CheckPoint 156-310 Exam Guide, Provide New CheckPoint 156-310 Certification On Sale
Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html
You can prepare for CheckPoint 156-310 with little effort because Flydumps is now at your service to act as a guide in Flydumps you pass CheckPoint 156-310 exam. Now get that necessary competitive edge that comes with preparing with the help of Flydumps.
QUESTION 96
In VPN-1/FireWall-1, Security Administrators can define URI Resource Properties to strip which of the following from HTML? (Choose three)
A. Java applets
B. Invalid mime types
C. Java scripts
D. ActiveX code
E. Any content of a Web page
Correct Answer: ACD
QUESTION 97
Which VPN-1/FireWall-1 Security Server does NOT perform authentication?
A. SMTP
B. FTP
C. RLOGIN
D. TELNET
E. HTTP
Correct Answer: A
QUESTION 98
Encryption is the transformation of readable data into an unreadable form called:
A. One Way Hash
B. Keyed Text
C. Secret Text
D. Ciphertext
E. Cleartext
Correct Answer: D
QUESTION 99
Choose three. The Check Point SecureClient Packaging Tool allows System Administrators to:
A. Install a package on a client machine.
B. Create customized SecuRemote/SeucreClient installation packages to distribute to users.
C. Customize the flow of end-user installation processes, before SecureRemote/SecureClient is installed.
D. Configure SecuRemote properties for users, before installation.
E. Automatically update SecureClient installation at regular intervals.
Correct Answer: BCD
QUESTION 100
Which of the following is TRUE of the relationship between the RemoteAccess VPN Community and the Security Policy Rule Base?
A. The RemoteAccess VPN Community defines VPN connection parameters for SecuRemote connections. The Security Policy Rule Base is used to allow access to protected resources.
B. The RemoteAccess VPN Community is used to allow access to protected resources. The Security Policy Rule Base is used to define VPN connection parameters for SecuRemote connections.
C. The Security Policy Rule Base is used to define VPN connection parameters for SecuRemote connections and is used to allow access to protected resources. The RemoteAccess VPN Community applies only SecureClient.
D. The RemoteAccess VPN Community defines VPN connection parameters for SecuRemote connections and is used to allow access to protected resources. Security Policy Rules are not defined for SecuRemote.
Correct Answer: A
QUESTION 101
Which of the following statements, about Hybrid Ike, are FALSE? Choose two.
A. The final packet size is increased after it is encrypted
B. Only pre-shared secrets or certificates may be used.
C. SecureClient and Hybrid Ike are incompatible
D. TCP/IP headers are encrypted along with the payload.
E. Any authentication mechanism supported by VPN-1/Firewall-1 is supported.
Correct Answer: BC QUESTION 102
Users must enter a username and a password on the first attempt while using Secure Client Authentication window to connect to a site. Passwords are shared in memory instead if being written to disk, and are erased upon reboot.
A. True
B. False
Correct Answer: A QUESTION 103
The IKE encryption scheme encrypts the original TCP and IP headers along with the packet data.
A. True
B. False
Correct Answer: A QUESTION 104
When licensing a VPN-1/Firewall-1 Management Server, for central licensing you must provide:
A. A host IP address, license expiration date, product feature string and license key.
B. A host IP address, license purchase date, product feature string and license key.
C. A host IP address, license expiration date, product feature string and Certificate Authority Key.
D. A host IP address, license purchase date, validation code and license key.
E. A host IP address, number of firewall nodes, validation code and license key.
Correct Answer: A QUESTION 105
You are developing secure communications for a virtual corporation. There is a main office with a variety of shared resources, but mist employees work either from home, or on the road. The most common interface between these employees and the central database is a modem-equipped Laptop. Reliability and quality are major issues for your users, and security requirements include the need for strong authentication of the remote and mobile users. You are expected to provide centralized management, and to anticipate significant growth in the workforce.
The type of VPN you would choose is the:
A. Intranet VPN.
B. Extranet VPN.
C. Client-to-Firewall VPN.
D. Server to Server VPN.
E. None of the above.
Correct Answer: C
QUESTION 106
You are setting up an IKE VPN between the VPN-1/Firewall-1 modules protecting two networks. One network is using a RFC 1918 compliant address range of 10.15.0.0 and the other network is using a RFC1 818 compliant address range 192.168.9.0. What method of address translation would you use?
