Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Checkpoint 156-215.65 Exam - Cheat-Test.com

Free 156-215.65 Sample Questions:

Q: 1 You are Security Administrator for a large call center. The management team is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center's network is protected by an internal Security Gateway, configured to drop peer-to-peer file-sharing traffic. How do you determine the number of packets dropped by each Gateway?

A. SmartDashboard
B. SmartView Status
C. SmartView Tracker
D. SmartView Monitor

Answer: D

Q: 2 Which of the following statements BEST describes Hide Mode Translation?

A. Allows you to hide any entire network or IP range behind one routable IP address only
B. Allows you to hide an entire network behind a pool of IP addresses, selected randomly
C. Translates non-routable internal IP addresses to one routable IP address only
D. Allows you to hide any entire network or IP range behind one IP address

Answer: D

Q: 3 Which option or utility includes only Security and NAT, QoS, and Desktop Security settings?

A. Policy Package Management
B. File > Save from SmartDashboard
C. Database Revision Control
D. Backup

Answer: A

Q: 4 It is possible to configure Network Address Translation in all of the following areas, EXCEPT:

A. Global Properties
B. Dynamic Object Properties
C. Object Properties
D. Address-translation rules

Answer: B

Q: 5 Which of the following statements about the Port Scanning feature of SmartDefense is TRUE?

A. A typical scan detection is when more than 500 open inactive ports are open for a period of 120 seconds.
B. Port Scanning does not block scanning, it detects port scans with one of three levels of detection sensitivity.
C. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
D. When a port scan is detected, only a log is issued ?never an alert.

Answer: B

Q: 6 The customer has a small Check Point installation which includes one Window 2003 server working as SmartConsole and SmartCenter with a second server running SecurePlatform working as Security Gateway. This is an example of:

A. Hybrid Installation
B. Stand-Alone Installation
C. Distributed Installation
D. Unsupported configuration

Answer: C

Q: 7 A ______ rule is used to prevent all traffic going to the VPN-1 NGX Security Gateway

A. Reject
B. Cleanup
C. Stealth
D. SmartDefense

Answer: C

Q: 8 When troubleshooting the behavior of Check Point Stateful Inspection, it is important to consider "inbound" vs "outbound" packet inspection from the point of view of the ______.

A. Logical Topology
B. Administrator
C. Security Gateway
D. Internet

Answer: C

Q: 9 Which of the below is the MOST correct process to reset SIC?

A. Run cpconfig, and select "Secure Internal Communication > Change One Time Password".
B. Run cpconfig, and click Reset.
C. Click Reset in the Communication window of the Gateway object, and type a new activation key.
D. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.

Answer: D

Q: 10 What information is found in the SmartView Tracker audit log?

A. ClusterXL sync failure
B. Policy Package rule modification date/time stamp
C. Historical reports log
D. Destination IP address

Answer: B

Q: 11 Which of the following statements accurately describes the upgrade_export command?

A. upgrade_export stores network-configuration data, all settings configured by the WebUI, and the database
of user settings prior to upgrading the SmartCenter Server.
B. Used when upgrading the Security Gateway, upgrade_export includes modified files, such as in the /lib directory.
C. Used primarily when upgrading the SmartCenter Server, upgrade_export stores all object databases and the conf directories for importing to a newer version of VPN-1.
D. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.

Answer: C

Q: 12 You want to display log entries containing information from a specific column in the SmartView Tracker. If you want to see ONLY those entries, what steps would you take?

A. Right-click column, Search? Add string, Apply Filter
B. Right-click column, Edit Filter, Specific, Add, OK
C. Left-click column, Specific, Add, Apply Filter
D. Left-click column, Search, Add string, Apply Filter

Answer: B

Q: 13 You are about to test some rule and object changes suggested in an NGX newsgroup. Which backup solution should you use, to ensure the easiest restoration of your Security Policy to its previous configuration, after testing the changes?

A. Manual copies of the $FWDIR/conf directory
B. SecurePlatform backup utilities
C. upgrade_export command
D. Database Revision Control

Answer: D

Q: 14 You have blocked an IP address via the Block Intruder feature of SmartView Tracker. How can you see the addresses you have blocked?

A. Run fwm blocked_view.
B. In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list.
C. In SmartView Monitor, select the Blocked Intruder option from the query tree view.
D. In SmartView Tracker, click the Active tab, and the actively blocked connections display.

Answer: B

Q: 15 Which of the following features in SmartDefense, CANNOT be configured per profile?

A. Report to DShield
B. Spoofed Reset Protection
C. Successive Events
D. Blocked FTP Commands

Answer: D

Q: 16 Regarding QoS guarantees and limits, which of the following statements is FALSE?

