Where to free download the new CheckPoint 156-215 exam questions to pass the exam easily? Now,Flydumps has publised the new version of CheckPoint 156-215 exam dumps with new added exam questions.you can also get free VCE and PDF, and the new CheckPoint 156-215 practice tests ensure your exam 100% pass. Visit Flydumps.com to get the 100% pass ensure!
QUESTION 87
Which of the following statements accurately describes the upgrade_export command?
A. Upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included before exporting.
B. Used when upgrading the Security Gateway, upgrade_export includes modified files directory.
C. Upgrade_export stores network-configuration data, objects, global properties, and the data base revisions prior to upgrading the security Management Server.
D. Used primarily when upgrading the Security Management Server. Upgrade_export stores all object database and the conf directions for importing to a newer version of the Security Gateway.
Correct Answer: A
QUESTION 88
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security gateway?
A. Install the View Implicit Rules package using SmartUpdate.
B. In Global Properties / Reporting Tools check the box Enable tracking all rules (including rules marked as none in the track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
C. Check the Log Implied Rules Globally box on the R71 Gateway object.
D. Define two log servers on the R71 Gateway object. Enable Log Implied Rules on the first log server. Enable log rule Base on the second log server. Use Smart Reporter to merge the two log server records into the same database for HIPPA log audits.
Correct Answer: B
QUESTION 89
From the output below, where is the fingerprint generated? ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 35 Checkpoint 156-215-71: Practice Exam
A. SmartUpdate
B. Security Management Server
C. SmartDashboard
D. SmartConsole
Correct Answer: B
QUESTION 90
Which of the following statements BEST describes Check Point’s Hide Network Checkpoints Address Translation method?
A. Translates many source IP addresses into one source IP address
B. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both secure and destination IP address translation.
C. Translates many destination IP addresses into one destination IP address
D. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Secure and Destination IUP address translation.
Correct Answer: A
QUESTION 91
How can you reset the password of the Security Administrator that was created during initial installation of the security management sever on Secure Platform?
A. Type fwm -a, and provide the existing administrator’s account name. Reset the Security administrator’s password.
B. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the password portion of the file. Then log in to the account without a password You will be prompted to assign a new password.
C. Type cpm -a, and provide the existing administrator’s account name. Reset the Security administrator’s password.
D. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.
Correct Answer: D QUESTION 92
Match each of the following command to there correct function. Each command has one function only listed.
ActualTests.com
A. C1>F2, C2>F1, C3>F6, C4>F4
B. C1>F6, C2>F4, C3>F2, C4>F5
C. C1>F2, C4>F4, C3>F1, C4>F5
D. C1>F4, C2>F6, C3>F3, C4>F2
Correct Answer: B QUESTION 93
Which of the following statement about bridge mode is TRUE?
A. When managing a Security Gateway m Bridge mode. It is possible to use a bridge interlace for Network Address Translation
B. Assuming a new installation, bridge mode requires changing the existing IP routing of the network
C. All ClusterXL modes arc supported
D. A bridge must be configured with a pair of interfaces.
Correct Answer: D QUESTION 94
Beginning with R71 Software Blades was introduced. One of the Software Blades is the IPS Software Blade as a replacement for Smart Defense. When buyers are upgrading to a bundle, some blades are included, e.g. FW, VPN, IPS in SG103. Which statement is NOT true?
A. The license price includes IPS Updates for the first year.
B. The IPS Software Blade can be used for an unlimited time.
C. There is no need to renew the service contract after one year.
D. After one year, it is mandatory to renew the service contract for the IPS Software Blade ActualTests.com because it has been bundled with the license when perchased.
Correct Answer: D
QUESTION 95
What is the desired outcome when running the command op info – z -o cpinfo -out?
A. Send output to a file called cpinfo. out in compressed format
B. Send output to a file called cpinfo. out in usable format for the CP Info View utility IOC.
C. Send output to a file called cpinfo. out without address resolution.
D. Send output to a file called cpinfo. out and provide a screen print at the same time
Correct Answer: A QUESTION 96
Which of the following are available SmartConsole clients which can be installed from the R71 windows CD? Read all answers and select the most complete and valid list.
