CheckPoint 156-215.75156-215.75 : Check Point Certified Security Administrator
Leading the way in IT testing and certification tools, www.TestChief.com- 2 -
Important Note, Please Read Carefully
Other TestChief productsA) Offline Testing engineUse the offline Testing engine product topractice the questions in an exam environment.
Build a foundation of knowledge which will be useful also after passing the exam.
Latest VersionWe are constantly reviewing our products. New material is added and old material isrevised. Free updates are available for 90 days after the purchase. You should check yourmember zone at TestChief and update 3-4 days before the scheduled exam date.
Here is the procedure to get the latest version:
1.Go towww.TestChief.com2.Click on Log in3.The latest versions of all purchased products are downloadable from here. Just click thelinks.For most updates,it is enough just to print the new questions at the end of the newversion, not the whole document.
FeedbackIf you spot a possible improvement then please let us know. We always interested inimproving product quality.Feedback should be send to feedback@TestChief.com. You should include the following:Exam number, version, page number, question number, and your login Email.
Our experts will answer your mail promptly.
CopyrightEach iPAD file is a green exe file. if we find out that a particular iPAD Viewer file isbeing distributed by you, TestChief reserves the right to take legal action against youaccording to the International Copyright Laws.
ExplanationsThis product does not include explanations at the moment. If you are interested inproviding explanations for this exam, please contact feedback@TestChief.com.
Leading the way in IT testing and certification tools, www.TestChief.com- 3 -
www.TestChief.com Q: 1 Of the three mechanisms Check Point uses for controllingtraffic, which enables firewalls to incorporate layer 4 awareness in packetinspection?
B. Packet filtering
C. Stateful Inspection
D. Application Intelligence
www.TestChief.com Q: 2 Which of the following statements about Bridge mode isTRUE?
A. When managing a Security Gateway in Bridge mode, it is possible to use a bridgeinterface for Network Address Translation.
B. Assuming a new installation, bridge mode requires changing the existing IP routingof the network.
C. All ClusterXL modes are supported.
D. A bridge must be configured with a pair of interfaces.
www.TestChief.com Q: 3 Which SmartConsole component can Administrators useto track remote administrative activities?
Leading the way in IT testing and certification tools, www.TestChief.com- 4 -
B. Eventia Reporter
C. SmartView Monitor
D. SmartView Tracker
www.TestChief.com Q: 4 Which of the following statements is TRUE aboutmanagement plug-ins?
A. The plug-in is a package installed on the Security Gateway.
B. A management plug-in interacts with a Security Management Server to provide newfeatures and support for new products.
C. Using a plug-in offers full central management only if special licensing is applied tospecific features of the plug-in.
D. Installing a management plug-in is just like an upgrade process. (It overwritesexisting components.)
www.TestChief.com Q: 5 The customer has a small Check Point installation whichincludes one Windows 2003 server as SmartConsole and Security ManagementServer with a second server running SecurePlatform as Security Gateway. This is anexample of a(n):
A. Hybrid Installation.
Leading the way in IT testing and certification tools, www.TestChief.com- 5 -
B. Unsupported configuration.
C. Distributed Installation.
D. Stand-Alone Installation.
www.TestChief.com Q: 6 When doing a Stand-Alone Installation, you would installthe Security Management Server with which other Check Point architecturecomponent?
B. Security Gateway
D. None, Security Management Server would be installed by itself
www.TestChief.com Q: 7 You are a security architect and need to design a securefirewall, VPN and IPS solution. Where would be the best place to install IPS in thetopology if the internal network is already protected?
A. On the firewall itself to protect all connected networks centrally.
B. On each network segment separately.
C. On the LAN is enough, the DMZ does not need to be protected.
D. In front of the firewall is enough.
Leading the way in IT testing and certification tools, www.TestChief.com- 6 -
www.TestChief.com Q: 8 You are installing a Security Management Server. Yoursecurity plan calls for three administrators for this particular server. How many canyou create during installation?
A. Depends on the license installed on the Security Management Server
B. Only one with full access and one with read-only access
D. As many as you want
www.TestChief.com Q: 9 During which step in the installation process is itnecessary to note the fingerprint for first-time verification?
A. When establishing SIC between the Security Management Server and the Gateway
B. When configuring the Security Management Server using cpconfig
C. When configuring the Security Gateway object in SmartDashboard
D. When configuring the Gateway in the WebUl
www.TestChief.com Q: 10 How can you most quickly reset Secure InternalCommunications (SIC) between a Security Management Server and SecurityGateway?
Leading the way in IT testing and certification tools, www.TestChief.com- 7 -
A. Run the command fwm sic-reset to initialize the Internal Certificate Authority (ICA)of the Security Management Server. Then retype the activation key on the SecurityGateway from SmartDashboard.
B. Use SmartDashboard to retype the activation key on the Security Gateway. This willautomatically Sync SIC to both the Security Management Server and Gateway.
C. From cpconfig on the Gateway, choose the Secure Internal Communication optionand retype the activation key. Next, retype the same key in the Gateway object inSmartDashboard and reinitialize Secure Internal Communications (SIC).
D. From the Security Management Server s command line, Type fw putkey Cp < IP Address of security Gateway>.