Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Checkpoint 156-215.1 Exam - Cheat-Test.com

Free 156-215.1 Sample Questions:

Q: 1 Frank wants to know why users on the corporate network cannot receive multicast transmissions from the Internet. An NGX Security Gateway protects the corporate network from the Internet. Which of the following is a possible cause for the connection problem?

A. NGX does not support multicast routing protocols and streaming media through the Security Gateway.
B. Frank did not install the necessary multicast license with SmartUpdate, when he upgraded to NGX.
C. The Multicast Rule is below the Stealth Rule. NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
D. Multicast restrictions are not configured properly on the corporate internal network interface properties of
the Security Gateway object.
E. Anti-spoofing is enabled. NGX cannot pass multicast traffic, if anti-spoofing is enabled.

Answer: D

Q: 2 In NGX, what happens if a Distinguished Name (DN) is NOT found in LDAP?

A. NGX takes the common-name value from the Certificate subject, and searches the LDAP account unit for a matching user id.
B. NGX searches the internal database for the username.
C. The Security Gateway uses the subject of the Certificate as the DN for the initial lookup.
D. If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute.
E. When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the external LDAP user database.

Answer: B

Q: 3 Gary is a Security Administrator in a small company. He needs to determine if the company's Web servers are accessed for an excessive number of times from the same host. How would he configure this setting in SmartDefense?

A. Successive multiple connections
B. HTTP protocol inspection
C. Successive alerts
D. General HTTP worm catcher
E. Successive DoS attacks

Answer: A

Q: 4 In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?

A. Define a secondary SmartCenter Server as a log server, to transfer the old logs.
B. Configure a script to archive old logs to another directory, before old log files are deleted.
C. Do nothing. Old logs are deleted, until free space is restored.
D. Use the fwm logexport command to export the old log files to other location.
E. Do nothing. The SmartCenter Server archives old logs to another directory.

Answer: B

Q: 5 If you are experiencing LDAP issues, which of the following should you check?

A. Secure Internal Communications (SIC)
B. VPN tunneling
C. Overlapping VPN Domains
D. NGX connectivity
E. VPN Load Balancing

Answer: D

Q: 6 You are setting up a Virtual Private Network, and must select an encryption scheme. Network performance is a critical issue - even more so than the security of the packet. Which encryption scheme would you select?

A. In-place encryption
B. Tunneling mode encryption
C. Either one will work without compromising performance

Answer: A

Q: 7 Larry is the Security Administrator for a software-development company.
To isolate the corporate network from the developers' network, Larry installs an internal Security Gateway. Larry wants to optimize the performance of this Gateway. Which of the following actions is most likely to improve the Gateway's performance?

A. Remove unused Security Policies from Policy Packages.
B. Clear all Global Properties check boxes, and use explicit rules.
C. Use groups within groups in the manual NAT Rule Base.
D. Put the least-used rules at the top of the Rule Base.
E. Use domain objects in rules, where possible.

Answer: A

Q: 8 If a digital signature is used to achieve both data-integrity checking and verification of sender, digital signatures are only used when implementing:

A. A symmetric encryption algorithm.
B. CBL-DES.
C. ESP.
D. An asymmetric encryption algorithm.
E. Triple DES.

Answer: D

Q: 9 Ellen is performing penetration tests against SmartDefense for her Web server farm. She needs to verify that the Web servers are secure against traffic hijacks. She has selected
the "Products > Web Server" box on each of the node objects. What other settings would be appropriate? Ellen:

A. needs to configure TCP defenses such as "Small PMTU" size.
B. should enable all settings in Web Intelligence.
C. needs to create resource objects for the web farm servers and configure rules for the web farm.
D. must activate the Cross-Site Scripting property.
E. should also enable the Web intelligence > SQL injection setting.

Answer: D

Q: 10 Which of the following commands is used to restore NGX configuration information?

A. cpconfig
B. cpinfo -i
C. restore
D. fwm dbimport
E. upgrade_import

Answer: E

Q: 11 When you change an implicit rule's order from "last" to "first" in Global Properties, how do you make the change effective?

A. Close SmartDashboard, and reopen it.
B. Select install database from the Policy menu.
C. Select save from the file menu.
D. Reinstall the Security Policy.
E. Run fw fetch from the Security Gateway.

Answer: D

Q: 12 Which NGX logs can you configure to send to DShield.org?

A. Account and alert logs
B. SNMP and account logs
C. Active and alert logs
D. Audit and alert logs
E. Alert and user-defined alert logs

Answer: E

Q: 13 How do you block some seldom-used FTP commands, such as CWD, and FIND from passing through the Gateway?

A. Use FTP Security Server settings in SmartDefense.
B. Use an FTP resource object.
C. Configure the restricted FTP commands in the Security Servers screen of the Global properties.
D. Enable FTP Bounce checking in SmartDefense.
E. Add the restricted commands to the aftpd.conf file in the SmartCenter Server.

Answer: A

Q: 14 Your users are defined in a Windows 2000 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in NGX?

A. All Users
B. A group with generic* user
C. External-user group
D. LDAP account-unit group
E. LDAP group

Answer: E

Q: 15 Which of the following is the final step in an NGX backup?

A. Test restoration in a non-production environment, using the upgrade_import command.
B. Move the *.tgz file to another location.
C. Run the upgrade_export command.
D. Copy the conf directory to another location.
E. Run the cpstop command.

Answer: A

Q: 16 Which SmartConsole tool verifies the installed Security Policy name?

