CheckPoint 156-215 New Questions, Welcome To Buy CheckPoint 156-215 Certificate Covers All Key Points
The 100% valid Flydumps latest CheckPoint 156-215 question answers ensure you 100% pass! And now we are offering the free new version along with the VCE format CheckPoint 156-215 practice test. Free download CheckPoint 156-215 more new PDF and VCE on Flydumps.com.
QUESTION 72
When restoring R71 using the upgrade_ import command, which of the following items is NOT restored?
A. Licenses
B. Global properties
C. SIC Certificates
D. Route tables
Correct Answer: D
QUESTION 73
Which operating systems are supported by a Check Point Security Gateway on an open server?
A. Check Point SecurePlatform and Microsoft Windows
B. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows
C. Check Point SecurePlatform, IPSO, Sun Solaris, Microsoft Windows
D. Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO
Correct Answer: A
QUESTION 74
Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service?
A. fw fwd routing
B. ipsofwd on admin
C. fw load routed
D. ipsofwd slowpath
Correct Answer: B QUESTION 75
ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:
A. DHCP Server configuration
B. GUI Clients
C. Time & Date
D. Export setup
Correct Answer: B QUESTION 76
Your company is running Security Management Server R71 on SecurePlatform, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?
A. Using SmartDashboard, under Users, select Add New Administrator
B. Using the Web console on SecurePlatform under Product configuration, select Administrators
C. Using SmartDashboard or cpconf ig
D. Using cpconftg on the Security Management Server, choose Administrators
Correct Answer: A QUESTION 77
The command fw fetch causes the:
A. Security Gateway to retrieve the user database information from the tables on the Security Management Server.
B. Security Gateway to retrieve the compiled policy and inspect code from the Security Management Server and install it to the kernel.
C. Security Management Server to retrieve the debug logs of the target Security Gateway.
D. Security Management Server to retrieve the IP addresses of the target Security Gateway.
Correct Answer: B QUESTION 78
Which of the following provides confidentiality services for data and messages in a Check Point VPN?
A. Cryptographic checksums
B. Digital signatures
C. Asymmetric Encryption
D. Symmetric Encryption
Correct Answer: D QUESTION 79
You wish to configure an IKE VPN between two R71 Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer’s Gateway. Which type of address translation should you use to ensure the two networks access each other through the VPN tunnel?
A. Hide NAT
B. Static NAT
C. Manual NAT
D. None
Correct Answer: D QUESTION 80
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
B. All is fine and can be used as is.
C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
D. The 2 algorithms do not have the same key length and so don’t work together. You will get the error “…. No proposal chosen….”
Correct Answer: C
QUESTION 81
For VPN routing to succeed, what must be configured?
A. VPN routing is not configured in the Rule Base or Community objects. Only the native-routing mechanism on each Gateway can direct the traffic via its VTI configured interfaces.
B. No rules need to be created; implied rules that cover inbound and outbound traffic on the central (HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections.
C. At least two rules in the Rule Base must be created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway.
D. A single rule in the Rule Base must cover all traffic on the central (HUB) Security Gateway for the VPN domain.
Correct Answer: D
QUESTION 82
If Henry wanted to configure Perfect Forward Secrecy for his VPN tunnel, in which phase would he be configuring this?
A. Aggressive Mode
B. Diffie-Hellman
C. Phase 2
D. Phase 1
Correct Answer: C
QUESTION 83
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties > NAT.) When you run fw monitor on the R71 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
A. i=inbound kernel, before the virtual machine
B. O=outbound kernel, after the virtual machine
C. o=outbound kernel, before the virtual machine
D. l=inbound kernel, after the virtual machine
Correct Answer: D
QUESTION 84
Which command allows verification of the Security Policy name and install date on a Security Gateway?
A. fw show policy
B. fw ctl pstat -policy
C. fw stat -I
D. fwver-p
Correct Answer: C QUESTION 85
When translation occurs using automatic Hide NAT, what also happens?
A. Nothing happens.
B. The source port is modified.
C. The destination port is modified.
D. The destination is modified.
Correct Answer: B QUESTION 86
Which R71 feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. fwm dbexport/fwm dbimport
B. Policy Package management
C. upgrade_export/upgrade,,import
D. Database Revision Control
Correct Answer: B QUESTION 87
A Hide NAT rule has been created which includes a source address group often (10) networks and three
(3)
other group objects (containing 4, 5, and 6 host objects respectively). Assuming all addresses are non-repetitive, how many effective rules have you created?
A.
1
B.
25
C.
2
D.
13
Correct Answer: B QUESTION 88
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?
A. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
B. Anti-spoofing not configured on the interfaces on the Gateway object.
C. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
D. Secure Internal Communications (SIC) not configured for the object.
Correct Answer: A QUESTION 89
You have configured a remote site Gateway that supports your boss’s access from his home office using a DSL dialup connection. Everything worked fine yesterday, but today all connectivity is lost. Your initial investigation results in “nobody has touched anything”, which you can support by taking a look in SmartView Tracker Management. What is the problem and what can be done about it?
A. You cannot use NAT and a dialup connection.
B. The NAT configuration is not correct; you can only use private IP addresses in a static NAT setup.
C. A static NAT setup may not work with DSL, since the external IP may change. Hide NAT behind the Gateway is the preferred method here.
D. According to published limitations of Security Gateway R71, there’s a bug with NAT. A restart of the Gateway will help here.
Correct Answer: C QUESTION 90
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the_________.
A. source on client side
B. destination on server side
C. destination on client side
D. source on server side
Correct Answer: C QUESTION 91
A Stealth rule is used to:
A. Use the Security Gateway to hide the border router from internal attacks.
B. Cloak the type of Web server in use behind the Security Gateway.
C. Prevent communication to the Security Gateway itself.
D. Prevent tracking of hosts behind the Security Gateway.
Correct Answer: C QUESTION 92
SmartView Tracker logs the following Security Administrator activities, EXCEPT:
A. Administrator login and logout
B. Object creation, deletion, and editing
C. Tracking SLA compliance
D. Rule Base changes
Correct Answer: C QUESTION 93
Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?
A. This is not a SmartView Tracker feature.
B. Display Payload View
C. Display Capture Action
D. Network and Endpoint Tab
Correct Answer: A QUESTION 94
One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object you receive an error message. What is the problem?
A. There is no connection between the Security Management Server and the remote Gateway.Rules or routing may block the connection.
B. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.
C. The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
D. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
Correct Answer: A
CheckPoint 156-215 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of CheckPoint 156-215. We provide our customers with the excellent 7×24 hours customer service.We have the most professional CheckPoint 156-215 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our CheckPoint 156-215 free pdf.
