Flydumps provides the guaranteed preparation material to boost your confidence in the CheckPoint 156-210 exam.Successful candidates have provided their reviews about our guaranteed CheckPoint 156-210 preparation material, you can come to realize the real worth of our featured products through overviewing the reviews and testimonials.
QUESTION 35
In Secure Internal Communicators (SIC), the SmartCenter Server and its components are identified by a (n):
A. SIC entry in the host file
B. Random seed
C. Port number
D. Distinguished Name
E. IP address
Correct Answer: D
QUESTION 36
Which of the following statements BEST describes Dynamic Network Address Translation (Hide NAT)?
A. Allow you to hide an entire network behind one IP address.
B. Translates private external IP addresses to public IP addresses.
C. Allows you to hide an entire network behind public IP addresses.
D. Translates public internal IP addresses to private IP addresses.
E. Allow you to hide an entire network behind random IP addresses.
Correct Answer: A
QUESTION 37
What type of TCP attack is a bandwidth attack, where a client fools a server into sending large amount of data, using small packets?
A. SMURF
B. SYN-Flood
C. Host System Hogging
D. Small PMTU
E. LAND
Correct Answer: D
QUESTION 38
How is the Block Intruder request used?
A. It is used in place of the HTTP Security Server.
B. SmartDefense automatically uses this capability.
C. It is used in the Log mode of SmartView Tracker to kill active connections.
D. It is activated in SmartDashboard through the Security Policy.
E. It blocks access from a Source, or to a Destination, for a specified amount of time, or indefinitely.
Correct Answer: E
QUESTION 39
A conflict between anti-spoofing and Network Address Translation (NAT) occurs when:
A. The Translate destination on the client-side option is not enabled when using Static NAT:
B. NAT is performed on the client side.
C. Manual NAT rules are used.
D. The Translate destination on the client-side option is enabled.
E. The Translate destination on the server-side option is enabled.
Correct Answer: A
QUESTION 40
One of the most important tasks Security Adminstrators perform is log maintenance. By default, when an administrator clicks File > Switch Active file from SmartView Tracker, the SmartCenter server:
A. Purges the current log file, and prompts the Security Administrator for the mode of the new log.
B. Opens a new window with a previously saved log for viewing.
C. Saves the current log file, names the save file by date and time and starts a new log.
D. Prompts the Security Administrator for the name of the current log, saves it, and then prompts the Security Administrator for the mode of the new log.
E. Purges the current log file, and starts a new log.
Correct Answer: C
QUESTION 41
A VPN-1/FireWall-1 SmartDashboard is used to perform which of the following tasks? Choose two.
A. Allows the Security Administrator to configure Network Address Translation.
B. Stores VPN-1/Firewall-1 logs
C. Compiles the Rule Base into an enforceable Security Policy.
D. Stores the User Database.
E. It is used to crate and define a Security Policy.
Correct Answer: AE
QUESTION 42
Assuming the default settings in the Global Properties have not changed, which of the following types of traffic will be allowed through a firewall with the Rule Base displayed in the exhibit?
A. VPN-1/Firewall-1 Control Connections.
B. HTTP from anywhere to Web Server.
C. HTTP from network out.
D. FTP from anywhere to Web Server.
E. RIP traffic to the gateway.
Correct Answer: AB
QUESTION 43
In SmartView Status, what does a status of Untrusted tell you?
A. The Enforcement Module is offline.
B. The Security Administrator has entered the wrong password at SmartView Status login.
C. Secure Internal Communications (SIC) has not been established between the SmartCenter Server and the Enforcement Module
D. The SmartCenter Server cannot contact a gateway
E. An Enforcement Module is installed and responding to status checks, but the status is problematic.
Correct Answer: C
QUESTION 44
For which of the following objectd types can Network Address Translation be configured?
A. Domains, host nodes, network.
B. Domains, networks, users
C. Host nodes, networks, OSE devices
D. Host nodes, networks, address ranges
E. Networks, OSE Devices logical servers.
Correct Answer: D
QUESTION 45
Howa CK Storm Center Block Lists activated? Choose the correction order.
1.
Security Adminstrators define a CPDShield object and place it in the Rule Base appropriately.
2.
The Storm Center Module agent on the Enforcement Module retrieves the Block list, and replaces the CPDSHield object with a list of blocked IP addresses.
3.
The Storm Center Module agent periodically checks for updates to the Block list.
