Checkpoint 156-215 Study Guide, Provides Checkpoint 156-215 PDF&VCE 100% Pass With A High Score

CheckPoint, CheckPoint Certification Comments Off

Flydumps practice test training resources are versatile and highly compatible with Microsoft exam formats. We provide up to date resources and comprehensive coverage on Checkpoint 156-215 exam dumps help you to advance your skills.

QUESTION 171
Which statement below describes the most correct strategy for implementing a Rule Base?
A. Add the Stealth Rule before the last rule.
B. Umit grouping to rules regarding specific access.
C. Place the most frequently used rules at the top of the Policy and ones that are not frequently used further down.
D. Place a network-traffic rule above the administrator access rule.

Correct Answer: C
QUESTION 172
Which OPSEC server can be used to prevent users from access.ng certain Web sites?
A. LEA
B. AMON
C. UFP
D. CVP

Correct Answer: C
QUESTION 173
You are trying to save a custom log query in R71 SmartView Tracker, but getting the following error “Could not save ‘query-name’ (Error Database is Read only). Which of the following is a likely explanation for this?
A. You have read-only rights to the Security Management Server catabase.
B. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization
C. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom locally
D. Another administraor is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server.

Correct Answer: B
QUESTION 174
Which of these security policy Changes Optimize security Gateway performances?
A. Use automatic NAT rules instead of manual NAT rules when ever possible
B. Putting the Least-Used rule at the top o of the rule Base
C. Using groups within groups in the manual Nat Rule Base
D. Using Domain objects in rules when possible

Correct Answer: D
QUESTION 175
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped Security Policy?
A. Pop-up alert script
B. User-defined alert script
C. Custom scripts cannot be executed through alert scripts
D. SNMP trap alert script

Correct Answer: B
QUESTION 176
You have an NGX R65 have gateway running on Security platform. The Gateway also serves as a Policy Server. When you run patch add CD from security Gateway R71 CD-ROM. What does this command allow you to upgrade?
A. Only the R71 Security Gateway
B. Only the patch utility is upgraded using this command
C. All products, except the Policy Server
D. Both the operating system and all Check Point products

Correct Answer: D
QUESTION 177
Identify the correct step performed by SmartUpdate a remote Security Gateway. After selecting packages Select / Add from CD, the:
A. Entire contents of the CD-ROM arc copied to the packages directory on the selected remote Security Gateway
B. Selected package is copied to the Package Repository on the Security Management: Server
C. Entire contents of the CD-ROM are copied to the Package Repository on the Security Management Server
D. Selected package is copied to the packages directory on the selected remote Security Gateway

Correct Answer: B
QUESTION 178
Which of the options below best describes the difference between the Drop action and Reject action? (assume TCP is specified in the service column of your tulebase)
A. Drop action is the same as Reject action
B. With Drop action, the sender is not notified but with Reject action, the user is notified
C. Reject action is the same as Drop action
D. With Drop action, the sender is authenticated but with Reject action, the user is not authenticated
E. With Drop action, the sender is notified but with Reject action, the user is not Notified

Correct Answer: B
QUESTION 179
Whitfield Diffie and martin Hellman gave their names to what standard?
A. An encryption scheme that makes pre-shared keys obsolete
B. An algorithm that is used in IPsec QuickMode and as an additional option in IPsec QuickMode (PFS)
C. A key exchange protocol for the advanced Encryption Standard
D. A key agreement / derivation protocaols the constructs secure keys over an insecure channel

Correct Answer: D
QUESTION 180
Which tool will you use prior to installation to reduce the risk of incompatibility with the deployment to R71?
A. Compatibility Tool
B. cpconfig
C. Post-Upgrade Verification Tool
D. Pre-Upgrade Verification Tool
E. cpinfo

Correct Answer: D
QUESTION 181
You would use the Hide Rule feature to:
A. Make rules invisible to incoming packets.
B. View only a few rules without the distraction of others
C. Hide rules from read-only administrators.
D. Hide rules from a SYN / ACK attack

Correct Answer: A
QUESTION 182
To monitor all traffic between a network and the internet on a Security Platform Gateway, what is the best utility to use?
A. Snoop
B. Cpinfo
C. Infoview
D. Tcpdump

Correct Answer: D
QUESTION 183
SmarUpdate is the primary tool used for upgrading Check Point gateways. When upgrading your gateway, what feature will you choose if want to upgrade all packages installed on your gateway?
A. Minimal Effort Upgrade
B. Add Package to Repository
C. Upgrading the Gateway
D. Upgrade All Packages
E. Zero Effort
Correct Answer: D QUESTION 184
YOu are responsible for configuration of Meg a Corn’s Check Point Firewall. You need to allow two Nat rules to match a connection. Is it possible? Give the best answer
A. Yes. it is possible to have two NAT rules which match a connection, but only when using Automatic NAT(bidirectional NAT)
B. No, it is not possible to have more one NAT rule matching a connection. When the firewall receives a packet blonging to a concentration, it compares it against the Rule Base, then the second rule, and so on When it finds a rule that matches, it stops checking and applies that rule.
C. Yes, it is possible to have two NAT rules which match a connection, but only in using Manaual NAT (bidirectional NAT0
D. Yes, there are always as many active NAT rules as there are connections.

Correct Answer: D
QUESTION 185
Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. Policy Package management
B. dbexport/dbimport
C. Database Revision Control
D. upgrade_export/upgrade_import

Correct Answer: C
QUESTION 186
For normal packet transation of an acceped communication to a host protocol by a Security Gate Way how many lines per packet are recorded on a packet analyzer like wire Shark using fw monitor?
A. 2
B. 4
C. 3
D. None

Correct Answer: A
QUESTION 187
A digital signature:
A. Provides a secure key exchange mechanism over the Internet B. Automatically exchanges shared keys.
B. Guarantees the authenticity and integrity of a message.
C. Decrypts data to its original form.

