100% Valid And Newest–Do not worry about your Checkpoint 156-215 exam! Just try Flydumps the latest Checkpoint 156-215 exam dumps.The latest new version with all the official new added Checkpoint 156-215 questions and answers.High pass rate and money back
QUESTION 77
you have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credential. What must happen after authentication that allows the client to connect the Security Gateway’s VPN domain?
A. Active-X must be allowed on the cliect.
B. An office mode address must be obtained by the client.
C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
D. The SNX client application must be installed on the client.
Correct Answer: A
QUESTION 78
Centrak license management allows a Security Administrator to perform which of the following functions?
1) Check for expired licenses. 2) Sort licenses and view license properties 3) Attach both R71 Central and Local licenses to a remote module 4) Delete both R71 Local licenses and Central licenses from a remote module 5) Addor remove a license to or from the licenes repository 6) Attach and/or delete only R71 Central licenses to a remote module ( not local liceses)
A. 2.5&6
B. 2.3.4.&5
C. L2.5.&6
D. 1.2.3.4&5
Correct Answer: D
QUESTION 79
If you were NOT using IKE aggressive mode for your Ipsec tunnel, how many packets would you see for normal Phase 1 exchange?
A. 6
B. 2
C. 3
D. 9
Correct Answer: A
QUESTION 80
Your current checkpiont Enterprise consists of one Management Server and Four Gateway in four different locations with following versions. All devices are running secure platform. You are upgrading your enterprise to R71. Place the required tasks from the following list in the correct order for upgrading your enterprise to R71. 1)Upgrade all gateways to R71 2)Upgrade all gateways 3 and 4 to R65 3)Upgrade all gateways 2,3, and 4 to R65 4)Upgrade all gateway 4 to R65 5)Preform pre-upgrade verifier on Security management server 6)Preform pre-upgrade verifier on all Gateways 7)Perform License upgrade checker on Gateway 2 8) Perform License upgrade checker on Gateway 3 9) Perform License upgrade checker on Gateway 4 10)Perform License upgrade checker on Security Management Server 11)Perform License upgrade checker on all devices 12)Upgrade security management server to R70
A. 11, 5,12, 3, 1
B. 9, 4, 5, 12, 1
C. 5, 6, 12, 1
D. 11, 5, 12, 2, 1
Correct Answer: C
QUESTION 81
What are you required to do before running upgrade___ export?
A. Run cpconfig and set yourself up as a GUI client.
B. Run a cpstop on the Security Management Server
C. Run a cpstop on the Security Gateway.
D. Close all GUI clients
Correct Answer: BCD
QUESTION 82
How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Rule as the first explicit rule?
A. You can access the Revocation list by means of a browser usiing Url: <http: //IP-FW: 18264/ICA.crl> provideed the implied rules are activated default
B. The CRL is encrypted, so it is useless to attempt to access it.
C. You cannot access the CRL, since the Stealth Rule will drop the packets
D. You can only access the CRI via the Security Management Server as the internal CA is located on that server
Correct Answer: A
QUESTION 83
You need to determine if your company’s Web servers are accessed an excessive number of times from the same host. How would you configure this in the IPS tab?
A. Successive multiple connections
B. Successive alerts
C. Suddessive DoS attacks
D. HTTP protocol inspection
Correct Answer: A
QUESTION 84
What’s the difference between the SmartView Tracker Tool section in R71 and NGX R56?
A. Tools section in R71 is exactly the same as the tools section in R65
B. Using R71. You can choose a program to view captured packets.
C. Enable Warning Dialogs option is not available in R71
D. R71 adds a new option to send ICMP packets to the source/destination address of the log event
Correct Answer: B
QUESTION 85
A rule______is designed to log and drop all other communication that does not match another rule?
A. Stealh
B. Cleanup
C. Reject
D. Anti-Spoofing
Correct Answer: B
QUESTION 86
Which of these security policy changes optimize Security Gateway performance?
A. Use Automatic NAT rules instead of Manual NAT rules whenever possible
B. Putting the least-used rule at the top of the Rule Base
C. Using grouos within groups in the manual NAT Rule Base
D. Using domain object in rules when possible
Correct Answer: D
QUESTION 87
A third shift Security Administrator configured and installed a new Security Policy early this moring when you srrive he tells you that he has been Receiving complaints that Internet very slow. You suspect the security Gateway virtual memory might be the problem. Which smart console component would you use to verify this?