A. If a guarantee is defined in a sub-rule, then a guarantee must be defined for the rule above it.
B. If both a rule limit and a per connection limit are defined for a rule, the per connection limit must not be greater than the rule limit.
C. A rule guarantee must not be less than the sum the guarantees defined in its sub-rules.
D. If both a limit and a guarantee per rule are defined in a QoS rule, then the limit must be smaller than the guarantee.

Answer: D

Q: 17 You have just been hired as the Security Administrator for the Insure-It-All insurance company. Your manager gives you the following requirements for controlling DNS traffic:
Required Result #1: Accept domain-name-over-TCP traffic (zone-transfer traffic).
Required Result #2: Log domain-name-over-TCP traffic (zone-transfer traffic).
Desired Result #1: Accept domain-name-over-UDP traffic (queries traffic).
Desired Result #2: Do not log domain-name-over-UDP traffic (queries traffic).
Desired Result #3: Do not clutter the Rule Base by creating explicit rules for traffic that can be controlled using Global Properties.
To begin, you make the following configuration changes, and install the Security Policy:

Select the box "Accept Domain Name over TCP (Zone Transfer)" in Global Properties.
Select the box "Accept Domain Name over UDP (Queries)" in Global Properties.
Select the box "Log Implied Rules" in Global Properties.

Do your initial actions meet the required and desired results?

A. The actions meet the required results, and two of the desired results.
B. The actions meet not meet the required results.
C. The actions meet all required results, and none of the desired results.
D. The actions meet all required and desired results.

Answer: A

Q: 18 Which option or utility includes Security Policies and Global Properties settings?

A. Policy Package Management
B. File > Save from SmartDashboard
C. Database Revision Control
D. Backup

Answer: C

Q: 19 Your online bookstore has customers connecting to a variety of Web servers to place or change orders, and check order status. You ran penetration tests through the Security
Gateway, to determine if the Web servers were protected from a recent series of cross-site scripting attacks. The penetration testing indicated the Web servers were still vulnerable. You have checked every box in the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?

A. Check the "Products > Web Server" box on the host node objects representing your Web servers.
B. The penetration software you are using is malfunctioning and is reporting a false-positive.
C. Check the "Web Intelligence" box in the SmartDefense > HTTP Protocol Inspection.
D. Configure the Security Gateway protecting the Web servers as a Web server.

Answer: C

Q: 20 The command fw fetch causes the:

A. SmartCenter Server to retrieve the IP addresses of the target Security Gateway
B. Security Gateway to retrieve the user database information from the tables on the SmartCenter Server.
C. SmartCenter Server to retrieve the debug logs of the target Security Gateway
D. Security Gateway to retrieve the compiled policy and inspect code from the SmartCenter Server and install it to the kernel.

Answer: D

Q: 21 Which of the following is the most critical step in a SmartCenter Server NGX R65 backup strategy?

A. Run the cpstop command prior to running the upgrade_export command
B. Perform a full system tape backup of both the SmartCenter and Security Gateway machines.
C. Using the upgrade_import command, attempt to restore the SmartCenter Server to a non-production system
D. Move the *.tgz upgrade_export file to an offsite location via FTP.

Answer: C

Q: 22 You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address
B. Publish a proxy ARP entry on the internal web server instead of the firewall for the valid IP address
C. Place a static host route on the ISP router from the valid IP address to the firewall's external address
D. Place a static host route on the firewall from the valid IP address to the internal web server

Answer: C

Q: 23 All of the following are VPN-1 control connections defined by default implied rules, EXCEPT:

A. Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
B. Exclusion of specific services for reporting purposes.
C. Acceptance of IKE and RDP traffic for communication and encryption purposes.
D. Specific traffic that facilitates functionality, such as logging, management, and key exchange.

Answer: B

Q: 24 You are configuring the VoIP Domain object for an SCCP environment protected by VPN-1 NGX R65. Which VoIP Domain object type can you use?

A. Gatekeeper
B. CallManager
C. Proxy
D. Transmission Router

Answer: B

Q: 25 Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server:

A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.

Answer: C

Q: 26 How do you recover communications between your SmartCenter Server and Security Gateway if you "lock" yourself out via a rule or policy mis-configuration?

A. cpstop
B. fw unload policy
C. fw unloadlocal
D. fw delete all.all

Answer: C

Q: 27 Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow Telnet service to itself from any location. How would you set up the authentication method With a:

A. Client Authentication rule, using partially automatic sign on
B. Client Authentication rule using the manual sign-on method, using HTTP on port 900
C. Client Authentication for fully automatic sign on
D. Session Authentication rule

Answer: B

Q: 28 In a distributed management environment, the administrator has removed the default check from "Accept VPN-1 Power/UTM Control Connections" under the Policy > Global Properties > Firewall tab. In order for the SmartCenter Server to install a policy to the Firewall an
explicit rule must be created to allow the SmartCenter Server to communicate to the Security Gateway on port ______.

A. 259
B. 900
C. 256
D. 80

Answer: C


© 2014 Cheat-Test.com, All Rights Reserved