A. Static Source.
B. Static destination.
C. Dynamic source.
D. Dynamic
E. None
Correct Answer: E
QUESTION 107
Secure Client supports desktop policies.
A. True
B. False
Correct Answer: A
QUESTION 108
You are the VPN-1/Firewall-1 administrator for a company who’s extranet requires encryption. You must an encryption scheme with the following features: Portability Standard Key Management Automatic, external PKI Session Keys Change at configured times during a connection’s life time Which encryption scheme do you choose?
A. Rj indal
B. FWZ
C. IKE
D. IKE
E. Triple DES.
F. Manual IPSec.
Correct Answer: C QUESTION 109
When adding users to firewall, an administrator can install just the User Database without re-installing the entire Security Policy.
A. True
B. False
Correct Answer: A QUESTION 110
Both, RSA and Diffie-Hellman are asymmetric encryption techniques generating a one-way trust model for encryption and decryption messages.
A. True
B. False
Correct Answer: B QUESTION 111
VPN-1/Firewall-1 gateway products (other than the GUI) are supported on Windows NT Workstation.
A. True
B. False
Correct Answer: B QUESTION 112
For each connection that is established through a VPN-1/Firewall-1 Security Server, security administrators control specific access according to information defined in the Resource field.
A. True
B. False
Correct Answer: A QUESTION 113
When a SecuRemote Client and Server key exchange occurs, the user will be re-authenticated if the password has been erased.
A. True
B. False
Correct Answer: A QUESTION 114
There are certain general recommendations for improving the performance of Check Point VPN-1/Firewall-1, Choose all that apply.
1.
Use Domain objects when possible.
2.
User Network instead of Address Ranges.
3.
Combine similar rules to reduce the number of rules.
4.
Enable VPN-1/Firewall-1 control connections.
5.
Keep Rule Base small and simple.
A. 1, 2, 3.
B. 1, 2, 4.
C. 2, 3, 5.
D. 1, 2, 3, 4, 5.
E. 1, 3, 5.
Correct Answer: C
QUESTION 115
The AES algorithm (Rjindal) is used with IKE encryption, VPN-1/Firewall-1 supports which version of AES?
A. 256-bit.
B. 168 and 256-bit.
C. 112-, 168- and 256-bit.
D. 40- and 56-bits.
E. 25- and 112-bit.
Correct Answer:
QUESTION 116
The Check Point Secure Client packaging tool enables system administrators:
A. To create customized SecuRemote/Secure Client installation packages to distribute to users.
B. To configure SecuRemote properties for users before installation.
C. To customize the flow of end users’ installation processes before SecuRemote/Secure Client installation.
D. A and B.
E. All of the above.
Correct Answer: E
QUESTION 117
If you have modified your network configuration by removing the firewall adapters, you can reinstall these adapters by re-installing Secure Client.
A. True
B. False
Correct Answer: B
QUESTION 118
Which of the following selections lists the three security components essential to guaranteeing the security of network connections?
A. Encryption, inspection, routing.
B. NAT, traffic control, topology.
C. Static addressing, cryptosystems, spoofing.
D. Encryption, authentication, integrity.
E. DHCP, quality of service, IP pools.
Correct Answer: D
QUESTION 119
How do you enable connection logging to the Policy Server when using Secure Client?
A. Go to the registry and add key EnableLogging=1.
B. Create the file st.log in the log directory.
C. Set logging to Alert in the Tracking field of the Rule Base.
D. Enable logging in the Policy server.
E. Select 碋nable Logging?under options in the tool menu of the Secure Client GUI.
Correct Answer: A
QUESTION 120
The encryption key for SecuRemote connections, for two phase exchange, remains valid by default for ________.
A. About 15 minutes.
B. About 30 minutes.
C. About 45 minutes.
D. About 60 minutes.
E. The entire remote user operating session.
Correct Answer: D
QUESTION 121
What is the purpose of HTML weeding when a defining a URI resource?
