Category: Checkpoint
At Flydumps,we are positive that our CheckPoint 156-110 preparation material with questions and answers pdf provide most in-depth solutions for individuals that are preparing for the CheckPoint 156-110 exam.Our uodated CheckPoint 156-110 brain dumps will allow you the opportunity to know exactly what to expect on the exam day and ensure that you can pass the exam beyond any doubt.
QUESTION 55
____________________ educate(s) security administrators and end users about organizations’ security policies.
A. Security-awareness training
B. Information Security (INFOSEC) briefings
C. Acceptable-use policies
D. Continuing education
E. Nondisclosure agreements
Correct Answer: A
QUESTION 56
Operating-system fingerprinting uses all of the following, EXCEPT ________, to identify a target operating system.
A. Sequence Verifier
B. Initial sequence number
C. Address spoofing
D. Time to Live
E. IP ID field
Correct Answer: C
QUESTION 57
Organizations _______ risk, when they convince another entity to assume the risk for them.
A. Elevate
B. Assume
C. Deny
D. Transfer
E. Mitigate
Correct Answer: D
QUESTION 58
A(n) _______________ is an unintended communication path that can be used to violate a system security policy.
A. Covert channel
B. Integrity axiom
C. Simple rule violation
D. Inferred fact
E. Aggregated data set
Correct Answer: A
QUESTION 59
To protect its information assets, ABC Company purchases a safeguard that costs $60,000. The annual cost to maintain the safeguard is estimated to be $40,000. The aggregate Annualized Loss Expectancy for the risks the safeguard is expected to mitigate is $50,000.
At this rate of return, how long will it take ABC Company to recoup the cost of the safeguard?
A. ABC Company will never recoup the cost of this safeguard.
B. Less than 7 years
C. Less than 3 years
D. Less than 1 year
E. Less than 5 years
Correct Answer: B
QUESTION 60
ABC Corporation’s network requires users to authenticate to cross the border firewall, and before entering restricted segments. Servers containing sensitive information require separate authentication. This is an example of which type of access-control method?
A. Single sign-on
B. Decentralized access control
C. Hybrid access control
D. Layered access control
E. Mandatory access control
Correct Answer: D
QUESTION 61
The items listed below are examples of ___________________ controls.
*Smart cards *Access control lists *Authentication servers *Auditing
A. Role-based
B. Administrative
C. Technical
D. Physical
E. Mandatory
Correct Answer: C
QUESTION 62
Why does the (ISC)2 access-control systems and methodology functional domain address both the confidentiality and integrity aspects of the Information Security Triad? Access-control systems and methodologies:
A. are required standards in health care and banking.
B. provide redundant systems and data backups.
C. control who is allowed to view and modify information.
D. are academic models not suitable for implementation.
E. set standards for acceptable media-storage devices.
Correct Answer: C
QUESTION 63
_______ intrusion-detection systems learn the behavior of a machine or network, and create a baseline.
A. Behavioral analysis
B. Statistical anomaly
C. Network
D. Pattern matching
E. Host
Correct Answer: B
QUESTION 64
Which of the following best describes the largest security challenge for Remote Offices/Branch Offices?
A. Leased-line security
B. Salami attacks
C. Unauthorized network connectivity
D. Distributed denial-of-service attacks
E. Secure access to remote organizational resources
Correct Answer: E
QUESTION 65
Which of the following is NOT a concern for enterprise physical security?
A. Network Intrusion Detection Systems
B. Social engineering
C. Dumpster diving
D. Property theft
E. Unauthorized access to a facility
Correct Answer: A QUESTION 66
Which of the following should be included in an enterprise Business Continuity Plan (BCP)? (Choose THREE.)
A. Accidental or intentional data deletion
B. Severe weather disasters
C. Employee terminations
D. Employee administrative leave
E. Minor power outages
Correct Answer: ABE
QUESTION 67
Which type of access management uses information about job duties and positions, to indicate subjects’ clearance levels?
A. Discretionary
B. Role-based
C. Nondiscretionary
D. Hybrid
E. Mandatory
Correct Answer: B
QUESTION 68
When attempting to identify OPSEC indicators, information-security professionals must: (Choose THREE.)
A. Discover the information daily activities yield.
B. Meet with adversaries.
C. Perform business impact analysis surveys.
D. Scrutinize their organizations’ daily activities.
E. Analyze indicators, to determine the information an adversary can glean ?both from routine and nonroutine activities.
Correct Answer: ADE
QUESTION 69
Which of the following can be stored on a workstation? (Choose TWO.)