A. SmartView Tracker. CPINFO. SmartUpdate
B. SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
C. SmartView Tracker. SmartDashboard, CPINFO. SmartUpdate, SmartView Status
D. Security Policy Editor, Log Viewer. Real Time Monitor GUI
Correct Answer: B QUESTION 97
Antivirus protection on a checkpoint gateway is available for all of the following protocols, EXCEPT:
A. FTP
B. SMTP
C. HTTP
D. TELNET
Correct Answer: D QUESTION 98
Message digests use which of the following?
A. SHA-1 and MD5
B. IDEA and RC4
C. SSL and MD4
D. DES and RC4
Correct Answer: A QUESTION 99
Which fw monitor utility would be best to troubleshoot which of the following problems?
A. An error occurs when editing a network object in SmartDashboard
B. A statically NATed Web server behind a Security Gateway cannot be reached from the Internet
C. You get an invalid ID error in SmartView Tracker for phase 2 IKE key negotiations.
D. A user in the user database is corrupt.
Correct Answer: B QUESTION 100
You have three servers located in DMZ address. You want internal users from 10.10.10×10 to access the DMZ servers by public IP addresses. Internet.net 10.10.10xis configured for the NAT behind the security gateway external interface.
What is the best configuration for 10.10.10xusers to access the DMZ servers, using the DMZ server public IP address?
ActualTests.com
A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers
B. When the source is the internal network 10.10.10xt configure manual static NAT rules to translate the DMZ servers
C. When connecting to internal network 10 10.10 x. configure Hide NAT for the DMZ servers.
D. When connecting to the internal network 10.10.10x, configure Hide Nat for the DMZ network behind the DMZ interface of the Security Gateway
Correct Answer: A QUESTION 101
What information is found in the SmartView Tracker Management log?
A. Rule author
B. TCP handshake average duration
C. TCP source port
D. Top used QOS rule
Correct Answer: A QUESTION 102
If you run fw monitor without any parameters, what does the output display?
A. In /var/adm/monitor. Out
B. On the console
C. In /tmp/log/monitor ?out
D. In / var/log/monitor. out
Correct Answer: A QUESTION 103
Which statement defines Public Key Infrastructure? Security is provided: A. By authentication
B. By Certificate Authorities, digital certificates, and two-way symmetric- key encryption
C. By Certificate Authorities, digital certificates, and public key encryption.
D. Via both private and public keys, without the use of digital Certificates.
Correct Answer: D QUESTION 104
As a Security Administrator, you are required to create users for authentication. When you create a user for user authentication, the data is stored in the ___________.
A. SmartUpdate repository
B. User Database
C. Rules Database
D. Objects Database
Correct Answer: B QUESTION 105
Why are certificates preferred over pre-shared keys in an IPsec VPN?
A. Weak scalability: PSKs need to be set on each and every Gateway
B. Weak performance: PSK takes more time to encrypt than Drffie-Hellman
C. Weak security: PSKs can only have 112 bit length.
D. Weak Security. PSK are static and can be brute-forced
Correct Answer: D QUESTION 106
If you are experiencing LDAP issues, which of the following should you check?
A. Domain name resolution
B. Overlapping VPN Domains
C. Secure Internal Communications (SIC)
D. Connectivity between the R71 Gateway and LDAP server
Correct Answer: D QUESTION 107
Jeff wanted to upgrade his Security Gateway to R71, but he remembers that he needs to have a contract file from the user centre before he can start the upgrade. If Jeff wants to download the contracts file from the User Center, what is the correct order of steps needed to perform this?
1) Select Update Contracts from User Center.
2) Enter your Username for your User Center account.
3) Enter your Password for your User Center account.
4) Click the Browse button to specify the path to your download contracts file.
5) Enter your Username and Password for your Security Gateway.
A. 2, 3, 4
B. 1, 5, 4
C. 5, 2, 3
D. 1, 2, 3
Correct Answer: A
QUESTION 108
Choose the BEST sequence for configuring user management in SmartDashboard, Using an LDAP server.
A. Enable LDAP in Global Properties; configure a host-node object for the LDAP server, a Unit.
B. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
Correct Answer: B
QUESTION 109
“Pass Any Exam. Any Time.” – www.actualtests.com 43 Checkpoint 156-215-71: Practice Exam You have configured automatic static NAT on an internal host-node object. You clear the box Translate destination on client site from global properties Nat. assuming all other settings on all properties are selected, what else must be configured so that a host on internet can initiate an inbound connection to this host.
A. A static route to ensure packets destined for the public NAT IP address will reach the Gateway’s internal interface.
B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s external interface.
