Welcome to download the newest Pass4itsure eada10 VCE dumps: http://www.pass4itsure.com/eada10.html
Flydumps CheckPoint 156-215 exam questions and answers in PDF are prepared by our expert,Moreover,they are based on the recommended syllabus covering all the  CheckPoint 156-215 exam objectives.You will find them to be very helpful and precise in the subject matter since all the CheckPoint 156-215 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.
QUESTION 109
Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?
A. 514
B. 256
C. 257
D. 258
Correct Answer: C
QUESTION 110
In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port_____.
A. 256
B. 80
C. 900
D. 259
Correct Answer: A
QUESTION 111
What port is used for communication to the User Center with SmartUpdate?
A. CPMI 200
B. HTTPS 443
C. HTTP 80
D. TCP 8080
Correct Answer: B
QUESTION 112
The security gateway is installed on Secure Platform R71. The default port for the web user is _______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Correct Answer: D
QUESTION 113
In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the SeiNrity Gateway to communicate to the Security Management Server on port______.
A. 259
B. 257
C. 900
D. 256
Correct Answer: B
QUESTION 114
Identify the ports to which the Client authentication daemon listens default?
A. 256, 600
B. 80, 256
C. 8080, 529
D. 259, 900
Correct Answer: D Exam C
QUESTION 1
If you run fw monitor without any parameters, what does the output display?
A. In /var/adm/monitor. Out
B. On the console
C. In /tmp/log/monitor ?out
D. In / var/log/monitor. out
Correct Answer: A QUESTION 2
Which statement defines Public Key Infrastructure? Security is provided:
A. By authentication
B. By Certificate Authorities, digital certificates, and two-way symmetric- key encryption
C. By Certificate Authorities, digital certificates, and public key encryption.
D. Via both private and public keys, without the use of digital Certificates.
Correct Answer: D QUESTION 3
As a Security Administrator, you are required to create users for authentication. When you create a user for user authentication, the data is stored in the ___________.
A. SmartUpdate repository
B. User Database
C. Rules Database
D. Objects Database
Correct Answer: B QUESTION 4
Why are certificates preferred over pre-shared keys in an IPsec VPN?
A. Weak scalability: PSKs need to be set on each and every Gateway
B. Weak performance: PSK takes more time to encrypt than Drffie-Hellman
C. Weak security: PSKs can only have 112 bit length.
D. Weak Security. PSK are static and can be brute-forced
Correct Answer: D QUESTION 5
If you are experiencing LDAP issues, which of the following should you check?
A. Domain name resolution
B. Overlapping VPN Domains
C. Secure Internal Communications (SIC)
D. Connectivity between the R71 Gateway and LDAP server
Correct Answer: D QUESTION 6
Choose the BEST sequence for configuring user management in SmartDashboard, Using an LDAP server.
A. Enable LDAP in Global Properties; configure a host-node object for the LDAP server, a Unit.
B. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
Correct Answer: B QUESTION 7
You have configured automatic static NAT on an internal host-node object. You clear the box Translate destination on client site from global properties Nat. assuming all other settings on all properties are selected, what else must be configured so that a host on internet can initiate an inbound connection to this host.
A. A static route to ensure packets destined for the public NAT IP address will reach the Gateway’s internal interface.
B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s external interface.
C. The NAT IP address must be added to the anti-spoofing group of the external gateway interface
D. No extra configuration is needed
Correct Answer: B QUESTION 8
Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard?
A. Mesh
B. Star
C. Routed
D. Remote Access
Correct Answer: B QUESTION 9
You have blocked an IP address via the Block Intruder feature of SmartView Tracker How can you view the blocked addresses’?
A. Run f wm blockedview.
B. In SmartView Monitor, select the Blocked Intruder option from the query tree view
C. In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list
D. In SmartView Tracker, click the Active tab. and the actively blocked connections displays
Correct Answer: C QUESTION 10
John is the Security Administrator in his company He installs a new R71 Security Management Server and a new R71 Gateway He now wants to establish SIC between them. After entering the activation key, the message “Trust established” is displayed in SmartDashboard, but SIC still does not seem to work because the policy won’t install and interface fetching still does not work. What might be a reason for this?
A. This must be a human error.
B. The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.
C. SIC does not function over the network.
D. It always works when the trust is established.
Correct Answer: B QUESTION 11
What are you required to do before running upgrade__ export?
A. Run cpconfig and set yourself up as a GUI client.
B. Run a cpstop on the Security Management Server
C. Run a cpstop on the Security Gateway.
D. Close all GUI clients
Correct Answer: BCD
QUESTION 12
You are installing a Security Management Server Your security plan calls for three administrators for this particular server. How many can you create during installation’?
