Passed Checkpoint 156-215 yesterday on first attempt only using the Exampass premium vce and one corrected answers.Thanks a lot for your valuable update reagding premium dump.It will definitely help me for preparing for the exam before to write.
If yopu were NOT using IKE aggressive mode for you IPSec tunnel, how many packets would you see for normal phase exchange?
Correct Answer: A QUESTION 67
Which type of R71 Security Server does not provide User Authentication?
A. FTP Security Server
B. SMTP Security Server
C. HTTP Security Server
D. HTTPS Security Server
Correct Answer: B QUESTION 68
Which do you configure to give remote access VPN users a local IP address?
A. Office mode IP pool
B. NAT pool
C. Encryption domain pool
D. Authentication pool
Correct Answer: A QUESTION 69
While in Smart View Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 but cannot remember all the steps. What is the correct order of steps needed to perform this?
1) Select the Active Mode tab In Smart view Tracker 2) Select Tools Block Intruder 3) Select the Log Viewing tab in SmartView Tracker 4) Set the Blocking Time out value to 60 minutes 5) Highlight the connection he wishes to block
A. 3, 2, 5, 4
B. 3, 5, 2, 4
C. 1, 5, 2, 4
D. 1, 2, 5, 4
Correct Answer: B
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Blank field under Rule Number
B. Rule 0
C. Cleanup Rule
D. Rule 1
Correct Answer: B
You are creating an out put file with the following command:
Fw monitor 璭 “accept (src=10.20.30.40 or dst=10.20.30.40); “-0 ~/ output Which tool do you use to
analyze this file?
A. You can analyze it with Wireshark ot Ethernet
B. You can analyze the output file with any ASCII editor
C. The output file format is CSV, so you can use MS Excel to analyze it
D. You can analyze it with any tool as the Syntax should be: Fw monitor 璭 “accept (src=10.20.30.40 or dst=10.20.30.40); “-0 ~/ output
Correct Answer: A
Your company has headquarters in two countries: Toronto (Canada0 and Washingto (USA). Each headquarter has a number of branch offices. The branch offices only need to communicate with the headquarter in their county, not with each other i.e. no branch office should communicate with another branch office. An Administrator without access to SmartDashboard installed a new IPSO-based R71 Security Gateway over the weekend. He e-mail you the SIC activation key. You want to confirm communication between the Security Gateway and the Managemet Server by installing thePolicy. What might prevent you from installing the Policy?
A. You first need to create a new UTM-1 Gateway object, establish SIC via the Communication button, and define the Gateway’s topology.
B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server You must initialize SIC on the Security Management Server.
C. An intermediate local Security Gateway does not allow a plicy install through it to the remote new Security Gateway appliance Resolve by running the tw unloadlocal command on the local Security Gateway.
D. You first need to run the fw unloadlocal command on the R71 Security Gateway appliance in order to remove the restrictive default policy
Correct Answer: B QUESTION 73
Certificates for Security Gateways are created during a simple initialization from______.
C. The ICA management tool.
Correct Answer: C
You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout/
A. Log in as default user expert and start cpinfo.
B. No action is needed because cpshell has a timeout of one hour by default.
C. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the commend, idle 60, then start cpinto.
Correct Answer: D
You have three servers located in DMZ address. You want internal users from 10.10.10×10 to access the DMZ servers by public IP.addresses. Internet.net 10.10.10xis configures for the NAT behind the security gateway external interface. What is the best configuration 10.10.10xusers to access the DMZ servers, using the DMZ servers,using the DMZ server public IP address?
A. When connecting to the Internet, configure manual Static NAT rules to translate the dmz SERVERS
B. When the source is the internal network 10.10.10xt configure manual static NAT rules to translate the DMZ servers
C. When connecting to internal net work 10 10.10 x. configure Hide NAT for the DMZ sercers.
D. When connecting tio the internal network 10.10.10x, configure Hide Nat for the DMZ network behined the DMZ interface of the Security Gateway
Correct Answer: A QUESTION 76
What can NOT be selected for VPN tunnel shering?
A. One tunnel per subnet pair
B. One tunnel per Gateway pair
C. One tunnel per pair of hosts
D. One tunnel per VPN domain pair
Correct Answer: B
Ensure that you are provided with only the best and most updated Checkpoint 156-215 Certification training materials, we also want you to be able to access Checkpoint 156-215 easily, whenever you want.We provide all our Checkpoint 156-215 Certification exam training material in PDF format, which is a very common format found in all computers and gadgets. Now we add the latest Checkpoint 156-215 content and to print and share content.