C. The NAT IP address must be added to the anti-spoofing group of the external gateway interface
D. No extra configuration is needed
Correct Answer: B
QUESTION 110
Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard?
A. Mesh
B. Star
C. Routed
D. Remote Access
Correct Answer: B
QUESTION 111
You have blocked an IP address via the Block Intruder feature of SmartView Tracker How can you view the blocked addresses’?
A. Run f wm blockedview.
B. In SmartView Monitor, select the Blocked Intruder option from the query tree view
C. In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list
D. In SmartView Tracker, click the Active tab. and the actively blocked connections displays
Correct Answer: C
QUESTION 112
John is the Security Administrator in his company He installs a new R71 Security Management Server and a new R71 Gateway He now wants to establish SIC between them. After entering the activation key, the message “Trust established” is displayed in SmartDashboard, but SIC still does not seem to work because the policy won’t install and interface fetching still does not work. What might be a reason for this?
A. This must be a human error.
B. The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.
C. SIC does not function over the network.
D. It always works when the trust is established.
Correct Answer: B QUESTION 113
What are you required to do before running upgrade__ export?
A. Run cpconfig and set yourself up as a GUI client.
B. Run a cpstop on the Security Management Server
C. Run a cpstop on the Security Gateway.
D. Close all GUI clients
Correct Answer: BCD QUESTION 114
You are installing a Security Management Server Your security plan calls for three administrators for this particular server. How many can you create during installation’?
A. Depends on the license installed on the Security Management Server
B. Only one with full access and one with read-only access
C. One
D. As many as you want
Correct Answer: C QUESTION 115
You are installing your R71Security Gateway. Which is NOT a valid option for the hardware platform?
A. Crossbeam
B. Solaris
C. Windows
D. IPSO
Correct Answer: B QUESTION 116
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R71. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R71 Gateway.
B. The Allow control connections setting in Policy > Global Properties has been unchecked.
C. The Security Policy installed to the Gateway had no rules in it
D. The Gateway Object representing your Gateway was configured as an Externally Managed ActualTests.com VPN Gateway.
Correct Answer: B
QUESTION 117
In previous version, the full TCP three-way handshake was sent to the firewall kernel for inspection. How is this improved in current Flows/SecureXL?
A. Only the initial SYN packet is inspected The rest are handled by IPSO
B. Packets are offloaded to a third-party hardware card for near-line inspection
C. Packets are virtualized to a RAM drive-based FW VM
D. Resources are proactively assigned using predictive algorithmic techniques
Correct Answer: A
QUESTION 118
Which command displays the installed Security Gateway version?
A. fw stat
B. cpstat -gw
C. fw ver
D. tw printver
Correct Answer: C QUESTION 119
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and IPS Policies.
B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
C. The collective name of the logs generated by SmartReporter.
D. A global Policy used to share a common enforcement policy for multiple Security Gateways.
Correct Answer: B QUESTION 120
What CANNOT be configured for existing connections during a policy install?
A. Keep all connections
B. Keep data connections
C. Reset all connections
D. Re-match connections
Correct Answer: C QUESTION 121
Which OPSEC server can be used to prevent users from accessing certain Web sites?
A. LEA
B. AMON
C. UFP
D. CVP
Correct Answer: C QUESTION 122
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access after the next Phase 2 exchange occurs?
A. Perfect Forward Secrecy
B. SHA1 Hash Completion
C. Phase 3 Key Revocation
D. M05 Hash Completion
Correct Answer: A QUESTION 123
You are trying to save a custom log query in R71 SmartView Tracker, but getting the following error “Could not save ‘query-name’ (Error Database is Read only).
Which of the following is a likely explanation for this?
A. You have read-only rights to the Security Management Server database.
B. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization
C. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally
D. Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server.
Correct Answer: A
QUESTION 124
Your company’s Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:
A. Client Authentication for fully automatic sign on
B. Client Authentication rule using the manual sign-on method, using HTTP on port 900
C. Client Authentication rule, using partially automatic sign on
D. Session Authentication rule
Correct Answer: B
QUESTION 125
In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port_____.
A. 256
B. 80
C. 900
D. 259
Correct Answer: A
Preparing CheckPoint 156-215 exam is not difficult now.You can prepare from CheckPoint 156-215 Certification or Cisco 642-825 dumps.Here we have mentioned some sample questions.You can use our CheckPoint 156-215 study material notes for test preparation. Latest CheckPoint 156-215 study material available.