A. Depends on the license installed on the Security Management Server
B. Only one with full access and one with read-only access
C. One
D. As many as you want
Correct Answer: C
QUESTION 13
You are installing your R71Security Gateway. Which is NOT a valid option for the hardware platform?
A. Crossbeam
B. Solaris
C. Windows
D. IPSO
Correct Answer: B
QUESTION 14
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R71. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R71 Gateway.
B. The Allow control connections setting in Policy > Global Properties has been unchecked.
C. The Security Policy installed to the Gateway had no rules in it
D. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
Correct Answer: B
QUESTION 15
In previous version, the full TCP three-way handshake was sent to the firewall kernel for inspection. How is this improved in current Flows/SecureXL?
A. Only the initial SYN packet is inspected The rest are handled by IPSO
B. Packets are offloaded to a third-party hardware card for near-line inspection 46
C. Packets are virtualized to a RAM drive-based FW VM
D. Resources are proactively assigned using predictive algorithmic techniques
Correct Answer: A
QUESTION 16
Which command displays the installed Security Gateway version?
A. fw stat
B. cpstat -gw
C. fw ver
D. tw printver
Correct Answer: C QUESTION 17
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and IPS Policies.
B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
C. The collective name of the logs generated by SmartReporter.
D. A global Policy used to share a common enforcement policy for multiple Security Gateways.
Correct Answer: B QUESTION 18
What CANNOT be configured for existing connections during a policy install?
A. Keep all connections
B. Keep data connections
C. Reset all connections
D. Re-match connections
Correct Answer: C QUESTION 19
Which OPSEC server can be used to prevent users from accessing certain Web sites?
A. LEA
B. AMON
C. UFP
D. CVP
Correct Answer: C QUESTION 20
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access after the next Phase 2 exchange occurs?
A. Perfect Forward Secrecy
B. SHA1 Hash Completion
C. Phase 3 Key Revocation
D. M05 Hash Completion
Correct Answer: A QUESTION 21
You are trying to save a custom log query in R71 SmartView Tracker, but getting the following error “Could not save ‘query-name’ (Error Database is Read only).Which of the following is a likely explanation for this?
A. You have read-only rights to the Security Management Server database.
B. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization
C. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally
D. Another administrator is currently connected to the Security Management Server with read/write 48 permissions which impacts your ability to save custom log queries to the Security Management Server.
Correct Answer: A
QUESTION 22
Your company’s Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:
A. Client Authentication for fully automatic sign on
B. Client Authentication rule using the manual sign-on method, using HTTP on port 900
C. Client Authentication rule, using partially automatic sign on
D. Session Authentication rule
Correct Answer: B
QUESTION 23
Which rule is responsible for the installation failure?
A. Rule 4
B. Rule 3
C. Rule 5
D. Rule 6
Correct Answer: A
QUESTION 24
If you experience unwanted traffic from a specific IP address, how can you stop it most quickly?
A. Check anti-spoofing settings
B. Configure a rule to block the address
C. Create a SAM rule
D. Activate an IPS protection
Correct Answer: C
QUESTION 25
You are evaluating the configuration of a mesh VPN Community used to create a site-to-site VPN. This
graphic displays the VPN properties in this mesh Community
Which of the following would be a valid conclusion?
A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key Security Gateway R71 supports.
B. Changing the setting Perform IPsec data encryption with from AES-128 to 3DES will increase the encryption overhead.
C. Changing the setting Perform key exchange encryption with 3DES to DES will enhance the VPN Community’s security, and reduce encryption overhead.
D. Change the data-integrity settings for this VPN CommunitybecauseMD5 is incompatible with AES.
Correct Answer: A
QUESTION 26
You just installed a new Web server in the DMZ that must be reachable from the Internet You create a manual Static NAT rule as follows:
“web_publicIP” is the node Object that represents the public IP address of the new Web server. “web_privateIP” is the node object that represents the new Web site’s private P address You enable all settings from Global Properties > NAT.When you try to browse the Web server from the Internet, you see
the error ‘page cannot be displayed” Which of the following is NOT a possible reason?
A. There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.
B. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
C. There is an ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration are enabled in Global Properties. The Security Gateway ignores manual ARP entries.
D. There is no ARP table entry for the public IP address of the protected Web server
Correct Answer: A
QUESTION 27
Which of the following SSL Network Extender server-side prerequisites is NOT correct?
A. The Gateway must be configured to work with Visitor Mode.
B. There are distinctly separate access rules required for SecureClient users vs. SSL Network Extender users.
C. To use Integrity Clientless Security (ICS), you must install the IC3 server or configuration tool.
D. The specific Security Gateway must be configured as a member of the Remote Access Community
Correct Answer: B
QUESTION 28
You need to determine if your company’s Web servers are accessed an excessive number of times from the same host. How would you configure this in the IPS tab?
