server
C. SmartDashboard
D. SmartConsole

Correct Answer: B
QUESTION 105
Certificates for Security Gateways are created during a simple initialization from______.
A. SmartUpdate
B. sysconfig
C. The ICA management tool.
D. SmartDashboard

Correct Answer: D
QUESTION 106
Which SmartConsole component can Administrators use to track remote administrative activities?
A. WebUI
B. Eventia Reporter
C. SmartView Monitor
D. SmartView Tracker

Correct Answer: D
QUESTION 107
Anti-Spam status is monitored using which of the following tool?
A. Cpconfig
B. SmartView Tracker
C. Eventia Reporter
D. SmartView Monitor
E. SmartDashboard

Correct Answer: D
QUESTION 108
A third shift Security Administrator configured and installed a new Security Policy early this morning when you arrive he tells you that he has been Receiving complaints that Internet very slow. You suspect the security Gateway virtual memory might be the problem. Which smart console component would you use to verify this?
A. SmartView Tracker
B. SmartView Monitor
C. This information can only be viewed with fw ctl pstat command from the CLI
D. Eventia Analyzer

Correct Answer: B
QUESTION 109
Which smear view tracker selection would most effectively show who installed a security policy blocking all traffic from the corporate network?
A. Custom filter
B. Network and Endpoint tab
C. Management Tab
D. Active tab

Correct Answer: C
QUESTION 110
What do you use to view a R71 security Gateway’s status, including CPU use, amount of virtual memory, percent of free hard disk space, version?
A. Only possible via command line tools
B. SmartView Tracker
C. SmartView Monitor
D. SmartUpdate

Correct Answer: C QUESTION 111
A marketing firm’s networking team is typing to troubleshoot user complaints regarding access audio-streaming material from the internet. The networking team asks you to check the object and rule configuration settings for perimatre security Gateway. Which SmartConsole application should you use to check these object and rules?
A. Smart View Tracker
B. SmartView Status
C. SmartView Monitor
D. Smart Dashboard

Correct Answer: D QUESTION 112
You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?
A. Eventia Monitor
B. SmartView Monitor
C. SmartView Tracker
D. Eventia Tracker

Correct Answer: C QUESTION 113
Which R71 component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time?
A. Smart Event
B. SmartView Monitor
C. SmartView Status
D. SmartUpdate

Correct Answer: B QUESTION 114
Hot Area:

Correct Answer:
Exam D QUESTION 1
What physical machine must have access to the user Centre center public IP address when checking for new packages with SmartUpdates?
A. Smart Update GUI PC
B. SmartUpdate Repository SQL database server
C. A security gateway retrieving the new Upgrade Package
D. SmartUpdate installed security management server PC

Correct Answer: D QUESTION 2
What physical machine must have access to the User Center public IP address when checking for new packages with smartUpdate?
A. SmartUpdate GUI PC
B. SmartUpdate Repository SQL database Server
C. A Security Gateway retrieving the new upgrade package
D. SmartUpdate installed Security Management Server PC Correct Answer: A

Flydumps.com new CheckPoint 156-215 study guides that you use have been rigorously tested by International experts. Choose Flydumps both save your time and money. And our products will satisfy you.

Pass4itsure eada10 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/eada10.html

CheckPoint 156-215 Certification Exam, Best Quality CheckPoint 156-215 Exam Dumps With The Knowledge And Skills

Checkpoint 156-215 Exam Questions, Buy Best Checkpoint 156-215 Preparation Materials For Download

Welcome to download the newest Pass4itsure C2180-374 VCE dumps: http://www.pass4itsure.com/C2180-374.html

The Checkpoint 156-215 exam questions and answers in. pdf from Flydumps is the most reliable guide for Microsoft exams.A large number of successful candidates have shown a lot of faith in our Checkpoint 156-215 exam question and answers in PDF.If you want pass the Microsoft certificate exam,please choose Flydumps.

QUESTION 112
How can | verify the policy version locally instead on the firewall?
A. Fw ver
B. Fw ctk iflist
C. Fw ver -k
D. Fw stat

Correct Answer: C QUESTION 113
Which of the following statements accurately describes the upgrade_export command?
A. Upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included before exporting.
B. Used when upgrading the Security Gateway, upgrade_export includes modified files directory.
C. Upgrade_export stores network-configuration data, objects, global properties, and the data base revisions prior to upgrading the security Management Server.
D. Used primarily when upgrading the Security Management Server. Upgrade_export stores all object database and the conf directions for importing to a newer version of the Security Gateway.

