Checkpoint.actualtests.156 215.75.v2013!10!07.by.clara

CheckPoint 156-215.75 Exam Questions & Answers

Number: 220-702Passing Score: 800Time Limit: 120 minFile Version: 22.5

CheckPoint 156-215.75 Exam Questions & Answers

Exam Name: Check Point Certified Security Administrator

For Full Set of Questions please visit: http://www.actualtests.com/exam-156-215-75.htm

Exam A

QUESTION 1Which of the following statements about Bridge mode is TRUE?

A. When managing a Security Gateway in Bridge mode, it is possible to use a bridge interface for NetworkAddress Translation.

B. Assuming a new installation, bridge mode requires changing the existing IP routing of the network.C. All ClusterXL modes are supported.D. A bridge must be configured with a pair of interfaces.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Explanation:

QUESTION 2Which SmartConsole component can Administrators use to track remote administrative activities?

A. WebUIB. Eventia ReporterC. SmartView MonitorD. SmartView Tracker



"Pass Any Exam. Any Time." - www.actualtests.com 2Checkpoint 156-215.75 Exam

QUESTION 3UDP packets are delivered if they are _________.

A. A legal response to an allowed request on the inverse UDP ports and IPB. A Stateful ACK to a valid SYN-SYN-/ACK on the inverse UDP ports and IPC. Reference in the SAM related Dynamic tablesD. Bypassing the Kernel by the "forwarding layer" of clusterXL

Correct Answer: ASection: (none)Explanation


QUESTION 4The Check Point Security Gateway's virtual machine (kernel) exists between which two layers of the OSImodel?

A. Session and Network layersB. Application and Presentation layersC. Physical and Datalink layersD. Network and Datalink layers



QUESTION 5The customer has a small Check Point installation which includes one Windows 2003 server as theSmartConsole and a second server running SecurePlatform as both Security Management Server and theSecurity Gateway. This is an example of a(n):

A. Unsupported configuration.B. Hybrid Installation.C. Distributed Installation.D. Stand-Alone Installation.



QUESTION 6The customer has a small Check Point installation which includes one Windows XP workstation as theSmartConsole, one Solaris server working as Security Management Server, and a third server runningSecurePlatform as Security Gateway. This is an example of a(n):

A. Stand-Alone Installation.B. Unsupported configurationC. Distributed Installation.D. Hybrid Installation.

Correct Answer: CSection: (none)Explanation



QUESTION 7You are a security architect and need to design a secure firewall, VPN and IPS solution. Where would be thebest place to install IPS in the topology if the internal network is already protected?

A. On the firewall itself to protect all connected networks centrally.B. On each network segment separately.

C. On the LAN is enough, the DMZ does not need to be protected.D. In front of the firewall is enough.




QUESTION 8You are installing a Security Management Server. Your security plan calls for three administrators for thisparticular server. How many can you create during installation?

A. Depends on the license installed on the Security Management ServerB. Only one with full access and one with read-only accessC. OneD. As many as you want



QUESTION 9During which step in the installation process is it necessary to note the fingerprint for first-time verification?

A. When establishing SIC between the Security Management Server and the GatewayB. When configuring the Security Management Server using cpconfigC. When configuring the Security Gateway object in SmartDashboardD. When configuring the Gateway in the WebUl

Correct Answer: BSection: (none)Explanation


QUESTION 10How can you recreate the account of the Security Administrator, which was created during initial installation ofthe Management Server on SecurePlatform?

A. Launch cpconfig and delete the Administrator's account. Recreate the account with the same name.B. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the

Administrator Account portion of the file. You will be prompted to create a new account.C. Type cpm -a, and provide the existing Administrator's account name. Reset the Security Administrator's

password.D. Launch SmartDashboard in the User Management screen, and delete the cpconfig administrator.



QUESTION 11You are running the Security Gateway on SecurePlatform and configure SNX with default settings. The clientfails to connect to the Security Gateway. What is wrong?

A. The routing table on the client does not get modified.B. The client has Active-X blocked.C. The client is configured incorrectly.D. The SecurePlatform Web User Interface is listening on port 443.



QUESTION 12When Jon first installed the system, he forgot to configure DNS servers on his Security Gateway.How could Jon configure DNS servers now that his Security Gateway is in production?

A. Login to the firewall using SSH and run cpconfig, then select Domain Name Servers.B. Login to the firewall using SSH and run fwm, then select System Configuration and Domain Name Servers.C. Login to the SmartDashboard, edit the firewall Gateway object, select the tab Interfaces, then Domain

Name Servers.D. Login to the firewall using SSH and run sysconfig, then select Domain Name Servers.



QUESTION 13R75's INSPECT Engine inserts itself into the kernel between which two layers of the OSI model?

A. Presentation and ApplicationB. Physical and DataC. Session and TransportD. Data and Network



QUESTION 14

What would be the benefit of upgrading from SmartDefense to IPS R75?

A. The SmartDefense is replaced by the technology of IPS-1.B. The SmartDefense technology expands IPS-1 to IPS R75.C. Completely rewritten engine provides improved security performance and reporting.D. There is no difference - IPS R75 is the new name.



QUESTION 15The Security Gateway is installed on SecurePlatform R75. The default port for the Web User Interface is_______.

A. TCP 18211B. TCP 257C. TCP 4433D. TCP 443



QUESTION 16Your customer wishes to install the SmartConsole on a Windows system. What are the minimum hardwarerequirements for R75? Give the BEST answer.

A. 500 MB Free disk space and 512 MB RAMB. 1 GB Free disk space and 512 MB RAMC. 1 GB Free disk space and 1 GB RAMD. 512 MB Free disk space and 1 GB RAM



QUESTION 17Tom has been tasked to install Check Point R75 in a distributed deployment. Before Tom installs the systemsthis way, how many machines will he need if he does not include a SmartConsole machine in his calculations?

A. One machineB. One machine, but it needs to be installed using SecurePlatform for compatibility purposesC. Three machinesD. Two machines




QUESTION 18Over the weekend, an Administrator without access to SmartDashboard installed a new R75 Security Gatewayusing SecurePlatform. You want to confirm communication between the Gateway and the Management Serverby installing the Security Policy. What might prevent you from installing the Policy?

A. You first need to initialize SIC in SmartUpdate.B. You have not established Secure Internal Communications (SIC) between the Security Gateway and

Management Server. You must initialize SIC on the Security Management Server.C. You have not established Secure Internal Communications (SIC) between the Security Gateway and

Management Server. You must initialize SIC on both the Security Gateway and the Management Server.D. You first need to run the fw unloadlocal command on the new Security Gateway.



QUESTION 19How can you reset the password of the Security Administrator that was created during initial installation of theSecurity Management Server on SecurePlatform?

A. Type cpm -a, and provide the existing administrator's account name. Reset the Security Administrator'spassword.

B. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the"Password" portion of the file. Then log in to the account without a password. You will be prompted toassign a new password.

C. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.D. Type fwm -a, and provide the existing administrator's account name. Reset the Security Administrator's

password



QUESTION 20You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the userenters the authentication credentials. What must happen after authentication that allows the client to connectto the Security Gateway's VPN domain?

A. Active-X must be allowed on the client.B. An office mode address must be obtained by the client.

C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.D. The SNX client application must be installed on the client.



QUESTION 21The Internal Certificate Authority (ICA) CANNOT be used for:

A. Virtual Private Network (VPN) Certificates for gatewaysB. NAT rulesC. Remote-access usersD. SIC connections




QUESTION 22Match each of the following command to their correct function. Each command has one function only listed.

A. C1>F2; C2>F1; C3>F6; C4>F4B. C1>F6; C2>F4; C3>F2; C4>F5C. C1>F2; C4>F4; C3>F1; C4>F5D. C1>F4; C2>F6, C3>F3; C4>F2



QUESTION 23Which command line interface utility allows the administrator to verify the Security Policy name and timestampcurrently installed on a firewall module?

A. fw statB. fw ctl pstatC. fw verD. cpstat fwd



QUESTION 24The command fw fetch causes the:

A. Security Management Server to retrieve the IP addresses of the target Security Gateway.B. Security Gateway to retrieve the compiled policy and inspect code from the Security Management Server

and install it to the kernel.C. Security Gateway to retrieve the user database information from the tables on the Security Management

ServerD. Security Management Server to retrieve the debug logs of the target Security Gateway



QUESTION 25Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file storedto a TFTP server and backups of your Security Management Server. What isthe correct procedure for rebuilding the Gateway quickly?

A. Run the revert command to restore the snapshot. Reinstall any necessary Check Point products. EstablishSIC and install the Policy.

B. Run the revert command to restore the snapshot, establish SIC, and install the Policy.C. Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the

Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products andpreviously applied hotfixes. Revert to the stored snapshot image, and install the Policy.

D. Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that theGateway can communicate with the TFTP server. Revert to the stored snapshot image, and install theSecurity Policy.



QUESTION 26Which of the following statements accurately describes the upgrade_export command?

A. Upgrade_export is used when upgrading the Security Gateway, and allows certain files to be includedbefore exporting.

B. Used when upgrading the Security Gateway, upgrade_export includes modified files directory.C. Upgrade_export stores network-configuration data, objects, global properties, and the data base revisions

prior to upgrading the security Management Server.D. Used primarily when upgrading the Security Management Server, upgrade_export stores all object

databases and the conf directories for importing to a newer version of the Security Gateway.



QUESTION 27A snapshot delivers a complete backup of SecurePlatform. The resulting file can be stored on servers or as alocal file in /var/cpsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?

A. As expert user, type the command snapshot r MySnapshot.tgz.B. As expert user, type the command snapshot R to restore from a local file. Then, provide the correct name.C. As expert user, type the command revert --file MySnapshot.tgz.D. Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert

password and select [L] for a restore from a local file. Then, provide the correct file name.



QUESTION 28What is the primary benefit of using upgrade_export over either backup of snapshot?

A. The backup and snapshot commands can take long time to run whereas upgrade_export will take a muchshorter amount of time.

B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup andsnapshot will not.

C. upgrade_export is operating system independent and can be used when backup or snapshot is notavailable.

D. upgrade_export has an option to backup the system and SmartView tracker logs while back and snapshotwill not.



QUESTION 29What is the syntax for uninstalling a package using newpkg?

A. s (pathname of package)B. u (pathname of package)C. newpkg CANNOT be used to uninstallD. i (full pathname of package)



QUESTION 30Which utility allows you to configure the DHCP service on SecurePlatform from the command line?

A. sysconfigB. dhcp_cfgC. cpconfigD. ifconfig



QUESTION 31Which utility is necessary for reestablishing SIC?

A. fwm sic_resetB. cpconfigC. cplicD. sysconfig



QUESTION 32The third-shift Administrator was updating Security Management Server access settings in Global Properties.He managed to lock all administrators out of their accounts. How should you unlock these accounts?

A. Reinstall the Security Management Server and restore using upgrade_import.B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.C. Type fwm lock_admin -ua from the Security Management Server command line.D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator

object and select unlock.




QUESTION 33The third shift administrator was updating security management server access setting in global properties. Hemanaged to lock the entire Administrator out of their accounts. How should you unlock these accounts?

A. Logging to smart dash board as special cpconfig_admin account. Right click on each administrator objectand select Unlock.

B. Type fwm lock_admin ua from the command line of the security management serverC. Reinstall the security management Server and restore using upgrade _imortD. Delete the file admin .lock in the sfwdir/ tmp/directory of the security managem,ent server.



QUESTION 34You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and inuse on SecurePlatform. You are concerned that the system might not be retaining your entries for theinterfaces and routing configuration. You would like to verify your entries in the corresponding file(s) onSecurePlatform. Where can you view them? Give the BEST answer.

A. /etc/conf/route.CB. /etc/sysconfig/netconf.CC. /etc/sysconfig/network-scripts/ifcfg-ethxD. /etc/sysconfig/network



QUESTION 35When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do youconfigure this change?

A. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field PhysicalAddress, and press Apply to save the settings.

B. As expert user, issue these commands:# IP link set eth0 down# IP link set eth0 addr 00:0C:29:12:34:56

# IP link set eth0 upC. As expert user, issue the command:

# IP link set eth0 addr 00:0C:29:12:34:56D. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field (conf

: (conns:( conn:hwaddr ("00:0C:29:12:34:56")



QUESTION 36Where is the IPSO Boot Manager physically located on an IP Appliance?

A. In the / nvram directoryB. On an external jump driveC. On the platform's BIOSD. On built-in compact Flash memory




QUESTION 37ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:

A. DHCP Server configurationB. GUI ClientsC. Time & DateD. Export setup



QUESTION 38Which of the following options is available with the SecurePlatform cpconfig utility?

A. GUI ClientsB. Time & DateC. Export setupD. DHCP Server configuration



QUESTION 39Which command would provide the most comprehensive diagnostic information to Check Point TechnicalSupport?

A. diagB. cpinfo -o date.cpinfo.txtC. netstat > date.netstat.txtD. cpstat > date.cpatat.txt




QUESTION 40How do you recover communications between your Security Management Server and Security Gateway if youlock yourself out via a rule or policy mis-configuration?

A. fw delete all.all@localhostB. cpstopC. fw unloadlocalD. fw unload policy



QUESTION 41How can you check whether IP forwarding is enabled on an IP Security Appliance?

A. clish c show routing active enableB. echo 1 > /proc/sys/net/ipv4/ip_forwardingC. ipsofwd listD. cat/proc/sys/net/ipv4/ip_forward


Explanation/Reference:

Explanation:


QUESTION 42For normal packet transmission of an accepted communication to a host protected by a Security Gateway, howmany lines per packet are recorded on a packet analyzer like Wireshark using fw monitor?

A. 2B. 4C. 3D. None



QUESTION 43How can I verify the policy version locally installed on the Firewall?

A. fw verB. fw ctl iflistC. fw ver -kD. fw stat



QUESTION 44If you run fw monitor without any parameters, what does the output display?

A. In /var/adm/monitor. OutB. On the consoleC. In /tmp/log/monitor outD. In / var/log/monitor. out


Explanation/Reference:"Pass Any Exam. Any Time." - www.actualtests.com 25Checkpoint 156-215.75 Exam

Explanation:From user guide:ExampleThe easiest way to usefw monitoris to invoke it without any parameter. This will output every packetfrom every interface that passes (or at least reaches) the Check Point gateway. Please note that the same

packet is appearing several times (two times in the example below). This is caused byfw monitorcapturing thepackets at different capture points.

Outputcpmodule]# fw monitormonitor: getting filter (from command line)monitor: compilingmonitorfilter:Compiled OK.monitor: loadingmonitor: monitoring (control-C to stop)eth0:i[285]: 172.16.1.133 -> 172.16.1.2 (TCP) len=285 id=1075 TCP: 1050 -> 18190 ...PA. seq=bf8bc98eack=941b05bceth0:I[285]: 172.16.1.133 -> 172.16.1.2 (TCP) len=285 id=1075 TCP: 1050 -> 18190 ...PA. seq=bf8bc98eack=941b05bceth0:o[197]: 172.16.1.2 -> 172.16.1.133 (TCP) len=197 id=44599 TCP: 18190 -> 1050 ...PA. seq=941b05bcack=bf8bca83eth0:O[197]: 172.16.1.2 -> 172.16.1.133 (TCP) len=197 id=44599 TCP: 18190 -> 1050 ...PA. seq=941b05bcack=bf8bca83eth0:o[1500]: 172.16.1.2 -> 172.16.1.133 (TCP) len=1500 id=44600 TCP^C18190 -> 1050 ....A. seq=941b0659 ack=bf8bca83monitor: caught sig 2monitor: unloading

QUESTION 45Another administrator accidentally installed a Security Policy on the wrong firewall. Having done this, you areboth locked out of the firewall that is called myfw1. What command would you execute on your system consoleon myfw1 in order for you to push out a new Security Policy?

