Flydumps Free CheckPoint 156-215 exam dumps are audited by our certified subject matter experts and published authors for development. Flydumps CheckPoint 156-215 exam dumps are one of the highest quality CheckPoint 156-215 Q&As in the world.It covers nearly 96% real questions and answers, including the entire testing scope. Flydumps guarantees you pass CheckPoint 156-215 exam at first attempt.
QUESTION 126
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security Gateway from SmartDashboard.
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).
C. From the SmartCenter Server’s command line type fw putkey <shared key> <IP Address of SmartCenter Server>.
D. From the SmartCenter Server’s command line type fw putkey <shared key> <IP Address of Security Gateway>.
E. Re-install the Security Gateway.
Correct Answer: B
QUESTION 127
Herman is attempting to configure a site-to-site VPN with one of his firm’s business partners. Herman thinks Phase 2 negotiations are failing. Which SmartConsole application should Herman use to confirm his suspicions?
A. SmartUpdate
B. SmartView Tracker
C. SmartView Monitor
D. SmartDashboard
E. SmartView Status
Correct Answer: B
QUESTION 128
What is the proper command for exporting users in LDAP format?
A. fw dbexport -f c:\temp\users.txt
B. fw dbimport -f c:\temp\users.ldif -l -s “o=YourCity.com,c=YourCountry”
C. fw dbimport -f c:\temp\users.ldap
D. fw dbexport -f c:\temp\users.ldap -s
E. fw dbexport -f c:\temp\users.ldif -l -s “o=YourCity.com,c=YourCountry”
Correct Answer: E
QUESTION 129
Which of these changes to a Security Policy optimizes Security Gateway performance?
A. Using domain objects in rules when possible
B. Using groups within groups in the manual NAT Rule Base
C. Putting the least-used rule at the top of the Rule Base
D. Logging rules as much as possible
E. Removing old or unused Security Policies from Policy Packages
Correct Answer: E
QUESTION 130
You have locked yourself out of SmartDashboard with the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartDashboard. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server.
B. Run fw unlocklocal on the SmartCenter Server.
C. Run fw unloadlocal on the Security Gateway.
D. Delete the $fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway.
Correct Answer: C
QUESTION 131
Which NGX feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. cpconfig
B. upgrade_export/upgrade_import
C. Database Revision Control
D. dbexport/dbimport
E. Policy Package management
Correct Answer: C
QUESTION 132
Doug wants to know who installed a Security Policy blocking all traffic from the corporate network. Which SmartView Tracker selection is best suited for this?
A. Records pane
B. Active tab
C. custom filter
D. log connections
E. Audit tab
Correct Answer: E QUESTION 133
Your internal network is using 10.1.1.0/24. This network is behind your perimeter NGX VPN-1 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
A. Use automatic Static NAT for network 10.1.1.0/24.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
C. Use manual Static NAT on the client side for network 10.1.1.0/24.
D. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
E. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
Correct Answer: D QUESTION 134
Your standby SmartCenter Server’s status is collision. What does that mean, and how do you synchronize the Server and its peer?
A. The standby and active Servers have two Internal Certificate Authority (ICA) Certificates. Uninstall and reinstall the standby Server.
B. The active Server detected a keep-alive packet from the standby Server.
C. The peer Server has not been properly synchronized. Manually synchronize both Servers again.
D. The peer Server is more up-to-date. Manually synchronize both Servers again.
E. The active SmartCenter Server and its peer have different Security Policies and databases. Manually synchronize the Servers, and decide which Server’s configuration to overwrite.
Correct Answer: E QUESTION 135
How do you configure an NGX Security Gateway’s kernel memory settings, without manually modifying the configuration files in $FWDIR\lib? By configuring:
A. the settings on the Gateway object’s Capacity Optimization screen
B. the settings on the Global Properties Capacity Optimization screen
C. the settings on the Gateway object’s Advanced screen
D. the settings on the SmartCenter Server object’s Advanced screen
E. SmartDefense Kernel Defender options
Correct Answer: A QUESTION 136
Katie is the Security Administrator for an insurance company. Her manager gives Katie the following
requirements for controlling DNS traffic:
Required Result #1: Accept domain-name-over-TCP traffic (zone-transfer traffic).
Required Result #2: Log domain-name-over-TCP traffic (zone-transfer traffic).
Desired Result #1: Accept domain-name-over-UDP traffic (queries traffic).
Desired Result #2: Do not log domain-name-over-UDP traffic (queries traffic).