A. SmartView Tracker
B. SmartView Monitor
C. This information can only be viewed with fw ctl psat command from the CLI
D. Eventia Analyzer
Correct Answer: B
QUESTION 88
You installed security management server in a computer using SecurePlatform in the Mega corp home office. You use IP saddress 10.1.1.1. You also installed the security Gateway on a second secure platform computer, which you plan to ship to an other administrator at a mega corp Hub office. What is in the correct order for pushing SIC certificates to the Gateway before shipping it 1) Run cpconfig on the gateway , set secure internal communication, enter the activation key and reconfirm. 2) Initialize internal certificate authority (ICA) on the security Management server. 3) Confirm the gateway object with the host name and IP address for the remote site. 4) Click the communication button in the gateway object’s general screen ,enter the activation key, and click inltialize and ok. 5) Install the security policy.
A. 2, 3, 4, 5, 1
B. 1, 3, 2, 4, 5
C. 2, 3, 4, 1, 5
D. 2, 1, 3, 4, 5
Correct Answer: B
QUESTION 89
In smart dash Board, Translation destination on client side is checked in global properties. When network Address translation is used: A. It is necessary to add a static route to the gateway routing tables
B. The security gateway’s ARP file must be modified
C. It is necessary to add a static route to the gateway’s routing table
D. VLAN tagging cannot be defined for any hosts protected by the gateway
Correct Answer: B
QUESTION 90
If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:
A. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange
B. three-packet IKE Phase 2 exchange Is replaced by a two-packet exchange
C. six-packet IKE Phase 1 exchange Is replaced by a three-packet exchange
D. three-packet IKE Phase 1 exchange Is replaced by a six-packet exchange
Correct Answer: C
QUESTION 91
When check point translation method allows an administrator to use fewer ISP-assigned IP addresses then the number of internal hosts requiring internet connectivity?
A. Static Destination
B. Hide
C. Dynamic Destination
D. Static Source
Correct Answer: B
QUESTION 92
You are reviving the security administrator activity for a bank and comparing to the change log. How do you view Security Administrator activity?
A. SmartView Travker cannot display Security Administrantor activity: Instead, view the system logs on the Security Management Server’s Operating System
B. SmartView Tracker in Management Mode
C. SmartView Tracker in Active Mode
D. SmartView Tracker in Network Endpoint Mode
Correct Answer: D
QUESTION 93
What is the desired outcome when running the command op info 璦璷 cpinfo 璷ut?
A. Send output to a file called cpinfo. out in compressed format
B. Send output to a file called cpinfo. out in usable format for the CP Info View utility IOC.
C. Send output to a file called cpinfo. out without address resoloution.
D. Send output to a file called cpinfo. out and provide a screen print at the same time
Correct Answer: A
QUESTION 94
On of your licenses is set for IP address no longer in use. What happens to this license during the licenser-upgrade process?
A. It is upgraded with new available features but the IP remains the same
B. It remains untouched.
C. It is upgraded with the previous features using the new IP address D. It is dropped
Correct Answer: A QUESTION 95
Which smear view tracker selection would most effectively show who installed a security policy blocking all traffic from the corporate network?
A. Custom Filter
B. Network and Endpoint tab
C. Managemt Tab
D. Active tab
Correct Answer: C QUESTION 96
From the output below, where is the figerprint generated?
A. Security management server
B. SmartUpdate
C. SmartDashboard
D. SmartConsole
Correct Answer: A
QUESTION 97
What will happen when Reset is pressed and confirmed?
A. The gateway certificate will be revoked on the security management server only
B. SIC will be rest on the Gateway only
C. Tne Gateway certificate will be revoked on the security management server and SIC will be rest on the Gateway
D. The gateway certificate on the gateway only
Correct Answer: B
QUESTION 98
You intend to upgrade a Check Point Gateway from R65 to R71. Prior to upgrading, you want to backup the gateway should there be any problems with the upgrade of the following allows for the gateway configuration to be completely backup into a manageable size in the least amount oftime?
A. Backup
B. Snapshot
C. Upgrade_export
D. Database_revision
Correct Answer: B
QUESTION 99
Security Gateway R71 supports User Authentication for which of the following services? Select the response below that contains the most complete list of supported services.
A. FTP, HTTP, TELNET
B. FTP, TELNET
C. SMTP, FTP, HTTP, TELNET
D. SMTP, FTP, TELNET
Correct Answer: A
QUESTION 100
What information is found in the SmartView Tracker management log?
A. Rule Author
B. TCP hand shake average duration
C. TCp source port
D. Top used QOS rule
Correct Answer: A
QUESTION 101
Which service is it BOT possible to configure user authentication?
