CheckPoint 156-215 Test, Recenty Updated CheckPoint 156-215 PDF Download With High Quality
Flydumps just published the newest CheckPoint 156-215 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of CheckPoint 156-215 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest CheckPoint 156-215 version VCE Player along with your VCE dumps.
QUESTION 86
Your NGX enterprise SmartCenter Server is working normally. However, you must reinstall the SmartCenter Server, but keep the SmartCenter Server configuration (for example, all Security Policies, databases, etc.) How would you reinstall the Server and keep its configuration?
A. 1. Run the latest upgrade_export utility to export the configuration.
2.
Keep the exported file in the same location.
3.
Use SmartUpdate to reinstall the SmartCenter Server.
4.
Run upgrade_import to import the configuration.
B. 1. Run the latest upgrade_export utility to export the configuration.
2.
Leave the exported .tgz file in $FWDIR.
3.
Install the primary SmartCenter Server on top of the current installation.
4.
Run upgradejmport to import the configuration.
C. 1. Insert the NGX CD-ROM, and select the option to export the configuration into a .tgz file.
2.
Transfer the .tgz file to another networked machine.
3.
Uninstall all NGX packages, and reboot.
4.
Use the NGX CD-ROM to select the upgradejmport option to import the configuration.
D. 1. Download the latest upgrade_export utility, and run it from $FWDIR\bin to export the configuration into a .tgz file.
2.
Transfer the .tgz file to another network machine.
3.
Uninstall all NGX packages and reboot.
4.
Install a new primary SmartCenter Server.
5.
Run upgrade_import to import the configuration.
Correct Answer: D
QUESTION 87
You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communications. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a:
A. Digital signature
B. Tag
C. Private key
D. AES flag
E. Diffle-Helman verification
Correct Answer: A
QUESTION 88
Your organization’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How would you request and apply the license? Request a central license:
A. using the remote Gateway’s IP address. Apply the license locally with the cplic put command.
B. for the Gateways’ IP addresses. Apply the licenses on the SmartCenter Server with the cprlic put command.
C. using the remote Gateway’s IP address. Attach the license to the remote Gateway via SmartUpdate.
D. using your SmartCenter Server’s IP address. Attach the license to the remote Gateway via SmartUpdate.
E. using the SmartCenter Server’s IP address. Apply the license locally on the remote Gateway with the cplic put command.
Correct Answer: D
QUESTION 89
Sarah is the Security Administrator for a sporting-goods manufacturer. Sarah has configured SmartDefense to block the CWD and FIND commands. Sarah installs the Security Policy, but the Security Gateway continues to pass the commands. Which of the following could be the cause of the problem?
A. The Rule Base includes a rule accepting FTP to any source, and from any destination.
B. The SmartDefense > Application Intelligence > FTP Security Server screen does not have the radio button set to “Configurations apply to all connections”.
C. The FTP Service Object > Advanced > Blocked FTP Commands list does not Include CWD and FIND.
D. The Web Intelligence > Application Layer > FTP Settings list is configured to allow, rather than exclude, CWD and FIND commands.
E. The Global Properties > Security Server > “Control FTP Commands” box is not checked.
Correct Answer: B
QUESTION 90
Your internal Web server in the DMZ has IP address 172.16.10.1/24. A particular network from the Internet tries to access this Web server. You need to set up some type of Network Address Translation (NAT), so that NAT occurs only for the HTTP service, and only from the remote network as the source. The public IP address for the Web server is 200.200.200.1. All properties in the NAT screen of Global Properties are enabled.
Select the correct NAT rules, so NAT happens ONLY between “web_dallas” and the remote network.
A. 1. Create another node object named “web_dallas_valid”, and enter “200.200.200.1” in the General Properties screen.
2.
Create two manual NAT rules above the automatic Hide NAT rules for the 172.16.10.0 network.
3.
Select “HTTP” in the Service column of both manual NAT rules.
4.
Enter an ARP entry and route on the Security Gateway’s OS.
B. 1. Enable NAT on the web_dallas object, select “static”, and enter “200.200.200.1” in the General Properties screen.
2.
