No doubt,CheckPoint 156-210 exam is worth challenging task but you should not feel hesitant against the confronting difficulties. Get a complete hold on CheckPoint 156-210 exam syllabus through Flydumps training and boost up your skills.What’s more,all the brain dumps are the latest.
QUESTION 11
Changes made to the Security Policy do not take effect on the Enforcement Module until the administrator performs which of the following actions?
A. Saves the policy.
B. Verifies the policy.
C. Install the policy.
D. Stops firewall services on the Enforcement Module.
E. Stops firewall services on the Management module.
Correct Answer: C
QUESTION 12
Consider the following network:
The public servers are a web form. Since the web servers accepts and initiate connections Dynamic translation is required.
A. True
B. False
Correct Answer: B QUESTION 13
The fw fetch command perform the following function: A. Attempts to fetch the policy from the Management Server.
B. Fetches users from the Management server.
C. Produces an output screen of the Rule Base.
D. Fetches the logs.
E. Fetches the systems status.
Correct Answer: A
QUESTION 14
Inclement weather and a UPS-failure cause a firewall to reboot. Earlier that day a tornado destroyed the building where the firewall’s Management Module was located. The Management Module was not recovered and has not been replaced.
Bases on the scenario, which of the following statements is FALSE?
A. The firewall will continue to enforce the last rule base installed.
B. The firewall will log locally.
C. The firewall will fetch the last installed policy form local host and install it.
D. Communication between the firewall and the replacement Management Module must be established before the replacement Management Module can install a policy on the firewall.
E. Because the firewall cannot contact the Management Module, no policy will be installed.
Correct Answer: E
QUESTION 15
When configuring Anti-Spoofing for VPN-1/FireWall-1 NG on the firewall interfaces, all of the following are valid address choices except:
A. Network defined by Interface IP and Net Mask.
B. Not Defined.
C. Security Policy Installed.
D. Specific
E. None of the above.
Correct Answer: C
QUESTION 16
The security administrator for the following configuration only allows members of the localnet managers group access files in BigBen (the FTP Server) Select below the rule that allows local managers to access the FTP server from any location.
No SOURCE
DESTINATION SERVICE ACTION 1 LocalManagers@Any BigBen ftp User Auth 2 LocalManagers@Net_London BigBen ftp Client Auth 3 LocalManagers@Any BigBen ftp Session Auth 4 LocalManagers@Net_Tokyo BigBen ftp User Auth
A. Rule 1.
B. Rule 2.
C. Rule 3.
D. Rule 4.
E. None of these rules allow access.
Correct Answer: A QUESTION 17
Assume that you are working on a Windows NT operating system. What is the default expiration for a Dynamic NAT connection NOT showing any UDP activity?
A. 30 Seconds.
B. 60 Seconds.
C. 40 Seconds.
D. 600 Seconds.
E. 3000 Seconds.
Correct Answer: C QUESTION 18
Assume there has been no change made to default policy properties. To allow a telnet connection into your
network, you must create two rules.
One to allow the initial Telnet connection in.
One to allow the destination machine to send information back to the client.
A. True
B. False Correct Answer: B QUESTION 19
In Windows NT to force log entries other than the default directory.
A. You must use the cpconfig command.
B. Change the fwlog environment variable.
C. Modify the registry.
D. Change the directory in log viewer.
E. Use the fw log switch command.
Correct Answer: E QUESTION 20
For most installations, the Clean-Up rule should be the last rule in Rule Base.
A. True
B. False
Correct Answer: A QUESTION 21
What complements are necessary for VPN-1/FireWall-1 NG to scan e-mail, passing through the firewall, for macro viruses?
A. UFP and OPSEC-certified scanning product.
B. CVP and OPSEC-certified virus scanning product.
C. UFP and CVP.
D. UFP, CVP and OPSEC-certified content filter.
E. None of the above, VPN-1/FireWall-1 NG scans for macro viruses by default.
Correct Answer: B QUESTION 22
Why would you want to verify a Security Policy before installation?
A. To install Security Policy cleanly.
B. To check up the enforcement-point firewall for errors.
C. To identify conflicting rules in your Security Policy.
D. To compress the Rule Base for faster installation
E. There us no benefit verifying a Security Policy before installing it.
Correct Answer: C QUESTION 23
To completely setup Static NAT, you ONLY have to select Add Automatic Address Translation rules on the NAT tab, and specify a public NAT IP address.
A. True
B. False
Correct Answer: B QUESTION 24
If you configure the Minutes interval for a firewall in the User Authentication session timeout box, as shown below on the Authentication Tab of the Workstations properties window, users of one time password must re-authenticate for each request during this time period.
A. True
B. False
Correct Answer: B
QUESTION 25
What does a status of Untrusted tell you?
A. A VPN-1/Firewall-1 NG firewall module has been compromised.
B. A gateway cannot be reached.
C. A module is installed and responding to status checks, but the status is problematic.
D. A gateway is connected, but the management module is not the master of the module installed on the
gateway.