A. fw dbloadlocalB. fw unloadlocalC. cpstopD. fw ctl filter



QUESTION 46Which of the following commands will completely remove the Security Policy from being enforced on a SecurityGateway?

A. fw unloadB. fw unloadlocalC. cpstopD. fw unload local



QUESTION 47Which of the following commands identifies whether or not a Security Policy is installed or the SecurityGateway is operating with the initial policy?

A. fw monitorB. fw ctl pstatC. cp statD. fw stat



QUESTION 48To monitor all traffic between a network and the Internet on a SecurePlatform Gateway, what is the BESTutility to use?

A. snoopB. cpinfoC. infoviewD. tcpdump



QUESTION 49You are creating an output file with the following command:

fw monitor -e "accept (src=10.20.30.40 or dst=10.20.30.40);" -o ~/outputWhich tool do you use to analyze this file?

A. You can analyze it with Wireshark or Ethereal.B. You can analyze the output file with any ASCI editor.C. The output file format is CSV, so you can use MS Excel to analyze it.D. You cannot analyze it with any tool as the syntax should be:fw monitor -e accept ([12,b]=10.20.30.40 or

[16,b]=10.20.30.40); -o ~/output.



QUESTION 50You issue the fw monitor command with no arguments. Which of the following inspection points will bedisplayed?

A. Before the virtual machine, in the inbound directionB. After the virtual machine, in the outbound directionC. All inspection pointsD. Before the virtual machine, in the outbound direction



QUESTION 51How can you view cpinfo on a SecurePlatform machine?

A. tcpdumpB. snoop iC. infotabD. Text editor, such as vi



QUESTION 52How is wear on the flash storage device mitigated on appliance diskless platforms?

A. A RAM drive reduces the swap file thrashing which causes fast wear on the device.B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.C. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when

the firewall is booted.D. PRAM flash devices are used, eliminating the longevity.



QUESTION 53In previous versions, the full TCP three-way handshake was sent to the firewall kernel for inspection. How isthis improved in the current version of IPSO Flows/SecureXL?

A. Only the initial SYN packet is inspected. The rest are handled by IPSO.B. Packets are offloaded to a third-party hardware card for near-line inspection.C. Packets are virtualized to a RAM drive-based FW VM.D. Resources are proactively assigned using predictive algorithmic techniques.



QUESTION 54Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

A. Increase network security by securing administrative communication with a two-factor challenge responseauthentication.

B. Uniquely identify machines installed with Check Point software only. They have the same function as RSAAuthentication Certificates.

C. Are for Security Gateways created during the Security Management Server installation.D. Can be used for securing internal network communications between the Security Gateway and an OPSEC

device.



QUESTION 55Which of the following statements regarding SecureXL and CoreXL is TRUE?

A. SecureXL is an application for accelerating connections.B. CoreXL enables multi-core processing for program interfaces.C. SecureXL is only available in R75.D. CoreXL is included in SecureXL.




QUESTION 56Beginning with R75, Software Blades were introduced. One of the Software Blades is the IPS Software Bladeas a replacement for SmartDefense. When buying or upgrading to a bundle, some blades are included, e.g.FW, VPN, IPS in SG103. Which statement is NOT true?

A. The license price includes IPS Updates for the first year.B. The IPS Software Blade can be used for an unlimited time.C. There is no need to renew the service contract after one year.D. After one year, it is mandatory to renew the service contract for the IPS Software Blade because it has

been bundled with the license when purchased.



Explanation:

QUESTION 57John is the Security Administrator in his company. He needs to maintain the highest level of security on thefirewalls he manages. He is using Check Point R75. Does he need the IPS Software Blade for achieving thisgoal?

A. No, all IPS protections are active, but can't be uploaded without the license like SmartDefense.B. Yes, otherwise no protections can be enabled.C. Yes, otherwise the firewall will pass all traffic unfiltered and unchecked.D. No, the Gateway will always be protected and the IPS checks can't be managed without a license.



QUESTION 58Which command allows you to view the contents of an R75 table?

A. fw tab -x <tablename>B. fw tab -a <tablename>C. fw tab -s <tablename>D. fw tab -t <tablename>



QUESTION 59Your R75 enterprise Security Management Server is running abnormally on Windows 2003 Server. You decideto try reinstalling the Security Management Server, but you want to try keeping the critical SecurityManagement Server configuration settings intact (i.e., all Security Policies, databases, SIC, licensing etc.)What is the BEST method to reinstall the Server and keep its critical configuration?

A. 1) Run the latest upgrade_export utility to export the configuration2) Leave the exported - tgz file in %FWDIR\bin.3) Install the primary security Management Server on top of the current installation4) Run upgrade_import to Import the configuration.

B. 1) Insert the R75 CD-ROM. and select the option to export the configuration into a . tgz file2) Skip any upgrade verification warnings since you are not upgrading.3) Transfer the. tgz file to another networked machine.4) Download and run the cpclean utility and reboot.5) Use the R75 CD_ROM to select the upgrade__import option to import the c

C. 1) Download the latest upgrade_export utility and run it from a \ temp directory to export the Configuration.2) Perform any requested upgrade verification suggested steps."Pass Any Exam. Any Time." - www.actualtests.com 33Checkpoint 156-215.75 Exam3) Uninstall all R75 packages via Add/Remove Programs and reboot4) Use smartUpdate to reinstall the Security Management server and reboot5) Transfer the .tgz file back to the local \ temp.

6) Run upgrade_import to import the configuration.D. 1) Download the latest upgrade_export utility and run it from a \ temp directory to export the Configuration.

2) Transferee .tgz file to another network machine3) Uninstall all R75 packages via Add/Remove Programs and reboot4) Install again using the R75 CD ROM as a primary security management server5) Reboot and than transfer the .tgz file back to the local\ tem p6) Run upgcade_import to import the configuration.



QUESTION 60You need to back up the routing, interface, and DNS configuration information from your R75 SecurePlatformSecurity Gateway. Which backup-and-restore solution do you use?

A. SecurePlatform backup utilitiesB. upgrade_export and upgrade_import commandsC. Database Revision ControlD. Manual copies of the $FWDIR/conf directory



Explanation:

QUESTION 61Your R75 primary Security Management Server is installed on SecurePlatform. You plan to schedule theSecurity Management Server to run fw logswitch automatically every 48 hours.

How do you create this schedule?

A. Create a time object, and add 48 hours as the interval. Open the primary Security Management Serverobject's Logs and Masters window, enable Schedule log switch, and select the Time object.

B. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs andMasters window, enable Schedule log switch, and select the Time object.

C. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logsand Masters window, to schedule a logswitch.

D. On a SecurePlatform Security Management Server, this can only be accomplished by configuring the fwlogswitch command via the cron utility.



QUESTION 62

Which of the following commands can provide the most complete restoration of an R75 configuration?

A. CpconfigB. Upgrade_importC. fwm dbimport -pD. cpinfo -recover



QUESTION 63When restoring R75 using the command upgrade > Port. Which of the following items is NOT restored?

A. LicensesB. Global propertiesC. SIC CertificatesD. Route tables



QUESTION 64Your company is running Security Management Server R75 on SecurePlatform, which has been migratedthrough each version starting from Check Point 4.1. How do you add a new administrator account?

A. Using SmartDashboard, under Users, select Add New AdministratorB. Using the Web console on SecurePlatform under Product configuration, select AdministratorsC. Using SmartDashboard or cpconf igD. Using cpconftg on the Security Management Server, choose Administrators



QUESTION 65Which of the following tools is used to generate a Security Gateway R75 configuration report?

A. etherealB. cpinfoC. licviewD. infoview

Correct Answer: BSection: (none)

Explanation


QUESTION 66What information is provided from the options in this screenshot?

(i)Whether a SIC certificate was generated for the Gateway

(ii)Whether the operating system is SecurePlatform or SecurePlatform Pro

"Pass Any Exam. Any Time." - www.actualtests.com 38Checkpoint 156-215.75 Exam(iii)Whether this is a standalone or distributed installation

A. (i), (ii) and (iii)B. (i) and (iii)C. (i) and (ii)D. (ii) and (iii)



QUESTION 67Peter is your new Security Administrator. On his first working day, he is very nervous and sets the wrongpassword three times. His account is locked. What can be done to unlock Peter's account? Give the BESTanswer.

A. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the SecurityGateway.

B. It is not possible to unlock Peter's account. You have to install the firewall once again or abstain fromPeter's help.

C. You can unlock Peter's account by using the command fwm lock_admin -u Peter on the SecurityManagement Server.

D. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the SecurityManagement Server.



QUESTION 68Which CLI command verifies the number of cores on your firewall machine?

A. fw ctl pstatB. fw ctl core statC. fw ctl multik statD. cpstat fw -f core




QUESTION 69John currently administers a network using single CPU single core servers for the Security Gateways and isrunning R75. His company is now going to implement VOIP and needs more performance on the Gateways.He is now adding more memory to the systems and also upgrades the CPU to a modern quad core CPU in theserver. He wants to use CoreXL technology to benefit from the new performance benchmarks of thistechnology. How can he achieve this?

A. Nothing needs to be done. SecurePlatform recognized the change during reboot and adjusted all thesettings automatically.

B. He just needs to go to cpconfig on the CLI and enable CoreXL. Only a restart of the firewall is required tobenefit from CoreXL technology.

C. He needs to reinstall the Gateways because during the initial installation, it was a single-core CPU but thewrong Linux kernel was installed. There is no other upgrade path available.

D. He just needs to go to cpconfig on the CLI and enable CoreXL. After the required reboot he will benefitfrom the new technology.



QUESTION 70"Pass Any Exam. Any Time." - www.actualtests.com 40Checkpoint 156-215.75 ExamYou are running a R75 Security Gateway on SecurePlatform. In case of a hardware failure, you have a serverwith the exact same hardware and firewall version installed. What backup method could be used to quickly putthe secondary firewall into production?

A. upgrade_exportB. manual backupC. snapshotD. backup



QUESTION 71Before upgrading SecurePlatform, you should create a backup. To save time, many administrators use thecommand backup. This creates a backup of the Check Point configuration as well as the system configuration.

An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backupfile. There is a mistake in the very complex static routing configuration. The Check Point configuration has notbeen changed. Can the administrator use a restore to fix the errors in static routing?

A. The restore can be done easily by the command restore and selecting the appropriate backup file.B. A backup cannot be restored, because the binary files are missing.C. The restore is not possible because the backup file does not have the same build number (version).D. The restore is done by selecting Snapshot Management from the boot menu of SecurePlatform.



QUESTION 72You intend to upgrade a Check Point Gateway from R65 to R75. Prior to upgrading, you want to backup theGateway should there be any problems with the upgrade. Which of the following allows for the Gatewayconfiguration to be completely backed up into a manageable size in the least amount of time?

A. BackupB. SnapshotC. Upgrade_exportD. Database_revision



QUESTION 73Your network is experiencing connectivity problems and you want to verify if routing problems are present. Youneed to disable the firewall process but still allow routing to pass through the Gateway running on an IPAppliance running IPSO. What command do you need to run after stopping the firewall service?

A. fw fwd routingB. ipsofwd on adminC. fw load routedD. ipsofwd slowpath



QUESTION 74You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutessince the log files are also needed. What action do you need to take regarding timeout?

A. Log in as the default user expert and start cpinfo.B. No action is needed because cpshell has a timeout of one hour by default.C. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start

cpinto.



QUESTION 75Many companies have defined more than one administrator. To increase security, only one administratorshould be able to install a Rule Base on a specific Firewall. How do you configure this?

A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewallsby placing them in the Policy Targets field. Then, an administrator with this permission profile cannot installa policy on any Firewall not listed here.

B. In the General Properties of the object representing the specific Firewall, go to the Software Blades productlist and select Firewall. Right-click in the menu, select Administrator to Install to define only thisadministrator.

C. Put the one administrator in an Administrator group and configure this group in the specific Firewall objectin Advanced / Permission to Install.

D. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.



Explanation:

QUESTION 76You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on aSecurePlatform. You have trouble configuring the speed and duplex settings of your Ethernet interfaces.Which of the following commands can be used to configure the speed and duplex settings of an Ethernetinterface and will survive a reboot? Give the BEST answer.

A. cthtoolB. ifconfig aC. eth_setD. mii_tool



QUESTION 77Which command enables IP forwarding on IPSO?

A. echo 1 > /proc/sys/net/ipv4/ip_forwardB. clish -c set routing active enableC. echo 0 > /proc/sys/net/ipv4/ip_forwardD. ipsofwd on admin



QUESTION 78Looking at an fw monitor capture in Wireshark, the initiating packet in Hide NAT translates on________.

A. IB. OC. oD. i



QUESTION 79You want to create an ASCII formatted output file of the fw monitor command. What is the correct syntax toaccomplish this task?

A. fw monitor -e "accept;" > /tmp/monitor.txtB. fw monitor -e "accept;" -f > /tmp/monitor.txtC. fw monitor -m iO -e "accept;" -o /tmp/monitor.txtD. fw monitor -e "accept;" -w /tmp/monitor.txt



QUESTION 80The button Get Address, found on the Host Node Object > General Properties page, will retrieve what?

A. The domain nameB. The fully qualified domain nameC. The Mac addressD. The IP address



QUESTION 81When you change an implicit rule's order from last to first in global properties, how do you make the changetake effect?

A. Select save from the file menuB. Reinstall the security policyC. Select install database from the policy menuD. Run fw fetch from the security gateway



QUESTION 82You create implicit and explicit rules for the following network. The group object internal-networks includesnetworks 10.10.10.0 and 10.10.20.0. Assume Accept ICMP requests is enabled as Before last in GlobalProperties.Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet by IP address?ICMP will be:

A. dropped by rule 0.B. dropped by rule 2, the Cleanup Rule.C. accepted by rule 1.D. dropped by the last Implicit rule.



QUESTION 83Anti-Spoofing is typically set up on which object type?

A. HostB. DomainC. NetworkD. Security Gateway



QUESTION 84Spoofing is a method of:

A. Hiding your firewall from unauthorized users.B. Disguising an illegal IP address behind an authorized IP address through port address Translation.C. Making packets appear as if they come from an authorized IP addressD. Detecting people using false or wrong authentication logins.



QUESTION 85Which of the below is the MOST correct process to reset SIC from SmartDashboard?

A. Run cpconfig, and click Reset.B. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new

activation key.C. Click Communication > Reset on the Gateway object, and type a new activation key.D. Run cpconfig, and select Secure Internal Communication > Change One Time Password.



