Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
BlackBerry exams BlackBerry
CheckPoint exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
HP exams Hewlett Packard
IBM exams IBM
ISC exams ISC
ISEB exams ISEB
Juniper Networks exams Juniper Networks
LPI exams LPI
Microsoft exams Microsoft
Network Appliance exams Network Appliance
Nortel exams Nortel
Novell exams Novell
Oracle exams Oracle
PMI exams PMI
RedHat exams RedHat
RSA Security exams RSA Security
SNIA exams SAP
Sun exams Sun
Symantec exams Symantec
Tibco exams Tibco
VMWare exams VMWare
All certification exams

Checkpoint 156-215.65 Exam - Cheat-Test.com

Free 156-215.65 Sample Questions:

Q: 1 You are Security Administrator for a large call center. The management team is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center's network is protected by an internal Security Gateway, configured to drop peer-to-peer file-sharing traffic. How do you determine the number of packets dropped by each Gateway?

A. SmartDashboard
B. SmartView Status
C. SmartView Tracker
D. SmartView Monitor

Answer: D

Q: 2 Which of the following statements BEST describes Hide Mode Translation?

A. Allows you to hide any entire network or IP range behind one routable IP address only
B. Allows you to hide an entire network behind a pool of IP addresses, selected randomly
C. Translates non-routable internal IP addresses to one routable IP address only
D. Allows you to hide any entire network or IP range behind one IP address

Answer: D

Q: 3 Which option or utility includes only Security and NAT, QoS, and Desktop Security settings?

A. Policy Package Management
B. File > Save from SmartDashboard
C. Database Revision Control
D. Backup

Answer: A

Q: 4 It is possible to configure Network Address Translation in all of the following areas, EXCEPT:

A. Global Properties
B. Dynamic Object Properties
C. Object Properties
D. Address-translation rules

Answer: B

Q: 5 Which of the following statements about the Port Scanning feature of SmartDefense is TRUE?

A. A typical scan detection is when more than 500 open inactive ports are open for a period of 120 seconds.
B. Port Scanning does not block scanning, it detects port scans with one of three levels of detection sensitivity.
C. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
D. When a port scan is detected, only a log is issued ?never an alert.

Answer: B

Q: 6 The customer has a small Check Point installation which includes one Window 2003 server working as SmartConsole and SmartCenter with a second server running SecurePlatform working as Security Gateway. This is an example of:

A. Hybrid Installation
B. Stand-Alone Installation
C. Distributed Installation
D. Unsupported configuration

Answer: C

Q: 7 A ______ rule is used to prevent all traffic going to the VPN-1 NGX Security Gateway

A. Reject
B. Cleanup
C. Stealth
D. SmartDefense

Answer: C

Q: 8 When troubleshooting the behavior of Check Point Stateful Inspection, it is important to consider "inbound" vs "outbound" packet inspection from the point of view of the ______.

A. Logical Topology
B. Administrator
C. Security Gateway
D. Internet

Answer: C

Q: 9 Which of the below is the MOST correct process to reset SIC?

A. Run cpconfig, and select "Secure Internal Communication > Change One Time Password".
B. Run cpconfig, and click Reset.
C. Click Reset in the Communication window of the Gateway object, and type a new activation key.
D. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.

Answer: D

Q: 10 What information is found in the SmartView Tracker audit log?

A. ClusterXL sync failure
B. Policy Package rule modification date/time stamp
C. Historical reports log
D. Destination IP address

Answer: B

Q: 11 Which of the following statements accurately describes the upgrade_export command?

A. upgrade_export stores network-configuration data, all settings configured by the WebUI, and the database
of user settings prior to upgrading the SmartCenter Server.
B. Used when upgrading the Security Gateway, upgrade_export includes modified files, such as in the /lib directory.
C. Used primarily when upgrading the SmartCenter Server, upgrade_export stores all object databases and the conf directories for importing to a newer version of VPN-1.
D. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.

Answer: C

Q: 12 You want to display log entries containing information from a specific column in the SmartView Tracker. If you want to see ONLY those entries, what steps would you take?

A. Right-click column, Search? Add string, Apply Filter
B. Right-click column, Edit Filter, Specific, Add, OK
C. Left-click column, Specific, Add, Apply Filter
D. Left-click column, Search, Add string, Apply Filter

Answer: B

Q: 13 You are about to test some rule and object changes suggested in an NGX newsgroup. Which backup solution should you use, to ensure the easiest restoration of your Security Policy to its previous configuration, after testing the changes?

A. Manual copies of the $FWDIR/conf directory
B. SecurePlatform backup utilities
C. upgrade_export command
D. Database Revision Control

Answer: D

Q: 14 You have blocked an IP address via the Block Intruder feature of SmartView Tracker. How can you see the addresses you have blocked?

A. Run fwm blocked_view.
B. In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list.
C. In SmartView Monitor, select the Blocked Intruder option from the query tree view.
D. In SmartView Tracker, click the Active tab, and the actively blocked connections display.

Answer: B

Q: 15 Which of the following features in SmartDefense, CANNOT be configured per profile?

A. Report to DShield
B. Spoofed Reset Protection
C. Successive Events
D. Blocked FTP Commands

Answer: D

Q: 16 Regarding QoS guarantees and limits, which of the following statements is FALSE?

