Flydumps ensures CheckPoint 156-215 study guide are the newest and valid enough to help you pass the test. Please visit https://www.pass4itsure.com/156-215.html and get valid CheckPoint 156-215 PDF and VCE exam dumps with the free new version.100% valid and successful.
QUESTION 63
If the LDAP scheme is not updated on the LDAP server, which Check Point user settings are stored locally in the Check Point user template?
A. Time settings, Authentication type, Location settings
B. Password, Authentication type, Time settings
C. Location settings, Authentication type, Password
D. Authentication type, Time settings, Password
Correct Answer: A QUESTION 64
Assuming the Cleanup Rule is included in a Rule Base, in which position in the Rule Base should the “Accept ICMP requests” implied rule have no effect?
A. After Stealth Rule
B. First
C. Before Last
D. Last
Correct Answer: D QUESTION 65
If a user is configured for partially automatic Client Authentication and attempts to authenticate remotely using FTP, which authentication method will be invoked for the first connection from the users IP?
A. Client Authentication
B. User Authentication
C. Manual Sign On
D. Session Authentication
Correct Answer: B QUESTION 66
Which of the following QoS rule action properties is an Advanced action type, only available in Traditional mode?
A. Per Connection Guarantee
B. Rule weight
C. Rule guarantee
D. Apply rule only to encrypted traffic
Correct Answer: A QUESTION 67
Which of the following describes the behavior of an NGX Security Gateway?
A. IP protocol types listed as “secure” are allowed by default. ICMP, TCP, UDP sessions are inspected.
B. All traffic is expressly permitted via explicit rules.
C. Traffic is filtered using controlled port scanning.
D. Traffic not explicitly permitted is dropped.
Correct Answer: D QUESTION 68
When you change an implicit rule’s order from “last” to “first” in Global Properties, how do you make the change take effect?
A. Runfw fetch from the Security Gateway.
B. Reinstall the Security Policy.
C. Select install database from the Policy menu.
D. Select save from the file menu.
Correct Answer: B QUESTION 69
You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify the security administration task, which one of the following would you choose to do?
A. Run separateSmartConsole instances to login and configure each Security Gateway directly
B. Create a separate Security Policy Package for each remote Security Gateway
C. Create Network Range objects that restrict all applicable rules to only certain networks
D. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules
Correct Answer: B QUESTION 70
Your internal network is using 10.1.1.0/24. This network is behind your perimeter VPN-1 NGX R65 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
A. Use automatic Static NAT for network 10.1.1.0/24.
B. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
C. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
D. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
Correct Answer: D QUESTION 71
Which specific VPN-1 NGX R65 GUI would you use to view the length of time a TCP connection was open?
A. SmartView Status
B. SmartView Tracker
C. SmartLSM
D. SmartView Monitor
Correct Answer: B QUESTION 72
You want to display log entries containing information from a specific column in the SmartView Tracker. If you want to see ONLY those entries, what steps would you take?
A. Left-click column, Specific, Add, Apply Filter
B. Right-click column, Search? Add string, Apply Filter
C. Right-click column, Edit Filter, Specific, Add, OK
D. Left-click column, Search, Add string, Apply Filter
Correct Answer: C QUESTION 73
Your online bookstore has customers connecting to a variety of Web servers to place or change orders, and check order status. You ran penetration tests through the Security Gateway, to determine if the Web servers were protected from a recent series of cross-site scripting attacks. The penetration testing indicated the Web servers were still vulnerable. You have checked every box in the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?
A. Configure the Security Gateway protecting the Web servers as a Web server.
B. Check the “Products > Web Server” box on the host node objects representing your Web servers.
C. Check the “Web Intelligence” box in theSmartDefense > HTTP Protocol Inspection.
D. The penetration software you are using is malfunctioning and is reporting a false-positive.
Correct Answer: C QUESTION 74
You have just been hired as the Security Administrator for a public relations company. Your manager asks you to investigate ways to improve the performance of the firm’s perimeter Security Gateway. You must propose a plan based on the following required and desired results:
Required Result #1:Do not purchase new hardware.
Required Result #2:Use configuration changes that do not reduce security.
Desired Result #1:Reduce the number of explicit rules in the Rule Base.
Desired Result #2:Reduce the volume of logs.
