CheckPoint 156-215 Study Guide, Provide New CheckPoint 156-215 PDF Are Based On The Real Exam
Flydumps CheckPoint 156-215 exam sample questions are composed by current and active Information Technology experts, who use their experience in preparing you for FLYDUMPS future in IT. At Flydumps we are committed to you ongoing success. Flydumps CheckPoint 156-215 exam sample questions deliver you extensive training of all the key concepts and skills of exam curriculum. Flydumps CheckPoint 156-215 Questions And Answers make you prepare the test same as the CheckPoint 156-215 exam. There are many working professionals who want to enhance their multifarious capabilities to get better position in the institution. CheckPoint 156-215 is an exam that can provide us this opportunity. CheckPoint 156-215 Recertification: Private Cloud is one of the most prestigious exams on line.
QUESTION 106
Jack’s project is to define the backup and restore section of his organization’s disaster recovery plan for his organization’s distributed NGX installation. Jack must meet the following required and desired objectives:
Required Objective. The security policy repository must be backed up no less frequently than every 24 hours.
Desired Objective: The NGX components that enforce the Security Policies should be backed up no less frequently than once a week.
Desired Objective: Back up NGX logs no less frequently than once a week. Administrators should be able to view backed up logs in SmartView Tracker.
Jack’s disaster recovery plan is as follows: Use the cron utility to run the upgrade_export command each night on the SmartCenter Servers. Configure the organization’s routine backup software to back up the files created by the upgrade_export command.
Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night.
Use the cron utility to run the upgrade_export command each Saturday night on the Log Servers. Configure an automatic. nightly logexport. Configure the organization’s routine backup software to back up the exported logs every night.
Jack’s plan:
A. Meets the required objective but does not meet either desired objective
B. Meets the required objective and both desired objectives
C. Meets the required objective and only one desired objective
D. Does not meet the required objective
Correct Answer: C
QUESTION 107
Thomas is the Security Administrator for an online bookstore. Customers connect to a variety of Web servers to place orders, change orders, and check the status of their orders. Thomas checked every box in the Web Intelligence tab, and installed the Security Policy. He ran penetration test through the Security Gateway, to determine if the Web servers were protected from cross-site scripting attacks. The penetration testing indicated the Web servers were still vulnerable. Which of the following might correct the problem?
A. The penetration software Thomas is using is malfunctioning and is reporting a false-positive.
B. Thomas must create resource objects, and use them in the rules allowing HTTP traffic to the Web servers.
C. Thomas needs to check the “Products > Web Server” box on the host node objects representing hrs Web servers.
D. Thomas needs to check the “Web Inteffrgence” box in the SmartDefense > HTTP properties.
E. Thomas needs to configure the Security Gateway protecting the Web servers as a Web server.
Correct Answer: C
QUESTION 108
You are a Security Administrator configuring Static NAT on an internal host-node object. You clear the box ‘Translate destination on client site”, accessed from Global Properties > NAT settings > Automatic NAT. Assuming all other Global Properties NAT settings are selected, what else must be configured for automatic Static NAT to work?
A. The NAT IP address must be added to the anti-spoofing group of the external Gateway interface
B. Two address-translation rules in the Rule Base
C. No extra configuration needed
D. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s external interface
E. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway’s internal interface
Correct Answer: E
QUESTION 109
Jill is about to test some rule and object changes suggested in an NGX newsgroup. Which backup and restore solution should Jill use, to ensure she can most easily restore her Security Policy to its previous configuration, after testing the changes?
A. SecurePlatform backup utilities
B. Manual copies of the $FWDIR/conf directory
C. upgradeexport and upgrade_import commands
D. Policy Package management
E. Database Revision Control
Correct Answer: E
QUESTION 110
Select the correct statement about Secure Internal Communications (SIC) Certificates? SIC Certificates:
A. for NGX Security Gateways are created during the SmartCenter Server installation.
B. for the SmartCenter Server are created during the SmartCenter Server installation.
C. are used for securing internal network communications between the SmartView Tracker and an OPSEC device.
D. decrease network security by securing administrative communication among the SmartCenter Servers and the Security Gateway.