QUESTION 86"Pass Any Exam. Any Time." - www.actualtests.com 49Checkpoint 156-215.75 Exam

You installed Security Management Server on a computer using SecurePlatform in the MegaCorp home office.You use IP address 10.1.1.1. You also installed the Security Gateway on a second SecurePlatform computer,which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushingSIC certificates to the Gateway before shipping it?

1) Run cpconfig on the gateway, set secure internal communication, enter the activation key and reconfirm.

2) Initialize internal certificate authority (ICA) on the security Management server.

3) Confirm the gateway object with the host name and IP address for the remote site.

4) Click the communication button in the gateway object's general screen, enter the activation key, and clickinitialize and ok.

5) Install the security policy.

A. 2, 3, 4, 5, 1B. 1, 3, 2, 4, 5C. 2, 3, 4, 1, 5D. 2, 1, 3, 4, 5



QUESTION 87You want to reset SIC between smberlin and sgosaka.

In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, chooseSecure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC wassuccessfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead ofa working connection, you receive this error message:

What is the reason for this behavior?

A. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose BasicSetup / Initialize).

B. The Gateway was not rebooted, which is necessary to change the SIC key.C. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the

activation can not be typed in a matching fashion.



QUESTION 88Which rule should be the Cleanup Rule in the Rule Base?

A. Last. It serves a logging function before the implicit drop.

B. Last, it explicitly drops otherwise accepted trafficC. Before last followed by the Stealth Rule.D. First, it explicitly accepts otherwise dropped traffic.



QUESTION 89What are the two basic rules which should be used by all Security Administrators?

A. Administrator Access and Stealth rulesB. Cleanup and Administrator Access rulesC. Network Traffic and Stealth rulesD. Cleanup and Stealth rules



QUESTION 90When you hide a rule in a Rule Base, how can you then disable the rule?

A. Use the search utility in SmartDashboard to view all hidden rules Select the relevant rule and click DisableRule(s).

B. Right-click on the hidden rule place-holder bar and select Disable Rule(s).C. Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule

(s); re-hide the rule.D. Hidden rules are already effectively disabled from Security Gateway enforcement.



QUESTION 91A Stealth rule is used to:

A. Use the Security Gateway to hide the border router from internal attacks.B. Cloak the type of Web server in use behind the Security Gateway.C. Prevent communication to the Security Gateway itself.D. Prevent tracking of hosts behind the Security Gateway.



QUESTION 92A Clean-up rule is used to:

A. Drop without logging connections that would otherwise be dropped and logged fry defaultB. Log connections that would otherwise be accepted without logging by default.C. Log connections that would otherwise be dropped without logging by default.D. Drop without logging connections that would otherwise be accepted and logged by default



QUESTION 93Which statement is TRUE about implicit rules?

A. They are derived from Global Properties and explicit object properties.B. The Gateway enforces implicit rules that enable outgoing packets only.C. You create them in SmartDashboard.D. Changes to the Security Gateway's default settings do not affect implicit rules.



QUESTION 94You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMPRequests implied rule have no effect?

A. FirstB. Before LastC. LastD. After Stealth Rule



QUESTION 95In a distributed management environment, the administrator has removed all default check boxes from thePolicy / Global Properties / Firewall tab. In order for the Security Gateway to send logs to the SecurityManagement Server, an explicit rule must be created to allow the Security Gateway to communicate to theSecurity Management Server on port ______.

A. 259B. 257C. 900D. 256



QUESTION 96Examine the following Security Policy. What, if any, changes could be made to accommodate Rule 4?

A. Nothing at allB. Modify the Source or Destination columns in Rule 4C. Remove the service HTTPS from the Service column in Rule AD. Modify the VPN column in Rule 2 to limit access to specific traffic



QUESTION 97A Security Policy has several database versions. What configuration remains the same no matter whichversion is used?

A. Rule Bases_5_0.fwsB. Internal Certificate Authority (ICA) certificateC. Fwauth.NDBD. Objects_5_0.C



QUESTION 98You are working with multiple Security Gateways that enforce a common set of rules. To minimize the numberof policy packages, which one of the following would you choose to do?

A. Install a separate local Security Management Server and SmartConsole for each remote Security Gateway.B. Create a separate Security Policy package for each remote Security Gateway and specify Install On /

Gateways.C. Create a single Security Policy package with Install On / Target defined whenever a unique rule is required

for a specific Gateway.D. Run separate SmartDashbord instance to login and configure each Security Gateway directly.



QUESTION 99Which rules are not applied on a first-match basis?

A. CleanupB. User AuthenticationC. Session AuthenticationD. Client Authentication



QUESTION 100Several Security Policies can be used for different installation targets. The firewall protecting HumanResources' servers should have a unique Policy Package. These rules may only be installed on this machineand not accidentally on the Internet firewall. How can this be configured?

A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined bythe selection in the row Install On of the Rule Base.

B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall isshown in the list of possible installation targets after selecting Policy > Install.

C. In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewallto be put into the list via Specific Targets.

D. A Rule Base can always be installed on any Check Point firewall object It is necessary to select theappropriate target directly after selecting Policy > Install.




QUESTION 101Which of these security policy changes optimize Security Gateway performance?

A. Use Automatic NAT rules instead of Manual NAT rules whenever possibleB. Putting the least-used rule at the top of the Rule BaseC. Using groups within groups in the manual NAT Rule BaseD. Using domain objects in rules when possible



QUESTION 102Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:

RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.

The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.

Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve theserequirements?

A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as thehiding IP address. Add and ARP entry for 200.200.200.5 for the MAC "Pass Any Exam. Any Time." -www.actualtests.com 58Checkpoint 156-215.75 Examaddress of 200.200.200.3.

B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both networkobjects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MACaddress of 200.200.200.5.

C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on theNAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for200.200.200.5 for the MAC address of 200.200.200.3.

D. Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create amanual NAT rule like the following Original source group object; Destination any Service any, Translatedsource 200.200.200.5; Destination original, Service original.



QUESTION 103You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. Youbrowse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the

network. How many log entries do you see for that connection in SmartView Tracker?

A. Only one, outboundB. Two, one for outbound, one for inboundC. Only one, inboundD. Two, both outbound, one for the real IP connection and one for the NAT IP connection



QUESTION 104Which of the following statements BEST describes Check Point's Hide Network Address Translation method?

A. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source andDestination IP address translation

B. Translates many destination IP addresses into one destination IP addressC. Translates many source IP addresses into one source IP addressD. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and

Destination IP address translation



QUESTION 105Which Check Point address translation method allows an administrator to use fewer ISP-assigned IPaddresses than the number of internal hosts requiring Internet connectivity?

A. Static DestinationB. HideC. Dynamic DestinationD. Static Source



QUESTION 106NAT can be implemented on which of the following lists of objects?

A. Host, NetworkB. Host, UserC. Domain, NetworkD. Network, Dynamic Object



QUESTION 107You want to implement Static Destination NAT in order to provide external, Internet users access to an internalWeb Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the networkbetween your Security Gateway and ISP router. You control the router that sits between the external interfaceof the firewall and the Internet.What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

A. Place a static host route on the firewall for the valid IP address to the internal Web server.B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.C. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.D. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.



QUESTION 108After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ,you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Whichof the following is the MOST LIKELY cause?

A. The Global Properties setting Translate destination on client side is checked. But the topology on theexternal interface is set to External.Change topology to Others +.

B. The Global Properties setting Translate destination on client side is unchecked. But the topology on theexternal interface is set to Others +. Change topology to External

C. The Global Properties setting Translate destination on client side is checked But the topology on the DMZinterface is set to Internal -Network defined by IP and Mask Uncheck the Global Properties settingTranslate destination on client side

D. The Global Properties setting Translate destination on client side is unchecked. But the topology on theDMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties settingTranslate destination on client side.



QUESTION 109Which NAT option applicable for Automatic NAT applies to Manual NAT as well?

A. Allow bi-directional NATB. Automatic ARP configurationC. Enable IP Pool NATD. Translate destination on client-side



QUESTION 110Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have asmall network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the sourceaddress only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Whichof the following configurations will allow this network to access the Internet?

A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each serviceB. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24C. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule

Base on the automatic ruleD. Configure Automatic Static NAT on network 10.10.20.0/24



QUESTION 111You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.xto access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behindthe Security Gateway's external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' publicIP addresses?

A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ serversB. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ

servers.C. When connecting to internal network 10 10.10 x. configure Hide NAT for the DMZ servers.D. When connecting to the internal network 10.10.10x, configure Hide Nat for the DMZ network behind the

DMZ interface of the Security Gateway



QUESTION 112A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway.With the default settings in place for NAT, the initiating packet will translate the_________.

A. source on client sideB. destination on server sideC. destination on client sideD. source on server side



QUESTION 113A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked inthe Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a ruleallowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

A. Automatic ARP must be unchecked in the Global Properties.B. A static route must be added on the Security Gateway to the internal host.C. Nothing else must be configured.D. A static route for the NAT IP must be added to the Gateway's upstream router.



QUESTION 114When translation occurs using automatic Hide NAT, what also happens?

A. Nothing happens.B. The source port is modified.C. The destination port is modified.D. The destination is modified.



QUESTION 115The fw monitor utility is used to troubleshoot which of the following problems?

A. Phase two key negotiationB. User data base corruptionC. Address translationD. Log Consolidation Engine



QUESTION 116Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

A. There is not enough information provided in the Wireshark capture to determine NAT settings.B. This is an example hide NAT.C. There is an example of Static NAT and translate destination on client side unchecked in Global Properties.D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.



QUESTION 117In SmartDashboard, Translate destination on client side is checked in Global Properties. When NetworkAddress Translation is used:

A. It is necessary to add a static route to the Gateway's routing table.B. The Security Gateway's ARP file must be modified.C. It is not necessary to add a static route to the Gateway's routing table.D. VLAN tagging cannot be defined for any hosts protected by the Gateway.



QUESTION 118Static NAT connections, by default, translate on which firewall kernel inspection point?

A. Post-inboundB. EitherboundC. InboundD. Outbound



QUESTION 119In a Hide NAT connection outbound, which portion of the packet is modified?

A. Source IP address and destination portB. Destination IP address and destination portC. Source IP address and source portD. Destination IP address and destination port



QUESTION 120You are MegaCorp's Security Administrator. There are various network objects which must be NATed. Someof them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is theorder of the rules if both methods are used together? Give the best answer.

A. The Administrator decides on the order of the rules by shifting the corresponding rules up and down.

B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over theNAT on a network or an address range

C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over theNAT on a network or an address range

D. The position of the rules depends on the time of their creation. The rules created first are placed at the top;rules created later are placed successively below the others.



QUESTION 121Which answers are TRUE? Automatic Static NAT CANNOT be used when:

i) NAT decision is based on the destination port

ii) Source and Destination IP both have to be translated

iii) The NAT rule should only be installed on a dedicated Gateway only

iv) NAT should be performed on the server side

A. (i), (ii), and (iii)B. (i), and (ii)C. (ii) and (iv)D. only (i)



QUESTION 122After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspectionpoints, but not in the O inspection point. Which is the likely source of the issue?

A. The packet has been sent out through a VPN tunnel unencrypted.B. An IPSO ACL has blocked the outbound passage of the packet.C. A SmartDefense module has blocked the packetD. It is an issue with NAT



QUESTION 123A marketing firm's networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration

settings for the perimeter Security Gateway. Which SmartConsole application should you use to check theseobjects and rules?

A. SmartView TrackerB. SmartView StatusC. SmartView MonitorD. SmartDashboard



QUESTION 124Which of the following is a viable consideration when determining Rule Base order?

A. Grouping authentication rules with address-translation rulesB. Grouping rules by date of creationC. Grouping reject and drop rules after the Cleanup RuleD. Grouping functionally related rules together



QUESTION 125Which of the following is a viable consideration when determining Rule Base order?

A. Adding SAM rules at the top of the Rule BaseB. Placing frequently accessed rules before less frequently accessed rulesC. Grouping rules by date of creationD. Grouping IPS rules with dynamic drop rules



QUESTION 126You would use the Hide Rule feature to:

A. Make rules invisible to incoming packets.B. View only a few rules without the distraction of othersC. Hide rules from read-only administrators.D. Hide rules from a SYN/ACK attack.


Explanation


QUESTION 127When you add a resource object to a rule, which of the following occurs?

A. All packets that match the resource will be dropped.B. All packets matching that rule are either encrypted or decrypted by the defined resource.C. All packets matching the resource service are analyzed through an application-layer proxy.D. Users attempting to connect to the destination of the rule will be required to authenticate.



QUESTION 128Your shipping company uses a custom application to update the shipping distribution database. The customapplication includes a service used only to notify remote sites that the distribution database is malfunctioning.The perimeter Security Gateway's Rule Base includes a rule to accept this traffic. Since you are responsiblefor multiple sites, you want notification by a text message to your cellular phone, whenever traffic is acceptedon this rule. Which of the following would work BEST for your purpose?

A. SmartView Monitor ThresholdB. SNMP trapC. Logging implied rulesD. User-defined alert script



QUESTION 129The fw stat -l command includes all of the following except:

A. The number of packets that have been inspectedB. The date and time of the policy that is installed.C. The number of times the policy has been installedD. The number of packets that have been dropped



QUESTION 130You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this

configuration. You then delete two existing users and add a new user group. You modify one rule and add twonew rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, youdecide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can youdo this?

A. Run fwm_dbexport to export the user database. Select restore the entire database in the DatabaseRevision screen. Then, run fwm_dbimport.

B. Restore the entire database, except the user database, and then create the new user and user group.C. Restore the entire database, except the user database.D. Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the

users.



QUESTION 131Which feature or command provides the easiest path for Security Administrators to revert to earlier versions ofthe same Security Policy and objects configuration?

A. Policy Package managementB. dbexport/dbimportC. Database Revision ControlD. upgrade_export/upgrade_import




QUESTION 132How can you configure an application to automatically launch on the Security Management Server when trafficis dropped or accepted by a rule in the Security Policy?

A. Pop-up alert scriptB. User-defined alert scriptC. Custom scripts cannot be executed through alert scriptsD. SNMP trap alert script



QUESTION 133Which of the following is NOT useful to verify whether or NOT a Security Policy is active on a Gateway?

A. Check the name of Security Policy of the appropriate Gateway in Smart Monitor.B. Cpstat fw f policyC. fw statD. fw ctl get string active_secpol



QUESTION 134Of the following, what parameters will not be preserved when using Database Revision Control?

1) Simplified mode Rule Bases

2) Traditional mode Rule Bases

3) Secure Platform WebUI Users

4) SIC certificates

5) SmartView Tracker audit logs

6) SmartView Tracker traffic logs

7) Implied Rules

8) IPS Profiles

9) Blocked connections

10) Manual NAT rules

11) VPN communities

12) Gateway route table

13) Gateway licenses

A. 3, 4, 5, 6, 9, 12, 13B. 5, 6, 9, 12, 13C. 1, 2, 8, 10, 11D. 2, 4, 7, 10, 11



QUESTION 135When you use the Global Properties' default settings on R75, which type of traffic will be dropped if no explicitrule allows the traffic?