A. Payroll information
B. Data objects used by many employees
C. Databases
D. Interoffice memo
E. Customer correspondence
Correct Answer: DE
QUESTION 70
How is bogus information disseminated?
A. Adversaries sort through trash to find information.
B. Adversaries use anomalous traffic patterns as indicators of unusual activity. They will employ other methods, such as social engineering, to discover the cause of the noise.
C. Adversaries use movement patterns as indicators of activity.
D. Adversaries take advantage of a person’s trust and goodwill.
E. Seemingly, unimportant pieces of data may yield enough information to an adversary, for him to disseminate incorrect information and sound authoritative.
Correct Answer: E
QUESTION 71
Which type of access management allows subjects to control some access of objects for other subjects?
A. Discretionary
B. Hybrid
C. Mandatory
D. Role-based
E. Nondiscretionary
Correct Answer: A
QUESTION 72
Which of the following are enterprise administrative controls? (Choose TWO.)
A. Network access control
B. Facility access control
C. Password authentication
D. Background checks
E. Employee handbooks
Correct Answer: DE
QUESTION 73
You are preparing a machine that will be used as a dedicated Web server.
Which of the following services should NOT be removed?
A. E. IRC
B. SMTP
C. FTP
D. HTTP
E. PVP
Correct Answer: D
QUESTION 74
A new U.S. Federal Information Processing Standard specifies a
cryptographic algorithm. This algorithm is used by U.S. government organizations to protect sensitive,
but unclassified, information. What is the name of this Standard?
A. Triple DES
B. Blowfish
C. AES
D. CAST
E. RSA
Correct Answer: C
QUESTION 75
If a firewall receives traffic not explicitly permitted by its security policy, what should the firewall do?
A. Nothing
B. Do not log and drop the traffic.
C. Log and drop the traffic.
D. Log and pass the traffic.
E. Do not log and pass the traffic.
Correct Answer: C
QUESTION 76
Which of the following statements about encryption’s benefits is false? Encryption can: (Choose TWO.)
A. significantly reduce the chance information will be modified by unauthorized entities.
B. only be used to protect data in transit. Encryption provides no protection to stored data.
C. allow private information to be sent over public networks, in relative safety.
D. significantly reduce the chance information will be viewed by unauthorized entities.
E. prevent information from being destroyed by malicious entities, while in transit.
Correct Answer: BE
QUESTION 77
Which principle of secure design states that a security mechanism’s methods must be testable?
A. Separation of privilege
B. Least common mechanism
C. Complete mediation
D. Open design
E. Economy of mechanism
Correct Answer: D
QUESTION 78
What type of document contains information on alternative business locations, IT resources, and personnel?
A. End-user license agreement
B. Nondisclosure agreement
C. Acceptable use policy
D. Security policy
E. Business continuity plan
Correct Answer: E
QUESTION 79
A(n) ______________________________ is a quantitative review of risks, to determine how an organization will continue to function, in the event a risk is realized.
A. Monitored risk process
B. Disaster-recovery plan
C. Business impact analysis
D. Full interruption test
E. Information security audit
Correct Answer: C
QUESTION 80
Internal intrusions are loosely divided into which categories? (Choose TWO.)
A. Attempts by insiders to perform appropriate acts, on information assets to which they have been given rights or permissions.
B. Attempts by insiders to access resources, without proper access rights.
C. Attempts by insiders to access external resources, without proper access rights.
D. Attempts by insiders to perform inappropriate acts, on external information assets to which they have been given rights or permissions.
E. Attempts by insiders to perform inappropriate acts, on information assets to which they have been given rights or permissions.
Correct Answer: BE
QUESTION 81
A security administrator implements Secure Configuration Verification (SCV), because SCV: (Choose THREE.)
A. Does not enable the administrator to monitor the configuration of remote computers.
B. Can block connectivity for machines that do not comply with the organization’s security policy.
C. Enables the administrator to monitor the configuration of remote computers.
D. Prevents attackers from penetrating headquarters’ Security Gateway.
E. Confirms that a remote configuration complies with the organization’s security policy.
Correct Answer: BCE
Ensure that you are provided with only the best and most updated CheckPoint 156-110 Certification training materials, we also want you to be able to access CheckPoint 156-110 easily, whenever you want.We provide all our CheckPoint 156-110 Certification exam training material in PDF format, which is a very common format found in all computers and gadgets. Now we add the latest CheckPoint 156-110 content and to print and share content.
