Flydumps bring you the best CheckPoint 156-215 Certification exam preparation materials which will make you pass in the first attempt.And we also provide you all the CheckPoint 156-215 exam updates as Microsoft announces a change in its CheckPoint 156-215 exam syllabus,we inform you about it without delay.
QUESTION 106
What is the difference between Standard and Specific Sign On methods?
A. Standard Sign On requires the user toreauthenticate for each service and each host to which he is trying to connect. Specific Sign On allows the user to sign on only to a specific IP address.
B. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the userreauthenticate for each service and each host to which he is trying to connect.
C. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the userreauthenticate for each service specifically defined in the “Specific Action Properties” window.
D. Standard Sign On allows the user to be automatically authorized for all services that the rule allows, butreauthenticate for each host to which he is trying to connect. Specific Sign On requires that the user reauthenticate for each service.
Correct Answer: B
QUESTION 107
As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the:
A. “Refreshable timeout”, in the Global Properties Authentication screen.
B. “Refreshable Timeout” setting, in the Limit tab of the Client Authentication Action properties screen.
C. “Refreshable Timeout”, in the user object’s Authentication screen.
D. “Refreshable Timeout” setting, in the gateway object’s Authentication screen.
Correct Answer: B
QUESTION 108
You are configuring the VoIP Domain object for an H.323 environment, protected by VPN-1 NGX R65. Which VoIP Domain object type can you use?
A. Gatekeeper
B. Proxy
C. Transmission Router
D. Call Agent
Correct Answer: A
QUESTION 109
One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive an error message. What is the problem?
A. The time on theSmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
B. The Internal Certificate Authority for the SmartCenter object has been removed from objects_5_0.C.
C. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.
D. There is no connection between theSmartCenter Server and the remote Gateway. Rules or routing may block the connection.
Correct Answer: D
QUESTION 110
How do you configure a VPN-1 NGX R65 Security Gateway’s kernel memory settings, without manually modifying the configuration files in $FWDIR\lib? By configuring the settings on the:
A. Global Properties Capacity Optimization screen
B. gateway object’s Capacity Optimization screen
C. SmartCenter Server object’s Advanced screen
D. Gateway object’sAdvanced screen
Correct Answer: B QUESTION 111
Anti-Spoofing is typically set up on which object types?
A. Security Gateway
B. Host
C. Domain
D. Network
Correct Answer: A QUESTION 112
Web Filtering can make exceptions for specific sites by being enforced:
A. Only for specific sources and destinations.
B. For all traffic. There are no exceptions.
C. For all traffic, except on specific sources and destinations.
D. For all traffic, except blocked sites.
Correct Answer: C QUESTION 113
Which option or utility includes Security Policies and Global Properties settings?
A. File > Save fromSmartDashboard
B. Backup
C. Database Revision Control
D. Policy Package Management
Correct Answer: C QUESTION 114
You are the Security Administrator for a university. The university’s FTP servers have old hardware and software. Certain FTP commands cause the FTP servers to malfunction. Upgrading the FTP servers is not an option at this time. Where can you define Blocked FTP Commands passing through the Security Gateway protecting the FTP servers?
A. Rule Base > Action Field > Properties
B. SmartDefense > Application Intelligence > FTP > FTP Security Server
C. Global Properties > Security Server > Allowed FTP Commands
D. FTP Service Object > Advanced > Blocked FTP Commands
Correct Answer: B QUESTION 115
It is possible to configure Network Address Translation in all of the following areas, EXCEPT: A. Dynamic Object Properties
B. Object Properties
C. Global Properties
D. Address-translation rules
Correct Answer: A
QUESTION 116
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?
A. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections.
B. Burst traffic matching the Default Rule is exhausting the Check PointQoS global packet buffers.
C. The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself.
D. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.
Correct Answer: A
QUESTION 117
You are configuring SmartDefense to block the CWD and FIND commands. What should you do before you install the Security Policy to keep the Security Gateway from continuing to pass the commands?
A. Include CWD and FIND in the FTP Service Object > Advanced > Blocked FTP Commands list.
B. Delete the rule accepting FTP to any source, and from any destination from the Rule Base.
C. Check the Global Properties > Security Server > “Control FTP Commands” box.
D. Set the radio button on theSmartDefense > Application Intelligence > FTP Security Server screen to “Configurations apply to all connections”.
Correct Answer: D
QUESTION 118
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of VPN-1 NGX R65. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the NGX R65 Gateway.