Desired Result #3: Do not clutter the Rule Base by creating explicit rules for traffic that can be controlled
using Global Properties.
Katie makes the following configuration changes, and installs the Security Policy:
1.
She selects the box “Accept Domain Name over TCP (Zone Transfer)” in Global Properties.
2.
She selects the box “Accept Domain Name over UDP (Queries)” in Global Properties.
3.
She selects the box “Log Implied Rules” in Global Properties.
Does Katie’s solution meet the required and desired results?
A. The solution meets the required results, and one of the desired results
B. The solution meets all required results, and none of the desired results.
C. The solution meets the required results, and two of the desired results.
D. The solution meets all required and desired results.
E. The solution does not meet the required results.
Correct Answer: C
QUESTION 137
Shauna is troubleshooting a Security Gateway that is dropping all traffic whenever the most recent Security Policy is installed. Working at the Security Gateway, Shauna needs to uninstall the Policy, but keep the processes running so she can see if there is an issue with the Gateway’s firewall tables. Which of the following commands will do this?
A. fw dbload 10.1.1.5
B. fw unload 10.1.1.5
C. cprestart
D. fw tab -x -u
E. cpstop
Correct Answer: B
QUESTION 138
Anna is working in a large hospital, together with three other Security Administrators. Which SmartConsole tool should she use to check changes to rules or object properties other administrators made?
A. SmartDashboard
B. SmartView Tracker
C. Eventia Tracker
D. Eventia Monitor
E. SmartView Monitor
Correct Answer: B
QUESTION 139
Jeremy manages sites in Tokyo, Calcutta and Dallas, from his office in Chicago. He is trying to create a report for management, detailing the current software level of each Security Gateway. He also wants to create a proposal outline, listing the most cost-effective way to upgrade his Gateways. Which two SmartConsole applications should Jeremy use, to create his report and outline?
A. SmartLSM and SmartUpdate
B. SmartDashboard and SmartLSM
C. SmartDashboard and SmartView Tracker
D. SmartView Monitor and SmartUpdate
E. SmartView Tracker and SmartView Monitor
Correct Answer: D
QUESTION 140
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and view hidden rules. Select the rule, right-click, and select Disable.
B. Uninstall the Security Policy, and then disable the rule.
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again.
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule.
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rule(s)”.
Correct Answer: E
QUESTION 141
David is a consultant for a software-deployment company. David is working at a customer’s site this week. David’s task is to create a map of the customer’s VPN tunnels, including down and destroyed tunnels. Which SmartConsole application will provide David with the information needed to create this map?
A. SmartUpdate
B. SmartView Monitor
C. SmartLSM
D. SmartView Tracker
E. SmartView Status
Correct Answer: B
QUESTION 142
How do you view a Security Administrator’s activities, using SmartConsole tools? With:
A. User Monitor
B. SmartView Monitor using the Administrator Activity filter
C. SmartView Tracker in Log mode
D. SmartView Tracker in Audit mode
E. SmartView Status
Correct Answer: D
QUESTION 143
Mary is the IT auditor for a bank. One of her responsibilities is reviewing the Security Administrator activity and comparing it to the change log. Which application should Mary use to view Security Administrator activity?
A. NGX cannot display Security Administrator activity
B. SmartView Tracker in Real-Time Mode
C. SmartView Tracker in Audit Mode
D. SmartView Tracker in Log Mode
E. SmartView Tracker in Active Mode
Correct Answer: C
QUESTION 144
When you use the Global Properties’ default settings, which type of traffic will be dropped, if no explicit rule allows the traffic?
A. Firewall logging and ICA key-exchange information
B. Outgoing traffic originating from the Security Gateway
C. RIP traffic
D. SmartUpdate connections
E. IKE and RDP traffic
Correct Answer: C
QUESTION 145
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results:
Required Result #1:Do not purchase new hardware.
Required Result #2:Use configuration changes that do not reduce security.
Desired Result #1:Reduce the number of explicit rules in the Rule Base.
Desired Result #2:Reduce the volume of logs.
Desired Result #3:Improve the Gateway’s performance.
Proposed Solution:
Mary recommends the following changes to the Gateway’s configuration:
?Replace all domain objects with network and group objects.
?Check “Log implied rules” and “Accept ICMP requests” in Global Properties.
?Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP.
Does Mary’s proposed solution meet the required and desired results?