A. SmartUpdate connectionsB. Firewall logging and ICA key-exchange informationC. Outgoing traffic originating from the Security GatewayD. RIP traffic



QUESTION 136You have installed a R75 Security Gateway on SecurePlatform. To manage the Gateway from the enterpriseSecurity Management Server, you create a new Gateway object and Security Policy. When you install the newPolicy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. Whatis the problem?

A. The new Gateway's temporary license has expired.B. The object was created with Node > Gateway.C. The Gateway object is not specified in the first policy rule column Install On.D. No Masters file is created for the new Gateway.



QUESTION 137John is the Security Administrator in his company. He installs a new R75 Security Management Server and anew R75 Gateway. He now wants to establish SIC between them. After entering the activation key, themessage "Trust established" is displayed in SmartDashboard, but SIC still does not seem to work because thepolicy won't install and interface fetching still does not work. What might be a reason for this?

A. This must be a human error.B. The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid.C. SIC does not function over the network.D. It always works when the trust is established.



QUESTION 138A _______ rule is used to prevent all traffic going to the R75 Security Gateway.

A. CleanupB. RejectC. Stealth

D. IPS



QUESTION 139Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R75 Gateway,which connections to your ISP provider. How do you configure the Gateway to allow this network to go out tothe internet?

A. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.B. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.C. Use automatic Static NAT for network 10.1.1.0/24.D. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.



QUESTION 140Which specific R75 GUI would you use to add an address translation rule?

A. SmartConsoleB. SmartDashboardC. SmartNATD. SmartView Monitor



QUESTION 141You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5,which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)

When you run fw monitor on the R75 Security Gateway and then start a new HTTP connection from host10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACKpacket translated from 216.216.216.5 back into 10.10.10.5?

A. i=inbound kernel, before the virtual machineB. O=outbound kernel, after the virtual machineC. o=outbound kernel, before the virtual machineD. I=inbound kernel, after the virtual machine

Correct Answer: D

Section: (none)Explanation


QUESTION 142A client has created a new Gateway object that will be managed at a remote location. When the client attemptsto install the Security Policy to the new Gateway object, the object does not appear in the Install On check box.What should you look for?

A. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from theNetwork Objects dialog box.

B. Anti-spoofing not configured on the interfaces on the Gateway object.C. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog

box, but still needs to configure the interfaces for the Security Gateway object.D. Secure Internal Communications (SIC) not configured for the object.



QUESTION 143A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections tothe stand-alone installation of R75. After running the fw unloadlocal command, you are able to reconnect withSmartDashboard and view all changes. Which of the following change is the most likely cause of the block?

A. A Stealth Rule has been configured for the R75 Gateway.B. The Allow Control Connections setting in Policy / Global Properties has been unchecked.C. The Security Policy installed to the Gateway had no rules in itD. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.



QUESTION 144Which of the following is NOT a valid selection for tracking and controlling packets in R75?

A. RejectB. AcceptC. HoldD. Session Auth



QUESTION 145You are conducting a security audit. While reviewing configuration files and logs, you notice logs acceptingPOP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is themost likely cause?

A. The POP3 rule is disabled.B. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75.C. POP3 is accepted in Global Properties.D. The POP3 rule is hidden.



QUESTION 146You are about to test some rule and object changes suggested in an R75 news group. Which backup solutionshould you use to ensure the easiest restoration of your Security Policy to its previous configuration aftertesting the changes?

A. upgrade export commandB. Manual copies of the $FWDIR/conf directoryC. SecurePlatform backup utilitiesD. Database Revision Control



QUESTION 147What must a Security Administrator do to comply with a management requirement to log all traffic acceptedthrough the perimeter Security gateway?

A. Install the View Implicit Rules package using SmartUpdateB. Define two log serves on the R75 Gateway object Enable Log Implied Rules on the first log server. Enable

Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into thesame database for HIPPA log audits.

C. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked asNone in the Track column). Send these logs to a secondary log server for a complete logging history. Useyour normal log server for standard logging for troubleshooting.

D. Check the Log Implied Rules Globally box on the R75 Gateway object.



QUESTION 148

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translatedestination on client site from Global Properties / NAT. Assuming all other NAT settings in Global Propertiesare selected, what else must be configured so that a host on the Internet can initiate an inbound connection tothis host?

A. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internalinterface.

B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway'sexternal interface.

C. The NAT IP address must be added to the anti-spoofing group of the external gateway interfaceD. No extra configuration is needed




QUESTION 149Cara wants to monitor the top services on her Security Gateway (fw-chicago), but she is getting an errormessage. Other Security Gateways are reporting the information except a new Security Gateway that was justrecently deployed. Analyze the error message from the output below and determine what Cara can do tocorrect the problem.

A. She should re-install the security policy on the security Gateway since it was using the default rule baseB. She should create a firewall rule to allow the CPMI traffic back to her smart console.C. She should let the monitoring run longer in order for it to collect sampled dataD. She should edit the security Gateway object and enable the monitoring Software Blade.



"Pass Any Exam. Any Time." - www.actualtests.com 85

Checkpoint 156-215.75 Exam

QUESTION 150Which rule is responsible for the installation failure?


A. Rule 4B. Rule 3C. Rule 5D. Rule 6



QUESTION 151What happens if Web Server is checked?

A. Web Intelligence will be applied to the host.B. An implied rule will be added allowing HTTP requests to the host.C. Anti-virus settings will be applied to the host.

D. An implied rule will be added allowing HTTP request from and to the host.



QUESTION 152Security Administrator, Anna has done the following:

What will happen when she recreates the firewall object?

A. Creating the object will result in a duplicate IP address warning.B. Get interfaces will show all interfaces.C. Establishing the SIC will fail.D. Get interfaces will still show only the old interfaces but not the newly added ones.



QUESTION 153The SIC certificate is stored in the________ directory.

A. $FUIDIR/confB. $CPDIR/confC. $FWDIR/databaseD. $CPDIR/registry



QUESTION 154Nancy has lost SIC communication with her Security Gateway and she needs to re-establish SIC. What wouldbe the correct order of steps needed to perform this task?

1) Create a new activation key on the Security Gateway, then exit cpconfig.

2) Click the Communication tab on the Security Gateway object, and then click Reset.

3) Run the cpconfig tool, and then select Secure Internal Communication to reset.

4) Input the new activation key in the Security Gateway object, and then click initialize

5) Run the cpconfig tool, then select source Internal Communication to reset.

A. 5, 4, 1, 2

B. 2, 3, 1, 4C. 2, 5, 1, 4D. 3, 1, 4, 2


Explanation/Reference:Explanation: Configuration Options:----------------------(1) Licenses and contracts(2) SNMP Extension(3) PKCS#11 Token(4) Random Pool(5) Secure Internal Communication(6) Disable Advanced Routing(7) Enable cluster membership for this gateway(8) Disable Check Point SecureXL(9) Automatic start of Check Point Products

QUESTION 155To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhiddenrules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?

A. In SmartDashboard menu, select Search / Rule Base Queries. In the window that opens, create a newQuery, give it a name (e.g. "HTTP_SSH") and define a clause regarding the two services HTTP and SSH.When having applied this, define a second clause for the action Accept and "Pass Any Exam. Any Time." -www.actualtests.com 90Checkpoint 156-215.75 Examcombine them with the Boolean operator AND.

B. This cannot be configured since two selections (Service, Action) are not possible.C. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the cpinfo file of the Security

Management Server.D. In SmartDashboard, right-click in the column field Service and select Query Column. Then, put the services

HTTP and SSH in the list. Do the same in the field Action and select Accept here.



QUESTION 156You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manualStatic NAT rule as follows:

"web_public_IP" is the node object that represents the new Web server's public IP address. "web_private_IP"is the node object that represents the new Web site's private IP address. You enable all settings from GlobalProperties > NAT.

When you try to browse the Web server from the Internet, you see the error "page cannot be displayed". Whichstatements are possible reasons for this?

i). There is no route defined on the Security Gateway for the public IP address to the Web server's private IPaddress.

ii) There is no Security Policy defined that allows HTTP traffic to the protected Web server.

iii) There is an ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARPconfiguration are enabled in Global Properties. The Security Gateway ignores manual ARP entries.

iv) There is no ARP table entry for the protected Web server's public IP address.

A. (i), (ii), (iv)B. (iii)C. (i), (ii)D. (i), (ii), (iii), (iv)



QUESTION 157You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manualStatic NAT rule as follows:

"web_public_IP" is the node object that represents the public IP address of the new Web server."web_private_IP" is the node object that represents the new Web site's private IP address. You enable allsettings from Global Properties > NAT.

When you try to browse the Web server from the Internet you see the error "page cannot be displayed". Which

of the following is NOT a possible reason?

A. There is no NAT rule translating the source IP address of packets coming from the protected Web server.B. There is no route defined on the Security Gateway for the public IP address to the private IP address of the

Web server.C. There is no ARP table entry for the public IP address of the protected Web server.D. There is no Security Policy defined that allows HTTP traffic to the protected Web server.



QUESTION 158You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package withsecurity and address translation rules for a second Gateway. What is TRUE about the new package's NATrules?

A. Rules 1 and 5 will be appear in the new package

B. Rules 1, 3, 4 and 5 will appear in the new packageC. Rules1,2, 3 and 4 will appear in the new packageD. NAT rules will be empty in the new package



QUESTION 159A Hide NAT rule has been created which includes a source address group of ten (10) networks and three (3)other group objects (containing 4, 5, and 6 host objects respectively). Assuming all addresses are non-repetitive, how many effective rules have you created?

A. 1B. 25C. 2D. 13




QUESTION 160Where are automatic NAT rules added to the Rule Base?

A. Before lastB. MiddleC. FirstD. Last



QUESTION 161You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour ofinactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:"Unknown established connection"

How do you resolve this problem without causing other security issues? Choose the BEST answer.

A. Increase the service-based session timeout of the default Telnet service to 24-hours.B. Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session

Timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to themainframe.

C. Ask the mainframe users to reconnect every time this error occurs.D. Increase the TCP session timeout under Global Properties > Stateful Inspection.



QUESTION 162Which SmartConsole tool would you use to see the last policy pushed in the audit log?

A. SmartView TrackerB. None, SmartConsole applications only communicate with the Security Management Server.C. SmartView StatusD. SmartView Server



QUESTION 163A security audit has determined that your unpatched Web application server is accessing a SQL server. Youbelieve that you have enabled the proper IPS setting but would like to verify this using SmartView Tracker.Which of the following entries confirms that this information is being blocked against attack?

A. ASCII Only Response Header detecteD.SQLB. Fingerprint Scrambling: Changed [SQL] to [Perl]C. Concealed HTTP response [SQL Server]. (Error Code WSE0160003)D. HTTP response spoofing: remove signature [SQL Server]



QUESTION 164What happens when you select File > Export from the SmartView Tracker menu?

A. Logs in fw.log are exported to a file that can be opened by Microsoft Excel.B. Exported log entries are not viewable in SmartView Tracker.C. Current logs are exported to a new *.log file.D. Exported log entries are deleted from fw.log.



QUESTION 165You are working with three other Security Administrators. Which SmartConsole component can be used tomonitor changes to rules or object properties made by the other administrators?

A. Eventia MonitorB. SmartView MonitorC. SmartView TrackerD. Eventia Tracker



QUESTION 166Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief ExecutiveOfficer (CEO) of a company?

A. This is not a SmartView Tracker feature.B. Display Payload ViewC. Display Capture ActionD. Network and Endpoint Tab



QUESTION 167How do you define a service object for a TCP port range?

A. Manage Services / New TCP, provide name and define port: x-yB. Manage Services / New Group, provide name and add all service ports for range individually to the group

objectC. Manage Services / New Other, provide name and define protocol: 17, Range: x-yD. Manage Services / New Other, provide name and define protocol: x-y



QUESTION 168You can include External commands in SmartView Tracker by the menu Tools > Custom Commands.

The Security Management Server is running under SecurePlatform, and the GUI is on a system running

Microsoft Windows. How do you run the command traceroute on an IP address?

A. There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup.B. Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list.C. Use the program GUIdbedit to add the command traceroute to the Security Management Server properties.D. Go to the menu, Tools > Custom Commands and configure the Linux command traceroute to the list.



QUESTION 169Where is the best place to find information about connections between two machines?

A. On a Security Management Server, using SmartView TrackerB. All options are valid.C. On a Security Gateway using the command fw log.D. On a Security Gateway Console interface; it gives you detailed access to log files and state table

information



QUESTION 170One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policyon the Gateway. All other remote Security Gateways are logging normally to the Security Management Server,and Policy installation is not affected. When you click the Test SIC status button in the problematic Gatewayobject you receive an error message. What is the problem?

A. There is no connection between the Security Management Server and the remote Gateway.Rules or routing may block the connection.

B. The remote Gateway's IP address has changed, which invalidates the SIC Certificate.C. The time on the Security Management Server's clock has changed, which invalidates the remote

Gateway's Certificate.D. The Internal Certificate Authority for the Security Management Server object has been removed from

objects_5_0.C.



Explanation:

QUESTION 171What information is found in the SmartView Tracker Management log?

A. Most accessed Rule Base ruleB. Number of concurrent IKE negotiationsC. SIC revoke certificate eventD. Destination IP address




A. Destination IP addressB. Policy Package rule modification date/time stampC. Historical reports logD. Most accessed Rule Base rule



QUESTION 173What are the results of the commanD. fw sam [Target IP Address]?

A. Connections from the specified target are blocked without the need to change the Security Policy.B. Connections to and from the specified target are blocked with the need to change the Security Policy.C. Connections to and from the specified target are blocked without the need to change the Security Policy.D. Connections to the specified target are blocked without the need to change the Security Policy.



QUESTION 174Which of the following explanations best describes the command fw logswitch [-h target] [+ | -] [oldlog]?

A. Display a remote machine's log-file list.B. Control KernelC. Display protocol HostsD. Create a new Log file. The old log has moved



QUESTION 175In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?

A. Blank field under Rule NumberB. Rule 0C. Cleanup RuleD. Rule 1



QUESTION 176Each grocery store in a regional chain is protected by a Security Gateway. The information- technology auditdepartment wants a report including:

The name of the Security Policy installed on each remote Security Gateway.

The date and time the Security Policy was installed.

General performance statistics (CPU Use, average CPU time, active real memory, etc)

Which one SmartConsole application can you use to gather all this information?

A. SmartView TrackerB. SmartView MonitorC. SmartDashboardD. SmartUpdate



QUESTION 177You have blocked an IP address via the Block Intruder feature of SmartView Tracker. How can you view theblocked addresses?

A. Run f wm blockedview.B. In SmartView Monitor, select the Blocked Intruder option from the query tree viewC. In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant

Security Gateway from the list.D. In SmartView Tracker, click the Active tab. and the actively blocked connections displays



QUESTION 178Which R75 SmartConsole tool would you use to verify the installed Security Policy name on a SecurityGateway?

A. SmartView StatusB. SmartView MonitorC. None, SmartConsole applications only communicate with the Security Management Server.D. SmartUpdate



Explanation:

QUESTION 179Which R75 SmartConsole tool would you use to verify the installed Security Policy name on a SecurityGateway?

A. SmartUpdateB. SmartView ServerC. SmartView TrackerD. None, SmartConsole applications only communicate with the Security Management Server.



QUESTION 180Where can an administrator specify the notification action to be taken by the firewall in the event that availabledisk space drops below 15%?

