100% Pass CheckPoint 156-215 By Training CheckPoint 156-215 Exam Dumps

Exam A QUESTION 1
What will the command “d:\winnt\fw1\ng\bin] cppkg add C:\CPsuite-R71” achieve? Where d:\winnt\fw1\ng \bin is package-full-path?
A. It will purge a product package to the product repository
B. It will kill a product package to the product repository
C. It will add a product package to the product repository
D. It will print a product package to the product repository
E. It will delete a product package to the product repository

Correct Answer: C QUESTION 2
User Monitor details window is shown in the diagram 1 of the SmartView Monitor. Which of the following information you would not get in the window?

A. Internal IP
B. User DN
C. VPN Tunnel
D. Security Gateway
E. Connect Time

Correct Answer: C
QUESTION 3
The rule below shows the Encrypt rule in a Traditional Mode Rule Base. What is likely to be Simplified Mode equivalent if the if the connections originates at X and its destination is Y, within any Site-to-Site Community (i.e. All_GW _to_GW).
A. Rule C
B. Rule E
C. Rule A
D. Rule B
E. Rule D

Correct Answer: B
QUESTION 4
SmartDirectory (LDAP) new features include which of the following? Select the all correct answers.
A. The use of authentication algorithm
B. Support of Multiple SmartDirectory (LDAP) Vendors using Profiles
C. Support of multiple SmartDirectory (LDAP) servers
D. High Availability
E. The use of encrypted or non-encrypted SmartDirectory (LDAP) Connections
Correct Answer: BCDE
QUESTION 5
You are configuring IPS, Denial of Service – Teardrop section. Which of the following is true of Teardrop?

A. A denial of service vulnerability has been reported in the Linux Kernel. The vulnerability is due to an error in the Linux Kernel IPv6 over IPv4 tunneling driverthat fails to properly handle crafted network packets. Teardrop is a widely available attack tool that exploits this vulnerability
B. Some implementations of TCP/IP contain fragmentation re-assembly code that does not properly handle overlapping IP fragments. Sending two IP fragments, the latter entirely contained inside the former, causes the server to allocate too much memory and crash. Teardrop is a widely available attack tool that exploits this vulnerability
C. JPEG is a very popular image file format. Teardrop is a widely available attack tool that exploits this vulnerability Specially crafted JPEG files may be used to create a DoS condition and in some cases, arbitrary code execution
D. Some implementations of TCP/IP are vulnerable to packets that are crafted in a particular way (a SYN packet in which the source address and port are the same as the destination, i.e., spoofed). Teardrop is a widely available attack tool that exploits this vulnerability
E. The attacker sends a fragmented PING request that exceeds the maximum IP packet size (64KB). Some operating systems are unable to handle such requests and crash. Teardrop is a widely available attack tool that exploits this vulnerability

Correct Answer: B
QUESTION 6
Which of the following command will you use to export users from the NGX user database?
A. fwm dbexports
B. fw export
C. fwm export
D. fw dbexport
E. fwm dbexport

Correct Answer: E
QUESTION 7
The diagrams show your network and the encrypt rule. If the source and destination are inside the VPN Domain of the same gateway i.e. Source X is in Net_A and Destination Y is in Net_B. The connection originates at X and reaches the gateway, which forwards the response back to Y.Which of the following is true?

A. The connection from Net_A to Net_B will be authenticated
B. The gateway 1 will need authentication
C. The connection from Net_A to Net_B will not be encrypted
D. The gateway 1 will drops the connection from Net_A to Net_B
E. The connection from Net_A to Net_B will be encrypted

Correct Answer: C
QUESTION 8
The main drawback to tunneling-mode encryption is:
A. The security of the packet size
B. The decrease in the packet size
C. The increase in the packet size
D. The de-cryption of the packet size
E. The quickness of the packet size
Correct Answer: C
QUESTION 9
259 or connect via HTTP at If SecureClient cannot download a new policy from any Policy Server, it will try
again after a fixed interval. If the fixed interval is set to default, then the default time is:
A. 8 minutes
B. 4 minutes
C. 5 minutes
D. 3 minutes
E. 10 minutes