Specify “HTTP” in the automatic Static Address Translation rules.
3.
Create incoming and outgoing rules for the web_dallas server, for the HTTP service only.
C. 1. Enable NAT on the web_dallas object select “hide”, and enter “200.200.200.1” for the Hide NAT IP address.
2.
Specify “HTTP” in the Address Translation rules that are generated automatically.
3.
Create incoming and outgoing rules for the web_dallas server, for the HTTP service only.
D. 1. Create another node object named “web_dallas_valid”, and enter “200.200.200.1” in the General Properties screen.
2.
Create two manual NAT rules below the Automatic Hide NAT rule for network 172.16.10.0 , in the Address Translation Rule Base.
3.
Select “HTTP” in the Service column of both manual NAT rules.
4.
Enter an ARP entry and route on the Security Gateway’s OS.
Correct Answer: A
QUESTION 91
When restoring NGX using the upgrade_import command, which of the following items are NOT restored?
A. Security Policies
B. Global properties
C. Licenses
D. User groups
E. Route tables
Correct Answer: E
QUESTION 92
Your company’s Security Policy forces users to authenticate to the Gateway explicitly, before they can use
any services.
The Gateway does not allow Telnet service to itself from any location. How would you set up the
authentication method? With a:
A. Client Authentication rule, using partially automatic sign on
B. Session Authentication rule
C. Client Authentication for fully automatic sign on
D. Client Authentication rule using the manual sign-on method, using HTTP on port 900
E. User Authentication rule
Correct Answer: D
QUESTION 93
How can you reset the password of the Security Administrator, which was created during initial installation of the SmartCenter Server on SecurePlatform?
A. Launch cpconfig and select “Administrators”.
B. Launch SmartDashboard, click the admin user account, and overwrite the existing Check Point Password.
C. Type cpm , and provide the existing administration account name. Reset the Security Administrator’s password.
D. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the “Password” portion of the file. Then log in to the account without password. You will be prompted to assign a new password.
E. Launch cpconfig and delete the Administrator’s account. Recreate the account with the same name.
Correct Answer: E
QUESTION 94
How can you unlock an administrators account, which was been locked due to SmartCenter Access settings in Global Properties?
A. Type fwm lock_admin a from the command line of the SmartCenter Server.
B. Clear the “locked” box of the users General Properties in SmartDashboard.
C. Type fwm unlock_admin a from the command line of the SmartCenter Server.
D. Type fwm unlock_admin a from the command line of the Security Gateway.
E. Delete the file admin.lock in the $FWDIR/tmp/ directory of the SmartCenter Server.
Correct Answer: A
QUESTION 95
You are a security consultant for a hospital. You are asked to create some type of authentication rule on the NGX Security Gateway, to allow doctors to update patients’ records via HTTP from various workstations. Which authentication method should you use?
A. Client Authentication
B. LDAP Authentication
C. SecureID Authentication
D. TACAS Authentication
E. User Authentication
Correct Answer: E
QUESTION 96
Your Rule Base includes a Client Authentication rule, with partial authentication and standard sign on for HTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted for authentication, and they see error “page cannot be displayed” in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What caused Client Authentication to fail?
A. You added a rule below the Client Authentication rule, blocking HTTP from the internal network.
B. You disabled NGX Control Connections in Global Properties.
C. The browsers’ proxy settings have changed.
D. You enabled Static NAT on the problematic machines.
E. You added the Stealth Rule before the Client Authentication rule.
Correct Answer: E
QUESTION 97
You have just started a new job as the Security Administrator for Widgets Inc. Your Doss has asked you to ensure that peer-to-peer file sharing is not allowed past the corporate Security Gateway. Where should you configure this?
A. SmartDashboard > SmartDefense
B. SmartDashboard > WebDefense
C. By editing the file $FWDIR/conf/application_intelligence.C
D. SmartDashboard > Policy > Global Properties > Malicious Activity Detection
E. SmartDashboard > Web Intelligence
Correct Answer: A
QUESTION 98
Ivan’s mam internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. Ivan also has a small network 10.10.20.0/24 behind the internal router. Ivan wants to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services.