E. None of the above.
Correct Answer: D
QUESTION 26
Omanan Enterprises has the premier reclamation system for scrap aluminum in the western hemisphere. Then phenomenal growth over the last 10 years has led to the decision to establish a presence in the Internet in order to their customers. To that end, Omanan Enterprise network administrator, Jason has acquired a Web Server, and email server and 14 IP addresses from their ISP. Jason also purchased a Checkpoint VPN-1/FireWall-1 stand alone gateway module, with these interfaces, to protect Omanan enterprises’ corporate data their ISP will be providing DNS services. The Web Server and email server must have Static routable IP addresses. The eight member executive counsel of Omanan Enterprises would to have routable IP addresses also, so that they can video-conference with the company’s suppliers. Omanan Enterprises’ remaining 200 employees would like to have access to Internet, and the executive counsel believe that granting them access might improve company morale.
Jason installs and configured Checkpoint VPN-1/FireWall1 stand alone Gateway module at the perimeter of Omanan Enterprises corporate LAN. He uses the 3rd NIC in the stand alone firewall gateway module to create DMZ. Jason installs the Web server and the email server on the DMZ. He creates tools and objects on the checkpoint VPN-1/FireWall-1 stand alone gateway module to allow HTTP, POP3 and SMTP from the Internet to the DMZ. He Creates objects to represent the web and email server and configures them for Static NAT. Jason reconfigures his DHCP server so that each of the members of the executive counsel has reserved IP address. He then sues those reservations co create Statically NAT-ed objects on the Checkpoint VPN/ Firewall-1 Standalone Gateway module. Jason creates another object represents the internal network he configures this object for Dynamic NAT. He adds a rule allowing HTTP traffic from the internal network to any destination. Jason created an additional rule to allow POP3 and SMTP traffic between the internal networks and DMZ.
Choose the one phrase below that best describes Jason’s proposal.
A. The proposed solution meets the required objectives and none of the desired objectives.
B. The proposed solution meets the required objectives and only one of the desired objectives.
C. The proposed solution meets the required objectives and all desired objectives.
D. The proposed solution does not meet the required objective.
Correct Answer: C
QUESTION 27
Anna is a security administrator setting up User Authentication for the first time. She has correctly configured her Authentication rule, but authentication still does not work. What is the Check Point recommended way to troubleshoot this issue?
A. Verify the properties of the user attempting authentication and the authentication method selected in the Authentication Properties of your firewall object.
B. Verify the firewall settings of your firewall object, and the properties for the user attempting encryption
and authentication.
C. Verify the properties for the user attempting authentication and make sure that the file Stealth Authentication method is selected in the Authentication properties of both the peer gateway object and your firewall object.
D. Verify both Client and User Authentication, and the authentication method selected in the Authentication properties of your Firewall object.
E. Re-import Schema from the VPN-1/FireWall-1 NG installation CD.
Correct Answer: A
QUESTION 28
Session authentication provides an authentication method NOT supported by protocols that can be integrated with any application.
No. Source
Destination Service Action Track Install On 1. Any Local_Net telnet Accept Long Gateways 2. Pub Server1 Pub Server2 Any Accept Long Gateways
A. True
B. False
Correct Answer: A
QUESTION 29
How do recover communications between your management module and enforcement module if you lock yourself out via a rule policy that is configured incorrectly?
A. Cp delete all all.
B. Cp pause all all.
C. Cp stop all all.
D. Cp unload all all.
E. Cp push all all.
Correct Answer: D
QUESTION 30
You have set up a firewall and management module on one NT box and a remote module on a different location. You receive only sporadic logs from the local firewall and only and control message from remote firewall. All rules on both firewalls are logging and you know the traffic is flowing through the firewall using these rules. All the firewall related services are running and you are using NAT and you receive few logs from the local firewall. What actions from the choices below would you perform to find out why you cannot see logs?
A. Make sure there is no masters file in SFWDIR/conf on the remote module.
B. Make sure there is no masters file in SFWDIR/conf on the local NT box.
C. See if you can do a fwfetch from the module.
D. Run the fw logexport t n from the command line prompt on the remote module.
E. Use pulist.exe from the Windows NT resource kit.
Correct Answer: C
QUESTION 31
As a firewall administrator you encounter the following you error message: Authentication for command failed.
What is the most logical reasoning for thus type of error message?
A. The Rule Base has been corrupted.
B. The kernel cannot communicate with the management module.
C. The administrator does not have the ability to push the policy.
D. Remote encryption keys cannot be fetched.
E. Client authentication has failed.
Correct Answer: B
QUESTION 32
Your customer has created a rule so that every time a user wants to go to the Internet, that user must be authenticated. Firewall load is a concern for the customer. Which authentication method does not result in any additional connections to the firewall?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Correct Answer: A
QUESTION 33
What variable is used to extend the interval of the Timeout in a NAT to prevent a hidden UDP connection from losing its port?