A. The solution meets all required and desired results.
B. The solution meets the required results, and one of the desired results.
C. The solution meets the required results, and two of the desired results.
D. The solution meets all required results, and none of the desired results.
E. The solution does not meet the required results.
Correct Answer: B QUESTION 146
Nelson is a consultant. He is at a customer’s site reviewing configuration and logs as part of a security audit. Nelson sees logs accepting POP3 traffic, but he does not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause? The POP3:
A. service is a VPN-1 Control Connection.
B. rule is hidden.
C. service is accepted in Global Properties.
D. service cannot be controlled by NGX.
E. rule is disabled.
Correct Answer: B QUESTION 147
Brianna has three servers located in a DMZ, using private IP addresses. She wants internal users from
10.10.10.x
to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x
is configured for Hide NAT behind the Security Gateway’s external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?
A. Configure automatic Static NAT rules for the DMZ servers.
B. Configure manual Static NAT rules to translate the DMZ servers, when connecting to the Internet.
C. Configure manual static NAT rules to translate the DMZ servers, when the source is the internal network
10.10.10.x.
D. Configure Hide NAT for the DMZ network behind the DMZ interface of the Security Gateway, when connecting to internal network 10.10.10.x.
E. Configure Hide NAT for 10.10.10.x behind DMZ’s interface, when trying to access DMZ servers.
Correct Answer: C
QUESTION 148
If the LDAP scheme is not updated on the LDAP server, which Check Point user settings are stored locally in the Check Point user template?
A. Time settings, Authentication type, Location settings
B. Location settings, Authentication type, Password
C. Authentication type, Time settings, Password
D. Password, Authentication type, Time settings
Correct Answer: A
QUESTION 149
Security Administrator John creates a new user “Fred”, by using default template settings. John adds Fred into user group “mobile-users”. The mobile-users group connects to the company’s internal networks through VPN-1 SecureClient. John leaves for vacation, and Fred discovers he cannot log in after 5 p.m. each day. What did John change when creating Fred? John:
A. did not make any changes. The default allowed login time is from midnight to 5 p.m.
B. changed the default time from 0 hours, to midnight until 5 p.m.
C. changed the allowed time from 0 days a week, to 5 days a week.
D. changed the default allowed login time from 24 hours, to midnight until 5 p.m.
E. changed the default time from 7 days a week, to weekdays only.
Correct Answer: D
QUESTION 150
Your internal Web server in the DMZ has IP address 172.16.10.1/24. A particular network from the Internet tries to access this Web server. You need to set up some type of Network Address Translation (NAT), so that NAT occurs only for the HTTP service, and only from the remote network as the source. The public IP address for the Web server is 200.200.200.1. All properties in the NAT screen of Global Properties are enabled.
Select the correct NAT rules, so NAT happens ONLY between “web_dallas” and the remote network.
A. 1. Create another node object named “web_dallas_valid”, and enter “200.200.200.1” in the General Properties screen.
2.
Create two manual NAT rules above the automatic Hide NAT rules for the 172.16.10.0 network.
3.
Select “HTTP” in the Service column of both manual NAT rules.
4.
Enter an ARP entry and route on the Security Gateway’s OS.
B. 1. Enable NAT on the web_dallas object, select “static”, and enter “200.200.200.1” in the General Properties screen.
2.
Specify “HTTP” in the automatic Static Address Translation rules.
3.
Create incoming and outgoing rules for the web_dallas server, for the HTTP service only.
C. 1. Enable NAT on the web_dallas object, select “hide”, and enter “200.200.200.1” for the Hide NAT IP address.
2.
Specify “HTTP” in the Address Translation rules that are generated automatically.
3.
Create incoming and outgoing rules for the web_dallas server, for the HTTP service only.
D. 1. Create another node object named “web_dallas_valid”, and enter “200.200.200.1” in the General Properties screen.
2.
Create two manual NAT rules below the Automatic Hide NAT rule for network 172.16.10.0 , in the Address Translation Rule Base.
3.
Select “HTTP” in the Service column of both manual NAT rules.
4.
Enter an ARP entry and route on the Security Gateway’s OS.
Correct Answer: A
QUESTION 151
Which NGX feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. cpconfig
B. upgrade_export/upgrade_import
C. Database Revision Control
D. dbexport/dbimport
E. Policy Package management
Correct Answer: C
All our Cisco products are up to date! When you buy any CheckPoint 156-215 product from Certpaper, as “CheckPoint 156-215 Questions & Answers with explanations”, you are automatically offered the CheckPoint 156-215 updates for a total of 90 days from the day you bought it. If you want to renew your CheckPoint 156-215 purchase during the period of these 90 days, your CheckPoint 156-215 product is renewed and you are further enabled to enjoy the free Cisco updates.