Which of the following configurations will allow this network to access Internet?
A. Automatic Static NAT on network 10.10.20.0/24
B. Manual Hide NAT rules for HTTP, FTP, and SMTP services for network 10.10.20.0/24
C. Manual Static NAT rules for network 10.10.20.0/24
D. Automatic Hide NAT for network 10.10.20.0/24
E. No change is necessary
Correct Answer: B
QUESTION 99
What does schema checking do?
A. Authenticates users attempting to access resources protected by an NGX Security Gateway.
B. Verifies that every object class, and its associated attributes, is defined in the directory schema.
C. Maps LDAP objects to objects in the NGX objects_5_0.C file.
D. Verifies the Certificate Revocation List for Certificate validity.
E. Provides topology downloads for SecuRemote and SecureClient users authenticated by an LDAP server.
Correct Answer: B
QUESTION 100
You have blocked an IP address via the Block Intruder feature of SmartView Tracker. How can you see the addresses you have blocked?
A. In SmartView Status click the Blocked Intruder tab.
B. Run fwm blocked view.
C. Runfw sam a.
D. Run fw tab sam_blocked_ips.
E. In SmartView Tracker, click the Active tab, and the actively blocked connections display.
Correct Answer: D
QUESTION 101
After importing the NGX schema into an LDAP server, what should you enable?
A. Schema checking
B. Encryption
C. UserAuthonty
D. ConnectControl
E. Secure Internal Communications
Correct Answer: A
QUESTION 102
You create two Policy Packages for two NGX Security Gateways. For the first Policy Package, you selected Security and Address Translation and QoS Policy. For the second Policy Package, you selected Security and Address Translation and Desktop Security Policy. In the first Policy Package, you enabled host-based port scan from the SmartDefense tab. You save and install the policy to the relevant Gateway object. How is the port scan configured on the second Policy Package’s SmartDefense tab?
A. Host-based port scan is disabled by default.
B. Host-based port scan is enabled, because SmartDefense settings are global.
C. Host-based port scan is enabled but it is not highlighted.
D. There is no SmartDefense tab in the second Policy Package.
Correct Answer: B QUESTION 103
Your primary SmartCenter Server runs on SecurePlatform. What is the easiest way to back up your NGX configuration. including routing and network configuration files?
A. Using the upgrade_export command in the $FWDIR\bin directory
B. Running a conf_merge with an objects_5_0.C from a new NGX installation
C. Copying the contents of $FWDIR to another location
D. Copying the 3FWDIR\conf and $FWDIR\lib directory to another location
E. Using the native SecurePlatform backup utility from command line or in Web based interface
Correct Answer: E QUESTION 104
When you find a suspicious connection from a problematic host, you want to block everything from that whole network, not just the host. You want to block this for an hour, but you do not want to add any rules to the Rule Base. How do you achieve this?
A. Create a Suspicious Activity rule in SmarfView Tracker.
B. Create a Suspicious Activity Rule in SmartView.
C. Create an “FW SAM” rule in SmartView Monitor.
D. Select “block intruder” from the Tools menu in the SmartView Tracker.
Correct Answer: B QUESTION 105
William is a Security Administrator who has added address translation for his internal Web server to be accessible by external clients. Due to poor network design by his predecessor, William sets up manual NAT rules for this server, while his FTP server and SMTP server are both using automatic NAT rules. All traffic from his FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped because of anti-spoofing settings. What is causing this?
A. “Allow bi-directiona I NAT” is not checked in Global Properties.
B. “Translate destination on cfient side” is not checked in Global Properties under “Manual NAT Rules”.
C. “Translate destination on client side” is not checked in Globaf Properties > Automatic NAT Rufes”.
D. Routing is not configured correctly.
E. Manuaf NAT rules are not configured correctly.
Correct Answer: B QUESTION 106
Flydumps.com CheckPoint 156-215 practice tests hold the key importance and provide a considerable gain for your knowledge base. You can rely on our products with unwavering confidence; Get the profound knowledge and become a pro with Flydumps.com assistance.