Correct Answer: A QUESTION 114
What port is used for fommunication to the User Center with SmartUpdate?
A. CPMI200
B. HTTPS443
C. HTTP 80
D. TCP 8080

Correct Answer: B
QUESTION 115
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway’s side with the cpconfig command and put in the same activation key in the Gateway’s object on the Security Management Server Unfortunately SIC cannot be established. What is a possible reason for the problem?
A. The installed policy blocks the communication.
B. Joe forgot to reboot the Gateway.
C. Joe forgot to exit from cpconfig.
D. The old Gateway object should have been deleted and recrested.

Correct Answer: D
QUESTION 116
Why are certificates preferred over pre-shared keys in an IP sec VPN?
A. Weak scalability: PSKs need to be set on each and even Gateway
B. Weak performance: PSK takes more time to encrypt than Drffie-Hellman
C. Weak security: PSKs can only have 112 bit length
D. Weak Security. PSK are static and can be brute-forced

Correct Answer: D
QUESTION 117
What is the officially accepted diagnostic tool for IP appliance support?
A. Ipsinfo
B. Uag-diag
C. CST
D. cpinfo
Correct Answer: C
QUESTION 118
Which SmartConsole component can Administrators use to track remote administrative activities?
A. WebUI
B. Eventia Reporter
C. SmartView Montor
D. SmartView Tracker
Correct Answer: D
QUESTION 119
If you experience unwanted traffic from a specific IP address, how can you stop it most quickly?
A. Check anti-spoofing settings
B. Configure a rule to block the address
C. Create a SAM rule
D. Activate an IPS protection

Correct Answer: C
QUESTION 120
Totallu cool security company has a large security staff. Bob configures a new Ips Chicago_Profile for fw_ chicago using Delete mode. After reviewing Matt noticed that Fw_ chicago is not directing any of the IP protection that Bob had previously setup. Analyze the output below and determine how matt correct the problem.

A. Matt should re-create the Chicago_Profile and select activate protections manually instead of per the IPS policy.
B. Matt should re-create the Chicago_Profile as it is currently not activated.
C. Matt should assing the fw_Chicago Security Gateway to the Chicago Profile
D. Matt should re-create the Chicago_Profile to use protect mode because detect mode will not work

Correct Answer: C
QUESTION 121
The Check Point Security Gateway’s Virtual machine 9kernel) exists between which two layers of the OSI model?
A. Session and Network layers
B. Application and Presesentation layers
C. Physical and Data link layers
D. Network and Data link layers

Correct Answer: D
QUESTION 122
R71’s IINSPECT Engine inserts itself into the kernel between which tow layers of the OSI model?
A. Physical and Data
B. Session and Transport
C. Presentation and Application
D. Data and Network
Correct Answer: D
QUESTION 123
The thired shift administrator was updatingsecurity management server access setting in global properties.
He managed to lock the entire Aministrator out oftheir accounts?
A. Logging to smart dash board as special cpconfig_administrator object and select Unlock.
B. Type fwm lock_admin 璾a from the command line of the security management server

C. Reinstall the security management Server and restore using upgrade_imort

D. Delete the file admin lock in the sfwdir/ tmp/directory of the security management server.

Correct Answer: C QUESTION 124
Which of the following statements BEST describes Check Point’s Hide Network Checkpoints Address Translation method?
A. Translates many source IP addresses into one source IP address
B. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both secure and destination IP address translation.
C. Translates many destination IP addresses into one destination IP address
D. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Secure and Destination IUP address translation.

Correct Answer: A QUESTION 125
You are the security administrator in a large company called ABC. A Check point firewall is installed and is in use on secure platform. You are concerned. That the system mighy not be retaining your entries for the interfaces and routing configurations. You would like to verlty your entries in the corresponding Files(s) on secure platform. Where can you view them? Give the best answer
A. / etc / conf / toute.c
B. /etc / sysconfig / netconf.c
C. /ets / sysconfig / netconf-scripts / ifcfg-ethx
D. /etc / sysconfid / network

Correct Answer: B QUESTION 126
Which of the following describes the default behavior of an R71 Security Gateway/
A. Traffic is filtered using contuolled port scanning.
B. All traffic is expressly permitted via explicit rules.
C. Traffic not explicitly permitted is dropped.
D. IP protocol types listed as secure are allowed by default, i.e ICMP, TCP, UDP sessions are inspected.