A. 3, 2, 1
B. 1, 2, 3
C. 2, 3, 1
D. 3, 1, 2
E. 2, 1, 3
Correct Answer: B
QUESTION 46
Network topology exhibit In the network displayed in the exhibit, the public servers accept and initiate connections from the Internet. The public servers must:
A. Be moved to the other side of the Enforcement Module, and give public addresses.
B. Use Reverse Network Address Translation.
C. Use Static Network Address Translation.
D. Use Dynamic Network Address Translation
E. Network Address Translation is not required.
Correct Answer: C
QUESTION 47
What Blocking Scope options are available when using Block Intruder? Choose three.
A. Block access from this Source.
B. Block source and destination
C. Block access to this Destination.
D. Block only this connection
E. Block all traffic
Correct Answer: ACD
QUESTION 48
TO be MOST effective, where should Anti-Spoofing be configured?
A. Only on interfaces facing internal networks.
B. Only on external and DMZ interfaces.
C. Only on DMZ interfaces
D. Only on external interfaces.
E. On all interfaces.
Correct Answer: E QUESTION 49
Choose the two responses that BEST describe a VPN-1/Firewall-1 Rule Base. A Rule Base is:
A. A collection of corporate guidelines used to structure the network Security Policies for users operating behind the firewall.
B. A collection of system settings that make up implicit rules defining network security.
C. The process by which secure communications are established between different VPN-1/Firewall-1 Modules, operating within an enterprise security environment.
D. A repository of DLL files, each provides a specific security function.
E. A set of explicitly and implicitly defined rules used to define network security.
Correct Answer: AE
QUESTION 50
When defining objects, why should you NOT change the name or IP address of the system-created SmartCenter Server objects? Choose two.
A. Changes the certificate of the system-created object
B. Causes a fault-tolerance error on the VPN-1/Firewall-1 Enforcement Module
C. Interferes with Security Policy Installation
D. Does not change the object name in the Rule Base.
E. Negatively affects the Internal Certificate Authority.
Correct Answer: AE
QUESTION 51
You are the Security Administrator with one SmartCenter Server managing one Enforcement Module.
SmartView Status displays a computer icon with an “?” in the Status column.
What does this mean?
A. The VPN-1/FireWall-1 Enforcement Module has been compromised and is no longer controlled by this SmartCenter Server.
B. Secure Internal Communications (SIC) has not been established between the SmartCenter Server and the Enforcement Module.
C. The Enforcement Module is installed and responding to status checks, but the status is problematic.
D. You have entered the wrong password at SmartView Status login.
E. The SmartCenter Server cannot contact the gateway.
Correct Answer: E
QUESTION 52
Which statement below BEST describes how VPN-1/FireWall-1 handles hidden rules? Hidden rules are:
A. Not included when the Security Policy is installed.
B. Removed from the existing Security Policy.
C. Enforced when the Security Policy is installed.
D. Automatically installed, when the Unhide All option is selected from the Hide Rules menu.
E. Enforced as implied rules, before the explicitly defined Rule Base.
Correct Answer: C
QUESTION 53
Which of the following is NOT included in SVN Foundation?
A. Watch Dog for Critical Services
B. License Utilities
C. CPShared Daemon
D. SmartDefense
E. SNMP Daemon
Correct Answer: D
QUESTION 54
Which of the following BEST describes the function of Dynamic Network Address Translation (Dynamic NAT)? Dynamic NAT:
A. Allows you to configure more public IP addresses than you have hosts.
B. Reduces the load on the Enforcement Module.
C. Limits the number of internal hosts that may access the Internet.
D. Reduces the number of connections to your Web server.
E. Allows you to configure for more hosts than you have public IP addresses.
Correct Answer: E
QUESTION 55
Which Block Intruder options block suspicious connections? (Choose three)
A. Block Connections by Packet Size.
B. Block Access from that Source.
C. Block Connections using Specific Services.
D. Block Access to the Destination.
E. Block Selected Connection.
Correct Answer: BDE
QUESTION 56
Which of the following denial-of-service attacks does SmartDefense defeat? (Choose three)
A. Ping of Death
B. Rouge Applets
C. Teardrop
D. Host System Hogging
E. LAND
Correct Answer: ACE
QUESTION 57
What are the benefit of Stateful Inspection? (Choose two) Stateful Inspection:
A. Shuts down the upper-range ports, to secure an internal network.
B. Uses state information derived from past communications and other applications, to make control decisions for new communication attempts.