A. Real Time Monitor / Gateway Settings / Status MonitorB. SmartView Tracker / Audit Tab / Gateway CountersC. This can only be monitored by a user-defined script.D. SmartView Monitor / Gateway Status / Threshold Settings "Pass Any Exam. Any Time." -

www.actualtests.com 108Checkpoint 156-215.75 Exam



QUESTION 181Where can an administrator configure the notification action in the event of a policy install time change?

A. SmartView Tracker / Audit LogB. SmartView Monitor / Gateways / Thresholds SettingsC. SmartDashboard / Security Gateway Object / Advanced Properties TabD. SmartDashboard / Policy Package Manager



QUESTION 182How do you view a Security Administrator's activities with SmartConsole?

A. SmartView Tracker in the Management tabB. SmartView Tracker in the Network and Endpoint tabsC. SmartView Monitor using the Administrator Activity filterD. Eventia Suite



Explanation:

QUESTION 183Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking alltraffic from the corporate network?

A. Custom filterB. Network and Endpoint tabC. Management TabD. Active tab



QUESTION 184Which of the following R75 SmartView Tracker views will display a popup warning about performanceimplications on the Security Gateway?

A. Active TabB. Audit Tab

C. Account QueryD. All Records Query



QUESTION 185While in Smart View Tracker, Brady has noticed some very odd network traffic that he thinks could be anintrusion. He decides to block the traffic for 60 but cannot remember all the steps. What is the correct order ofsteps needed to perform this?

1) Select the Active Mode tab In Smart view Tracker

2) Select Tools > Block Intruder

3) Select the Log Viewing tab in SmartView Tracker

4) Set the Blocking Time out value to 60 minutes

5) Highlight the connection he wishes to block

A. 3, 2, 5, 4B. 3, 5, 2, 4C. 1, 5, 2, 4D. 1, 2, 5, 4



QUESTION 186Where do you enable popup alerts for IPS settings that have detected suspicious activity?

A. In SmartView Monitor, select Tools / AlertsB. In SmartView Tracker, select Tools / Custom CommandsC. In SmartDashboard, edit the Gateway object, and select IPS / AlertsD. In SmartDashboard, select Global Properties / Log and Alert / Alert Commands



QUESTION 187Which R75 GUI would you use to see the number of packets accepted since the last policy install?

A. SmartView Monitor

B. SmartView StatusC. SmartView TrackerD. SmartDashboard



QUESTION 188The R75 fw monitor utility is used to troubleshoot which of the following problems?

A. Phase two key negotiationB. User data base corruptionC. Log Consolidation EngineD. Traffic issues



QUESTION 189You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, youwould like to see how often the particular rules match. Where can you see it? Give the BEST answer.

A. In SmartReporter, in the section Firewall Blade - Activity / Network Activity with information concerning TopMatched Logged Rules.

B. It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Trackcolumn. Afterwards, you need to create your own program with an external counter.

C. In the SmartView Tracker, if you activate the column Matching Rate.D. SmartReporter provides this information in the section Firewall Blade - Security / Rule Base Analysis with

information concerning Top Matched Logged Rules.



QUESTION 190A company has disabled logging for some of the most commonly used Policy rules. This was to decrease loadon the Security Management Server and to make tracking dropped connections easier. What action would yourecommend to get reliable statistics about the network traffic using SmartReporter?

A. Turn the field Track of each rule to LOG.B. Network traffic cannot be analyzed when the Security Management Server has a high load.C. Configure Additional Logging on a separate log server.D. SmartReporter analyzes all network traffic, logged or not.



QUESTION 191What is a Consolidation Policy?

A. The collective name of the Security Policy, Address Translation, and IPS Policies.B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter

database.C. The collective name of the logs generated by SmartReporter.D. A global Policy used to share a common enforcement policy for multiple Security Gateways.



QUESTION 192You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real timeand verify it is successfully blocked?

A. Highlight the suspicious connection in SmartView Tracker Log mode. Block it using Tools > Block Intrudermenu. Observe in the Log mode that the suspicious connection does not appear again in this SmartViewTracker view.

B. Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > BlockIntruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartViewTracker view as "dropped".

C. Highlight the suspicious connection in SmartView Tracker Log mode. Block it using Tools > Block Intrudermenu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as"dropped".

D. Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > BlockIntruder menu. Observe in the Active mode that the suspicious connection does not appear again in thisSmartView Tracker view.



QUESTION 193Your company enforces a strict change control policy. Which of the following would be MOST effective forquickly dropping an attacker's specific active connection?

A. SAM - Suspicious Activity Rules feature of SmartView MonitorB. Change the Rule Base and install the Policy to all Security GatewaysC. Intrusion Detection System (IDS) Policy installD. Block Intruder feature of SmartView Tracker



Explanation:

QUESTION 194Which R75 component displays the number of packets accepted, rejected, and dropped on a specific SecurityGateway, in real time?

A. Smart EventB. SmartView MonitorC. SmartView StatusD. SmartUpdate



QUESTION 195SmartView Tracker R75 consists of three different modes. They are:

A. Log, Active, and AuditB. Log, Active, and ManagementC. Log, Track, and ManagementD. Network & Endpoint, Active, and Management



Explanation:

QUESTION 196Your boss wants you to closely monitor an employee suspected of transferring company secrets to thecompetition. The IT department discovered the suspect installed a WinSCP client in order to use encryptedcommunication. Which of the following methods is best to accomplish this task?

A. Watch his IP in SmartView monitor by setting an alert action to any packet that matches your Rule baseand his IP Address for inbound and outbound traffic.

B. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP source ordestination port. Then, export the corresponding entries to a separate log file for documentation.

C. Use SmartDashboard to add a rule in the firewall rule Base that matches his IP address and those ofpotential target and suspucious9 protocols. Apply the alert action or customized messaging.

D. Send the suspect an email with a key logging Trojan attached, to get direct information about his wrong

doing



QUESTION 197Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selectingPackages / Distribute Only and choosing the target Gateway, the:

A. selected package is copied from the Package Repository on the Security Management Server to theSecurity Gateway but the installation IS NOT performed.

B. selected package is copied from the Package Repository on the Security Management Server to theSecurity Gateway and the installation IS performed.

C. SmartUpdate wizard walks the Administrator through a distributed installation.D. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and

the installation IS performed.



QUESTION 198Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selectingPackages / Distribute and Install Selected Package and choosing the target Gateway, the:

A. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway andthe installation IS performed.

B. selected package is copied from the Package Repository on the Security Management Server to theSecurity Gateway but the installation IS NOT performed.

C. SmartUpdate wizard walks the Administrator through a distributed installation.D. selected package is copied from the Package Repository on the Security Management Server to the

Security Gateway and the installation IS performed.



QUESTION 199What physical machine must have access to the User Center public IP address when checking for newpackages with smartUpdate?

A. SmartUpdate GUI PCB. SmartUpdate Repository SQL database ServerC. A Security Gateway retrieving the new upgrade packageD. SmartUpdate installed Security Management Server PC



QUESTION 200What port is used for communication to the User Center with SmartUpdate?

A. CPMI 200B. HTTPS 443C. HTTP 80D. TCP 8080



QUESTION 201You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten SecurityGateways at five geographically separate locations. What is the BEST method to implement this HFA?

A. Send a Certified Security Engineer to each site to perform the update.B. Use SmartUpdate to install the packages to each of the Security Gateways remotely.C. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, imitate a remote

installation command and monitor the installation progress with SmartView MonitorD. Send a CD-ROM with the HFA to each location and have local personnel install it.




QUESTION 202An advantage of using central instead of local licensing is:

A. A license can be taken from one Security Management server and given to another Security ManagementServer.

B. Only one IP address is used for all licenses.C. Licenses are automatically attached to their respective Security Gateways.D. The license must be renewed when changing the IP address of security Gateway. Each module's license

has a unique IP address.



QUESTION 203You are running the license_upgrade tool on your SecurePlatform Gateway. Which of the following can youNOT do with the upgrade tool?

A. View the status of currently installed licensesB. Perform the actual license-upgrade processC. View the licenses in the SmartUpdate License RepositoryD. Simulate the license-upgrade process



QUESTION 204Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?

A. It will conflict with any future upgrades when using SmartUpdate.B. SmartUpdate will start a new installation process if the machine is rebooted.C. It contains your security configuration, which could be exploited.D. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.



QUESTION 205Which of these components does NOT require a Security Gateway R75 license?

A. SmartUpdate upgrading/patchingB. Security Management ServerC. SmartConsoleD. Check Point Gateway



Topic 4, Volume D

QUESTION 206You plan to migrate a Windows NG with Application Intelligence (AI) R55 SmartCenter Server to R75. You alsoplan to upgrade four VPN-1 Pro Gateways at remote offices, and one local VPN-1 Pro Gateway at yourcompany's headquarters to R75. The Management Server configuration must be migrated. What is the correct

procedure to migrate the configuration?

A. 1. Upgrade the remote gateway via smartUpdate.2. upgrade the security management server, using the R75 CD

B. 1. From the R75 CD-ROM on the security management server, select Upgrade2. Reboot after installation and upgrade all licenses via SmartUpdate3. Reinstall all gateways using R 70 and install a policy

C. 1. Copy the $PWDIR\ conf directory from the security management server2. Save directory contents to another file server3. Uninstall the security management server, and install anew security management server4. Move the saved directory contents to $ PWDIR\conf replacing the default installation files5. Reinstall all gateways using R75 and install a security policy

D. 1. From the R75 CD- ROM in the security management server, select export2. Install R 70 on a new PC using the option installation using imported configuration3. Reboot after installation and update all licenses via smartUpdate4. Upgrade software on all five remote Gateway via SmartUpdate



QUESTION 207You are using SmartUpdate to fetch data and perform a remote upgrade to a R75 Security Gateway. Which ofthe following statements is FALSE?

A. A remote installation can be performed without the SVN Foundation package installed on a remote NG withApplication Intelligence Security Gateway.

B. If SmartDashboard is open during package upload and upgrade, the upgrade will fail.C. SmartUpdate can query the Security Management Server and Gateway for product information.D. SmartUpdate can query license information running locally on the Gateway.



QUESTION 208What action can be performed from SmartUpdate R75?

A. remote_uninstall_verifierB. upgrade_exportC. fw stat -lD. cpinfo



QUESTION 209If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and HeaderRejection, which Check Point license is required in SmartUpdate?

A. Data Loss PreventionB. SmartEvent IntroC. SSL: VPND. IPS



QUESTION 210Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates withSecurePlatform, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but shehas never been able to SCP files to it. What would be the most likely reason she cannot do so?

A. She needs to run cpconfig to enable the ability to SCP files.B. She needs to edit /etc/scpusers and add the Standard Mode account.C. She needs to run sysconfig and restart the SSH process.D. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.



QUESTION 211Which command gives an overview of your installed licenses?

A. cplic printB. showlicC. cplicenseD. lic print




QUESTION 212Where are SmartEvent licenses installed?

A. Security Gateway

B. SmartEvent serverC. Security Management ServerD. Log Server



QUESTION 213You currently do not have a Check Point software subscription for one of your products. What will happen ifyou attempt to upgrade the license for this product?

A. The license will be upgraded with a warningB. It is deletedC. It is upgraded with new available features, but cannot be activatedD. The license is not upgraded



QUESTION 214Which of the following statements about service contracts, i.e., Certificate, software subscription, or supportcontract, is FALSE?

A. A service contract can apply only for a single set of Security Gateways managed by the same SecurityManagement Server.

B. The contract file is stored on the Security Management Server and downloaded to all Security Gatewaysduring the upgrade process.

C. Most software-subscription contracts are permanent, and need not be renewed after a certain time passes.D. Service Contracts can apply for an entire User Center account.



QUESTION 215Your network includes a SecurePlatform machine running NG with Application Intelligence (AI) R55. Thisconfiguration acts as both the primary Security Management Server and VPN-1 Pro Gateway. You add onemachine, so you can implement Security Gateway R75 in a distributed environment. The new machine is anIntel CoreDuo processor, with 2 GB RAM and a 500-GB hard drive. How do you use these two machines tosuccessfully migrate the NG with AI R55 configuration?

A. 1. On the existing machine, export the NG with AJ R55 configuration to a network share.2. Insert the R75 CD-ROM in the old machine Install the R7D Security Gateway only while reinstalling theSecurePlatform OS over the top of the existing installation. Complete sysconfig.3. On the new machine, install SecurePlatform as the primary Security Management Server only.

4. Transfer the exported. tgz file into the new machine, import the configuration, and then reboot5. Open SmartDashboard, change the Gateway object to the new version, and reset SIC for the Gatewayobject.

B. 1. Export the configuration on the existing machine to a tape drive2. Uninstall the Security Management Server from the existing machine, using sysconfig.3. Insert the R75 CD-ROM. run the patch add CD-ROM command to upgrade the existing machine to theR75 Security Gateway, and reboot4. Install a new primary Security Management Server on the new machine5. Change the Gateway object to the new version, and reset SIC

C. 1. Export the configuration on the existing machine to a network share2. Uninstall the Security Gateway from the existing machine, using sysconfig "Pass Any Exam. Any Time." -www.actualtests.com 127Checkpoint 156-215.75 Exam3. Insert the R75 CD ROM. and run the patch add CD-HGM command to upgrade the SecurityManagement Server to Security Gateway R 704. Select upgrade with imported file, and reboot5. Install a new R75 Security Gateway as the only module on the new machine, and reset SIC to the newGateway

D. 1. Export the configuration on the existing machine as a backup only2. Edit $FWDIR\product. conf on the existing machine, to disable the VPN-1 Pro Gateway package3. Reboot the existing machine4. Perform an in place upgrade on the Security Management Server using the command "patch odd cd"5. On the new machine, install SecurePlatform as the R75 Security Gateway only6. Run sysconfig to complete the configuration7. From SmartDashboard, reconfigure the Gateway object to the new version, and reset SIC



QUESTION 216After installing Security Gateway R75, you discover that one port on your Intel Quad NIC on the SecurityGateway is not fetched by a Get Topology request. What is the most likely cause and solution?

A. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R75 HotfixAccumulator (HFA).

B. The NIC is faulty. Replace it and reinstall.C. Make sure the driver for your particular NIC is available, and reinstall. You will be prompted for the driver.D. If an interface is not configured, it is not recognized. Assign an IP address and subnet mask using the

WebUI.



QUESTION 217You plan to upgrade from R65 to R75 Software Blades. Do you need new licenses and license strings for thisscenario?

A. No, the upgrade will preserve licenses.

B. Yes, you need to buy/convert licenses in the User Center first, and then reapply licenses to upgradedsystems with the new Software Blades licenses.

C. Yes, the upgrade will do an automatic conversion in the User Center, but you will need to reattach the newlicenses.

D. No, the upgrade will convert all licenses to R75.



QUESTION 218What is the command to upgrade a SecurePlatform NG with Application Intelligence R55 Management Serverto R75?

A. fwm upgrade_toolB. upgrade_mgmtC. patch add cdD. fw install_mgmt



QUESTION 219Jeff wanted to upgrade his Security Gateway to R75, but he remembers that he needs to have a contracts filefrom the User Center before he can start the upgrade. If Jeff wants to download the

contracts file from the User Center, what is the correct order of steps needed to perform this?