Correct Answer: C
QUESTION 10
Which of the following Security servers can perform authentication tasks but will not be able perform content security tasks?
A. RLOGIN
B. FTP
C. SMTP
D. HTTP
E. HTTPS

Correct Answer: A

Most Accurate CheckPoint 156-215 Guide PDF Download, Best CheckPoint 156-215 Practice To Ensure You 100% Pass Download

Exam A
QUESTION 1
A Web server behind the Security Gateway is Automatic NAT Cli ent side NAT is enabled in the Global Properties. A client on the Internet initiates a session to the Web Server. On the initiating packet, NAT occurs on which inspection point?
A. O
B. o
C. I

Correct Answer: B
QUESTION 2
Which of the following is NOT supported with office mode?
A. Transparent mode
B. L2TP
C. Secure Client
D. SSL Network Extender

Correct Answer: A
QUESTION 3
You have blocked an IP address via the Block Intruder feature of SmartView Tracker How can you view the blocked addresses’?
A. Run f wm blockedview
B. In SmartView Monitor, Select the Blocked Intruder option from the query tree view
C. In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the List
D. In SmartView Tracker, click the Active tab. and the actively blocked connections displays

Correct Answer: C
QUESTION 4
You are creating an output file with the following command:
Fw monitor 璭”accept(arc=10. 20. 30. 40 or dst=10, 20, 30,-40) :” 璷~/output Which tools do you use to
analyze this file?

A. You can analyze it with Wireshark or Ethereal
B. You can analyze the output file with any ASCI editor.
C. The output file format is CSV. so you can use MS Excel to analyze it
D. You cannot analyze it with any tool as the syntax should be: fw monitor 璭 accept ([12,b] = 10.20.30.40 or [16,b] = 10.20.30.40);-0~/output

Correct Answer: A
QUESTION 5
You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it m real time and verify it is successfully blocked?
A. Highlight the suspicious connection in SmartView Tracker>Active mode. Block it using Tools>Block Intruder menu. observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”
B. Highlight the suspicious connection in SmartView Tracker>Active mode. Block it using Tools>Block Intruder menu. observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
C. Highlight the suspicious connection in SmartView Tracker>Log mode. Block it using Tools>Block Intruder menu. observe in the Log mode that the suspicious connection does not appear again in this
SmartView Tracker view.
D. Highlight the suspicious connection in SmartView Tracker>Log mode. Block it using Tools>Block Intruder menu. observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.

Correct Answer: B
QUESTION 6
What is a Consolidation Policy?
A. The collective name of the Security Policy,Address Translation, and IPS Policies.
B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
C. The collective name of the logs generated by SmartReporter,
D. A global Policy used to share a common enforcement policy for multiple Security Gateways.

Correct Answer: B
QUESTION 7
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R71. Afer running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R71 Gateway.
B. The Allow control connections setting in Policy > Global Properties has been unchecked.
C. The Security Policy Installed to the Gateway had no rules in it
D. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.

Correct Answer: B
QUESTION 8
Your Rule Base includes a Client Authentication rule, using partial authentication and standard sign-on for HTTP, Telnet, and FTP services. The rule was working, until this moring. Now users are not ptompted for authentication, and they see error “page cannot be displayed” in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What cased Client Authentication to fail?
A. You added a rule below the Client Authentication rule, blocking HTTP from the Internal network.
B. You added the Stealth Rule before the Client Authentication rule.
C. You disabled R71 Control Connections in Global Properties.
D. You enabled Static NAT on the problematic machines.

Correct Answer: B
QUESTION 9
When configuring the network interfaces of a checkpoint Gateway, the direction canbe defined as Internal or external. What is meaning of interface leading to DMZ?

