Most Accurate CheckPoint 156-215 Guide PDF, Best CheckPoint 156-215 Practice To Ensure You 100% Pass Download
Exam A
QUESTION 1
Frank wants to know why users on the corporate network cannot receive multicast transmissions from the Internet. An NGX Security Gateway protects the corporate network from the Internet. Which of the following is a possible cause for the connection problem?
A. NGX does not support multicast routing protocols and streaming media through the Security Gateway.
B. Frank did not install the necessary multicast license with SmartUpdate, when he upgraded to NGX.
C. The Multicast Rule is below the Stealth Rule. NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
D. Multicast restrictions are not configured properly on the corporate internal network interface properties of the Security Gateway object.
E. Anti-spoofing is enabled. NGX cannot pass multicast traffic, if anti-spoofing is enabled.
Correct Answer: D
QUESTION 2
In NGX, what happens if a Distinguished Name (DN) is NOT found in LDAP?
A. NGX takes the common-name value from the Certificate subject, and searches the LDAP account unit for a matching user id.
B. NGX searches the internal database for the username.
C. The Security Gateway uses the subject of the Certificate as the DN for the initial lookup.
D. If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute.
E. When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the external LDAP user database.
Correct Answer: B
QUESTION 3
Gary is a Security Administrator in a small company. He needs to determine if the company’s Web servers are accessed for an excessive number of times from the same host. How would he configure this setting in SmartDefense?
A. Successive multiple connections
B. HTTP protocol inspection
C. Successive alerts
D. General HTTP worm catcher
E. Successive DoS attacks
Correct Answer: A
QUESTION 4
In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
A. Define a secondary SmartCenter Server as a log server, to transfer the old logs.
B. Configure a script to archive old logs to another directory, before old log files are deleted.
C. Do nothing. Old logs are deleted, until free space is restored.
D. Use the fwm logexport command to export the old log files to other location.
E. Do nothing. The SmartCenter Server archives old logs to another directory.
Correct Answer: B
QUESTION 5
Brianna has three servers located in a DMZ, using private IP addresses. She wants internal users from
10.10.10.x
to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x
is configured for Hide NAT behind the Security Gateway’s external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?
A. Configure automatic Static NAT rules for the DMZ servers.
B. Configure manual Static NAT rules to translate the DMZ servers, when connecting to the Internet.
C. Configure manual static NAT rules to translate the DMZ servers, when the source is the internal network
10.10.10.x.
D. Configure Hide NAT for the DMZ network behind the DMZ interface of the Security Gateway, when connecting to internal network 10.10.10.x.
E. Configure Hide NAT for 10.10.10.x behind DMZ’s interface, when trying to access DMZ servers.
Correct Answer: C
QUESTION 6
You are setting up a Virtual Private Network, and must select an encryption scheme. Network performance is a critical issue – even more so than the security of the packet. Which encryption scheme would you select?
A. In-place encryption
B. Tunneling mode encryption
C. Either one will work without compromising performance
Correct Answer: A
QUESTION 7
Larry is the Security Administrator for a software-development company. To isolate the corporate network from the developers’ network, Larry installs an internal Security Gateway.
Larry wants to optimize the performance of this Gateway. Which of the following actions is most likely to improve the Gateway’s performance?
A. Remove unused Security Policies from Policy Packages.
B. Clear all Global Properties check boxes, and use explicit rules.
C. Use groups within groups in the manual NAT Rule Base.
D. Put the least-used rules at the top of the Rule Base.
E. Use domain objects in rules, where possible.
Correct Answer: A
QUESTION 8
If a digital signature is used to achieve both data-integrity checking and verification of sender, digital signatures are only used when implementing:
A. A symmetric encryption algorithm.
B. CBL-DES.
C. ESP.
D. An asymmetric encryption algorithm.
E. Triple DES.
Correct Answer: D
QUESTION 9
Ellen is performing penetration tests against SmartDefense for her Web server farm. She needs to verify that the Web servers are secure against traffic hijacks. She has selected the “Products > Web Server” box on each of the node objects. What other settings would be appropriate? Ellen:
A. needs to configure TCP defenses such as “Small PMTU” size.
B. should enable all settings in Web Intelligence.
C. needs to create resource objects for the web farm servers and configure rules for the web farm.
D. must activate the Cross-Site Scripting property.
E. should also enable the Web intelligence > SQL injection setting.
Correct Answer: D
QUESTION 10
Which of the following commands is used to restore NGX configuration information?
A. cpconfig
B. cpinfo -i
C. restore
D. fwm dbimport
E. upgrade_import
Correct Answer: E