A. HTTPS
B. FTP
C. SSH
D. Telnet
Correct Answer: C
QUESTION 102
There are three options available for configuring a firewall policy on the Secure Client Mobile device. Which of the following is NOT an option?
A. Configured on endepoint client
B. No
C. Configured on Server
D. yes
Correct Answer: B
QUESTION 103
Which statement defines Public Key Infrastructure? Security is provide:
A. By authentication
B. By Certificate Authorities, digital certificates, and two-way symmetric-key encryption
C. By Certificate Authorities, digital certificates, and public key encryption.
D. Via both private and public keys, without the use of digital Certificats.
Correct Answer: D
QUESTION 104
You plan to migrate a Windows NG with Application Intelligence (Ai) R55 SmartCener server to R71. You also plan to upgrade four VPN-1 pro Gateways at remote offices and one local VPN-1 pro gateway at your company’s head quarter to R71. The management server configuration must be migrated. What is the correct procedure to migrate the configuration?
A. 1. Upgrade the remoter gateway via smart Update.
2. Upgrade the security management server, using the R71 CD
B. 1.From the R71 CD-ROM on the security management server, select Upgrade
2.
Reboot after installation and upgrade all licenses via Smart Update
3.
Reinstall all gateways using R70 and install a policy
C. 1.copy the $PWDIR\ conf directory from the security management server
2.
Save directory contents to another file server
3.
Uninstall the security management server, and install anstall anew security management server
4.
Move the saved directory contents to $ PWDIR\conf replacing the default installation files
5.
Reinstall all gateways using R71 and install a security policy
D. 1. From the R71 CD – ROM in the security management server, select export
2.
Install R70 on a new PC using the option installation using imported configuration
3.
Reboot after installation and update all licenses via smart Update
4.
Upgrade software on all five remote Gateway via Smart Upsate
Correct Answer: D
QUESTION 105
The security gateway is installed on Secure Platform R71. The default port for the web user is ______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Correct Answer: D
QUESTION 106
How are cached usernames and passwords cleared from the memory of a R71 Security Gateway?
A. By retrieving LDAP user information using the command fw fetchldap
B. By using the Clear User Cache button in Smart Dashboard
C. Usernames and password only clear from memory after they time out
D. By installing a Security Policy
Correct Answer: D
QUESTION 107
The TotallyCoolSecurity Company has a large security staff. Bob configured a new IPS Chicago_Profile for fw-chicago using Detect mode. After reviewing logs, Matt noticed that fw-chicago is not detecting any of the IPS protections that Bob had previously setup. Analyze the output below and determine how can correct the problem.
A. Matt should re-create the Chicago_Profile and select Activate protections manually Instead of per the IPS Policy
B. Matt should activate the Chicago_Profile as it is currently not activated
C. Matt should assign the fw-chicago Security Gateway to the Chicago_Profile
D. Matt should change the Chicago_Profile to use Protect mode because Detect mode will not work.
Correct Answer: C
QUESTION 108
SmartView Teacker R71 consists of three different nodes. They are
A. Log, Active, and Audit
B. Log, Active, and Management
C. Log, Track, and Management
D. Network & Endpoint, Active, and Management
Correct Answer: D QUESTION 109
In previous version, the full TCP three-way handshake was sent to the firewall kernel for inspection. How is this improved in current Flows/Secure XL?
A. Only the initial SYN packet is inspected The rest are handled by IPSO
B. Packets are offloaded to a third-party hardware card for near-line inspection
C. Packets are virtualized to a RAM drive-based FW VM
D. Resources are proactively assigned using predictive algorithmic techniques
Correct Answer: A QUESTION 110
Security Servers can perform authentication tasks, but CANNOT perform content security tasks?
A. RHV HTTPS
B. FTP
C. RLOGIN
D. HTTP
Correct Answer: C QUESTION 111
Which of the following actions do not place in IKE phase 1?
A. Each side generates a session key from its private key and peer’s public key
B. Peers agree on integrity method
C. Diffie-Hellman key is conbined with the key material to produce the symmetrical IPSec key.
D. Peers agree on encryption method
Correct Answer: D QUESTION 112
Free practice questions for Checkpoint 156-215 exam.These questions are aimed at giving you an idea of the type of questions you can expect on the actual exam.You will get an idea of the level of knowledge each topic goes into but because these are simple web pages you will not see the interactive and performance based questions – those are available in the Checkpoint 156-215.