Desired Result #3:Improve the Gateway’s performance.
Proposed Solution:
You initially recommend the following changes to the Gateway’s configuration:
?Replace all domain objects with network and group objects.
?Stop logging Domain Name over UDP (queries).
?Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP.
When you test these changes, what do you conclude about meeting the required and desired results?
A. The actions meet the required results, and one of the desired results.
B. The actions meet none of the required results.
C. The actions meet all required results, and none of the desired results.
D. The actions meet all required and desired results.
Correct Answer: D QUESTION 75
Using SmartDefense how do you notify the Security Administrator that malware is scanning specific ports? By enabling:
A. Malicious Code Protector
B. Sweep Scan protection
C. Host Port Scan
D. Malware Scan protection
Correct Answer: B QUESTION 76
All of the following are VPN-1 control connections defined by default implied rules, EXCEPT:
A. Specific traffic that facilitates functionality, such as logging, management, and key exchange.
B. Acceptance of IKE and RDP traffic for communication and encryption purposes.
C. Exclusion of specific services for reporting purposes.
D. Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
Correct Answer: C QUESTION 77
Your company plans to stream training videos provided by a third party on the Internet. You get to configure the corporate security to facilitate this effort.
?You configure NGX R65 so each department ONLY views Webcasts specific to its department. ?You create and configure multicast restrictions for all interfaces.
?You configure the interface multicast restrictions to “Drop all multicast packets except those whose destination is in the list”.
Initial tests reveal no multicast transmissions coming from the NGX Security Gateway. What is a possible cause for the connection problem?
A. You still have to create the necessary “to and through” rules, defining how NGX R65 will handle the multicast traffic.
B. Multicast groups are configured improperly on the external interface properties of the Security Gateway object.
C. NGX R65 does not support multicast routing protocols and streaming media through the Security Gateway.
D. The Multicast Rule is below the Stealth Rule. NGX R65 can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
Correct Answer: A
QUESTION 78
Which SmartView Tracker mode allows you to read the SMTP email body sent from the Chief Executive Officer (CEO)?
A. Display Capture Action
B. Account Query
C. This is not aSmartView Tracker feature
D. Log Tab
Correct Answer: C
QUESTION 79
Your VPN-1 NGX R65 primary SmartCenter Server is installed on SecurePlatform. You plan to schedule the SmartCenter Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
A. Create a time object, and add 48 hours as the interval. Open the Security Gateway object’s Logs and Masterswindow, enable “Schedule log switch”, and select the time object.
B. On aSecurePlatform SmartCenter Server, this can only be accomplished by configuring the fw logswitch command via the cron utility.
C. Create a time object, and add 48 hours as the interval. Select that time object’s Global Properties > Logs and Masterswindow, to schedule a logswitch.
D. Create a time object, and add 48 hours as the interval. Open the primarySmartCenter Server object’s Logs and Masters window, enable “Schedule log switch”, and select the Time object.
Correct Answer: D
QUESTION 80
Which of the following is the most critical step in a SmartCenter Server NGX R65 backup strategy?
A. Perform a full system tape backup of both theSmartCenter and Security Gateway machines.
B. Run thecpstop command prior to running the upgrade_export command
C. Move the *.tgzupgrade_export file to an offsite location via FTP.
D. Using theupgrade_import command, attempt to restore the SmartCenter Server to a non- production system
Correct Answer: D
QUESTION 81
As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the:
A. “Refreshable Timeout” setting, in the gateway object’s Authentication screen.
B. “Refreshable Timeout”, in the user object’s Authentication screen.
C. “Refreshable Timeout” setting, in the Limit tab of the Client Authentication Action properties screen.
D. “Refreshable timeout”, in the Global Properties Authentication screen.
Correct Answer: C QUESTION 82
You are configuring the VoIP Domain object for an SCCP environment protected by VPN-1 NGX R65. Which VoIP Domain object type can you use?
A. Gatekeeper
B. Proxy
C. CallManager
D. Transmission Router
Correct Answer: C QUESTION 83
Which specific VPN-1 NGX R65 GUI would you use to add an address translation rule?