A. Successive multiple connections
B. Successive alerts
C. Successive DoS attacks
D. HTTP protocol inspection
Correct Answer: A
QUESTION 29
What does it indicate when a Check Point product name includes the word “SMART”?
A. Stateful Management of all Routed Traffic.
B. This Check Point product is a GUI Client.
C. Security Management Architecture.
D. The Check Point product includes Artificial Intelligence.
Correct Answer: C
QUESTION 30
How many times is the firewall kernel invoked for a packet to be passed through a VPN connection?
A. Three times
B. Twice
C. Once
D. None The IPSO kernel handles it
Correct Answer: C
QUESTION 31
When attempting to connect with SecureClient Mobile the following error message is received. The certificate provided is invalid. Please provide the username and password.What is the probable cause of the error?
A. The certificate provided is invalid.
B. The user’s credentials are invalid.
C. The user attempting to connect is not configured to have an office mode IP address so the connection failed.
D. There is no connection to the server, and the client disconnected.
Correct Answer: A
QUESTION 32
The fw stat -l command includes all of the following except:
A. The number of packets that have been inspected
B. The date and time of the policy that is installed.
C. The number of times the policy has been installed
D. The number of packets that have been dropped
Correct Answer: A
QUESTION 33
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway’s side with the cpconfig command and put in the same activation key in the Gateway’s object on the Security Management Server Unfortunately SIC cannot be established. What is a possible reason for the problem?
A. The installed policy blocks the communication.
B. Joe forgot to reboot the Gateway.
C. Joe forgot to exit from cpconfig.
D. The old Gateway object should have been deleted and recreated.
Correct Answer: C
QUESTION 34
The TotallyCoolSecurity Company has a large security staff. Bob configured a new IPS Chicago_Profile for fw-chicago using Detect mode. After reviewing logs, Matt noticed that fw- chicago is not detecting any of the IPS protections that Bob had previously setup. Analyze the output below and determine how can correct the problem.
A. Matt should re-create the Chicago_Profile and select Activate protections manually Instead of per the IPS Policy
B. Matt should activate the Chicago_Profile as it is currently not activated
C. Matt should assign the fw-chicago Security Gateway to the Chicago_Profile
D. Matt should change the Chicago_Profile to use Protect mode because Detect mode will not work.
Correct Answer: C
QUESTION 35
Which statement below describes the most correct strategy for implementing a Rule Base?
A. Add the Stealth Rule before the last rule.
B. Umit grouping to rules regarding specific access.
C. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down.
D. Place a network-traffic rule above the administrator access rule.
Correct Answer: C
QUESTION 36
An Administrator without access to SmartDashboard installed a new IPSO-based R71 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
A. You first need to create a new UTM-1 Gateway object, establish SIC via the Communication button, and define the Gateway’s topology.
B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server You must initialize SIC on the Security Management Server.
C. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance Resolve by running the tw unloadlocal command on the local Security Gateway.
D. You first need to run the fw unloadlocal command on the R71 Security Gateway appliance in order to remove the restrictive default policy.
Correct Answer: B
QUESTION 37
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. diag
B. cpinfo -o date.cpinfo.txt
C. netstat > date.netstat.txt
D. cpstat > date.cpatat.txt
Correct Answer: B
QUESTION 38
R71’s INSPECT Engine inserts itself into the kernel between which tow layers of the OSl model?
A. Physical and Data
B. Session and Transport
C. Presentation and Application
D. Data and Network
Correct Answer: C
QUESTION 39
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the “I”, “I”, and ‘o’ inspection points, but not in the ‘O’ inspection. Which is the likely source of the issue?
A. The packet has been sent out through a VPN tunnel unencrypted.
B. An IPSO ACL has blocked the outbound passage of the packet.
C. A SmartDefense module has blocked the packet
D. It is an issue with NAT
Correct Answer: D
QUESTION 40
Your company has two headquarters, one in London, and one in New York Each office includes several branch offices. The branch offices need to rate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the center of the Community and its branches as satellites The mesh Community includes only New York and London Gateways.
B. One star Community with the option to “mesh” the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite window.
C. Two mesh and one star Community One mesh Community is set up for each of the 57 headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite.
D. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
Correct Answer: A
QUESTION 41
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped Security Policy?
A. Pop-up alert script
B. User-defined alert script
C. Custom scripts cannot be executed through alert scripts
D. SNMP trap alert script
Correct Answer: B
QUESTION 42
The command fw fetch causes the:
A. Security Management Server to retrieve the IP addresses of the target Security Gateway.
B. Security Gateway to retrieve the compiled policy and inspect code from the Security Management Server and install it to the kernel
C. Security Gateway to retrieve the user database information from the tables on the Security Management Server
D. Security Management Server to retrieve the debug logs of the target Security Gateway
Correct Answer: B
QUESTION 43
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credential. What must happen after authentication that allows the client to connect to the Security Gateway’s VPN domain?