B. The Allow VPN-1 Control Connections setting in Policy>Global Properties has been unchecked.
C. The Gateway Object representing your gateway was configured as an Externally Managed VPN-1 Gateway.
D. The Security policy installed to the Gateway had no rules in it.
Correct Answer: B
QUESTION 119
You are working with multiple Security Gateways that enforce a common set of rules. To minimize the number of policy packages, which one of the following would you choose to do?
A. Create a separate Security Policy Package for each remote Security Gateway and specify “InstallOn? Gateways”
B. Install a separate localSmartCenter Server and SmartConsole for each remote Security Gateway
C. Create a single Security Policy Package with “Installon?Target” defined whenever a unique rule is required for a specific gateway
D. Run separateSmartDashboard instances to login and configure each Security Gateway directly
Correct Answer: C
QUESTION 120
An unprotected SMTP Server causes your site to be reported as a spam relay. Which of the following is the most efficient configuration method to implement an SMTP Security Server to prevent this?
A. Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.
B. Configure the SMTP Security Server to allow only mail to or from names, within your corporate domain.
C. Configure the SMTP Security Server to apply a generic “from” address to all outgoing mail.
D. Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
Correct Answer: B
QUESTION 121
Spoofing is a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins.
D. Making packets appear as if they come from an authorized IP address.
Correct Answer: D
QUESTION 122
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
A. Restore the entire database, except the user database.
B. Runfwm dbexport filename. Restore the database. Then, run fwm dbimport filename to import the users.
C. Runfwm_dbexport to export the user database. Select “restore the entire database” in the Database Revision screen. Then, run fwm_dbimport.
D. Restore the entire database, except the user database, and then create the new user and user group.
Correct Answer: A
QUESTION 123
How do you recover communications between your SmartCenter Server and Security Gateway if you “lock” yourself out via a rule or policy mis-configuration?
A. fw delete all.all
B. cpstop
C. fw unloadlocal
D. fw unload policy
Correct Answer: C
QUESTION 124
What information is found in the SmartView Tracker audit log?
A. Historical reports log
B. ClusterXL sync failure
C. Destination IP address
D. Policy Package rule modification date/time stamp
Correct Answer: D
QUESTION 125
Which Check Point QoS feature allows a Security Administrator to define special classes of service for delay-sensitive applications?
A. Guarantees
B. Differentiated Services
C. Weighted Fair Queuing
D. Low Latency Queuing
Correct Answer: D
QUESTION 126
Assuming all connections that are allocated bandwidth in your Check Point QoS Rule Base are open, what would be the corresponding bandwidth percentage of the Kazza Rule in the following example?
A. 5%
B. 20%
C. 8%
D. 14%
Correct Answer: D QUESTION 127
A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. How would you check this using SmartConsole?
A. SmartView Monitor
B. This information can only be viewed withfw ctl pstat command from the CLI.
C. Eventia Analyzer
D. SmartView Tracker
Correct Answer: A QUESTION 128
Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:Required:
Allow only network 192.168.10.0 and 192.168.20.0 to go out to Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how do you achieve this
requirement?
A. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source – group object;Destination ? any; Service ?any; Translated source – 200.200.200.5; Destination ?original; Service ?original.
B. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the Address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
C. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
Correct Answer: B
QUESTION 129
You have just been hired as the Security Administrator for the Insure-It-All insurance company. Your manager gives you the following requirements for controlling DNS traffic:
Required Result #1: Accept domain-name-over-TCP traffic (zone-transfer traffic).
Required Result #2: Log domain-name-over-TCP traffic (zone-transfer traffic).
Desired Result #1: Accept domain-name-over-UDP traffic (queries traffic).
Desired Result #2: Do not log domain-name-over-UDP traffic (queries traffic).
Desired Result #3: Do not clutter the Rule Base by creating explicit rules for traffic that can be controlled using Global Properties.
To begin, you make the following configuration changes, and install the Security Policy:
?Select the box “Accept Domain Name over TCP (Zone Transfer)” in Global Properties. ?Select the box “Accept Domain Name over UDP (Queries)” in Global Properties. ?Select the box “Log Implied Rules” in Global Properties.
Do your initial actions meet the required and desired results?
A. The actions meet all required results, and none of the desired results.
B. The actions meet the required results, and two of the desired results.
C. The actions meet all required and desired results.
D. The actions meet not meet the required results.
Correct Answer: B
QUESTION 130
You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked?
A. Highlight the suspicious connection inSmartView Tracker > Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
B. Highlight the suspicious connection inSmartView Tracker > Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
C. Highlight the suspicious connection inSmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
D. Highlight the suspicious connection inSmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
Correct Answer: B
QUESTION 131
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Hidden rules are already effectively disabled from Security Gateway enforcement.