A. It defines the DMZ Interface since this information is necessary for Content Control.
B. Using restricted Gateways, this option automatically turns off the counting of IP Addresses originating from this interface
C. When selecting this option. Ann-Spoofing is configured automatically to this net.
D. Activating this option automatically turns this interface to External

Correct Answer: A
QUESTION 10
Study the diaram and answer the question below. What rule would allow access your local net work using FTP service with User Authen tication as a method of authentication?

A. 5
B. 1
C. 3
D. 2
E. 4

Correct Answer: D

First-hand CheckPoint 156-215 Flydumps PDF,CheckPoint 156-215 Question Ensure Pass Certification To Ensure You 100% Pass

Exam A QUESTION 1
If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:
A. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange
B. three-packet IKE Phase 2 exchange is replaced by a two-packet exchange
C. six-packet IKE Phase 1 exchange is replaced by a three-packet exchange
D. three-packet IKE Phase 1 exchange is replaced by a six-packet exchange

Correct Answer: C QUESTION 2
Of the following, what parameters will not be preserved when using Database Revision Control? 1) Simplified mode Rule Bases 2) Traditional mode Rule Bases 3) Secure Platform WebUI Users 4) SIC certificates 5) SmartView Tracker audit logs 6) SmartView Tracker traffic logs 7) Implied Rules 8) IPS Profiles
ActualTests.com 9) Blocked connections 10) Manual NAT rules 11) VPN communities 12) Gateway route table 13) Gateway licenses
A. 3, 4, 5, 6, 9, 12, 13
B. 5, 6, 9, 12, 13
C. 1, 2, 8, 10, 11
D. 2, 4, 7, 10, 11

Correct Answer: B QUESTION 3
You believe Phase 2 negotiations are railing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicions?
A. SmartDashboard
B. SmartView Tracker
C. SmartUpdate
D. SmartView Status Correct Answer: B

QUESTION 4
You are running a R71 Security Gateway on SecurePlatform, in case of a hardware failure. You have a server with the exact same hardware and firewall version Installed. What backup method could be used to quickly put the secondary firewall into production?
A. Upgrade_export
B. Manual backup
C. Snapshot
D. Backup

Correct Answer: C QUESTION 5
What happens hi relation to the CRL cache after a cpstop and cpstart have been initiated?
A. The Gateway retrieves a new CRL on startup, and then discards the old CRL as invalid
B. The Gateway continues to use the old CRL, as long as it is valid.
C. The Gateway continues to use the old CRL even if it is not valid, until a new CRL is cached
D. The Gateway issues a crl_zap on startup, which empties the cache and forces Certificate retrieval

Correct Answer: B QUESTION 6
What physical machine must have access to the User Center public IP address when checking for new packages with smartUpdate?
A. SmartUpdate GUI PC
B. SmartUpdate Repository SQL database Server
C. A Security Gateway retrieving the new upgrade package
D. SmartUpdate installed Security Management Server PC

Correct Answer: A QUESTION 7
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Blank field under Rule Number
B. Rule 0
C. Cleanup Rule
D. Rule 1

Correct Answer: B QUESTION 8
The URL Filtering Policy can be configured to monitor URLs in order to:
A. Log sites from blocked categories.
B. Redirect users to a new URL.
C. Block sites only once.
D. Alert the Administrator to block a suspicious site.

Correct Answer: A QUESTION 9
The Customer has a small Check Point installation which includes one Windows XP workstation as SmartConsole, one Solaris server working as security Management Server, and a third server running SecurePlatform as Security Gateway. This is an Example of a (n):
A. Stand-Alone Installation.
B. Unsupported configuration
C. Distributed Installation
D. Hybrid Installation.

Correct Answer: A
QUESTION 10
You want to implement Static Destination NAT in order to provide external. Internet users access to an internal Webserver that has a reserved (RFC 1918) IP address You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
ActualTests.com
A. Place a static host route on the firewall for the valid IP address to the internal Web server.
B. Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address.
C. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
D. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

Correct Answer: C