1) Select Update Contracts from User Center.

2) Enter your Username for your User Center account.

3) Enter your Password for your User Center account.

4) Click the Browse button to specify the path to your download contracts file.

5) Enter your Username and Password for your Security Gateway.

A. 2, 3, 4B. 1, 5, 4C. 5, 2, 3D. 1, 2, 3



QUESTION 220In which directory do you install the R75 pre-upgrade verifier on a SecurePlatform Security ManagementServer?

A. It does not matter since the dynamic information entered by the Administrator will cause it to retrieve theproper configurations.

B. In $PWDIR/ conf.C. It does not matter as long as the Administrator uses chmod to permit the file to execute.D. in $PWDIR/ bin



QUESTION 221All Check Point Suite products before version RXX need to be upgraded to RXX before you can upgrade themto R75. RXX is:

A. R55B. R65C. R61D. R60



QUESTION 222Can you upgrade a clustered deployment with zero downtime?

A. No, this is not possible.B. Yes, if you select the option zero downtime, it will keep one member activeC. No, you must bring all gateways down.D. Yes, this is the default setting.



QUESTION 223As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a newuser connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

A. in the user object's Authentication screenB. in the Gateway object's Authentication screen

C. in the Limit tab of the Client Authentication Action Properties screenD. in the Global Properties Authentication screen



QUESTION 224Your Rule Base includes a Client Authentication rule, using partial authentication and standard sign-on forHTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted forauthentication, and they see error page cannot be displayed in the browser. In SmartView Tracker, youdiscover the HTTP connection is dropped when the Gateway is the destination. What did you do to causeClient Authentication to fail?

A. disabled R75 Control Connections in Global PropertiesB. enabled Static NAT on the problematic machinesC. added a rule below the Client Authentication rule, blocking HTTP from the internal network "Pass Any

Exam. Any Time." - www.actualtests.com 133Checkpoint 156-215.75 Exam

D. added the Stealth Rule before the Client Authentication rule



QUESTION 225Which column in the Rule Base is used to define authentication parameters?

A. SourceB. ActionC. TrackD. Service



QUESTION 226Choose the BEST sequence for configuring user management in SmartDashboard, Using an LDAP server.

A. Configure a server object for the LDAP Account Unit, enable LDAP in Global PropertiesB. Configure a workstation object for the LDAP server; configure a server object for the LDAP in global

properties.C. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a

server object for the LDAP Account Unit.D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.



QUESTION 227You cannot use SmartDashboard's SmartDirectory features to connect to the LDAP server. What should youinvestigate?

A. 1 and 3B. 1 and 2C. 2 and 3D. 1, 2, and 3



QUESTION 228What is the Manual Client Authentication TELNET Port?

A. 23B. 259C. 264D. 900



QUESTION 229Which authentication type permits five different sign-on methods in the authentication properties window?

A. Manual AuthenticationB. Client AuthenticationC. Session AuthenticationD. User Authentication



QUESTION 230Which of the following objects is a valid source in an authentication rule?

A. User@NetworkB. User@AnyC. Host@AnyD. User_group@Network



QUESTION 231Users are not prompted for authentication when they access their Web servers, even though you have createdan HTTP rule via User Authentication. Why?

A. Users must use the SecuRemote Client, to use the User Authentication Rule.B. Another rule that accepts HTTP without authentication exists in the Rule Base.C. You checked the cache password on desktop option in Global Properties.D. You have forgotten to place the User Authentication Rule before the Stealth Rule.



QUESTION 232Which authentication type requires specifying a contact agent in the Rule Base?

A. Client Authentication with Partially Automatic Sign OnB. User AuthenticationC. Session AuthenticationD. Client Authentication with Manual Sign On



QUESTION 233What is the difference between Standard and Specific Sign On methods?

A. Standard Sign On allows the user to be automatically authorized for all services that the rule "Pass AnyExam. Any Time." - www.actualtests.com 137Checkpoint 156-215.75 Examallows, but re-authenticate for each host to which he is trying to connect. Specific Sign On requires that theuser re-authenticate for each service.

B. Standard Sign On requires the user to re-authenticate for each service and each host to which he is tryingto connect. Specific Sign On allows the user to sign on only to a specific IP address.

C. Standard Sign On allows the user to be automatically authorized for all services that the rule allows.

Specific Sign On requires that the user re-authenticate for each service and each host to which he is tryingto connect.

D. Standard Sign On allows the user to be automatically authorized for all services that the rule allows.Specific Sign On requires that the user re-authenticate for each service specifically defined in the windowSpecific Action Properties.



QUESTION 234Which set of objects have an Authentication tab?

A. Networks. HostsB. Users, NetworksC. Users, User GroupsD. Templates, Users



QUESTION 235As a Security Administrator, you are required to create users for authentication. When you create a user foruser authentication, the data is stored in the ___________.

A. SmartUpdate repositoryB. User DatabaseC. Rules DatabaseD. Objects Database




QUESTION 236Review the following rules. Assume domain UDP is enabled in the implied rules.

What happens when a user from the internal network tries to browse to the Internet using HTTP? The user:

A. is prompted three times before connecting to the Internet successfully.B. can go to the Internet after Telnetting to the client auth daemon port 259.C. can connect to the Internet successfully after being authenticated.D. can go to the Internet, without being prompted for authentication.



QUESTION 237Which Security Gateway R75 configuration setting forces the Client Authentication authorization time-out torefresh, each time a new user is authenticated?

A. Global Properties > Authentication parameters, adjusted to allow for Regular Client RefreshmentB. Time properties, adjusted on the user objects for each user, in the source of the Client Authentication ruleC. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabledD. Refreshable Timeout setting, in the Limits tab of the Client Authentication Action Properties screen



QUESTION 238All R75 Security Servers can perform authentication with the exception of one. Which of the Security Serverscannot perform authentication?

A. RLOGINB. HTTPC. SMTPD. FTP



QUESTION 239Security Gateway R75 supports User Authentication for which of the following services? Select the response

below that contains the MOST complete list of supported services.

A. FTP, HTTP, TELNETB. FTP, TELNETC. SMTP, FTP, HTTP, TELNETD. SMTP, FTP, TELNET



QUESTION 240With the User Directory Software Blade, you can create R75 user definitions on a(n) _______Server.

A. RadiusB. NT DomainC. LDAPD. SecureID



QUESTION 241If you are experiencing LDAP issues, which of the following should you check?

A. Domain name resolutionB. Overlapping VPN DomainsC. Secure Internal Communications (SIC)D. Connectivity between the R75 Gateway and LDAP server



QUESTION 242How are cached usernames and passwords cleared from the memory of a R75 Security Gateway?

A. By retrieving LDAP user information using the command fw fetchldapB. By using the Clear User Cache button in Smart DashboardC. Usernames and password only clear from memory after they time outD. By installing a Security Policy



QUESTION 243Mr. Smith needs access to other networks and should be able to use all services, but session authentication isnot suitable. The Security Administrator selects client authentication with HTTP. The standard authenticationport for client HTTP authentication (Port 900) is already in use. The Security Administrator wants to use thePort 9001, but there are some connectivity problems. What is the reason for the connectivity problems? Givethe BEST answer.

A. The configuration of the service FW1_clntauth_http is not correct.B. The Security Policy is not correct.C. The configuration file $FWDIR/conf/fwauthd.conf is wrong.D. It is not possible to use any port other than the standard port 900 for the client authentication via HTTP.



QUESTION 244You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to bedefined via SmartDashboard?

A. internet user groupB. A group with generic userC. LDAP account unit GroupD. All users



Explanation:

QUESTION 245In the given Rule Base, the client authentication in rule 4 is configured as fully automatic. Eric is a member ofthe LDAP group, MSAD_Group. When Eric tries to connect to a server on the Internet, what will happen?

A. Eric will be blocked because LDAP is not allowed in the Rule Base.B. None of these things will happen.C. Eric will be authenticated and get access to the requested server.D. Eric will be blocked by the Stealth Rule.



Explanation:

QUESTION 246When selecting an authentication scheme for a user, which scheme would you use if you only want thepassword to be stored locally? (The password is not stored at a third party component.)

A. Check Point PasswordB. TACACSC. SecurIDD. OS Password



QUESTION 247For remote user authentication, which authentication scheme is NOT supported?

A. SecurlDB. TACACSC. Check Point PasswordD. RADIUS



QUESTION 248What is the bit size of a DES key?

A. 112B. 168C. 56D. 64



QUESTION 249What is the size of a hash produced by SHA-1?

A. 128B. 56C. 40D. 160



QUESTION 250Public keys and digital certificates do NOT provide which of the following?

A. AuthenticationB. NonrepudiationC. Data integrityD. Availability



QUESTION 251If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:

A. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchangeB. three-packet IKE Phase 2 exchange is replaced by a two-packet exchangeC. six-packet IKE Phase 1 exchange is replaced by a three-packet exchangeD. three-packet IKE Phase 1 exchange is replaced by a six-packet exchange



QUESTION 252You are concerned that a message may have been intercepted and retransmitted, thus compromising thesecurity of the communication. You attach a code to the electronically transmitted message that uniquelyidentifies the sender. This code is known as a(n):

A. diffie-Helman verificationB. digital signatureC. private keyD. AES flag



QUESTION 253

Your manager requires you to setup a new corporate VPN between all your branch offices. He requires you tochoose the strongest and most secure available algorithms for the headquarters to the Research andDevelopment branch office. In addition, you must use high performance algorithms for all sales offices withshorter key length for the VPN keys. How would you configure this scenario?

A. This can not be achieved at all as all algorithms need to be the very same for all VPNs.B. This can only be done in traditional mode VPNs while not using simplified VPN settings.C. This can be done either in traditional mode or simplified VPN using 2 different communities and the

headquarters as the center for both communities.D. This can be done in a single community, but the encrypt action in the security Rule Base needs to be

configured for exceptions.



QUESTION 254Whitfield Diffie and martin Hellman gave their names to what standard?

A. An encryption scheme that makes pre-shared keys obsoleteB. An algorithm that is used in IPsec QuickMode and as an additional option in IPsec QuickMode (PFS)C. A Key Exchange Protocol for the advanced Encryption StandardD. A Key Agreement / Derivation Protocol that constructs secure keys over an insecure channel.



QUESTION 255If you need strong protection for the encryption of user data, what option would be the BEST choice?

A. When you need strong encryption, IPsec is not the best choice. SSL VPNs are a better choice.B. Disable Diffie Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted

channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.D. Use Diffie Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode

and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.




QUESTION 256What is used to validate a digital certificate?

A. IPsecB. CRLC. S/MIMED. PKCS



QUESTION 257Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the followingoptions will end the intruder's access after the next Phase 2 exchange occurs?

A. Perfect Forward SecrecyB. SHA1 Hash CompletionC. Phase 3 Key RevocationD. M05 Hash Completion



QUESTION 258Which statement defines Public Key Infrastructure? Security is provided:

A. By authenticationB. By Certificate Authorities, digital certificates, and two-way symmetric- key encryptionC. By Certificate Authorities, digital certificates, and public key encryption.D. Via both private and public keys, without the use of digital Certificates.



QUESTION 259Review the following list of actions that Security Gateway R75 can take when it controls packets. The PolicyPackage has been configured for Simplified Mode VPN. Select the response below that includes the availableactions:

A. Accept, Drop, Encrypt, Session AuthB. Accept, Reject, Encrypt, DropC. Accept, Drop, Reject, Client AuthD. Accept, Hold, Reject, Proxy

Correct Answer: C



QUESTION 260Your organization maintains several IKE VPNs. Executives in your organization want to know whichmechanism Security Gateway R75 uses to guarantee the authenticity and integrity of messages. Whichtechnology should you explain to the executives?

A. Key-exchange protocolsB. Digital signaturesC. Certificate Revocation ListsD. Application Intelligence



QUESTION 261Which of the following provides confidentiality services for data and messages in a Check Point VPN?

A. Cryptographic checksumsB. Digital signaturesC. Asymmetric EncryptionD. Symmetric Encryption




QUESTION 262Your company has two headquarters, one in London, and one in New York. Each office includes severalbranch offices. The branch offices need to communicate with the headquarters in their country, not with eachother, and only the headquarters need to communicate directly. What is the BEST configuration forestablishing VPN Communities for this company? VPN Communities comprised of:

A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as thecenter of the Community and its branches as satellites. The mesh Community includes only New York andLondon Gateways.

B. One star Community with the option to "mesh" the center of the star: New York and London Gatewaysadded to the center of the star with the mesh canter Gateways option checked, all London branch officesdefined m one satellite window, but all New York branch offices defined m another satellite window.

C. Two mesh and one star Community One mesh Community is set up for each of the headquarters and itsbranch offices The star Community is configured with London as the center of the Community and NewYork is the satellite.

D. Three mesh Communities: One for London headquarters and its branches, one for New York headquartersand its branches, and one f;or London and New York headquarters.



QUESTION 263Which of these attributes would be critical for a site-to-site VPN?

A. Strong authenticationB. Centralized managementC. Strong data encryptionD. Scalability to accommodate user groups



QUESTION 264Which of the following is NOT true for Clientless VPN?

A. The Gateway accepts any encryption method that is proposed by the client and supported in the VPNB. Secure communication is provided between clients and servers that support HTTPC. User Authentication is supportedD. The Gateway can enforce the use of strong encryption



QUESTION 265You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner.Which of the following activities should you do first?

A. Manually import your partner's Certificate Revocation List.B. Exchange exported CA keys and use them to create a new server object to represent your partner's

Certificate Authority (CA).C. Create a new logical-server object to represent your partner's CAD. Manually import your partner's Control List.



Explanation:

QUESTION 266Your company is still using traditional mode VPN configuration on all Gateways and policies. Your managernow requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be donewith no downtime due to critical applications which must run constantly.How would you start such a migration?

A. This cannot be done without downtime as a VPN between a traditional mode Gateway and a simplifiedmode Gateway does not work.

B. You first need to completely rewrite all policies in simplified mode and then push this new policy to allGateways at the same time.

C. This can not be done as it requires a SIC- reset on the Gateways first forcing an outage.D. Convert the required Gateway policies using the simplified VPN wizard, check their logic and then migrate

Gateway per Gateway.




QUESTION 267Your manager requires you to setup a VPN to a new business partner site. The administrator from the partnersite gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKEphase 2. Why is this a problematic setup?

A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length forhigher performance for setting up the tunnel.

B. All is fine and can be used as is.C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in

phase 2 only costs performance and does not add security due to a shorter key in phase 1.D. The 2 algorithms do not have the same key length and so don't work together. You will get the error ".... No

proposal chosen...."



QUESTION 268Why are certificates preferred over pre-shared keys in an IPsec VPN?

A. Weak scalability: PSKs need to be set on each and every GatewayB. Weak performance: PSK takes more time to encrypt than Drffie-HellmanC. Weak security: PSKs can only have 112 bit length.D. Weak Security: PSK are static and can be brute-forced.

Correct Answer: DSection: (none)

Explanation


QUESTION 269Multi-Corp must comply with industry regulations in implementing VPN solutions among multiple sites. Thecorporate Information Assurance policy defines the following requirements:

What is the most appropriate setting to comply with these requirements?