B. Right-click on the Hidden rule place-holder bar in the Rule Base and select “Disable Rule(s)”.
C. Right-click on the Hidden rule place-holder bar in the Rule Base and uncheck “hide”, then right- click and select “Disable Rule(s)”, re-hide the rule.
D. Use the search utility in theSmartDashboard to view all hidden rules. Select the relevant rule and select “Disable Rule (s)”.
Correct Answer: C
QUESTION 132
You enable Sweep Scan Protection and Host port scan in SmartDefense to determine if a large amount of traffic from a specific internal IP address is a network attack, or a user’s system infected with a worm. Will you get all the information you need from these actions?
A. No. To verify if this is a worm or an active attack, you must also enable TCP attack defenses.
B. No. TheseSmartDefense protections will only block the traffic, but it will not provide a detailed analysis of the traffic.
C. No. The logs and alert can provide a further level information, but determining whether the attack is intentional or a worm requires further research.
D. Yes.SmartDefense will limit the traffic impact from the scans, and identify if the pattern of the traffic matches any known worms.
Correct Answer: C
QUESTION 133
Which of the following commands can provide the most complete restore of an NGX R65 configuration?
A. upgrade_import
B. cpconfig
C. cpinfo -i
D. fwm dbimport
Correct Answer: A
QUESTION 134
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
A. Place a static host route on the ISP router from the valid IP address to the firewall’s external address
B. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address
C. Place a static host route on the firewall from the valid IP address to the internal web server
D. Publish a proxy ARP entry on the internal web server instead of the firewall for the valid IP address
Correct Answer: A
QUESTION 135
Your online bookstore has customers connecting to a variety of Web servers to place or change orders, and check order status. You ran penetration tests through the Security Gateway, to determine if the Web servers were protected from a recent series of cross-site scripting attacks. The penetration testing indicated the Web servers were still vulnerable. You have checked every box in the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?
A. The penetration software you are using is malfunctioning and is reporting a false-positive.
B. Configure the Security Gateway protecting the Web servers as a Web server.
C. Check the “Products > Web Server” box on the host node objects representing your Web servers.
D. Check the “Web Intelligence” box in theSmartDefense > HTTP Protocol Inspection.
Correct Answer: D
QUESTION 136
Upon checking SmartView Monitor, you find the following Critical Problem notification.What is the reason?
A. No Security Policy installed on the Security Gateway
B. Time not synchronized between theSmartCenter Server and Security Gateway
C. No Secure Internal Communications established between theSmartCenter Server and Security Gateway
D. Version mismatch between theSmartCenter Server and Security Gateway
Correct Answer: A
QUESTION 137
Which of the following statements accurately describes the upgrade_export command?
A. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
B. upgrade_export stores network-configuration data, all settings configured by the WebUI, and the database of user settings prior to upgrading the SmartCenter Server.
C. Used when upgrading the Security Gateway,upgrade_export includes modified files, such as in the /lib directory.
D. Used primarily when upgrading theSmartCenter Server, upgrade_export stores all object databases and the conf directories for importing to a newer version of VPN-1.
Correct Answer: D
QUESTION 138
What are the results of the command: fw sam [Target IP Address]?
A. Connections from the specified target are blocked without the need to change the Security Policy
B. Connections to the specified target are blocked without the need to change the Security Policy
C. The Security Policy is compiled and installed on the target’s embedded VPN/FireWall Modules
D. Connections to and from the specified target are blocked without the need to change the Security Policy
Correct Answer: D QUESTION 139
In a distributed management environment, the administrator has removed the default check from “Accept VPN-1 Power/UTM Control Connections” under the Policy > Global Properties > Firewall tab. In order for the SmartCenter Server to install a policy to the Firewall an explicit rule must be created to allow the SmartCenter Server to communicate to the Security Gateway on port ______
A. 900
B. 259
C. 256
D. 80
Correct Answer: C QUESTION 140
When you change an implicit rule’s order from “last” to “first” in Global Properties, how do you make the change take effect?
A. Select save from the file menu.
B. Reinstall the Security Policy.
C. Select install database from the Policy menu.
D. Runfw fetch from the Security Gateway.
Correct Answer: B QUESTION 141
CCNA CheckPoint 156-215 Certification Exam contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from CheckPoint 156-215.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CheckPoint 156-215 Certification to the text and laying out a complete study plan for review.CCNA CheckPoint 156-215 Certification also includes a wealth of hands-on practice exercises and a copy of the CheckPoint 156-215 Certification network simulation software that allows you to practice your CCNA CheckPoint 156-215 Certification hands-on skills in a virtual lab environment.The CheckPoint 156-215 Certification supporting website keeps you fully informed of any exam changes.