A. Active-X must be allowed on the client.
B. An office mode address must be obtained by the client.
C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
D. The SNX client application must be installed on the client.
Correct Answer: A
QUESTION 44
Which authentication type requires specifying a contact agent in the Rule Base?
A. Client Authentication with Partially Automatic Sign On
B. User Authentication
C. Session Authentication
D. Client Authentication with Manual Sign On
Correct Answer: C
QUESTION 45
You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it m real time and verify it is successfully blocked?
A. Highlight the suspicious connection in SmartView Tracker > Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
B. Highlight the suspicious connection in SmartView Tracker > Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
C. Highlight the suspicious connection in SmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
D. Highlight the suspicious connection in SmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
Correct Answer: B
QUESTION 46
How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Rule as the first explicit rule?
A. You can access the Revocation list by means of a browser using the URL: <https: //IP-FW:18264/ ICA_CRLI.crl> provided the implied rules are activated per default
B. The CRL is encrypted, so it is useless to attempt to access it.
C. You cannot access the CRL, since the Stealth Rule will drop the packets
D. You can only access the CRI via the Security Management Server as the internal CA is located on that server
Correct Answer: A
QUESTION 47
You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interface and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/conf/route.C
B. /etc/sysconfig/netconf.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
Correct Answer: B
QUESTION 48
You are Security Administrator preparing to deploy a new HFA (HOTfix Accumulator) to ten Security Gateways at five geographically separate locations.What is the BEST method to implement this HFA?
A. Send a Certified Security Engineer to each site to perform the update.
B. Use SmartUpdate to install the packages to each of the Security Gateways remotely
C. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, imitate a remote installation command and monitor the installation progress with SmartView Monitor
D. Send a CD-ROM with the HFA to each location and have local personnel install it.
Correct Answer: B QUESTION 49
You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as the default user expert and start cpinfo.
B. No action is needed because cpshell has a timeout of one hour by default.
C. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinto.
Correct Answer: C QUESTION 50
Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. Policy Package management
B. dbexport/dbimport
C. Database Revision Control
D. upgrade_export/upgrade_import
Correct Answer: C QUESTION 51
Your Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker’s IP at a peak time of day?
A. SAM – Block Intruder feature of SmartView Tracker
B. Intrusion Detection System (IDS) Policy install
C. SAM – Suspicious Activity Rules feature of SmartView Monitor
D. Change the Rule Base and install the Policy to all Security Gateways
Correct Answer: C QUESTION 52
Which of the following statements about the Port Scanning feature of IPS is TRUE?
A. The default scan detection is when more than 500 open inactive ports are open for a period of 120 seconds
B. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
C. Port Scanning does not block scanning; it detects port scans with one of three levels of detection sensitivity.
D. When a port scan is detected, only a log is issued, never an alert
Correct Answer: C QUESTION 53
Reviews the following rules and note the Client Authentication Action properties screen, as shown below:
After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:
A. User is prompted from that FPT site only, and does not need to enter his user name and password for Client Authentication.
B. User is prompted for Authentication by the Security Gateway again.
C. FTP data connection is dropped after the user is authenticated successfully.
D. FTP connection is dropped by rules 2.
Correct Answer: A QUESTION 54
A Web server behind the Security Gateway is set to Automatic Static NAT Client side NAT is enabled in the Global Properties. A client on the Internet initiates a session to the Web Server. On the initiating packet, NAT occurs on which inspection point?
A. I B. O
B. o
C. i
Correct Answer: B QUESTION 55
Which of the following statements about file-type recognition in Content Inspection is TRUE?
A. Antivirus status is monitored using SrnartView Tracker.
B. A scan failure will only occur if the antivirus engine fails to initialize.
C. All file types are considered “at risk”, and are not configurable by the Administrator or the Security Policy.
D. The antivirus engine acts as a proxy, caching the scanned file before delivering it to the client.
Correct Answer: D QUESTION 56
Which Security Gateway R71 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:
A. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment
B. Time properties, adjusted on the user objects for each user, in the source of the Client Authentication rule
C. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled
D. Refreshable Timeout setting, in the Limits tab of the Client Authentication Action Properties screen
Correct Answer: D
QUESTION 57
What information is found in the SmartView Tracker Management log?
A. Most accessed Rule Base rule
B. Number of concurrent IKE negotiations
C. SIC revoke certificate event
D. Destination IP address
Correct Answer: C
QUESTION 58
When configuring objects in SmartMap, it helps if you________ the objects so that they may be used in a policy rule.
A. Expand
B. Actualize
C. Physically connect to
D. Save
Correct Answer: B
QUESTION 59
You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?