E. uniquely identify Check Point enabled machines; they have the same function as Authentication Certificates.
Correct Answer: B
QUESTION 111
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit:
After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries FTP to another site using the command line. What happens to the user? The:
A. FTP session is dropped by the implicit Cleanup Rule.
B. user is prompted from that FTP site only, and does not need to enter username and password for Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. user is prompted for authentication by the Security Gateway again.
Correct Answer: B
QUESTION 112
Which NGX configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? Choose ONE. The:
A. ‘Time” properties, adjusted on the user objects for each user, in the source of the Client Authentication rule
B. Time object, with hours restricted and renewable, in the Time field of the Client Authentication rule
C. SmartDefense > Application Intelligence > Client Authentication > Refresh User Timeout option enabled
D. Global Properties > Authentication parameters, adjusted to allow for “Regular Client Refreshment”
E. “Refreshable Timeout” setting, in the Limit tab of the Client Authentication Action properties screen
Correct Answer: E
QUESTION 113
How are cached usernames and passwords cleared from the memory of an NGX Security Gateway?
A. Usernames and passwords only clear from memory after they time out.
B. By retrieving LDAP user information, using the fw fetchldap command
C. By using the Clear User Cache button in SmartDashboard
D. By installing a Security Policy
E. By pushing new user information from the LDAP server
Correct Answer: D
QUESTION 114
A digital signature:
A. Uniquely encodes the receiver of the key.
B. Provides a secure key exchange mechanism over the Internet.
C. Guarantees the authenticity and integrity of a message.
D. Automatically charges shared keys.
E. Decrypts data to its original form.
Correct Answer: C
QUESTION 115
Diffie-Hellman uses which type of key exchange?
A. Adaptive
B. Asymmetric
C. Symmetric
D. Static
E. Dynamic
Correct Answer: B
QUESTION 116
Amy is configuring a User Authentication rule for the technical-support department to access an intranet server. What is the correct statement?
A. The Security Server first checks if there is any rule that does not require authentication for this type of connection.
B. The User Authentication rule must be placed above the Stealth Rule.
C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
D. Amy can only use the rule for Telnet, FTP, and rlogin services.
E. Amy can limit the authentication attempts in the Authentication tab of the User Properties screen.
Correct Answer: A
QUESTION 117
What is the reason for the Critical Problem notification in this SmartView Monitor example?
A. Active real memory shortage on the Gateway
B. No Security Policy installed on the Security Gateway
C. Version mismatch between the SmartCenter Server and Security Gateway
D. Time not synchronized between the SmartCenter Server and Security Gateway
E. No Secure Internal Communications established between the SmartCenter Server and Security Gateway
Correct Answer: B
QUESTION 118
You are setting up a Virtual Private Network, and must select an encryption scheme. Your data is extremely business sensitive and you want maximum security for your data communications. Which encryption scheme would you select?
A. Tunneling mode encryption
B. In-place encryption
C. Either one will work without compromising performance
Correct Answer: A QUESTION 119
There is a Web server behind your perimeter Security Gateway. You need to protect the server from network attackers, who create scripts that force your Web server to send user credentials or identities to other Web servers. Which box do you check in the SmartDashboard Web Intelligence tab?
A. HTTP protocol inspection protection
B. Cross Site Scripting protection
C. HTTP header format checking
D. Command Injection protection
E. SOL Injection protection
Correct Answer: B
QUESTION 120
Use manages a distributed NGX installation for a large Dank. Use needs to know which Security Gateways have licenses that will expire within the next 30 days. Which SmartConsole application should Use use to gather this information?