A. Fwx_udp_todefaultextend.
B. Fwx_udp_expdefaultextend.
C. Fwx_udp_todefaultext
D. Fwx_udp_timeout.
E. Fwx_udp_expiration.
Correct Answer: D
QUESTION 34
To hide data filed in the log viewer:
A. Select Hide from the Log Viewer menu.
B. Right-click anywhere in a column of the Log Viewer GUI and select Show Details.
C. Right-click anywhere in the column of the Log Viewer GUI and select Disable.
D. Right-click anywhere in the column of the Log Viewer GUI and select Hide.
E. Select Hide from the Log Viewer tool bar.
Correct Answer: D
QUESTION 35
You are following the procedure to setup user authentication for TELNET to prompt for a distinct destination. This allows the firewall to simulate a TELNET Proxy. After you defined the user on the Firewall and use VPN-1/FireWall-1 Authentication, you would:
A. Stop the Firewall.
B. Restart the Firewall.
C. Start the Policy Editor and go to Manage service, and edit TELNET service.
D. Ensure that the Authentication method is enabled in the firewall object.
E. Ensure that there are no existing rules already allowing TELNET.
Correct Answer: D
QUESTION 36
You have the VPN-1/Firewall-1 NG product installed. The following Rule Base order correctly implements Implicit Client Authentication fort HTTP.
No. SOURCE
DESTINATION SERVICE ACTION 1 All Users@localnet *Any TCP ftp User Auth 2 All Users@localnet *Any TCP http User Auth
A. True
B. False
Correct Answer: B
QUESTION 37
What is the software package through which all Check Point products use infrastructure services?
A. Cpstart/cpstop.
B. Check Point Registry.
C. CPD
D. Watch Dog for critical services.
E. SVN Foundation.
Correct Answer: E
QUESTION 38
Choose the BEST response to finish this statement. A Firewall:
A. Prevents unauthorized to or from a secured network.
B. Prevents unauthorized to or from a unsecured network.
C. Prevents authorized access to or from an Intranet.
D. Prevents authorized access to or from an Internet.
E. Prevents macro viruses from infecting the network.
Correct Answer: A
QUESTION 39
Where is the external if file located in VPN1/Firewall-1 NG?
A. FWDIR conf directory.
B. Database directory.
C. State directory.
D. Temp Directory.
E. Not used in VPN1/Firewall-1 NG.
Correct Answer: E
QUESTION 40
Which log viewer mode allows you to actually see the contents of the files HTTP-ed by the corporation’s Chief Executive Officer?
A. Security Log.
B. Active Connections Log.
C. Accounting Log.
D. Administrative Log.
E. None of the above.
Correct Answer: E QUESTION 41
When you select the alert radio button on the topology tab of the interface properties window:
A. The action specified in the Action element of the Rule Base is taken.
B. The action specified in the Anti-Spoofing Alert field in the Global properties window is taken.
C. The action specified in the Pop up Alter Command in the Global properties window is taken.
D. Both A and B.
E. Both B and C.
Correct Answer: E
QUESTION 42
You are the firewall administrator with one management server managing one firewall. The system status displays a computer icon with a `
!’ symbol in the status column. Which of the following is the most likely cause?
A. The destination object has been defined as external.
B. The Rule Base is unable to resolve the IP address.
C. The firewall has been halted.
D. The firewall is unprotected, no security policy is loaded.
E. Nothing is wrong.
Correct Answer: D
QUESTION 43
System Administrators use session authentication when they want users to:
A. Authenticate each time they use a supported service.
B. Authenticate all services.
C. Use only TENET, FTP, RLOGIN, and HTTP services.
D. Authenticate once, and then be able to use any service until logging off.
E. Both B and D
Correct Answer: B
QUESTION 44
Your customer has created a rule so that every time a user wants to go to Internet, that user must be
authenticated. The customer requires an authentication scheme that provides transparency for the user
and granular control for the administrator. User must also be able to log in from any location.
Based on this information, which authentication schemes meets the customer’s needs?
A. Session
B. User
C. Client
D. Dual
E. Reverse
Correct Answer: B
QUESTION 45
Implementing Dynamic NAT would enable an internal machine behind the firewall to act as an FTP Server for external clients.
A. True
B. False
Correct Answer: B QUESTION 46
The Enforcement Module (part if the VPN-1/FireWall-1 Module):
A. Examines all communications according to an Enterprise Security Policy.
B. Is installed on a host enforcement point.
C. Can provide authentication and Content Security features at the application level.
D. Us usually installed on a multi-homed machine.
E. All of the above.
Correct Answer: E QUESTION 47
In most cases when you are building the Rule Base you should place the Stealth Rule above all other rules except:
A. Clean up rules.
B. Implicit Riles.
C. Client Authentication Rules.
D. Pseudo Rules.
E. Default Rules.
Correct Answer: C QUESTION 48
If you change the inspection order of any of the implied rules under the Security Policy Setup, does it change the order in which the rules are enforced?
A. True
B. False
Correct Answer: A QUESTION 49
The fw fetch command allows an administrator to specify which Security Policy a remote enforcement module retrieves.
A. True
B. False
Correct Answer: A QUESTION 50
You can edit VPE objects before they are actualized (translated from virtual network objects to real).
A. True
B. False.
Correct Answer: B QUESTION 51
CheckPoint 156-210 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of CheckPoint 156-210. We provide our customers with the excellent 7×24 hours customer service.We have the most professional CheckPoint 156-210 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our CheckPoint 156-210 free pdf