The 100% valid latest CheckPoint 156-510 question answers ensure you 100% pass! And now we are offering the free CheckPoint 156-510 new version along with the VCE format Checkpoint 156-815 practice test. Free download more new CheckPoint 156-510 PDF and VCE on Flydumps.com.
QUESTION 51
The -u option on fwd designates that this enforcement module allows SecuRemote connections. This option is on by default, true or false?
A. False
B. True
Correct Answer: B QUESTION 52
IP pools can be used in MEP configurations for what purpose?
A. To allow multiple connections from one client
B. To ensure that valid addresses are assigned to clients
C. To reserve connections for clients
D. To prevent asymmetric routing issues
Correct Answer: D QUESTION 53
In a high availability management module situation, in normal circumstances what is true?
A. The primary module is limited to read only access, a secondary can grant read/write access
B. The primary and secondary modules can both grant read/write access
C. The primary and secondary modules are both limited to read only access once initialized
D. The primary module can grant read/write access, a secondary is limited tot read only access
Correct Answer: D QUESTION 54
When displaying FW-1 statistics using the “fw ctl pstat” command, you may see negative values for kernel memory. What is true about this?
A. There is a memory fault
B. FW-1 is currently not active
C. This does not indicate a problem
D. Memory is being over utilized
Correct Answer: C QUESTION 55
To get the most efficient operation, you should place the rules most often matched at the bottom of the rulebase, and the rules least often matched at the top. True or false?
A. False
B. True
Correct Answer: A QUESTION 56
Which default ports are used by LDAP?
A. Port 636 for a standard connection
B. Port 389 for a standard connection
C. Port 389 for a SSL connection
D. Port 636 for a SSL connection
Correct Answer: BD
QUESTION 57
What is the default value for the timeout on cached users, applied when using an LDAP server as a user database?
A. 300 secs
B. 0 secs (ie no caching)
C. 600 secs
D. 900 secs
Correct Answer: D
QUESTION 58
Which two CPMAD parameters are directly used to determine if an attack is taking place?
A. Resolution
B. Action
C. Time_interval
D. Repetitions
E. Mode
Correct Answer: CD
QUESTION 59
In a load sharing SEP configuration, what mechanism is used to ensure that each gateway sees all the traffic it needs to?
A. The gateway cluster IP address is used
B. The receiving gateway forwards the packets to the others
C. All packets are broadcast
D. Each gateways is sent the packets separately
Correct Answer: A
QUESTION 60
Which is the correct format on a Windows platform to enable debug mode in fwd on an enforcement module only server?
A. fwd -d -n
B. fwd -d
C. fw d -d -n
D. fw d -d
Correct Answer: D
QUESTION 61
When configuring an MEP VPN facility, you would specify a backup gateway in the VPN screen of the gateway properties window. What could be the reason for the backup gateway not being available in the drop down list?
A. The backup gateway is already a backup to another gateway
B. The backup gateway is not running VPN-1
C. The backup gateway is not defined as an internal object on this gateway
D. The backup gateway is not defined as an external object on this gateway
Correct Answer: C
We provide CheckPoint 156-510 help and information on a wide range of issues. CheckPoint 156-510 is professional and confidential and your issues will be replied within 12 hous. CheckPoint 156-510 free to send us any questions and we always try our best to keeping our Customers Satisfied.
ATTENTION: Get your CheckPoint 156-315 certification easily with,Flydumps latest CheckPoint 156-315 exam dumps. All the up-to-date questions and answers were added to the new version.Go to the site Flydumps.com to get more CheckPoint 156-315 exam
information.
QUESTION 61
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. Guaranteed per connection
D. Weighted Fair Queuing
E. Guaranteed per VoIP rule
Correct Answer: A
QUESTION 62
Certkiller is a Security Administrator preparing to implement a VPN solution for her multi-site organization
Certkiller.com. To comply with industry regulations,
Mrs. Bill VPN solution must meet the following requirements:
*
Portability: standard
*
Key management: Automatic, external PKI
*
Session keys: Changed at configured times during a connection’s lifetime
*
key length: No less than 128-bit
*
Data integrity: Secure against inversion and brute-force attacks
What is the most appropriate setting Jack should choose?
A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 ash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash
Correct Answer: D
QUESTION 63
Your current VPN-1 NG Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies. How do you request a new license for this VPN-1 NGX upgrade?
A. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP addres. Request a new local license for the NGX VPN-1 Pro Gateway.
B. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP addres. Request a new central license for the NGX VPN-1 Pro Gateway.
C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
D. Request a VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway, licenses for the existing SmartCenter Server IP address.
Correct Answer: C
QUESTION 64
Certkiller is a Security Administrator for Certkiller.com. Certkiller.com has two sites using pre-shared secrets in its VPN. The two sites are Boston and New York. Jack has just been informed that a new office is opening in Houston, and she must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the New York Security Gateway. Mrs. Bill decides to switch from a pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Houston gateway object with the proper VPN domain, what are Certkiller’s remaining steps?
1.
Disable “Pre-shared Secret” on the Boston and New York gateway objects.
2.
Add the Houston gateway object into the New York and Boston’s mesh VPN Community.
3.
Manually generate ICA Certificates for all three Security Gateways.
4.
Configure “Traditional mode VPN configuration” in the Houston gateway object’s VPN screen.
5.
Reinstall the Security Policy on all three Security Gateways
A. 1-2-5
B. 1-3-4-5
C. 1-2-3-5
D. 1-2-4-5
E. 1-2-3-4
Correct Answer: C QUESTION 65
Which component functions as the Internal Cerrificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway
Correct Answer: B
QUESTION 66
Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?
A. FTP
B. SMTP
C. Telnet
D. HTTP
E. rlogin
Correct Answer: B
QUESTION 67
Certkiller.com has two headquarters, one in Los Angeles and one in Mumbai. Each headquarter includes several branch offices. The branch office only need to communicate with the headquarter in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN communities among the branch offices and their headquarters, and between the two headquarters? VNP communities comprised of:
A. Two star and one mesh community; each start Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between Mumbai and Los Angeles headquarters.
B. Three mesh Communities: one for Los Angeles and its branches, one for Mumbai headquarters and its branches, and one for Los Angeles and Mumbai headquarters.
C. Two mesh Communities, one for each headquarters; and one start Community, in which Los Angeles is the center of the Community and Mumbai is the satellite.
D. Two mesh Communities, one for each headquarters; and one start Community, in which Mumbai is the center of the Community and Los Angeles is the satellite.
Correct Answer: A
QUESTION 68
Certkiller wants to protect internal users from malicious Java code, but Jack does not want to strop Java
scripts.
Which is the best configuration option?
A. Use the URI resource to block Java code
B. Use CVP in the URI resource to block Java code
C. Use the URI resource to strop ActiveX tags
D. Use the URI resource to strop applet tags
E. Use the URI resource to strop script tags
Correct Answer: A
QUESTION 69
You want to block corporate-internal-net and localnet from accessing Web sites containing inappropriate content. You are using WebTrends for URL filtering. You have disabled VPN-1 Control connections in the Global properties. Review the diagram and the Security Policies for Certkiller 1 and Certkiller 2 in the exhibit provided. Corporate users and localnet users receive message “Web cannot be displayed”. In SmartView Tracker, you see the connections are dropped with the message “content security is not reachable”. What is the problem, and how do you fix it?
A. The connection from Certkiller 2 to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in Certkiller 1’s Policy to allow source WebTrendsServer, destination Certkiller 2, service TCP port 18182, and action accept.
B. The connection from Certkiller 2 to the WebTrends server is not allowed in the Policy. Fix: Add a rule in Certkiller 2’s Policy with Source Certkiller 2, destination WebTrends server, service TCP port 18182, and action accept.
C. The connection from Certkiller 1 to the internal WebTrends server is not allowed in the Policy Fix: Add a rule in Certkiller 2’s Policy with source WebTrendsServer, destination Certkiller 1, service TCP port 18182, and action accept.
D. The connection from Certkiller 1 to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in Certkiller 2’s Policy with source Certkiller 1, destination WebTrends server, service TCP port 18182, and action accept.
E. The connection from Certkiller 1 to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in Certkiller 1’s Policy to allow source Certkiller 1, destination WebTrends server, service TCP port 18182, and action accept.
Correct Answer:
QUESTION 70
Which service type does NOT invoke a Security Server?
A. HTTP
B. FTP
C. Telnet
D. CIFS
E. SMTP
Correct Answer: D
QUESTION 71
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit.
After being authenticated by the Security Gateway when a user starts an HTTP connection to a Web site the user tries to FTP to another site using the command line. What happens to the user? The….
A. FTP session is dropprd by the implicit Cleanup Rule.
B. User is prompted from the FTP site only, and does not need to enter username and password for the Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.