C. Leaves the upper range of ports (greater than 1023) open, to allow for file-transfer sessions.
D. Duplicates the number of sessions, acting as a proxy broker between a client and server.
E. Examines every packet, and applies a defined Security Policy to each.
Correct Answer: BE
QUESTION 58
Which of the following are core functions of Application Intelligence? (Choose two)
A. Validating compliance to standards.
B. Validating simple protocols, without controlling application logic.
C. Validating Data and Physical Layer attacks.
D. Limiting the ability of applications to carry malicious data.
E. Allowing Application Layer operations.
Correct Answer: AD
QUESTION 59
One of the functions of the SmartDefense console is to:
A. Add rules to block and log attacks.
B. Configure user options for tracking attacks.
C. Display real-time information about attacks.
D. Configure logging options for attack forensics.
E. Configure auditing and reporting options.
Correct Answer: C
QUESTION 60
The SANS Dshield.org Storm center integrates with SmartDefense, by: (Choose two)
A. Reviewing VPN-1/FireWall-1 logs.
B. Providing Storm Center audit trails.
C. Setting up the SmartDefense Subscription service.
D. Adding the Storm Center Block List report to the Security Policy.
E. Updating SmartDefense attack signatures in real time.
Correct Answer: AD
QUESTION 61
Systems needing to be accessed from the Internet should use which type of address translation?
A. IP Pool NAT
B. Hide NAT
C. NAT cannot be used
D. Static NAT
E. Dynamic NAT
Correct Answer: D
QUESTION 62
VPN-1/FireWall-1 logs are exportable to other applications, such as spreadsheets or databases, using which of the following?
A. FW Log Unification Engine
B. Secure Internal Communications (SIC)
C. Check Point logs are not exportable
D. Log Export Application (LEA)
E. Log Identification Unique ID (LUUID)
Correct Answer: D
QUESTION 63
Which of the following is NOT configured under Application Intelligence in SmartDefense?
A. FTP
B. DNS
C. Dynamic Ports
D. Rlogin
E. VoIP
Correct Answer: C
QUESTION 64
Which type of rule should be placed above the Stealth Rule?
A. User Authentication
B. Client Authentication
C. Network Address Translation
D. Cleanup
E. Session Authentication
Correct Answer: B
QUESTION 65
Bad weather and a UPS failure caused your remote Enforcement Module to reboot. Earlier that day, a tornado destroyed the building where the SmartCenter Server was located. You have not yet recovered or replaced the SmartCenter Server. Which of the following statements is false? (Choose two) Because the Enforcement Module cannot connect to the SmartCenter Server.
A. The Enforcement Module will log locally.
B. The Enforcement Module will continue to enforce the last Security Policy installed.
C. No Security Policy is installed, and all traffic will be dropped.
D. No Security Policy is installed, and all traffic will be allowed.
E. The Enforcement Module attempts to fetch a Security Policy from the SmartCenter Server, and install it.
Correct Answer: AB
QUESTION 66
Which of the following is NOT included in Application Intelligence Web Security?
A. HTTP Worm Catcher
B. Peer-to-Peer traffic over HTTP
C. Cross-Site Scripting
D. HTTP Format Size
E. HTTP Java Blocker
Correct Answer: E
QUESTION 67
Which of the following statements are TRUE of VPN-1/FireWall-1 groups? (Choose two)
A. Groups can be nested in groups.
B. The contents of one group can be imported into another group.
C. Services and network objects can be placed in the same group.
D. User groups can be nested, but network-object groups cannot.
E. Users and services can be placed in the same group.
Correct Answer: AB
QUESTION 68
You have locked yourself out, with a rule or an incorrectly configured Security Policy. What would you do to
recover communication between your SmartCenter Server and Enforcement Module?
A. fw push localhost
B. pw unloadlocal
C. fw unlocklocal
D. cpstop localhost
E. cpdelete localhost
Correct Answer: B
QUESTION 69
How does SmartDefense Integrate with network Storm Centers? (Choose two)
A. Security Administrators can decide to send logs to a Storm Center to help other organizations.
B. The SmartDefense Storm Center Module downloads the Block List Report directly, adding it to the Security Policy.
C. Security Administrators must manually compile log files before sending them to Storm Centers.
D. Security Administrators must create network objects for each of the systems on the Storm Center Block List,
then install a new Security Policy.
E. By default, logs are automatically delivered to a Storm Center.
Correct Answer: AB
QUESTION 70
Which of the following statements is TRUE of transparent authentication in NG with Application Intelligence? (Choose three)
A. Unknown users are prompted three times for a password, and are then disconnected.
B. Unknown users receive error messages, indicating that the Enforcement Module does not recognize user names.
C. NG with Application Intelligence does not allow connections from users who do not know the name or IP address of the Enforcement Module.
D. NG with Application Intelligence prompts for user names, event though authentication data may not be recognized by the Enforcement Module.
E. NG with Application Intelligence allows connections from authenticated users, and does not require that users know the IP address or name of the firewall.