A. SmartView Monitor
B. SmartUpdate
C. SmartD ash board
D. SmartView Tracker
E. SmartView Status
Correct Answer: B
QUESTION 121
A user attempts authentication using SecureClient. The user’s password is rejected, even though it is correctly defined in the LDAP directory. Which of the following is a valid cause?
A. The LDAP server has insufficient memory.
B. The LDAP and Security Gateway databases are not synchronized.
C. The SmartCenter Server cannot communicate with the LDAP server.
D. The user has defined the wrong encryption scheme.
E. The user is defined in both the NGX user database and the LDAP directory.
Correct Answer: E
QUESTION 122
You create implicit and explicit rules for the following network. The group object “internal-networks” includes networks 10.10.10.0 and 10.10.20.0. Assume “Accept ICMP requests” is enabled as before last in the Global Properties.Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet by IP address? ICMP will be:
A. dropped by rule 0.
B. dropped by rule 2, the Cleanup Rule.
C. accepted by rule 1.
D. dropped by the last implicit rule.
E. accepted by the implicitt rufe.
Correct Answer: C
QUESTION 123
Using SmartDefense how do you notify the Security Administrator that malware is scanning specific ports?
By enabling:
A. Network Port scan
B. Host Port Scan
C. Malware Scan protection
D. Sweep Scan protection
E. Malicious Code Protector
Correct Answer: D
QUESTION 124
How many administrators car be created during installation ofthe SmartC enter Server?
A. Only one
B. Only one with full access and one with read-only access
C. As many as you want
D. Depends on the license installed on the Smart Center Server
E. Specified fn the Global Properties
Correct Answer: A QUESTION 125
Which Idif file must you modify to extend the schema of a Windows 2000 domain?
A. In NGXyou do not need to modify any .Idif flle
B. The appropriate .ldif flle is located in the Security Gateway: $FWDIR/conf/ldif/Microsoft_ad_schema.ldif
C. The appropriate .Idif flle is located in the SmartCenter Server: $FWDIR/lib/ldap/ schema_microsoft_ad.ldif
D. The appropriate .Idif file is located in the Security Gateway: $FWDIR/lib/ldif/Microsoft_ad_schema.ldif
E. The appropriate .ldif file is located In the SmartCenter Server: $FWDIR/conf/ldif/ Microsofl_ad_schema.fdif
Correct Answer: C
QUESTION 126
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security Gateway from SmartDashboard.
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).
C. From the SmartCenter Server’s command line type fw putkey <shared key> <IP Address of SmartCenter Server>.
D. From the SmartCenter Server’s command line type fw putkey <shared key> <IP Address of Security Gateways
E. Re-install the Security Gateway.
Correct Answer: B
QUESTION 127
Herman is attempting to configure a site-to-site VPN with one of his firm’s business partners. Herman thinks Phase 2 negotiations are failing. Which SmartConsole application should Herman use to confirm his suspicions?
A. SmartUpdate
B. SmartView Tracker
C. SmartView Monitor
D. SmartDashboard
E. SmartView Status
Correct Answer: B
QUESTION 128
What is the proper command for exporting users in LDAP format?
A. fw dbexport-f c:\temp\users.txt
B. fw dbimport-f c:\temp\users.ldif-I-s”o=YourCity.com,c=YourCountiy”
C. fw dbimport -f c:\temp\users.ldap
D. fw dbexport -f c:\temp\users.ldap -s
E. fw dbexport-f c:\temp\users.fdif -I -s “o=You rCrty.com ,c=You rCountry”
Correct Answer: E
QUESTION 129
Which of these changes to a Security Policy optimizes Security Gateway performance?
A. Using domain objects in rules when possible
B. Using groups within groups in the manual NAT Rule Base
C. Putting the least-used rule at the top of the Rule Base
D. Logging rules as much as possible
E. Removing old or unused Security Policies from Policy Packages
Correct Answer: E
QUESTION 130
You have locked yourself out of SmartDashboard with the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartD ash board. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server.