Portability Standard

Key management Automatic, external PKI

Session keys changed at configured times during a connection's lifetime

Key length No less than 128-bit

Data integrity Secure against inversion and brute-force attacks

What is the most appropriate setting to comply with theses requirements?

A. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for phase 2, AES hashB. IKE VPNs: DES encryption for IKE phase 1, and 3DES encryption for phase 2, MD 5 hashC. IKE VPNs: CAST encryption for IKE Phase 1, and SHA 1 encryption for phase 2, DES hashD. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash



QUESTION 270What happens in relation to the CRL cache after a cpstop and cpstart have been initiated?

A. The Gateway retrieves a new CRL on startup, and discards the old CRL as invalid.B. The Gateway continues to use the old CRL, as long as it is valid.C. The Gateway continuous to use the old CRL even if it is not valid, until a new CRL is cashed.D. The Gateway issues a crl_zap on startup, which empties the cache and forces certificate retrieval.



QUESTION 271Which of the following is TRUE concerning control connections between the Security Management Server andthe Gateway in a VPN Community? Control Connections are:

A. encrypted using SIC and re-encrypted again by the Community regardless of VPN domain configuration.

B. encrypted by the Community.C. not encrypted, only authenticated.D. encrypted using SIC.



QUESTION 272How many times is the firewall kernel invoked for a packet to be passed through a VPN connection?

A. Three timesB. TwiceC. OnceD. None The IPSO kernel handles it



QUESTION 273You have traveling salesmen connecting to your VPN community from all over the world. Which technologywould you choose?

A. SSL VPN: It has more secure and robust encryption schemes than IPsec.B. IPseC.It allows complex setups that match any network situation available to the client, i.e.

connection from a private customer network or various hotel networks.C. SSL VPN: It only requires HTTPS connections between client and server. These are most likely open from

all networks, unlike IPsec, which uses protocols and ports which are blocked by many sites.D. IPseC.It offers encryption, authentication, replay protection and all algorithms that are state of the art (AES)

or that perform very well. It is native to many client operating systems, so setup can easily be scripted.



QUESTION 274You wish to configure a VPN and you want to encrypt not just the data packet, but the original header. Whichencryption scheme would you select?

A. Both encrypt the data and headerB. Tunneling-mode encryptionC. In-place encryption


Explanation


QUESTION 275You wish to view the current state of the customer's VPN tunnels, including those that are down anddestroyed. Which SmartConsole application will provide you with this information?

A. SmartView MonitorB. SmartView StatusC. SmartView TrackerD. SmartUpdate



QUESTION 276Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard?

A. MeshB. StarC. RoutedD. Remote Access



QUESTION 277When a user selects to allow Hot-spot, SecureClient modifies the Desktop Security Policy and/or Hub Moderouting to enable Hot-spot registration. Which of the following is NOT true concerning this modification?

A. IP addresses accessed during registration are recorded.B. Ports accessed during registration are recorded.C. The number of IP addresses accessed is unrestricted.D. The modification is restricted by time.



QUESTION 278For VPN routing to succeed, what must be configured?

A. VPN routing is not configured in the Rule Base or Community objects. Only the native-routing mechanismon each Gateway can direct the traffic via its VTI configured interfaces.

B. No rules need to be created; implied rules that cover inbound and outbound traffic on the central (HUB)Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections.

C. At least two rules in the Rule Base must be created, one to cover traffic inbound and the other to covertraffic outbound on the central (HUB) Security Gateway.

D. A single rule in the Rule Base must cover all traffic on the central (HUB) Security Gateway for the VPNdomain.



QUESTION 279What can NOT be selected for VPN tunnel sharing?

A. One tunnel per subnet pairB. One tunnel per Gateway pairC. One tunnel per pair of hostsD. One tunnel per VPN domain pair



QUESTION 280Marc is a Security Administrator configuring a VPN tunnel between his site and a partner site. He just createdthe partner city's firewall object and a community. While trying to add the firewalls to the community only hisfirewall could be chosen. The partner city's firewall does not appear. What is a possible reason for theproblem?

A. IPsec VPN Software Blade on the partner city's firewall object is not activated.B. The partner city's firewall object was created as an interoperable device.C. The partner city's Gateway is running VPN-1 NG AI.D. Only Check Point Gateways could be added to a community.



QUESTION 281If Henry wanted to configure Perfect Forward Secrecy for his VPN tunnel, in which phase would he beconfiguring this?

A. Aggressive ModeB. Diffie-Hellman

C. Phase 2D. Phase 1



QUESTION 282You install and deploy SecurePlatform with default settings. You allow Visitor Mode in the Remote Accessproperties of the Gateway object and install policy, but SecureClient refuses to connect.What is the cause of this?

A. Set Visitor Mode in Policy > Global Properties / Remote-Access / VPN - Advanced.B. Office mode is not configured.C. The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind

to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, orrun Visitor Mode on a different port.

D. You need to start SSL Network Extender first, than use Visitor Mode.



Explanation:

QUESTION 283With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypteddomain. But when your mobile users move outside of your company, they often cannot use SecureClientbecause they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?

A. Allow your users to turn off SecureClientB. Allow for unencrypted trafficC. Allow traffic outside the encrypted domainD. Enable Hot Spot/Hotel Registration



QUESTION 284What statement is true regarding Visitor Mode?

A. VPN authentication and encrypted traffic are tunneled through port TCP 443.B. All VPN traffic is tunneled through UDP port 4500.C. Only Main mode and Quick mode traffic are tunneled on TCP port 443.

D. Only ESP traffic is tunneled through port TCP 443.



QUESTION 285If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see fornormal Phase 1 exchange?

A. 6B. 2C. 3D. 9



QUESTION 286How many packets does the IKE exchange use for Phase 1 Aggressive Mode?

A. 12B. 3C. 1D. 6



QUESTION 287Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?

A. The DH public keys are exchanged.B. Peers authenticate using certificates or preshared secrets.C. Symmetric IPsec keys are generated.D. Each Security Gateway generates a private Diffie-Hellman (DH) key from random pools.



QUESTION 288Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

A. fw ipsec tuB. vpn ipsecC. vpn debug ipsecD. vpn tu



QUESTION 289You wish to configure an IKE VPN between two R75 Security Gateways, to protect two networks. The networkbehind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer's Gateway. Which type ofaddress translation should you use to ensure the two networks access each other through the VPN tunnel?

A. Hide NATB. Static NATC. Manual NATD. None



QUESTION 290Which operating system is not supported by SecureClient?

A. MacOS XB. Windows XP SP2C. Windows VistaD. IPSO 3.9



QUESTION 291Which of the following is NOT supported with Office Mode?

A. SecuRemoteB. SSL Network ExtenderC. SecureClientD. Endpoint Connect



QUESTION 292Your organization has many Edge Gateways at various branch offices allowing users to access companyresources. For security reasons, your organization's Security Policy requires all Internet traffic initiated behindthe Edge Gateways first be inspected by your headquarters' R75 Security Gateway. How do you configureVPN routing in this star VPN Community?

A. To Internet and other targets onlyB. To center or through the center to other satellites, to Internet and other VPN targetsC. To center and other satellites, through centerD. To center only



QUESTION 293Of the following VPN Community options, which is most likely to provide a balance between IKE compatibilityto VPN-capable devices (Check Point and non-Check Point) and preserving resources on the R75 Gateway?VPN tunnel sharing per:

A. pair of hosts, no permanent tunnels, Diffie-Hellman Group 1 for Phase 1.B. subnet, no permanent tunnels, Diffie-Hellman Group 2 for Phase 1.C. subnet, permanent tunnels, Diffie-Hellman Group 1 for Phase 1.D. pair of hosts, permanent tunnels, Diffie-Hellman Group 2 for Phase 1.



QUESTION 294When attempting to connect with SecureClient Mobile the following error message is received.

The certificate provided is invalid. Please provide the username and password.

What is the probable cause of the error?

A. The certificate provided is invalid.B. The user's credentials are invalid.C. The user attempting to connect is not configured to have an office mode IP address so the connection

failed.D. There is no connection to the server, and the client disconnected.

Correct Answer: A



QUESTION 295Using the output below, what type of VPN Community is configured for fw-stlouis?

A. TraditionalB. Domain-BasedC. MeshedD. Star



QUESTION 296You are evaluating the configuration of a mesh VPN Community used to create a site-to-site VPN. This graphicdisplays the VPN properties in this mesh Community.

Which of the following would be the most valid conclusion?

A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key SecurityGateway R75 supports.

B. Changing the setting Perform IPsec data encryption with from AES-128 to 3DES will increase theencryption overhead.

C. Changing the setting Perform key exchange encryption with 3DES to DES will enhance the VPNCommunity's security, and reduce encryption overhead."Pass Any Exam. Any Time." - www.actualtests.com 168Checkpoint 156-215.75 Exam

D. Change the data-integrity settings for this VPN CommunitybecauseMD5 is incompatible with AES.



QUESTION 297How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Ruleas the first explicit rule?

A. You can access the Revocation list by means of a browser using the URL: http://IP-FW:18264/ICA CRL1.crl1 provided the implied rules are activated per default.

B. The CRL is encrypted, so it is useless to attempt to access it.C. You cannot access the CRL, since the Stealth Rule will drop the packetsD. You can only access the CRI via the Security Management Server as the internal CA is located on that

server



QUESTION 298In the SmartView Tracker you receive the error, ...peer send invalid ID information... while trying to establish anIKE VPN tunnel. Where does this error normally result from and how can you solve it? This error normallyresults from:

A. a mismatch in the authentication algorithms used in IKE phase one and can be corrected by changing themto match.

B. an invalid IP address configured on one tunnel endpoint; normally the internal one in the General tab. Thiscan be solved with link selection or by changing this IP to the one facing the other tunnel endpoint.

C. an invalid IP address configured on one tunnel endpoint, normally the internal one in the General tab. Thiscan be resolved by adding the correct IPs to the Topology tab of both Gateways on both sites.

D. a mismatch in the IPs of the VPN tunnel endpoints and can not be resolved.



QUESTION 299How many packets are required for IKE Phase 2?

A. 2B. 12C. 6D. 3



QUESTION 300Fill in the blank: When you want to create a VPN community where all participating gateways are able toconnect to each other, you need to set up a ___________ community.

A. Remote AccessB. Meshed

C. SSL VPND. Star



QUESTION 301Which do you configure to give remote access VPN users a local IP address?

A. Office mode IP poolB. NAT poolC. Encryption domain poolD. Authentication pool



QUESTION 302When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP(gateway)?

A. (6) Delete all IPsec SAs for a given User (Client)B. (7) Delete all IPsec+IKE SAs for a given peer (GW)C. (8) Delete all IPsec+IKE SAs for a given User (Client)D. (5) Delete all IPsec SAs for a given peer (GW)



QUESTION 303When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?

A. (6) Delete all IPsec SAs for a given User (Client)B. (7) Delete all IPsec+IKE SAs for a given peer (GW)C. (5) Delete all IPsec SAs for a given peer (GW)D. (8) Delete all IPsec+IKE SAs for a given User (Client)



QUESTION 304Which of the following statements about file-type recognition in Content Inspection is TRUE?

A. Antivirus status is monitored using SmartView Tracker.B. A scan failure will only occur if the antivirus engine fails to initialize.C. All file types are considered "at risk", and are not configurable by the Administrator or the Security Policy.D. The antivirus engine acts as a proxy, caching the scanned file before delivering it to the client.



QUESTION 305Which antivirus scanning method does not work if the Gateway is connected as a node in proxy mode?

A. Scan by DirectionB. Scan by File TypeC. Scan by ServerD. Scan by IP Address

Correct Answer: ASection: (none)

Explanation


QUESTION 306Which OPSEC server can be used to prevent users from accessing certain Web sites?

A. LEAB. AMONC. UFPD. CVP



QUESTION 307How do you control the maximum number of mail messages in a spool directory?

A. In the Gateway object's SMTP settings under the Advanced windowB. in the smtp.conf file on the Security Management ServerC. In the Security Server window in Global PropertiesD. In IPS SMTP settings



Explanation:

QUESTION 308If you experience unwanted traffic from a specific IP address, how can you stop it most quickly?

A. Check anti-spoofing settingsB. Configure a rule to block the addressC. Create a SAM ruleD. Activate an IPS protection



QUESTION 309URL filtering policy can make exceptions for specific sites by being enforced:

A. Only for specific sources and destinations.B. For all traffic, except on specific sources and destinations.C. For alt traffic, except blocked sites.D. For all traffic. There are no exceptions.



QUESTION 310The URL Filtering Policy can be configured to monitor URLs in order to:

A. Log sites from blocked categories.B. Redirect users to a new URL.C. Block sites only once.D. Alert the Administrator to block a suspicious site.




QUESTION 311Which type of resource could a Security Administrator use to control access to specific file shares on targetmachines?

A. URIB. CIFSC. TelnetD. FTP



QUESTION 312What rules send log information to Dshield.org when Storm Center is configured?

A. Determined in IPS, Dshield Storm Center configuration: Security Management Server sends logs fromrules with tracking set to either Alert or one of the specific User Defined Alerts

B. Determined by the Global Properties configuration: Log defined in the Log and Alerts section, rules withtracking sent to Account or SNMP trap.

C. Determined in Web Intelligence, configuration: Information Disclosure is configured; rules with tracking setto User Defined Alerts or SNMP trap.

D. Determined by the Dshield Storm Center Logging setting in Logs and Master of the Security ManagementServer object rules with tracking set to Log or None.



QUESTION 313A security audit has determined that your unpatched Web application server is accessing a SQL server. WhichIPS setting will allow the Security Gateway to prevent this error page from displaying information about theSQL server in your DMZ?

A. In Web Intelligence / General / HTTP Protocol Inspection, enables ASCII only response headers.B. In web intelligence / HTTP Protocol Inspection, select the box Enforce Strict HTTP response "Pass Any

Exam. Any Time." - www.actualtests.com 176Checkpoint 156-215.75 Examparsing.

C. In application intelligence / FingerPrint Scrambling / WEB Apps, Select the Scramble error messagecheckbox.

D. In Web Intelligence / Information Disclosure / Error Concealment



QUESTION 314Antivirus protection on a Check Point Gateway is available for all of the following protocols, EXCEPT:

A. FTPB. SMTPC. HTTPD. TELNET



QUESTION 315Which Security Servers can perform authentication tasks, but CANNOT perform content security tasks?

A. RHV HTTPSB. FTPC. RLOGIND. HTTP

Correct Answer: C



QUESTION 316Which Security Servers can perform authentication tasks, but CANNOT perform content security tasks?

A. HTTPSB. TelnetC. FTPD. HTTP



QUESTION 317When using the Anti-Virus Content Security, how are different file types analyzed?

A. They are analyzed by their un-encoded format.B. They are analyzed by their magic number.C. They are analyzed by the MIME header.D. They are analyzed by their file extension (i.e. .bat, .exe. .doc)



QUESTION 318Where can you view anti-spam status?

A. SmartView MonitorB. SmartDashboardC. SmartView TrackerD. SmartUpdate



QUESTION 319Where can you view the anti-virus status?