Correct Answer: C QUESTION 127
The Internal Certificate Authority (ICA) CANNOT be used for:
A. Virtual Private Network (VPN) Certificates for gateways
B. NAT rules
C. Remote-access users
D. SIC connections

Correct Answer: B QUESTION 128
Which rule is responsible for the installation failure?
A. Rule 4
B. Rule 3
C. Rule 5
D. Rule 6

Correct Answer: A
QUESTION 129
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. diag
B. cpinfo -o data.cpinfo.txt
C. netstat> data.netstat.txt
D. cpstat> data.cpatat.txt

Correct Answer: B
QUESTION 130
What information is found in the Smartview Tracker management log?
A. Rule author
B. TCP handshake average duration
C. TCP souce port
D. Top used QOS rule

Correct Answer: C
QUESTION 131
Smart Directory (LDAP) new features include which of the following? Select the all correct answers.
A. The use of authentication algorithm
B. Suport of Multiple SmartDirectory ( LDAP) Vendors using Profiles
C. Suport of Multiple SmartDirectory ( LDAP) servers
D. High Availability
E. The use of encrypted or non-encrypted SmartDirectory (LDAP) Connections
Correct Answer: BCDE
QUESTION 132
Which fw monitor utility would be best to troubleshoot which of the following problem?
A. An error occurs when editing a network object in SmartDashboard
B. A statically NATed Web server behind a Security Gateway cannot be reached from the Internet
C. You get an invalid ID error in SmartView Tracker for phase 2 IKE key negotiations.
D. A user in the user database is corrupt.
Correct Answer: B
QUESTION 133
Which component functions as the Internal Certificate Authority for R71?
A. Security Gateway
B. Management Server
C. Policy Server
D. SmartL SM

Correct Answer: B QUESTION 134
URL Filtering Policy ran make exceptions for specific sites by being enforced?
A. Only for specific sources and destinations
B. For all traffic, except on specific sources and destinations
C. For all traffic, except blocked sites
D. For all traffic, There are no exceptions

Correct Answer: B QUESTION 135
Where are automatic NAT rules added to the Rule Base?
A. Before last
B. Middle
C. First
D. Last

Correct Answer: D QUESTION 136
Which R71 GUI would you use to use to see the number of packets accepted since the last policy install?
A. SmartView Monitor
B. SmartView Status
C. SmartView Tracker
D. SmartDashboard

Correct Answer: C QUESTION 137
In what situation will you consider and deploy policy management conventions?
A. No available answer
B. In some situations
C. In some rear situation
D. In all situations
E. Not in any situation

Correct Answer: D QUESTION 138
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the “I”, “I”, and `o’ inspection points, but not in the `O’ inspection. Which is the likely source of the issue?
A. The packet has been sent out through a VPN tunnel unencrypted.
B. An IPSO ACL has blocked the outbound passage of the packet.
C. A SmartDefense module has blocked the packet
D. It is an issue with NAT

Correct Answer: D QUESTION 139
Which of the following is viable consideration when determining rule base order?
A. Grouping functionality related rules together
B. Grouping rules by date of creation
C. Grouping authentication rules with address translation rules
D. Grouping reject and drop rules after the clesnup rule

Correct Answer: A
QUESTION 140
The fw stat -l command includes all of the following except:
A. The number of packets that have been inspected
B. The date and tome of the policy that is installed.
C. The number of times the policy has been installed
D. The number of packets that have been dropped

Correct Answer: A
QUESTION 141
Whaich ofthe following uses the same key to decrypt as it does to encrypt/
A. Asymmetric encryption
B. Symmetric encryption
C. Certificate-based encryption
D. Dynamic encryption

Correct Answer: B
QUESTION 142
Which set of objects have an Authentication tab?
A. Networks. Hosts
B. Users, Networks
C. Users, User Groups
D. Templates, Users
Correct Answer: C
QUESTION 143
When using the Anti-Virus Content Security, how are different file types analyzed?
A. They are analyzed by their un-encoded format.
B. They are analyzed by their magic number.
C. They are analyzed by the MIME header.
D. They are analyzed by their file extension (i.e. .bat, .exe. .doc)
Correct Answer: D
QUESTION 144
Which component functions as the internal certificate authority for R71?
A. Security Gateway
B. SmartCenter Server
C. Policy Server
D. SmartLSM
Correct Answer: B QUESTION 145
John is the Security Administrator in his company He installs a new R71 Security Management Server and a new R71 Gateway He now wants to establish SIC between them. After entering the activation key, the message “Trust established” is disolayed in SmarDashboard, but SIC still does not seenm to work because the policy won’t install and interface fetching still does not work. What might be a reason for this?
A. This must be a human error.
B. The Gateway’s time is serveral days or weeks in the future and the SIC certificate is not yet valid.
C. SIC does not function over the network.
D. It always works when the trust is established.