A. First
B. Before Last
C. Last
D. After Stealth Rule
Correct Answer: C
QUESTION 60
Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R71 installation. Your plan must meet the following required and desired objectives:
Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours. Desired Objective: The R71 components that enforce the Security Polices should be blocked up at least once a week. Desired Objective: Back up R71 logs at least once a week
Your disaster recovery plan is as follows:
Use the cron utility to run the upgrade_ export command each night on the Security Management Servers. Configure the organization’s routine backup software to back up the files created by the upgrade_ export command.
Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night Use the cron utility to run the upgrade export: command each Saturday niqht on the log servers Configure an automatic, nightly loq switch Configure the organization’s routine backup software to back up the switched logs every night
Upon evaluation, your plan:
A. Meets the required objective but does not meet either desired objective.
B. Does not meet the required objective.
C. Meets the required objective and only one desired objective.
D. Meets the required objective and both desired objectives.
Correct Answer: D QUESTION 61
Your Rule Base includes a Client Authentication rule, using partial authentication and standard sign-on for HTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted for authentication, and they see error “page cannot be displayed” in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What caused Client Authentication to fail?
A. You added a rule below the Client Authentication rule, blocking HTTP from the internal network.
B. You added the Stealth Rule before the Client Authentication rule.
C. You disabled R71 Control Connections in Global Properties.
D. You enabled Static NAT on the problematic machines.
Correct Answer: B QUESTION 62
Which of the following statements regarding SecureXL and CoreXL is TRUE?
A. SecureXL is an application for accelerating connections.
B. CoreXL enables multi-core processing for program interfaces.
C. SecureXL is only available in R71.
D. CoreXL is included in SecureXL.
Correct Answer: A QUESTION 63
Your perimeter Security Gateway’s external IP is 200 200.200.3. Your network diagram shows: Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using
200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add and ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for
200.200.200.5 for the MAC address of 200.200.200.3.
D. Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create a manual NAT rule like the following Original source group object; Destination any Service -any, Translated source 200.200.200.5; Destination original, Service original.
Correct Answer: C
QUESTION 64
During which step in the installation process is it necessary to note the fingerprint for first-time verification?
A. When establishing SIC between the Security Management Server and the Gateway
B. When configuring the Security Management Server using cpconfig
C. When configuring the Security Gateway object in SmartDashboard
D. When configuring the Gateway in the WebUl
Correct Answer: B
QUESTION 65
What’s the difference between the SmartView Tracker Tool section in R71 and NGX R65?
A. Tools section in R71 is exactly the same as the tools section in R65
B. Using R71. You can choose a program to view captured packets.
C. Enable Warning Dialogs option is not available in R71
D. R71 adds a new option to send ICMP packets to the source/destination address of the log event
Correct Answer: B
QUESTION 66
Your organization has many Edge Gateways at various branch offices allowing users to access company resources. For security reasons, your organization’s Security Policy requires all Internet traffic initiated behind the Edge Gateways first be inspected by your headquarters’ R71 Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To Internet and other targets only
B. To center or through the center to other satellites, to Internet and other VPN targets
C. To center and other satellites, through center
D. To center only
Correct Answer: B
QUESTION 67
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.
B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
C. In the SmartDashboard main menu go to Policy > Policy Installation > Targets and select the correct firewall to be put into the list via Specific Targets
D. A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install.
Correct Answer: C
QUESTION 68
A. Nothing at all
B. Modify the Source 01 Destination columns in Rule 4
C. Remove the service HTTPS from the Service column in Rule A
D. Modify the VPN column in Rule 2 to limit access to specific traffic
Correct Answer: D
QUESTION 69
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External.Change topology to Others +.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External
C. The Global Properties setting Translate destination on client side is checked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Uncheck the Global Properties setting Translate destination on client side
D. The Global Properties setting Translate destination on client side is unchecked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Check the Global Properties setting Translate destination on client side.
Correct Answer: D
QUESTION 70
What information is provided from the options in this screenshot?
(i)Whether a SIC certificate was generated for the Gateway (ii)Whether the operating system is SecurePlatform or SecurePlatform Pro (iii)Whether this is a standalone or distributed installation
A. (i), (ii) and (iii)
B. (i) and (iii)
C. (i) and (ii)
D. (ii) and (iii)
Correct Answer: D
QUESTION 71
Which type of R71 Security Server does not provide User Authentication?
A. FTP Security Server
B. SMTP Security Server
C. HTTP Security Server
D. HTTPS Security Server
Correct Answer: B
QUESTION 72
Which of the following is true regarding configuration of clustering nodes?