A. If a guarantee is defined in a sub-rule, then a guarantee must be defined for the rule above it.
B. If both a rule limit and a per connection limit are defined for a rule, the per connection limit must not be greater than the rule limit.
C. A rule guarantee must not be less than the sum the guarantees defined in its sub-rules.
D. If both a limit and a guarantee per rule are defined in a QoS rule, then the limit must be smaller than the guarantee.

Answer: D

Q: 17 You have just been hired as the Security Administrator for the Insure-It-All insurance company. Your manager gives you the following requirements for controlling DNS traffic:
Required Result #1: Accept domain-name-over-TCP traffic (zone-transfer traffic).
Required Result #2: Log domain-name-over-TCP traffic (zone-transfer traffic).
Desired Result #1: Accept domain-name-over-UDP traffic (queries traffic).
Desired Result #2: Do not log domain-name-over-UDP traffic (queries traffic).
Desired Result #3: Do not clutter the Rule Base by creating explicit rules for traffic that can be controlled using Global Properties.
To begin, you make the following configuration changes, and install the Security Policy:

Select the box "Accept Domain Name over TCP (Zone Transfer)" in Global Properties.
Select the box "Accept Domain Name over UDP (Queries)" in Global Properties.
Select the box "Log Implied Rules" in Global Properties.

Do your initial actions meet the required and desired results?

A. The actions meet the required results, and two of the desired results.
B. The actions meet not meet the required results.
C. The actions meet all required results, and none of the desired results.
D. The actions meet all required and desired results.

Answer: A

Q: 18 Which option or utility includes Security Policies and Global Properties settings?

A. Policy Package Management
B. File > Save from SmartDashboard
C. Database Revision Control
D. Backup

Answer: C

Q: 19 Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how do you achieve this requirement?


A. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
B. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source - group object; Destination any; Service any; Translated source - 200.200.200.5; Destination original; Service original.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the Address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

Answer: C

Q: 20 The command fw fetch causes the:

A. SmartCenter Server to retrieve the IP addresses of the target Security Gateway
B. Security Gateway to retrieve the user database information from the tables on the SmartCenter Server.
C. SmartCenter Server to retrieve the debug logs of the target Security Gateway
D. Security Gateway to retrieve the compiled policy and inspect code from the SmartCenter Server and install it to the kernel.

Answer: D

Q: 21 Which of the following is the most critical step in a SmartCenter Server NGX R65 backup strategy?

A. Run the cpstop command prior to running the upgrade_export command
B. Perform a full system tape backup of both the SmartCenter and Security Gateway machines.
C. Using the upgrade_import command, attempt to restore the SmartCenter Server to a non-production system
D. Move the *.tgz upgrade_export file to an offsite location via FTP.

Answer: C

Q: 22 You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address
B. Publish a proxy ARP entry on the internal web server instead of the firewall for the valid IP address
C. Place a static host route on the ISP router from the valid IP address to the firewall's external address
D. Place a static host route on the firewall from the valid IP address to the internal web server

Answer: C

Q: 23 All of the following are VPN-1 control connections defined by default implied rules, EXCEPT:

A. Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
B. Exclusion of specific services for reporting purposes.
C. Acceptance of IKE and RDP traffic for communication and encryption purposes.
D. Specific traffic that facilitates functionality, such as logging, management, and key exchange.

Answer: B

Q: 24 You are configuring the VoIP Domain object for an SCCP environment protected by VPN-1 NGX R65. Which VoIP Domain object type can you use?

A. Gatekeeper
B. CallManager
C. Proxy
D. Transmission Router

Answer: B

Q: 25 Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server:

A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.

Answer: C

Q: 26 How do you recover communications between your SmartCenter Server and Security Gateway if you "lock" yourself out via a rule or policy mis-configuration?

A. cpstop
B. fw unload policy
C. fw unloadlocal
D. fw delete all.all

Answer: C

Q: 27 Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow Telnet service to itself from any location. How would you set up the authentication method With a:

A. Client Authentication rule, using partially automatic sign on
B. Client Authentication rule using the manual sign-on method, using HTTP on port 900
C. Client Authentication for fully automatic sign on
D. Session Authentication rule

Answer: B

Q: 28 Upon checking SmartView Monitor, you find the following Critical Problem notification.What is the reason?

A. Version mismatch between the SmartCenter Server and Security Gateway
B. No Security Policy installed on the Security Gateway
C. Time not synchronized between the SmartCenter Server and Security Gateway
D. No Secure Internal Communications established between the SmartCenter Server and Security Gateway

Answer: B

Q: 29 In a distributed management environment, the administrator has removed the default check from "Accept VPN-1 Power/UTM Control Connections" under the Policy > Global Properties > Firewall tab. In order for the SmartCenter Server to install a policy to the Firewall an
explicit rule must be created to allow the SmartCenter Server to communicate to the Security Gateway on port ______.

A. 259
B. 900
C. 256
D. 80

Answer: C

Q: 30 Your online bookstore has customers connecting to a variety of Web servers to place or change orders, and check order status. You ran penetration tests through the Security
Gateway, to determine if the Web servers were protected from a recent series of cross-site scripting attacks. The penetration testing indicated the Web servers were still vulnerable. You have checked every box in the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?

A. Check the "Products > Web Server" box on the host node objects representing your Web servers.
B. The penetration software you are using is malfunctioning and is reporting a false-positive.
C. Check the "Web Intelligence" box in the SmartDefense > HTTP Protocol Inspection.
D. Configure the Security Gateway protecting the Web servers as a Web server.

Answer: C

© 2012 Cheat-Test.com, All Rights Reserved
Best Certification Exam Prep and Test Materials Cheat-Test USA