Correct Answer: A
QUESTION 188
After implementing static address translation to allow internet traffic to an internal web server on your DMZ. You notice that any Nated connections to that machine are being dropped by anti-spoofing protection which of the following is most likely cause?
A. The global properties settings translation on client side is checked. But the topology on the external change topology to others+
B. The global properties settings translation on client side is Unchecked. But the topology on the external interface is set to others+ change topology is external C. The global properties settings translation on client side is checked. But the topology on the DMZ interface is set to be internal-network defined by IP and mask. Uncheck the Global properties setting Translation on Client side.
C. The global properties settings translation on client side is unchecked. But the topology on the DMZ interface is set to be internal-network defined by IP and mask. Click the Global properties setting Translation on Client side.

Correct Answer:
QUESTION 189
What physical machine must have access to the User Center public IP address when checking for new packages with smartUpdate?
A. SmartUpdate GUI PC
B. SmartUpdate Repository SQL database Server
C. A Security Gateway retrieving the new upgrade package D. SmartUpdate installed Security Management Server PC

Correct Answer: A
QUESTION 190
You are installing your R71Security Gateway. Which is NOT a valid option for the hardware platform?
A. Crossbeam
B. Solaris
C. Windows
D. IPSO

Correct Answer: A
QUESTION 191
You are installing a Security Management Server Yoursecurity plan calls for three administrators for this particular server. How many van you create during installation’? A. Depends on the License installed on the Security Management Server B. Only one with full access and one with read-only access C. One
D. As many as you want
A.
B.
C.
D.

Correct Answer:
QUESTION 192
Crara wants to monitor the top services on her security Gateway(fw-chicago), but she is getting an error message. Other security gateways are reporting time information except a new security gateway that was just recently deployed. Analyze the error message from the out below and determine what Cara can do to correct the problem?

A. She should re-install the security policy on the security Gateway since it was using the default rule base
B. She should create a firewall rule to allow the CPMI traffic back to her smart console. C. Shen should let the monitoring run longer in order for it to collect sampled data D. She should edit the security Gateway object and enable the monitoring Software Blade

Correct Answer:
QUESTION 193
Your R71 security management server is instaled on secure platform. You plan to schedule the security management server to run Log switch automatically every 48 hours. How do you create the schedule?
A. Create time object, and add 48 hours as the interval. Select the time object’s global properties > logs and master window, to schedule a log switch B. Create time object, and add 48 hours as the interval. Open the primary security management object’s logs and master window, enable schedule log switch, and select time object
B. Create time object, and add 48 hours as th \e interval. Open the security Gateway objects logs and masters window, enable schedule log switch, and select the time object D. On a secure platform Security management Server, this can only the accomplished by configuring the fw logswithch command via the cron utility

Correct Answer: B
QUESTION 194
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access after the next Phase 2 exchange occurs?
A. Perfect Forward Secrcy
B. SHA1 Hash Completion
C. Phase 3Key Revocation
D. M05 Hash Completion
Correct Answer: A
QUESTION 195
Which of the following methods will provide the most complete backup of an R71 configuration?
A. Policy Package Management
B. Copying the $PWDIR\conf and $CPDIR\conf directories to an other server C. Upgrade_export command
C. Database Revision Control

Correct Answer: B
QUESTION 196
You are connected that a message may have been increased and retransmitted, thus compromising the security of the communication, You attach a code to the electronically transmitted message that uniquelu identifies the sender. Thiscode is Known as a(n):
A. diffle-Helman verification
B. digital signature
C. private Key
D. AES flag

Correct Answer: A
QUESTION 197
If you are experiencing LDAP issues, which of the following should you check?
A. Domain name resolution]
B. Overlapping VPN Domains
C. Secure Internal Communications(SIC)
D. Connectivity between the R71 Gateway and LDAP server

Correct Answer: A
QUESTION 198
When you use the Global Properties default settings on R71. Which type of traffic will be dropped?
A. RIP traffic
B. Smart Update connections
C. Outgoing traffic orginating from the Security Gateway D. Firewall logging and ICA key-exchange information

Correct Answer: A
QUESTION 199
You have not performed software upgrade to NGX R71. You have upgraded your license and every time you try to run commands such as cplic print; cpstop, you receive all sort of errors. In order to resolve this you will have to:
A. Remove the software
B. Do nothing. The error will go away with time
C. Remove the upgraded license
D. Upgrade the software to version NGX
E. Re-upgrade the license to the version before the upgrade
Correct Answer: D
QUESTION 200
The user directory software blade is use to integrate which of the following with security gateway R71?
A. RADIUS server
B. Account management client server
C. User authority server
D. LDAP server

Correct Answer: A QUESTION 201

The FLYDUMPS Checkpoint 156-215 study materials is the most thorough, accurate, and up-to-date practice test you will find on the market today. Pass4itSure Checkpoint 156-215 study materials are 100% verified realistic Checkpoint 156-215 exam questions and Checkpoint 156-215 exam answers. It provides people the mandatory product in plethora however, if you are always parched to learn far more next Checkpoint 156-215 is your own beck and also necessitate Checkpoint 156-215. There’s reasonable articles designed for us in the world of net but a majority of individuals don’t like to keep online for a while so they can purchase textbooks regarding Checkpoint 156-215 from their own closest publication shop.

Author

Back to Top