A. Cluster nodes do not have to run exactly the same version of CheckPoint package
B. Each node must have exactly the same set of packages as all the other nodes
C. Each cluster node must run exactly the same version of R71
D. You must enable state synchronization
E. You must install R71 as an enforcement module (only) on each node
Correct Answer: BCDE
QUESTION 73
Using the Backup and Restore operation on R71, it is possible to:
A. Link the all cluster members for failover
B. Upgrade the SmartDashboard
C. Maintain a backup of the SmartCenter Management Server to be used in case of failover
D. Replace the original SmartCenter Management Server with another clone SmartCenter Management Server, while the original is being serviced
E. Upgrade the SmartCenter Management Server
Correct Answer: CDE
QUESTION 74
What directory in R71 contains all of the Rule Bases, objects, and the user database files?
A. $FWDIR/bin directory
B. Winnt/Config directory
C. $FWDIR/etc directory
D. $FWDIR/conf directory
E. $FWDIR/bin/etc directory
Correct Answer: D
QUESTION 75
Platforms IP290, IP390 and IP560 are flash-based, diskless platforms. And what do you have to do prior to upgrading their images to R71?
A. Backup old images
B. Do nothing
C. Delete old images
D. Backup their images
E. Restore old images
Correct Answer: C
QUESTION 76
You have not performed software upgrade to NGX R71. You have upgraded your license and every time you try to run commands such as cplic print; cpstop, you receive all sort of errors. In order to resolve this you will have to:
A. Remove the software
B. Do nothing. The error will go away with time
C. Remove the upgraded license
D. Upgrade the software to version NGX
E. Re-upgrade the license to the version before the upgrade
Correct Answer: D
QUESTION 77
What two conditions must be met when you are manually adding CheckPoint appliances to an existing cluster?
A. You must configure interfaces with IP addresses in each of the networks the cluster will connect to
B. R71 is not running on the system you are adding
C. The IP address should be the real IP address of a cluster interface
D. R71 is running on the system you are adding
E. The existing nodes must be running R71 and firewall monitoring is enabled on them
Correct Answer: BE
QUESTION 78
When carrying out a backup operation on R71, you will have to backup which of the following files?
A. $FWDIR/conf/objects_5_0.C
B. $FWDIR/conf/rule.fws
C. $FWDIR/database/fwauth.NDB*
D. $FWDIR/conf/rulebases_5_0.fws
E. $FWDIR/database/control.map
Correct Answer: ACD
QUESTION 79
Which tool will you use prior to installation to reduce the risk of incompatibility with the deployment to R71?
A. Compatibility Tool
B. cpconfig
C. Post-Upgrade Verification Tool
D. Pre-Upgrade Verification Tool
E. cpinfo
Correct Answer: D
QUESTION 80
In the RuleBase, which element determines what Firewall should do with a packet?
A. Destination
B. Source
C. Action
D. No
E. Service
Correct Answer: C
QUESTION 81
To distribute or upgrade a package, you must first add it to the Package Repository. You can add packages to the Package Repository from which of the following three locations?
A. User Center
B. Certificate Key
C. Check Point CD
D. Download Center
E. SmartDashboard
Correct Answer: ACD
QUESTION 82
How will you install a rule base? Choose the best answer.
A. After defining your rules in SmartDashboard , choose install from File menu
B. After defining your rules in SmartDashboard, choose Install from Policy menu
C. Before defining your rules in SmartDashboard , choose Install from View menu
D. After defining your rules in SmartDashboard, choose Install from View menu
E. Before defining your rules in SmartDashboard , choose Install from Policy menu
Correct Answer: B
QUESTION 83
How would you disable a rule?
A. By selecting the rule, then select “Disable Rule” option from Topology menu in CheckPoint SmartDashboard
B. By selecting the rule, then select “Disable Rule” option from Rules menu in SmartView Tracker
C. By selecting the rule, then select “Disable Rule” option from Rules menu in CheckPoint SmartDashboard
D. By selecting the rule, then select “Disable Rule” option from File menu in CheckPoint SmartDashboard
E. By selecting the rule, then select “Disable Rule” option from Rules menu in SmartView Status
Correct Answer: C
QUESTION 84
Which of the options below best describes the difference between the Drop action and Reject action? ( assume TCP is specified in the service column of your rulebase)
A. Drop action is the same as Reject action
B. With Drop action, the sender is not notified but with Reject action, the user is notified
C. Reject action is the same as Drop action
D. With Drop action, the sender is authenticated but with Reject action, the user is not authenticated
E. With Drop action, the sender is notified but with Reject action, the user is not Notified
Correct Answer: B
QUESTION 85
Your company has headquarters in two countries: Toronto (Canada) and Washington (USA). Each headquarter has a number of branch offices. The branch offices only need to communicate with the headquarter in their country, not with each other i.e. no branch office should communicate with another branch office.