Correct Answer: ADE
QUESTION 71
At Certkiller , auditors are Check Point Security Administrators with a customized permissions profile.
Auditors must have the ability to review information from SmartView Tracker, SmartView Status, and
SmartView Monitoring, but they may not make changes to the information. Auditors are not permitted to
view security Policies or the objects database.
Which of the following settings grants auditors the MOST appropriate set of permissions, based on the
corporate environment, described above for Certkiller ?
A. Read-Only SmartView Reporter
B. Read-Only Monitoring
C. Read-Only Security Policy
D. Read-Only SmartUpdate
E. Read-Only Log Consolidator
Correct Answer: A
QUESTION 72
When are Anti-Spoofing Rules enforced during packet inspection?
A. Before the Cleanup Rule is applied.
B. After the Stealth Rule is applied.
C. Before any rule in the Rule Base is applied.
D. When the packet is authorized by an Accept or Encrypt rule.
Correct Answer: C
QUESTION 73
Which of the following objects are allowed in the Source components of the Rule Base? (Choose two)
A. Host-Node Objects
B. Time Objects
C. LDAP Account Units
D. Services
E. User Groups
Correct Answer: AE
QUESTION 74
Which of the following is TRUE, if you change the inspection order of implied rules?
A. You must stop and start the Enforcement Module, before the changes can take place.
B. After the Security Policy is installed, the order in which rules are enforced changes.
C. You cannot change the inspection order of implied rules.
D. You must stop and start the SmartCenter Server, before the changes can take place.
E. Security Policy installation will fail.
Correct Answer: B
QUESTION 75
Security Administrators use Session Authentication when they want users to: (Choose two)
A. Authenticate for all services.
B. Use only TELNET, FTP, Rlogin, and HTTP services.
C. Use only HTTP and HTTPS services.
D. Authenticate once, and then be able to use any service, until logging off.
E. Log authentication actions locally.
Correct Answer: AD
QUESTION 76
Which of the following statements is TRUE concerning how NG with Application Intelligence handles the authentication of users?
A. Users may have different VPN-1 & FireWall-1 passwords, on Enforcement Modules managed by the same SmartCenter Server.
B. All users on the same gateway must use the same authentication method.
C. All imported users must use the same authentication method and hash.
D. All users in the same group must use the same authentication method and hash.
E. Users may be required to use different authentication methods for different services.
Correct Answer: A
QUESTION 77
Spoofing is a method of: A. Making packets appear as if they came from an authorized source IP address.
B. Hiding your Enforcement Module from unauthorized users.
C. Disguising an invalid IP address behind an authorized IP address.
D. Detecting when someone is attacking your network.
E. Detecting users logging in using false or wrong authentication logins.
Correct Answer: A
QUESTION 78
Which of the following statements is TRUE when modifying user templates?
A. If the user template is modified, all active user connections will be dropped when the modifier user database is installed.
B. All users subsequently created with that template will have the new properties.
C. You must always create new templates. Existing user templates cannot be modified.
D. All users previously created using the template are automatically modified with the new properties.
E. If the user template is modified, you must manually re-establish user-group membership.
Correct Answer: B
QUESTION 79
As a Security Administrator, you want to force users to authenticate. You have selected Client Authentication for the type of authentication. Users will be using a Web browser to authenticate. Which of the following TCP ports will authenticate users?
A. 23
B. 261
C. 80
D. 900
E. 259
Correct Answer: D
QUESTION 80
Which of the following is NOT a step in the Session Authentication process?
A. If authentication is successful, the VPN-1/FireWall-1 Enforcement Module allows connections to pass.
B. The Session Agent prompts users for an authentication password, after Phase 1 of IKE negotiations is complete.
C. Users initiate connections directly to a server.
D. The Session Agent prompts users for authenticated data, and returns the information to the Enforcement Module.
E. The VPN-1/FireWall-1 Enforcement Module intercepts connections, and connects to t he Session Agent.
Correct Answer: C
QUESTION 81
With VPN-1/FireWall-1 central licensing, a license is linked to which of the following?
A. Domain name of the SmartCenter Server.
B. IP address of the Enforcement Module.
C. IP address of the SmartCenter Server.
D. IP address of the SmartConsole
E. Domain name of the Enforcement Module.
Correct Answer: C
Free practice questions for CheckPoint 156-210 exam.These questions are aimed at giving you an idea of the type of questions you can expect on the actual exam.You will get an idea of the level of knowledge each topic goes into but because these are simple web pages you will not see the interactive and performance based questions – those are available in the CheckPoint 156-210.