Correct Answer: B
QUESTION 146
From the output below, where is the fingerprint generated?

A. SmartUpdate
B. Security Management Server
C. SmartDashboard
D. SmartConsole

Correct Answer: B
QUESTION 147
Your Gateway are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker’s IP at a peak time of day?
A. Sam-Block Intruder feature of SmartView Tracker
B. Intrusion Detection System (IDS) Policy install
C. SAM-Suspicious Activity Rules feature of SmartView Monitor
D. Change the Rule Baase and install the Policy to all Security Gateways

Correct Answer: C
QUESTION 148
Which authentication type requires specifying a contact agent in the Rule Base?
A. Client Authentication with Partially Automatic Sign On
B. User Authentication
C. Session Authentication
D. Client Authentication with Manual Sign On

Correct Answer: B
QUESTION 149
When launching SmartDashboard, what information is required to log into R7?
A. User Name, Managemnt Server IP, certificate fingerprint file
B. User Name, Password. Management Server IP
C. Password. Management Server Ip
D. Password. Management Server IP. LDAP Server IP

Correct Answer: B
QUESTION 150
Platforms IP290, IP390 and IP560 are flash-based, diskless platforms. And what do you have to do prior to upgrading their images to R71?
A. Backup old images
B. Do nothing
C. Delete old images
D. Backup their images
E. Restore old images

Correct Answer: C
QUESTION 151
You have created rule Base Firewall, websydney. Now you are going to create a new policy package with security and address transaction rules for a securesd gateway. What is true about the new package’s NAT rules?

A. Rules 1 and 5 will be appear in the new package
B. Rules 1, 3.A and 5 will appear in the new package
C. Rules 2, 3 and 4 will appear in the new package
D. NAT rules will be empty in the new package

Correct Answer: D
QUESTION 152
A clean up rule is used to:
A. Drop without logging connections that would otherwise be dropped and logged fry default
B. Log connections that would otherwise be accepted without logging by default.
C. Log connections that would otherwise bedropped without logging by default.
D. Drop without logging connections that would otherwise be accepted and logged by default
Correct Answer: C
QUESTION 153
What will be the consequence of disabling TCP state check in the IPS tab?

A. Tjis will boost your overall Firewall performance
B. This will disable your IPS
C. This will disable your firewall
D. This will have adverse effect on your Firewall performance
E. This will degrade your overall Firewall performance

Correct Answer: A
QUESTION 154
How would you create a temporary user bypass to the URL Filtering policu in Security Gateway?
A. By adding an exception in URL Filtering / Advanced I Network Exceptions
B. By enabling it in URL filtering /Advanced / Bypass
C. By creating an authentication rule in the Firewal
D. It is not possible

Correct Answer: A
QUESTION 155
The rule below shows the Encrypt rule in a Traditional Mode Rule Base. What is likely to be Simplified Mode equivalent if the connections originates at X and its destination is Y, within any Site-to 璖ite Community (i.e. All_GW_to GW).

A. Rule C
B. Rule E
C. Rule A
D. Rule B
E. Rule D

Correct Answer: B
QUESTION 156
To monitor all traffic between a network and the internet on a Security Platform Gateway, what is the best utility to use?
A. Snoop
B. Cpinfo
C. Infoview
D. Tcpdump

Correct Answer: D

Get yourself composed for Microsoft actual exam and upgrade your skills with Flydumps Checkpoint 156-215 practice test products. Once you have practiced through our assessment material, familiarity on Checkpoint 156-215 exam domains get a significant boost. Flydumps practice tests enable you to raise your performance level and assure the guaranteed success for Checkpoint 156-215 exam.

Pass4itsure C2180-374 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/C2180-374.html

Checkpoint 156-215 Exam Questions, Buy Best Checkpoint 156-215 Preparation Materials For Download

Checkpoint 156-215 Exam Questions, Buy Best Checkpoint 156-215 Preparation Materials For Download