B. Run fw unlocklocal on the SmartCenter Server.
C. Run fw unloadlocal on the Security Gateway.
D. Delete the $fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway.
Correct Answer: C
QUESTION 131
Which NGX feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. cpconfig
B. upgrade export/upgrade import
C. Database Revision Control
D. dbexport/dbimport
E. Policy Package management
Correct Answer: C
QUESTION 132
Doug wants to know who installed a Security Policy blocking all traffic from the corporate network. Which SmartVfew Tracker selection is best suited for this?
A. Records pane
B. Active tab
C. custom filter
D. tog connections
E. Audit tab
Correct Answer: E
QUESTION 133
Your internal network is using 10.1.1.0/24. This network is behind your perimeter NGX VPN-1 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
A. Use automatic Static NAT for network 10.1.1.0/24.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
C. Use manual Static NAT on the client side for network 10.1.1.0/24.
D. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
E. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
Correct Answer: D QUESTION 134
Your standby SmartCenter Servers status is collision. What does that mean, and how do you synchronize the Server and its peer?
A. The standby and active Servers have two Internal Certificate Authority (ICA) Certificates. Uninstall and reinstall the standby Server.
B. The active Server detected a keep-alive packet from the standby Server.
C. The peer Server has not been property synchronized. Manually synchronize both Servers again.
D. The peer Server is more up-to-date. Manually synchronize both Servers again.
E. The active SmartCenter Server and its peer have different Security Policies and databases. Manually synchronize the Servers, and decide which Server’s configuration to overwrite.
Correct Answer: E QUESTION 135
How do you configure an NGX Security Gateway’s kernel memory settings, without manually modifying the configuration files in $FWDIR\lib? By configuring:
A. the settings on the Gateway object’s Capacity Optimization screen
B. the settings on the Global Properties Capacity Optimization screen
C. the settings on the Gateway object’s Advanced screen
D. the settings on the SmartCenter Server object’s Advanced screen
E. SmartDefense Kernel Defender options
Correct Answer: A QUESTION 136
Katie is the Security Administrator for an insurance company. Her manager gives Katie the following
requirements for controlling DNS traffic:
Required Result #1: Accept domain-name-over-TCP traffic (zone-transfer traffic).
Required Result #2: Log domain-name-over-TCP traffic (zone-transfer traffic).
Desired Result #1: Accept domain-name-over-UDP traffic (queries traffic).
Desired Result #2: Do not log domain-name-over-UDP traffic (queries traffic).
Desired Result #3: Do not clutter the Rule Base by creating explicit rules for traffic that can be controlled
using Global Properties.
Katie makes the following configuration changes, and installs the Secunty Policy:
1.
She selects the box “Accept Domain Name over TCP (Zone Transfer)’1 in Global Properties.
2.
She selects the box “Accept Domain Name over UDP (Queries)” in Global Properties.
3.
She selects the box “Log Implied Rules” in Global Properties. Does Katie’s solution meet the required and desired results?
A. The solution meets the required results, and one of the desired results
B. The solution meets all required results, and none of the desired results.
C. The solution meets the required results, and two of the desired results.
D. The solution meets all required and desired results.
E. The solution does not meet the required results.
Correct Answer: C QUESTION 137
Shauna is troubleshooting a Security Gateway that is dropping all traffic whenever the most recent Security Policy rs installed. Working at the Security Gateway, Shauna needs to uninstall the Policy, but keep the processes running so she can see if there is an issue with the Gateway’s firewall tables. Which of the following commands will do this?
A. fw dbload 10.1.1.5
B. fw unload 10.1.1.5
C. cprestart
D. fw tab -x -u
E. cpstop
Correct Answer: B
QUESTION 138
Anna is working in a large hospital, together with three other Security Administrators. Which SmartConsole tool should she use to check changes to rules or object properties other administrators made?