Correct Answer: B
QUESTION 72
What is the command to see the licenses of the Security Gateway Certkiller from your SmartCenter Server?
A. print Certkiller
B. fw licprint Certkiller
C. fw tab -t fwlic Certkiller
D. cplic print Certkiller
E. fw lic print Certkiller
Correct Answer: D
QUESTION 73
Ophelia is the security Administrator for a shipping company. Her company uses a custom application to update the distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateways Rule Base includes a rule to accept this traffic. Ophelia needs to be notified, via atext message to her cellular phone, whenever traffic is accepted on this rule. Which of the following options is MOST appropriate for Ophelia’s requirement?
A. User-defined alert script
B. Logging implied rules
C. SmartViewMonitor
D. Pop-up API
E. SNMP trap
Correct Answer: A
QUESTION 74
Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server:
A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application.
B. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
E. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
Correct Answer: A
QUESTION 75
Which of the following is the final step in an NGXbackup?
A. Test restoration in a non-production environment, using the upgradeimport command
B. Move the *.tgz file to another location
C. Run the upgradeexport command
D. Copy the conf directory to another location
E. Run the cpstop command
Correct Answer: B
Preparing CheckPoint 156-315 exam is not difficult now.You can prepare from CheckPoint 156-315 Certification or Microsoft 70-576 dumps.Here we have mentioned some sample questions.You can use our CheckPoint 156-315 study material notes for test preparation. Latest CheckPoint 156-815 study material available.
Do not you know how to choose the Checkpoint 156-215 exam dumps? Being worried about your Checkpoint 156-215 exam? Just try Flydumps new version Checkpoint 156-215 exam dumps.High pass rate and money back guarantee!
QUESTION 45
What does schema checking do?
A. Issues Certificates, and register the Certificates with the VPN-1 NGX Internal Certificate Authority
B. Maps LDAP objects to objects in the VPN-1 NGX objects.c file
C. Provides topology downloads for SecuRemote and SecureClient users authenticated by an LDAP server
D. Authenticates users attempting to access resources protected by a VPN-1 NGX Security Gateway
E. Verifies that every object class, and its associated attributes, is defined in the directory schema
Correct Answer: E
QUESTION 46
As a Security Administrator, you must configure anti-spoofing on Secure Gateway interfaces, to protect your internal networks. What is the correct anti-spoofing setting on interface ETH1 in this network diagram? NOTE: In the DMZ, mail server 192.168.16.10 is statically translated to the object “mail_valid”, with IP address 210.210.210.3. FTP server 192.168.16.15 is statically translated to the object “ftp_valid”, with IP address 210.210.210.5.
A. A group object that includes the 10.10.20.0/24 and 10.10.10.0/24 networks
B. A group object that includes the 10.10.0.0/16 network object, mail_valid host, and FTP_valid host object
C. A group object that includes the 10.10.10.0/24 and 192.168.16.0/24 networks
D. A group object that includes the 192.168.16.0/24 and 10.10.0.0/16 networks
E. A group object that includes the 10.10.0.0/16 and 192.168.16.0/24 networks, and mail_valid and ftp_valid host objects
Correct Answer: A
QUESTION 47
When you use the Global Properties’ default settings, which type of traffic will be dropped, if no explicit rule allows the traffic?
A. IKE and rDP traffic
B. Outgoing traffic originating from the Security gateway.
C. SmartUpdate connections
D. Firewall logging and ICA key-exchange information.
E. RIP traffic
Correct Answer: E
QUESTION 48
By default, when you click File > Switch Active File from SmartView Tracker, the smartCenter Server:
A. Purges the current log, and prompts you for the new log’s mode.
B. Prompts you to enter a file name, then saves the log file.
C. Saves the current log file, names the log file by date and time, and starts a new log file.
D. Opens a new window with a previously saved log file.
E. Purges the current log file, and starts a new log file.
Correct Answer: C
QUESTION 49
If you check the box “Use Aggressive Mode”, in the IKE Properties dialog box:
A. The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange
B. The standard three-packet IKE Phase 2 exchange is replaced by a six-packet exchange
C. The standard six-packet IKE Phase 2 exchange is replaced by a three-packet exchange
D. The standard three-packet IKE Phase 1 exchange is replaced by a six-packet exchange
Correct Answer: A
QUESTION 50
Jordan’s company is streaming training videos provided by a third party on the Internet. Jordan configures VPN-1 NGX, so that each department ONLY views webcasts specific to its department. Jordan created and configured the multicast groups for all interfaces, and configures them to “Drop all multicast packets except those whose destination is in the list”. But no multicast transmissions are coming from the Internet. What is possible causes fro the connection problem?