A. SmartDashboard

B. SmartView TrackingC. SmartView MonitorD. SmartUpdate



QUESTION 320You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas.Management wants to report detailing the current software level of each Enterprise class Security Gateway.You plan to take the opportunity to create a proposal outline listing the most cost- effective way to upgradeyour Gateways. Which two SmartConsole applications will you use to create this report and outline?

A. SmartLSM and SmartUpdateB. SmartView Tracker and SmartView MonitorC. SmartView Monitor and SmartUpdateD. SmartDashboard and SmartView Tracker



QUESTION 321Which of the following is a hash algorithm?

A. DESB. IDEAC. MD5D. 3DES



QUESTION 322Which of the following uses the same key to decrypt as it does to encrypt?

A. Asymmetric encryptionB. Symmetric encryptionC. Certificate-based encryptionD. Dynamic encryption



QUESTION 323A digital signature:

A. Provides a secure key exchange mechanism over the InternetB. Automatically exchanges shared keys.C. Guarantees the authenticity and integrity of a message.D. Decrypts data to its original form.



QUESTION 324Your bank's distributed R75 installation has Security Gateways up for renewal. Which SmartConsoleapplication will tell you which Security Gateways have licenses that will expire within the next 30 days?

A. SmartView TrackerB. Smart PortalC. SmartUpdateD. SmartDashboard



QUESTION 325Which component functions as the Internal Certificate Authority for R75?

A. Security GatewayB. Management ServerC. Policy ServerD. SmartLSM



QUESTION 326A third-shift Security Administrator configured and installed a new Security Policy early this morning. When youarrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect theSecurity Gateway virtual memory might be the problem. Which SmartConsole component would you use toverify this?

A. SmartView TrackerB. SmartView MonitorC. This information can only be viewed with fw ctl pstat command from the CLI.D. Eventia Analyzer



QUESTION 327You wish to analyze the packet size distribution of your traffic with SmartView Monitor.

Unfortunately, the message, There are no machines that contain Firewall Blade and SmartView Monitorappears.

A. What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.B. Purchase the SmartView Monitor license for your Security Management Server.C. Purchase the SmartView Monitor license for your Security Gateway.D. Enable Monitoring on your Security Gateway.E. Enable Monitoring on your Security Management Server.



QUESTION 328When troubleshooting NAT entries in SmartView Tracker, which column do we need to check to view theNAT'd source port when using source NAT?

A. XlateDstB. XlateDPortC. XlateSPortD. XlateSrc



QUESTION 329Your company has two headquarters, one in London, one in New York. Each of the headquarters includesseveral branch offices. The branch offices only need to communicate with the headquarters in their country,not with each other, and the headquarters need to communicate directly. What is the BEST configuration forestablishing VPN Communities among the branch offices and their headquarters, and between the twoheadquarters? VPN Communities comprisedof:

A. Three mesh Communities: one for London headquarters and its branches; one for New York headquartersand its branches; and one for London and New York headquarters.

B. Three star Communities: The first one is between New York headquarters and its branches.The second star Community is between London headquarters and its branches. The third star Communityis between New York and London headquarters but it is irrelevant which site is "center" and which"satellite".

C. Two mesh and one star Community: Each mesh Community is set up for each site between headquarterstheir branches. The star Community has New York as the center and London as its satellite.

D. One star Community with the option to mesh the center of the star: New York and London Gateways addedto the center of the star with the "mesh center Gateways" option checked; all London branch offices definedin one satellite window; but, all New York branch offices defined in another satellite window.



QUESTION 330Phase 2 uses ___________, if not using Perfect Forward Secrecy.

A. SymmetricB. ConditionalC. SequentialD. Asymmetric



QUESTION 331Access Role objects define users, machines, and network locations as:

A. One objectB. Credentialed objectsC. Separate objectsD. Linked objects



QUESTION 332If a security gateway enforces three protections, LDAP injection, Malicious Code Protector Rejection, whichcheckpoint license is required in SmartPhone?

A. SmallEvent introB. IPS

C. SSL VPND. Data Loss Prevention



QUESTION 333Using Captive Portal, unidentified users may be blocked, allowed to enter required credentials, or required todownloaD.

A. ICA CertificateB. SecureClientC. Full Endpoint ClientD. Identity Awareness Agent



QUESTION 334What is true about the Rule Base shown?

(i). HTTP traffic from webrome to websingapore will be encrypted

(ii). HTTP traffic from websingapore to webrome will be encrypted

(iii). HTTP traffic from webrome ro websingapore will be encrypted

(iv). HTTP traffic from websingapore to webromw will be blocked

A. (ii) and (iii)B. (iii) and (iv)C. (i), (ii) and (iii)D. (iii) only



QUESTION 335The third-shift Administrator was updating Security Management Server Access settings in Global Propertiesand testing. He managed to lock himself out of his account. How can you unlock this account?

A. Delete the file sdmin.lock in the Security Management Server directory $PWDIR/tmp/B. The fwn lock_admin u <account name> from Security Management Server command lineC. Type fwn unlock_admin u from the Security Gateway command lineD. Type fwn unlock_admin from the Security Management Server Command line




QUESTION 336What command syntax would you use to turn on PDP logging in a distributed environment?

A. pdp tracker onB. pdp log = lC. pdp track = lD. pdp logging on



QUESTION 337

Once an Access Role is configured, in which Rule Bases can it be implemented?

A. DLPB. Mobile AccessC. FirewallD. IPS



QUESTION 338Identity Awareness is implemented to manage access to protected resources based on a user's_____________.

A. LocationB. Application requirementC. Computer MAC addressD. Time of connection



QUESTION 339Which of the following is NOT defined by an Access Role object?

A. Source NetworkB. Source Logging and/or Alerting RuleC. Source MachineD. Source Server



QUESTION 340Which rule is responsible for installation feature?

A. Rule 4B. Rule 8C. Rule 7D. Rule 5




A. Administrator SmartDashboard logout eventB. SecurePlatform expert login eventC. Creation of an administrator using cpconfigD. FTP username authentication failure



QUESTION 342Captive Portal is a _____________ that allows the gateway to request login information from the user.

A. LDAP server add-onB. Transparent network inspection toolC. Separately licensed featureD. Pre-configured and customizable web-based tool



QUESTION 343You plan to create a backup of the rules, objects, policies, and global properties from an R75 SecurityManagement Server. Which of the following backup and restore solution can you use?

1. Upgrade_export and upgrade_import utilities

2. Database revision control

3. SecurePlatform backup utilities

4. Policy package management

5. Manual copies of the $CPDIR/conf directory

A. 2, 4, 5B. 1, 3, 4C. 1, 2, 3D. 1, 2, 3, 4, 5



QUESTION 344You install and deploy SecurePlatform with default settings. You allow visitor Mode in the Gateway object'sRemote Access properties and install policy, but SecureClient refuses to connect. What is the cause of this?

A. Set the Visitor Mode Policy > Global Properties > Remote-Access > VPN AdvancedB. Offline mode is not configuredC. You need to start SSL Network Extended first, then use Visitor ModeD. The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind

to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, orrun Visitor Mode on a different port.

Correct Answer: DSection: (none)

Explanation


QUESTION 345What are you required to do before running the command upgrade_export?

A. Run a cpatop on the Security Management ServerB. Run a cpstop on the Security GatewayC. Close all GUI clientsD. Run cpconfig and set yourself up as a GUI client



QUESTION 346What action CANNOT be run from SmartUpdate R75?

A. Reboot GatewayB. Fetch sync statusC. Get all Gateway DataD. Preinstall verifier



QUESTION 347What happens if the identity of a user is known?

A. If the user credentials do not match an Access Role, the gateway moves onto the next rule.B. If the user credentials do not match an Access Role, the system displays the Captive PortalC. If the user credentials do not match an Access Role, the traffic is automatically droppedD. If the user credentials do not match an Access Role, the system displays a sandbox.



QUESTION 348You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter.You select a standard report as you can see here, you can select the London Gateway.

"Pass Any Exam. Any Time." - www.actualtests.com 194Checkpoint 156-215.75 ExamWhen you attempt to configure the Express Report, you are unable to select Gateway.

What is the reason for this behavior? Give the BEST answer

A. You must enable the Eventia Express Mode on the London GatewayB. You must enable Monitoring in the London Gateway object's General PropertiesC. You have the license for Eventia Reporter in Standard mode onlyD. You must enable the Express Mode inside Eventia Reporter.



QUESTION 349The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). Whatis not a recommended usage of this method?

A. Leveraging identity for Data Center protectionB. Protecting highly sensitive serversC. When accuracy in detecting identity is crucialD. Identity based enforcement for non-AD users (non-Windows and guest users)




QUESTION 350Which of the following are available SmartConsole clients which can be installed from the R75 Windows CD?Read all answer and select the most complete and valid list.

A. SmartView Tracker, CPINFO, SmartUpdateB. SmartView Tracker, SmartDashboard, SmartLSM, SmartView MonitorC. SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView StatusD. Security Policy Editor, Log viewer, Real Time Monitor GUI "Pass Any Exam. Any Time." -

www.actualtests.com 196Checkpoint 156-215.75 Exam



QUESTION 351The Captive Portal tool:

A. Allows access to users already identifiedB. Acquires identities from unidentified usersC. Is deployed from the Identity Awareness page in the Global Properties settingsD. Is only used for guest user authentication



QUESTION 352How can you reset the Security Administrator password that was created during initial Security ManagementServer installation on SecurePlatform?

A. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete thePassword portion of the file. Then log in to the account without a password. You will be prompted to assigna new password.

B. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.C. Type cpm -a, and provide the existing administrator's account name. Reset the Security Administrator's

password.D. As expert user Type fwm -a, and provide the existing administrator's account name. Reset the Security

Administrator's password.



QUESTION 353In the Security Policy shown here, which rule inhibits Rule 4?

A. Rule 3B. Rule 1C. Rule 2D. No rule inhibits Rule 4.



QUESTION 354Which command allows Security Policy name and install date verification on a Security Gateway?

A. fw ver -pB. fw stat -lC. fw show policyD. fw ctl pstat -policy



QUESTION 355Identity Awareness is implemented to manage access to protected resources based on a user's_____________.

A. Time of connectionB. Application requirementC. IdentityD. Computer MAC address



QUESTION 356John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a setof designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gatewaypolicy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

He has received a new laptop and wants to access the HR Web Server from anywhere in the organization.The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk.The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with astatic IP (10.0.0.19).

He wants to move around the organization and continue to have access to the HR Web Server. To make thisscenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs thepolicy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server fromany machine and from any location and installs policy.

John plugged in his laptop to the network on a different network segment and was not able to connect to theHR Web server. What is the next troubleshooting step?

A. John should install the Identity Awareness AgentB. Investigate this as a network connectivity issueC. After enabling Identity Awareness, reboot the gatewayD. He should lock and unlock the computer



QUESTION 357John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers todesignated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gatewaypolicy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The ITdepartment gave the laptop a static IP address, but that limits him to operating it only from his desk. Thecurrent Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with astatic IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR WebServer.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs thepolicy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Serverfrom any machine and from any location.

What should John do when he cannot access the web server from a different personal computer?

A. John should lock and unlock his computerB. John should install the Identity Awareness AgentC. Investigate this as a network connectivity issueD. The access should be changed to authenticate the user instead of the PC



QUESTION 358The CEO of ACME recently bought her own personal iPad. She wants to access the internal Finance Webserver from her iPad. Because the iPad is not a member of the Active Directory domain, she cannot identifyseamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get thesame access as on her office computer. Her access to resources is based on rules in the Firewall Rule Base.

To make this scenario work, the IT administrator must:

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.

2) In the Portal Settings window in the User Access section, make sure that Name and password login isselected.

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Selectaccept as the Action.

When Jennifer McHanry tries to access the resource but is unable. What should she do?

A. Have the security administrator select the Action field of the Firewall Rule "Redirect HTTP connections toan authentication (captive) portal"

B. Install the Identity Awareness agent on her iPadC. Have the security administrator reboot the firewall

D. Have the security administrator select Any for the Machines tab in the appropriate Access Role



QUESTION 359When using LDAP as an authentication method for Identity Awareness, the query:

A. Prompts the user to enter credentials.B. Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security

Gateway.C. Requires client and server side software.D. Is transparent, requiring no client or server side software.



QUESTION 360Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?

A. BridgeB. High AvailabilityC. Lode SharingD. Fail Open



QUESTION 361Identity Awareness can be deployed in which of the following modes?

A. RouterB. DetectC. Lode SharingD. High Availability



QUESTION 362Which of the following is an authentication method used by Identity Awareness?

A. Captive PortalB. PKIC. SSLD. RSA



QUESTION 363Which of the following is an authentication method used by Identity Awareness?

A. PKIB. SSLC. RSAD. LDAP



QUESTION 364What is the purpose of an Identity Agent?

A. Manual entry of user credentials for LDAP authenticationB. Audit a user's access, and send that data to a log serverC. Disable Single Sign OnD. Provide user and machine identity to a gateway



QUESTION 365Users with Identity Awareness Agent installed on their machines login with __________, so that when the userlogs into the domain, that information is also used to meet Identity Awareness credential requests.

A. ICA CertificatesB. Key-loggingC. SecureClientD. Single Sign-On

Correct Answer: D



QUESTION 366Which of the following methods is NOT used by Identity Awareness to catalog identities?

A. AD QueryB. GPOC. Captive PortalD. Identity Agent



QUESTION 367Which of the following is NOT a valid option when configuring access for Captive Portal?

A. According to the Firewall PolicyB. From the InternetC. Through internal interfacesD. Through all interfaces



QUESTION 368How granular may an administrator filter an Access Role?

A. Windows DomainB. AD UserC. Radius GroupD. Specific ICA Certificate



QUESTION 369Captive Portal may be used with HTTPS:

A. No, it only works with FTP

B. YesC. No, it only works with FTP and HTTPD. No, it only works with HTTP




QUESTION 370Where do you verify that SmartDirectory is enabled?

A. Verify that Global Properties > SmartDirectory (LDAP) > Use SmartDirectory (LDAP) for Security Gatewaysis checked

B. Verify that Global Properties > Authentication > Use SmartDirectory (LDAP) for Security Gateways ischecked

C. Verify that Security Gateway > General Properties > Authentication > Use SmartDirectory (LDAP) forSecurity Gateways is checked

D. Verify that Security Gateway > General Properties > SmartDirectory (LDAP) > Use SmartDirectory (LDAP)for Security Gateways is checked



QUESTION 371Where does the security administrator activate Identity Awareness within SmartDashboard?

A. LDAP Server Object > General PropertiesB. Gateway Object > General PropertiesC. Policy > Global Properties > Identity AwarenessD. Security Management Server > Identity Awareness



QUESTION 372To qualify as an Identity Awareness enabled rule, which columns may include an Access Role?

A. TrackB. ActionC. SourceD. User



QUESTION 373Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

A. TACASB. Check Point PasswordC. Windows passwordD. LDAP



QUESTION 374Match the terms with their definitions:

A. A-3, B-4, C-1, D-2B. A-2, B-3, C-4, D-1C. A-3, B-2, C-1, D-4D. A-3, B-2, C-4, D-1



Documents

Checkpoint.actualtests.156 215.75.v2013!10!07.by.clara