A. SmartView Monitor
B. SmartDashboard
C. SmartNAT
D. SmartConsole
Correct Answer: B QUESTION 84
Which of the following are authentication methods that VPN-1 NGX uses to validate connection attempts? Select the response below that includes the most complete list of valid authentication methods
A. User, Client, Session
B. Connection, User, Client
C. Connection,Proxied, Session
D. Proxied, User, Dynamic, Session
Correct Answer: A QUESTION 85
The customer has a small Check Point installation which includes one Linux Enterprise 3.0 server working as SmartConsole and a second server running Windows 2003 working as both SmartCenter server and the Security Gateway. This is an example of:
A. Stand-Alone Installation
B. Unsupported configuration
C. Distributed Installation
D. Hybrid Installation
Correct Answer: B QUESTION 86
When you add a resource object to a rule, which ONE of the following occurs?
A. All packets matching that rule are either encrypted or decrypted by the defined resource
B. Users attempting to connect to the Destination of the rule will be required to authenticate
C. All packets matching the resource service are analyzed through an application-layer proxy
D. All packets that match the resource will be dropped Correct Answer: C
QUESTION 87
Which antivirus scanning method does not work if the Gateway is connected as a node in proxy mode?
A. Scan by IP Address
B. Scan by Server
C. Scan by File Type
D. Scan by Direction
Correct Answer: D QUESTION 88
Which of the following statements about Bridge mode are TRUE?
A. Assuming a new installation, bridge mode requires changing the existing IP routing of the network.
B. A bridge must be configured with a pair of interfaces.
C. When managing a Security Gateway in Bridge mode, it is possible to use a bridge interface for Network Address Translation.
D. AllClusterXL modes are supported.
Correct Answer: B QUESTION 89
Where do you enable popup alerts for SmartDefense settings that have detected suspicious activity?
A. In SmartDashboard, edit the Gateway object, select SmartDefense > Alerts
B. In SmartView Monitor, select Tools > Alerts
C. In SmartView Tracker, select Tools > Custom Commands
D. In SmartDashboard, select Global Properties > Log and Alert > Alert Commands
Correct Answer: B QUESTION 90
Where can an administrator configure the notification action in the event of a policy install time change?
A. SmartDashboard: Security Gateway Object: Advanced Properties Tab
B. SmartDashboard: Policy Package Manager
C. SmartView Monitor: Global Thresholds
D. SmartView Tracker: Audit Log
Correct Answer: C QUESTION 91
Which of the below is the MOST correct process to reset SIC?
A. Runcpconfig, and select “Secure Internal Communication > Change One Time Password”.
B. Click Reset in the Communication window of the Gateway object, and type a new activation key.
C. Runcpconfig, and click Reset.
D. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.
Correct Answer: D QUESTION 92
Your Rule Base includes a Client Authentication rule, with partial authentication and standard sign on for HTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted for authentication, and they see error “page cannot be displayed” in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What caused Client Authentication to fail?
A. You enabled Static NAT on the problematic machines.
B. You added the Stealth Rule before the Client Authentication rule.
C. You disabled NGX Control Connections in Global Properties.
D. You added a rule below the Client Authentication rule, blocking HTTP from the internal network.
Correct Answer: B
QUESTION 93
You are configuring the VoIP Domain object for a SIP environment, protected by VPN-1 NGX R65. Which VoIP Domain object type can you use?
A. Call Agent
B. Proxy
C. Gateway
D. Call Manager
Correct Answer: B
QUESTION 94
You are configuring SmartDefense to block the CWD and FIND commands. What should you do before you install the Security Policy to keep the Security Gateway from continuing to pass the commands?
A. Set the radio button on theSmartDefense > Application Intelligence > FTP Security Server screen to “Configurations apply to all connections”.
B. Include CWD and FIND in the FTP Service Object > Advanced > Blocked FTP Commands list.
C. Delete the rule accepting FTP to any source, and from any destination from the Rule Base.
D. Check the Global Properties > Security Server > “Control FTP Commands” box.
Correct Answer: A
QUESTION 95
You are a firewall administrator with one SmartCenter Server managing three different firewalls. One of the firewalls does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is a possible cause?
A. The firewall is not listed in the “policy installation targets” screen for this policy package
B. The firewall has failed to sync with theSmartCenter Server for 60 minutes
C. The license for this specific firewall has expired
D. The firewall object has been created but SIC has not yet been established
Correct Answer: A
QUESTION 96
A _______ rule is designed to drop all other communication that does not match another rule.