A. A HTML weeding changes specified code from an HTML page containing a reference to JAVA or ActiveX code.
B. HTML weeding strips JAVA code from incoming HTTP, and blocks JAVA applets.
C. HTML wedding stops applets when JAVA code is incorporated in a HTML document.
D. HTML weeding fetches JAVA code directly.
E. HTML weeding prompts users when a JAVA or ACTIVEX is available from an HTML page being viewed.
Correct Answer: B
QUESTION 122
When using IKE in a Firewall-to-Firewall VPN, ____________ is used to manage session keys, encryption method and data integrity.
A. UDP
B. RDP
C. ICMP
D. FTP
E. RWS
Correct Answer: A
QUESTION 123
Before installing VPN-1/Firewall-1 on Windows NT, you MUST confirm that:
A. Your network is properly configured, with special emphasis on routing.
B. The host and the gateway can see each other.
C. X/Motif client is installed.
D. You can log on and TELNET to each of the hosts in the internal networks.
E. You have completed hardening your operating system.
Correct Answer: A
QUESTION 124
CRL lookups from VPN-1/Firewall-1 modules, or the SecuRemote Server, to the LDAP Server. When problems occur with CRL verification, how would you verify that the IP addresses and port numbers are correctly referencing the CA and LDAP Servers?
A. Check the ca.ini file.
B. Check the CA object configuration.
C. Check the CRL timeout.
D. Run fw checkcaintegrity -f -n from a command-line prompt.
E. Run cpconfig.
Correct Answer: B
QUESTION 125
What are the disadvantages of Shared Secret Key encryption?
A. A secure channel is required by which correspondents can agree on a key before their first encrypted communication.
B. Correspondents may have to agree on a key by some other fairly secure method, such as by mail or telephone.
C. The number of keys required can quickly become unmanageable since there must be a different key pair fir each pair of possible correspondents.
D. B and C.
E. A, B and C.
Correct Answer: D
QUESTION 126
An external UFP server, can perform which if the following?
A. Find out java, JavaScript, Active X.
B. Deny or allow access to URLs using categories.
C. Integrate Firewall-1 with an external user database.
D. Check for viruses and malicious contents.
E. All of the above.
Correct Answer: B
QUESTION 127
Which of the following statements best describe the purpose of the Transparent Connection method shown below in the URI Resources Properties window?
A. Matches all connections that are not in proxy or Tunneling Mode.
B. Matches connections in proxy mode only.
C. Matches connections using HTTP > CONNECT method.
D. Disables all content security options in the URI specification.
E. Takes an action as a result of a logged resource definition.
Correct Answer: A QUESTION 128
When SecuRemote Client and Server key exchange occurs, the user will NOT be re-authenticated even if the Password Expires After timer on the SecuRemote Server has not expired.
A. True
B. False
Correct Answer: A QUESTION 129
In the following graphic, the remote Secure Client machine does not have an installed Desktop Policy. The Secure Client user tries to connect to a host in Detroit’s domain. Because Detroit is a Policy Server.
A. It will initiate explicit login and attempt to install a Desktop Policy on the Secure Client machine, before it allows a connection to its domain.
B. It will initiate implicit login and attempt to install a Desktop Policy on the Secure Client machine, before it allows a connection to its domain.
C. It will initiate implicit login only, before it allows a connection to its domain.
D. It will initiate explicit login only, before it allows a connection to its domain.
E. It will initiate implicit login and attempt to install a Desktop Policy on the SecuRemote machine, before it allows a connection to its domain.
Correct Answer:
QUESTION 130
In the event that an unauthorized user attempts to compromise a valid Secure Client connection, the Secure Client machine can remain protected by?
A. The VPN module in the enterprise firewall.
B. Enforcing a desktop policy blocking incoming connections to the Secure Client.
C. The organization’s internal firewall.
D. Network address translation performed by the gateway.
E. Using FWZ encapsulation.
Correct Answer: B
A Microsoft certification exam can be a milestone in your professional career. Flydumps is the pioneer in Microsoft certification exam preparation. With a highly competent and professional team, Latest CheckPoint 156-310 dumps in Flydumps has come up with a great, thorough exam material which will be a treasure for you.you will get certified easily with the help of Flydumps latest Latest CheckPoint 156-310 dumps.
Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html
https://www.itcertlab.com/checkpoint-156-310-exam-guide-provide-new-checkpoint-156-310-certification-on-sale.html