A. SmartView Server
B. SmartUpdate
C. SmartView Status
D. Eventia Reporter
E. SmartView Monitor

Answer: E

Q: 17 If the LDAP scheme is not updated on the LDAP server, which Check Point user settings are stored locally in the Check Point user template?

A. Time settings, Authentication type, Location settings
B. Location settings, Authentication type, Password
C. Authentication type, Time settings, Password
D. Password, Authentication type, Time settings

Answer: A

Q: 18 Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server:

A. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit.
B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
C. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application.
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
E. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.

Answer: A

Q: 19 By default, when you click File > Switch Active File from SmartView Tracker, the SmartCenter Server:

A. Opens a new window with a previously saved log file.
B. Purges the current log file, and starts a new log file.
C. Purges the current log, and prompts you for the new log's mode.
D. Saves the current log file, names the log file by date and time, and starts a new log file.
E. Prompts you to enter a filename, then saves the log file.

Answer: D

Q: 20 You are trying to enter a new user, group, or organizational unit on an LDAP server, and you encounter the error "violates schema". To provide the BEST long-term security, you should:

A. Import the schema, and enable schema checking.
B. Turn off schema checking, and restart the LDAP server.
C. Turn off schema checking, and restart the SmartCenter Server.
D. Restart the server.
E. Recover the corrupt database.

Answer: A

Q: 21 Jack's project is to define the backup and restore section of his organization's disaster recovery plan for his organization's distributed NGX installation. Jack must meet
the following required and desired objectives:
Required Objective: The security policy repository must be backed up no less frequently than every 24 hours.
Desired Objective: The NGX components that enforce the Security Policies should be backed up no less frequently than once a week.
Desired Objective: Back up NGX logs no less frequently than once a week. Jack's disaster recovery plan is as follows:
Use the cron utility to run the upgrade_export command each night on the SmartCenter Servers.
Configure the organization's routine backup software to back up the files created by the upgrade_export command.
Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night. Use the cron utility to run the upgrade_export command each Saturday night on the Log Servers.
Configure an automatic, nightly logswitch. Configure the organization's routine backup software to back up the switched logs every night. Jack's plan:

A. Meets the required objective but does not meet either desired objective
B. Does not meet the required objective
C. Meets the required objective and only one desired objective
D. Meets the required objective and both desired objectives

Answer: D

Q: 22 As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the:

A. "Refreshable timeout", in the Global Properties Authentication screen.
B. "Refreshable Timeout" setting, in the Limit tab of the Client Authentication Action properties screen.
C. "Refreshable Timeout" in SmartDefense.
D. "Refreshable Timeout", in the user object's Authentication screen.
E. "Refreshable Timeout" setting, in the gateway object's Authentication screen.

Answer: B

Q: 23 Sonny is the Security Administrator for a company with a large call center.
The management team in the center is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center's network is protected by an internal Security Gateway, which is configured to drop peer-to-peer file-sharing traffic. Which application should Sonny use, to determine the number of packets dropped by each Gateway?

A. SmartDashboard
B. SmartView Monitor
C. SmartUpdate
D. SmartView Tracker
E. SmartView Status

Answer: B

Q: 24 Quinton is the Security Administrator for a chain of retail stores. In a recent security newsletter, Quinton read about an attack where a client fools a server into sending large amounts of data, using small packets. Quinton is concerned that his company's servers might be
vulnerable to this type of attack. Which SmartDefense option should Quinton use to protect the servers?

A. Network Security > IP and ICMP > Block Null Payload ICMP
B. Network Security > TCP > Small PMTU
C. Network Security > Denial of Service > LAND
D. Network Security > Successive Events > DoS
E. Network Security > Denial of Service > Non-TCP Flooding

Answer: B

Q: 25 How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?

A. From the SmartCenter Server's command line type fw putkey <shared key> <IP Address of SmartCenter Server>.
B. From the SmartCenter Server's command line type fw putkey <shared key> <IP Address of Security Gateway>.
C. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security Gateway from SmartDashboard.
D. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).
E. Use SmartUpdate to retype the activation key of the Security Gateway.

Answer: D

Q: 26 You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communications. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a:

A. Digital signature
B. Tag
C. Private key
D. AES flag
E. Diffie-Helman verification

Answer: A

Q: 27 In SmartView Tracker, you see an entry for an outbound connection showing address translation. But when setting SmartView Tracker to show all entries for that connection, only outbound entries show. What is the possible cause for this?

A. The entry is for a Static NAT connection, from a specific host that has been infected by a worm.
B. The entry is for a Hide NAT connection from a specific host.
C. The entry is for an automatic Static NAT connection, where inbound traffic is managed by a separate rule.
D. The entry is for a manual Hide NAT connection, from a specific host infected by a worm.

Answer: B

Q: 28 David is a Security Administrator who has installed NGX on his network.
He needs to allow a specific IP address range for a partner site to access his intranet Web server. To limit the partner's access for HTTP and FTP only, David has done the following: Created manual Static NAT rules for the Web server.
Cleared the following boxessettings in the Global Properties' Network Address Translation screen.
1."Allow bi-directional NAT"
2."Translate destination on client side"
Do the above settings limit the partner's access?

A. Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that NGX translates the traffic after accepting the packet.
B. No. These settings are only applicable when upgrading from FireWall-1 4.1 to NGX.
C. Yes. Both of these settings are only applicable to automatic NAT rules.
D. Yes. The first setting is not applicable. The second setting will reduce performance impact, by translating traffic in the kernel nearest the intranet server.
E. No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing.

Answer: E


© 2014 Cheat-Test.com, All Rights Reserved