A. Stealth
B. Cleanup
C. Reject
D. Anti-Spoofing
Correct Answer: B
QUESTION 97
You are creating rules and objects to control VoIP traffic in your organization, through a VPN-1 NGX R65 Security Gateway. You create VoIP Domain SIP Proxy objects to represent each of your organization’s three SIP gateways. You then create a simple group to contain the VoIP Domain SIP Proxy objects. When
you attempt to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
A. The related end-points domain specifies an address range. Simple groups cannot contain address range objects even if imbedded in a VoIP object.
B. VoIP Domain SIP Proxy objects cannot be placed in simple groups.
C. The VoIP gateway object must be added to the group, before the VoIP Domain SIP Proxy object is eligible to be added to the group.
D. The VoIP Domain Proxy object contains a “SIP Gateway” field populated with a VPN-1 Security Gateway object. Simple groups cannot contain Security Gateways even if imbedded in a VoIP object.
Correct Answer: B
QUESTION 98
What happens when you select File > Export from the SmartView Tracker menu?
A. Current logs are exported to a new *.log file.
B. Exported log entries are deleted from fw.log.
C. Logs in fw.log are exported to a file that can be opened by Microsoft Excel.
D. Exported log entries are still viewable inSmartView Tracker.
Correct Answer: C
QUESTION 99
The third-shift Administrator was updating SmartCenter Access settings in Global Properties. He managed to lock all of the administrators out of their accounts. How should you unlock these accounts?
A. Delete the fileadmin.lock in the $FWDIR/tmp/ directory of the SmartCenter Server.
B. Reinstall theSmartCenter Server and restore using upgrade_import.
C. Login toSmartDashboard as the special “cpconfig_admin” user account; right-click on each administrator object and select “unlock”.
D. Typefwm lock_admin a from the command line of the SmartCenter Server
Correct Answer: D
QUESTION 100
Which of the following statements about the Port Scanning feature of SmartDefense is TRUE?
A. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
B. When a port scan is detected, only a log isissued ?never an alert.
C. Port Scanning does not blockscanning, it detects port scans with one of three levels of detection sensitivity.
D. A typical scan detectionis when more than 500 open inactive ports are open for a period of 120 seconds.
Correct Answer: C
QUESTION 101
Where is it necessary to configure historical records in SmartView Monitor to generate Express reports in Eventia Reporter?
A. InSmartView Monitor, under Global Properties > Log and Masters
B. InEventia Reporter, under Standard > Custom
C. In SmartDashboard, the SmartView Monitor page in the VPN-1 Security Gateway object
D. InEventia Reporter, under Express > Network Activity
Correct Answer: C
QUESTION 102
Which Security Servers can perform authentication tasks, but CANNOT perform content security tasks?
A. HTTP
B. FTP
C. Telnet
D. SMTP
Correct Answer: C
QUESTION 103
Which of the following statements BEST describes Hide Mode Translation?
A. Allows you to hide any entire network or IP range behind one IP address
B. Translates non-routable internal IP addresses to one routable IP address only
C. Allows you to hide an entire network behind a pool of IP addresses, selected randomly
D. Allows you to hide any entire network or IP range behind one routable IP address only
Correct Answer: A
QUESTION 104
Assuming all connections that are allocated bandwidth in your Check Point QoS Rule Base are open, what would be the corresponding bandwidth percentage of the Kazza Rule in the following example?
A. 8%
B. 5%
C. 14%
D. 20%
Correct Answer: C QUESTION 105
You cannot use SmartDashboard’s SmartDirectory features to connect to the LDAP server. What should you investigate?
1.
Verify you have read-only permissions as administrator for the operating system.
2.
Verify there are no restrictions blocking SmartDashboard’s User Manager from connecting to the LDAP server.
3.
Check that the Login Distinguished Name configured has root (Administrator) permission (or at least write permission) in the access control configuration of the LDAP server.
A. 1 and 3
B. 1, 2, and 3
C. 2 and 3
D. 1 and 2
Correct Answer: C
CCNA Exam Certification Guide is a best-of-breed CheckPoint 156-215 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and CheckPoint 156-215 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge. CheckPoint 156-215 Material is presented in a concise manner,focusing on increasing your understanding and retention of exam topics.