A. SmartDashboard
B. SmartView Tracker
C. Eventia Tracker
D. Eventia a Monitor
E. SmartView Monitor
Correct Answer: B
QUESTION 139
Jeremy manages sites in Tokyo, Calcutta and Dallas, from his office in Chicago. He Is trying to create a report for management detailing the current software level of each Security Gateway. He also wants to create a proposal outline, listing the most cost-effective way to upgrade his Gateways. Which two SmartConsole applications should Jeremy use, to create his report and outline?
A. SmartLSM and SmartUpdate
B. SmartDashboard and SmartLSM
C. SmartDashboard and SmartView Tracker
D. SmartView Monitor and SmartUpdate
E. SmartView Tracker and SmartView Monitor
Correct Answer: D
QUESTION 140
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and view hidden rules. Select the rule, right-click, and select Disable.
B. Uninstall the Security Policy, and then disable the rule.
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again.
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule.
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rufe(s)’
Correct Answer: E
QUESTION 141
David is a consultant for a software-deployment company. David is working at a customer’s site this week. David’s task is to create a map of the customer’s VPN tunnels, including down and destroyed tunnels. Which SmartConsole application will provide David with the information needed to create this map?
A. SmartUpdate
B. SmartView Monitor
C. SmartLSM
D. SmartView Tracker
E. SmartView Status
Correct Answer: B QUESTION 142
How do you view a Security Administrator’s activities, using SmartConsole tools? With:
A. User Monitor
B. SmartView Monitor using the Administrator Activity filter
C. SmartView Tracker in Log mode
D. SmartView Tracker in Audit mode
E. SmartView Status
Correct Answer: D QUESTION 143
Mary is the IT auditor for a bank. One of her responsibilities is reviewing the Security Administrator activity and comparing it to the change log. Which application should Mary use to view Security Administrator activity?
A. NGX cannot display Security Administrator activity
B. SmartView Tracker in Real-Time Mode
C. SmartView Tracker in Audit Mode
D. SmartView Tracker in Log Mode
E. SmartView Tracker in Active Mode
Correct Answer: C QUESTION 144
When you use the Global Properties1 default settings, which type of traffic will be dropped, if no explicit rule allows the traffic?
A. Firewall logging and ICA key-exchange information
B. Outgoing traffic originating from the Security Gateway
C. RIP traffic
D. SmartUpdate connections
E. IKE and RDP traffic
Correct Answer: C QUESTION 145
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results:
Required Result #1:Do not purchase new hardware.
Required Result #2:Use configuration changes that do not reduce security.
Desired Result #1:Reduce the number of explicit rules in the Rule Base.
Desired Result #2:Reduce the volume of logs.
Desired Result #3:lmprove the Gateway’s performance.
Proposed Solution:
Mary recommends the following changes to the Gateway’s configuration:
?Replace all domain objects with network and group objects.
?Check “Log implied rules” and “Accept ICMP requests” in Global Properties.
?Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP.
Does Mary’s proposed solution meet the required and desired results?
A. The solution meets all required and desired results.
B. The solution meets the required results, and one of the desired results.
C. The solution meets the required results, and two of the desired results.
D. The solution meets all required results, and none of the desired results.
E. The solution does not meet the required results.
Correct Answer: B QUESTION 146
Nelson is a consultant. He is at a customer’s site reviewing configuration and logs as part of a security audit. Nelson sees logs accepting POP3 traffic, but he does not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause? The POP3:
A. service is a VPN-1 Control Connection.
B. rule is hidden.
C. service is accepted in Global Properties.
D. service cannot be controlled by NGX.
E. rule is disabled. Correct Answer: B
CheckPoint 156-215 Questions & Answers with explanations is all what you surely want to have before taking CheckPoint 156-215. CheckPoint 156-215 Testing Engine is ready to help you to get your CheckPoint 156-215 by saving your time by preparing you quickly for the Cisco exam. If you are worried about getting your CheckPoint 156-215 certification passed and are in search of some best and useful material,CheckPoint 156-215 Q&A will surely serve you to enhance your CheckPoint 156-215 study.
