Flydumps is providing complete solutions for CheckPoint 156-210 that will help the candidates learn extensively and score exceptional in the CheckPoint 156-210 exam. Passing the Microsoft is not a dream anymore as our user friendly learning resources ensure guaranteed success.
QUESTION 52
If the security policy editor or system status GUI is open, you can open the log viewer GUI from the window menu.
A. True
B. False
Correct Answer: A
QUESTION 53
NAT can NOT be configured on which of the objects?
A. Hosts
B. Gateways
C. Networks
D. Users
E. Routers
Correct Answer: D
QUESTION 54
Your customer has created a rule so that every user wants to go to Internet, that user must be authenticated. Which is the best method of authentication for users who must use specific computers for Internet access?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Correct Answer: C
QUESTION 55
Which of the following describes the behavior of VPN-1/Firewall-1 NG?
A. Traffic not expressly prohibited is permitted.
B. Traffic not expressly permitted is prohibited.
C. TELNET, SMTP and HTTP are allowed by default.
D. Secure connections are authorized by default, unsecured connections are not.
E. All traffic is controlled by explicit rules.
Correct Answer: B
QUESTION 56
New users are created from templates. What is the name of the standard template from which you would create a new user?
A. New
B. User
C. Group
D. Standard User.
E. Default
Correct Answer: E
QUESTION 57
In a distributed management environment, the firewall administrator has removed the default check from Accept VPN-1/Firewall-1 control connections under the Security Policy tab of the properties
setup dialogue box. In order for the management module and the Firewall to communicate, you must create a rule to allow the Management Module to communicate to the firewall on which port?
A. 80
B. 256
C. 259
D. 900
E. 23
Correct Answer: B
QUESTION 58
What is the command for installing a Security Policy from a *.W file?
A. Fw gen and then the name of the .W file.
B. Fw load and then the name of .W file.
C. Fw regen and then the name of the .W file.
D. Fw reload and then the directory location of the .W file.
E. Fw import and then the name of the .W file.
Correct Answer: B
QUESTION 59
In the Check Point Configuration Too, you create a GUI administrator with Read Only privileges.
This allows the Firewall-1 administrator for the authorized GUI client (GUI workstation) privileges to change
network object, and create and install rules.
A. True
B. False
Correct Answer: B
QUESTION 60
Hybrid Authentication allows VPN-1/Firewall-1 NG to authenticate SecuRemote/SecureClient, using which of the following?
A. RADIUS
B. 3DES
C. TACACS
D. Any authentication method supported by VPN-1/Firewall-1.
E. Both A and C.
Correct Answer: D QUESTION 61
In order to install a new Security Policy on a remote firewall, what command must be issued on the remote firewall?
A. Fw unload all all.
B. Fw load new.
C. Cp clear policy.
D. None of the above, the command cp policy remove is issued from the manager.
E. None of the above, the new policy will automatically overwrite the existing policy.
Correct Answer: E QUESTION 62
As a firewall administrator if you want to log packets dropped by “implicit drop anything not covered” rules, you must explicitly define a Clean-up rule. This must be the last rule in the rule base.
A. True
B. False
Correct Answer: A QUESTION 63
Fully Automatic Client authentication provides authentication for all protocols, whether supported by these protocols or not.
A. True
B. False
Correct Answer: A QUESTION 64
VPN-1/Firewall-1 NG differs from Packet filtering and Application Layer Gateways, because?
A. VPN-1/Firewall-1 NG provides only minimal logging and altering mechanism.
B. VPN-1/Firewal-1 NG uses Stateful inspection which allows packet to be examined at the top of the layers of the OSI model.
C. VPN-1/Firewall-1 NG has access to a limited part of the packet header only.
D. VPN-1/Firewall-1NG requires a connection from a client to a firewall and firewall to a server.
E. VPN-1/Firewall-1 NG has access to packets passing through key locations in a network.
Correct Answer: B QUESTION 65
AlphaBravo Corp has 72 privately addressed internal addresses. Each network is a piece of the 10-net subnetted to a class C address. AlphaBravo uses Dynamic NAT and hides all of the internal networks behind the external IP addresses of the Firewall. The Firewall administrator for AlphaBravo has noticed that policy installation takes significantly longer since adding all 72 internal networks to the address translation rule. What should the Firewall administrator do to reduce the time it takes to install a policy?
A. Create an object for the entire 10-net and use the object for the translation rule instead of the individual network objects.
B. Use automatic NAT rule creation on each network object. Hide the network behind the firewall’s external IP addresses.
C. Match packets to the state table, so packets are not dropped. Increase the size of the NAT tables.
D. Reinstall the Firewall and Security Policy Editor. The policy is corrupting Firewall’s binaries.
E. Increase the size of state table. Use automatic NAT rule creation to hide the networks behind an IP
address other than firewall’s external IP. Correct Answer: A QUESTION 66
How does VPN-1/Firewall-1 NG implement Transparent authentication?
A. Unknown user receive error messages indicating that the firewalled gateway does not know the user names on the gateway.