A. You need to define two stars and a mesh
B. You need to define a star and two meshes
C. You need to define two stars and two mesh
D. You need to define three stars and two meshes
E. You need to define a star and a mesh
Correct Answer: A
QUESTION 86
The negotiation prior to the establishment of a VPN tunnel might result in the production of large packets. Some NAT devices may not fragment large packets correctly making the connection impossible. Which of the following is true as to the resolving this issue?
A. IKE over TCP can be used to solve the problem, though this problem is resolved during IKE phase 2
B. If using NAT-T, you can use Aggressive Mode
C. UDP Encapsulation method uses port number 2746 to resolve this problem
D. If using NAT-T, port 4500 must be enabled
E. IKE over TCP can be used to solve the problem, though this problem is resolved during IKE phase I
Correct Answer: CDE
QUESTION 87
How can you delete an automatic NAT rule? See the diagram if you choose wrong answer.
A. By highlighting the rule, click on Rules menu and select delete
B. By highlighting the rule and hit Delete button on your keyboard
C. By highlighting the rule, right-click and select Delete option from the emerging menu
D. By highlighting the rule, click on Edit menu and select delete
E. By modifying the object’s configuration
Correct Answer: E
QUESTION 88
The SmartUpdate command line “cprinstall get” will:
A. Install Check Point products on remote Check Point gateways
B. Verify if a specific product can be installed on the remote Check Point gateway
C. Obtain details of the products and the Operating System installed on the specified Check Point gateway, and to update the database
D. Verify that the Operating System and currently installed products are appropriate for the package
E. Delete Check Point products on remote Check Point gateways
Correct Answer: C
QUESTION 89
You ran a certain SmartUpdate command line in order to find out the location of the product repository, and the result was “Current repository root is set to : /var/suroot/”. What is the command likely to be?
A. cppkg delete
B. cppkg getroot
C. cppkg setroot
D. cppkg add
E. cppkg print
Correct Answer: B
QUESTION 90
You use the cplic db_rm command to remove a license from the license repository on the Security Management server and receive an error message stating that only detached licenses can be removed. How will you go about this in order to get license removed?
A. Go to License Tree in the SmartView Monitor, highlight the license to be removed and then detach it, then re- run cplic db_rm command
B. Run cplic db_rm twice to solve the problem
C. Manually detach the license by using the control panel and the re-run the cplic db_rm command
D. Go to License Tree in the SmartDashboard, highlight the license to be removed and then detach it, then re- run cplic db_rm command
E. Firstly, use cplic del command to detach the license then re-run the cplic db_rm Command
Correct Answer: E
QUESTION 91
What is the difference between the commands cplic db_print and cplic print?
A. cplic print will print licenses on local machine and cplic db_print will display details of licenses in repository on the Security Management server
B. Both commands do the same job
C. cplic db_print will print licenses on local machine and cplic print will display details of licenses in repository on the Security Gateway
D. cplic print will print licenses on local machine and cplic db_print will print details of licenses in repository on any components
E. cplic db_print will display licenses on local machine and cplic print will display details of licenses in repository on the SmartConsole
Correct Answer: A
QUESTION 92
The SmartUpdate command line ” cprinstall transfer” will:
A. Transfers a package from the repository to a Check Point Security Gateway without installing the package
B. Verify that the Operating System and currently installed products are appropriate for the package
C. Transfers a package from the repository to a Check Point Security Gateway and install the package
D. Obtain details of the products and the Operating System installed on the specified Check Point gateway, and to update the database
E. Verify if a specific product can be installed on the remote Check Point gateway
Correct Answer: A
QUESTION 93
What command prints the details of the Check Point licenses?
A. Pkgadd -d
B. Setup
C. Print
D. fw print
E. cplic print
Correct Answer: E
QUESTION 94
How can you reset the password of the Security Administrator that was created during initial installation of the security management sever on Secure Platform?
A. Type fwm -a, and provide the existing administrator’s account name. Reset the Security administrator’s password.
B. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the password portion of the file. Then log in to the account without a password You will be prompted to assign a new password.
C. Type cpm -a, and provide the existing administrator’s account name. Reset the Security administrator’s password.
D. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.
Correct Answer: D
QUESTION 95
You believe Phase 2 negotiations are railing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicions?
A. SmartDashboard
B. SmartView Tracker
C. SmartUpdate
D. SmartView Status
Correct Answer: B
QUESTION 96
When doing a stand-alone installation, you should install the security Management which other checkpoint architecture component?
A. Secure Client
B. Security Gateway
C. Smart Console
D. None, Security Management Server would install itself
Correct Answer: B QUESTION 97
Which component functions as the Internal Certificate Authority for R71?
A. Security Gateway
B. Management Server
C. Policy Server
D. SmartLSM
Correct Answer: B QUESTION 98
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?
A. SmartLSM and SmartUpdate
B. SmartView Tracker and SmartView Monitor
C. SmartView Monitor and SmartUpdate
D. SmartDashboard and SmartView Tracker
Correct Answer: C QUESTION 99
Your bank’s distributed R71 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?
A. SmartView Tracker
B. Smart Portal
C. SmartUpdate
D. SmartDashboard
Correct Answer: B QUESTION 100
You are reviving the security administrator activity for a bank and comparing it to the change log.How do you view Security Administrator activity?
A. SmartView Tracker cannot display Security Administrator activity: instead, view the system logs on the Security Management Server’s Operating System
B. SmartView Tracker in Management Mode
C. SmartView Tracker in Active Mode
D. SmartView Tracker in Network and Endpoint Mode
Correct Answer: D QUESTION 101
Which R71 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?
A. SmartView Status
B. SmartView Monitor
C. None, SmartConsole applications only communicate with the Security Management Server.
D. SmartUpdate
Correct Answer: C QUESTION 102
Which can an administrator configure the notification action of a policy install time change?
A. SmartView Tracker I Audit Log
B. SmartView Monitor/ Gateways I Thresholds Settings
C. SmartDashboard / Security Gateway Object I Advanced Properties Tail
D. SmartDashboard / Policy Package Manager
Correct Answer: B QUESTION 103
Which R71 GUI would you use to see the number of packets accepted since the last policy install?
A. SmartView Monitor
B. SmartView Status
C. SmartView Tracker
D. SmartDashboard
Correct Answer: C QUESTION 104
From the output below, where is the fingerprint generated?
A. SmartUpdate
B. Security Management Server
C. SmartDashboard
D. SmartConsole
Correct Answer: B
QUESTION 105
Certificates for Security Gateways are created during a simple initialization from______.
A. SmartUpdate
B. sysconfig
C. The ICA management tool.
D. SmartDashboard
Correct Answer: D
QUESTION 106
Which SmartConsole component can Administrators use to track remote administrative activities?
A. WebUI
B. Eventia Reporter
C. SmartView Monitor
D. SmartView Tracker
Correct Answer: D
QUESTION 107
Anti-Spam status is monitored using which of the following tool?
A. Cpconfig
B. SmartView Tracker
C. Eventia Reporter
D. SmartView Monitor
E. SmartDashboard
Correct Answer: D
QUESTION 108
A third shift Security Administrator configured and installed a new Security Policy early this morning when you arrive he tells you that he has been Receiving complaints that Internet very slow. You suspect the security Gateway virtual memory might be the problem. Which smart console component would you use to verify this?
A. SmartView Tracker
B. SmartView Monitor
C. This information can only be viewed with fw ctl pstat command from the CLI
D. Eventia Analyzer
Correct Answer: B
QUESTION 109
Which smear view tracker selection would most effectively show who installed a security policy blocking all traffic from the corporate network?
A. Custom filter
B. Network and Endpoint tab
C. Management Tab
D. Active tab
Correct Answer: C
QUESTION 110
What do you use to view a R71 security Gateway’s status, including CPU use, amount of virtual memory, percent of free hard disk space, version?
A. Only possible via command line tools
B. SmartView Tracker
C. SmartView Monitor
D. SmartUpdate
Correct Answer: C QUESTION 111
A marketing firm’s networking team is typing to troubleshoot user complaints regarding access audio-streaming material from the internet. The networking team asks you to check the object and rule configuration settings for perimatre security Gateway. Which SmartConsole application should you use to check these object and rules?
A. Smart View Tracker
B. SmartView Status
C. SmartView Monitor
D. Smart Dashboard
Correct Answer: D QUESTION 112
You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?
A. Eventia Monitor
B. SmartView Monitor
C. SmartView Tracker
D. Eventia Tracker
Correct Answer: C QUESTION 113
Which R71 component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time?
A. Smart Event
B. SmartView Monitor
C. SmartView Status
D. SmartUpdate
Correct Answer: B QUESTION 114
Hot Area:
Correct Answer:
Exam D QUESTION 1
What physical machine must have access to the user Centre center public IP address when checking for new packages with SmartUpdates?
A. Smart Update GUI PC
B. SmartUpdate Repository SQL database server
C. A security gateway retrieving the new Upgrade Package
D. SmartUpdate installed security management server PC
Correct Answer: D QUESTION 2
What physical machine must have access to the User Center public IP address when checking for new packages with smartUpdate?
A. SmartUpdate GUI PC
B. SmartUpdate Repository SQL database Server
C. A Security Gateway retrieving the new upgrade package
D. SmartUpdate installed Security Management Server PC Correct Answer: A
Flydumps.com new CheckPoint 156-215 study guides that you use have been rigorously tested by International experts. Choose Flydumps both save your time and money. And our products will satisfy you.
Pass4itsure eada10 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/eada10.html