B. VPN-1/Firewall-1 NG prompts for user names even through the authentication data may not be recognized by the firewall’s user database.
C. VPN-1/Firewall-1 NG allows connections, but hides the firewall from authenticated users.
D. Unknown users error messages indicating that the host does not know the users names on the server.
E. VPN-1/Firewall-1 NG does not allow connections from users who do not know the name of the
firewall. Correct Answer: C QUESTION 67 When creating user authentication rule, select intersect with user database for source and destination to allow access according to the source specified in the rules.
A. True
B. False
Correct Answer: B QUESTION 68
A connection initiated by the client in the figure below will be hidden behind the IP address of the interface through which the connection was routed on the server side if the gateway (behind either interface 2 or interface 3). Specifying 0.0.0.0 as the address is convenient because of network address translation (NAT) is performed dynamically. And if the IP addresses of the gateway are changed, it is not necessary to reconfigure the NAT parameters.
Which of the following is true about the following figure?
A. A connection initiated by the client will be hidden behind the IP address of the exit interface.
B. A connection initiated by the server will be hidden behind the IP address of the exit interface.
C. A connection initiated by the server will be hidden by the IP address of the client.
D. Source addresses of outbound packets from the client will be translated to 0.0.0.0.
E. Source addresses of outbound packets from the server will be translated to 0.0.0.0.
Correct Answer: A
QUESTION 69
Which if the following statements about Client Authentication are FALSE?
A. In contrast to User Authentication, which allows access per user, Client Authentication allows access
per ID address.
B. Authentication is by user name and password, but is the host machine (client) that is granted access.
C. Client Authentication is more secure than User Authentication, because it allows multiple users and connections from an authorized IP address or host.
D. Client Authentication enables administration to grant access privileges to a specific IP address after successful authentication.
Correct Answer: C QUESTION 70
When you make a rule, the rule is not enforces as part of your Security Policy.
A. True
B. False
Correct Answer: B QUESTION 71
Which of the following user actions would you insert as an INTERNAL Authentication scheme?
A. The user enters the security dynamics passcode.
B. The user prompted for a response from the RADIUS server.
C. The user prompted for a response from the AXENT server.
D. The user prompted for a response from the TACACS server.
E. The user enters an operating system account password.
Correct Answer: E QUESTION 72
When configuring Static NAT, you cannot map the routable IP address to the external IP address of the Firewall if attempted, the security policy installation fails with the following error “rule X conflicts with rule Y”.
A. True
B. False
Correct Answer: A QUESTION 73
The advantage of client authentication is that it can be used for any number of connections and for any services, but authentication is only valid for a specified length of time.
A. True
B. False
Correct Answer: B QUESTION 74
You have set up Static NAT on a VPN-1/Firewall-1 to allow Internet traffic to an internal web server. You notice that any HTTP attempts to that machine being dropped in the log due to rule 0. Which of the following is the most likely cause?
A. Spoofing on the internal interface us set to Network defined by Interface IP and Net Mask.
B. Spoofing on the external interface is set to Not Defined.
C. You do NOT have a rule that allows HTTP access to the internal Web Server.
D. You do NOT have a rule that allows HTTP from the Web Server to Any destination.
E. None of the above.
Correct Answer: C QUESTION 75
As a firewall administrator, you are required to create VPN-1/Firewall-1 users for authentication. When you create a user for user authentication, the data is stored in the?
A. Inspect Engine.
B. Rule base.
C. Users database
D. Rulebase fws file
E. Inspect module.
Correct Answer: C QUESTION 76
If users authenticated successfully, they have matched the User and Authentication rule restriction of the user group to which they belong.
A. True
B. False
Correct Answer: A QUESTION 77
The only way to unblock BLOCKED connections by deleting all the blocking rules from the Rule base.
A. True
B. False
Correct Answer: B QUESTION 78
When you perform a cp fetch, what can you expect from this command?
A. Firewall retrieves the user database from the tables on the Management Module.
B. Firewall retrieves the inspection code from the remote Management Module and installs it to the kernel.
C. Management module retrieves the IP address of the target specified in the command.
D. Management module retrieves the interface information for the target specified in the command.
E. None of the above.
Correct Answer: B QUESTION 79
Each incoming UDP packet is locked up in the list of pending connections. Packets are delivered if they are _________.
A. A request.
B. A response to a request.
C. Source routed.
D. Allowed by the Rule Base.
E. Both B and D.
Correct Answer: E QUESTION 80
Assume an NT system. What is the default expiration for a Dynamic NAT connection NOT showing any TCP activity?
A. 30 Seconds.
B. 60 Seconds.
C. 330 Seconds.
D. 660 Seconds.
E. 3600 Seconds.
Correct Answer: E QUESTION 81
CCNA Exam Certification Guide is a best-of-breed CheckPoint 156-210 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and CheckPoint 156-210 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.CheckPoint 156-210 Material is presented in a concise manner,focusing on increasing your understanding and retention of exam topics.