A. Multicast groups are configured improperly on the external interface properties of the Security Gateway object.
B. Anti-spoofing is enabled. VPN-1 NGX cannot pass multicast traffic, if anti-spoofing is enabled.
C. Jordan did not create the necessary “to and through” rules, defining how VPN-1 NGX will handle the multicast traffic.
D. VPN-1 NGX does not support multicast routing protocols and streaming media through the Security Gateway.
E. The Multicast Rule is below the Stealth Rule. VPN-1 NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
Correct Answer: A
QUESTION 51
Your SmartCenter Server fails and does not reboot. One of your remote Security Gateways, managed by the SmartCenter Server, reboots. What happens to that remote Gateway after reboot?
A. Since the SmartCenter Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway.
B. Since the SmartCenter Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.
C. Since the SmartCenter Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway.
D. Since the SmartCenter Server is not available to the remote Gateway, fetching the Security Policy and logging will both fail.
E. The remote Gateway fetches the last installed Security Policy locally, and passes traffic normally. The Gateway will log locally, since the SmartCenter Server is not available.
Correct Answer: E
QUESTION 52
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. SmartConsole
B. SmartCenter Server
C. Policy Server
D. SmartLSM
E. Security Gateway
Correct Answer: B
QUESTION 53
Robert has configured a CIFS resource to allow access to the public partition of his company’s file server,
on \\erisco\goldenapple\files\public. Robert receives reports that users are unable to access the share,
unless they use the file server’s IP address.
Which of the following is a possible cause?
A. the CIFS resource is not configured to use Windows name resolution
B. Mapped shares are not configured to log.
C. Null CIFS sessions are configured to be blocked
D. Remote registry access is configured to be blocked.
E. Access violations are not configured to log.
Correct Answer: A
QUESTION 54
Barak is a Security Administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?
A. 1, 2, 3, 4
B. 1, 2, 5
C. 1, 2, 3, 5
D. 1, 3, 4, 5
E. 1, 2, 3, 4, 5
Correct Answer: E
QUESTION 55
You want to establish a VPN, using Certificates. Your VPN will exchange Certificates with an external partner. Which of the following activities should you do first?
A. Exchange a shared secret, before importing Certificates.
B. Create a new logical-server object, to represent your partner’s CA.
C. Create a new server object, to represent your partner’s Certificate Authority (CA)
D. Manually import your partner’s Certificate Revocation List.
E. Manually import your partner’s Access Control list.
Correct Answer: C
QUESTION 56
There is a Web server behind your perimeter Security Gateway. You need to protect the server from network attackers, who creates scripts that force your Web server to send user credentials or identities to other Web servers. Which box do you check in the Web Intelligence tab in SmartDashboard?
A. Command Injection protection
B. SQL Injection protection
C. HTTP header format checking
D. HTTP protocol inspection protection
E. Cross Site Scripting protection
Correct Answer: E
QUESTION 57
How do you control the maximum mail messages in a spool directory?
A. In the SMTP resource object
B. In the smtp.conf file on the SmartCenter Server
C. In the gateway object’s SMTP settings in the Advanced window
D. In SmartDefense SMTP settings
E. In the Security Server window in Global Properties
Correct Answer: C
QUESTION 58
Quinton is the Security Administrator for a chain of retail stores. In a recent security newsletter, Quinton read about an attack where a client fools a server into sending large amount of data, using small packets. Quinton is concerned that this company’s servers might be vulnerable to this type of attack. Which smartDefense option should Quinton use to protect the servers?
A. Application Intelligence > DNS > Cache poisoning
B. Network Security > Successive events > DoS
C. Network Security > TCP > Small PMTU
D. Application Intelligence > Microsoft Networks > File and Print Sharing
E. Network Security > Denial of Service > LAND
Correct Answer: C QUESTION 59
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 999
B. Rule 0
C. Rule 1
D. Cleanup Rule
E. Stealth Rule
Correct Answer: B
QUESTION 60
Sonny is the Security Administrator for a company with a large call center. The management team in the center is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center’s network is protected by an internal Security Gateway, configured to drop peer-to-peer file-sharing traffic. The call-center management team wants to know if the Security Gateway protecting the call center drops more packets than other internal Security Gateways in the corporate network. Which application should Sonny use, determine the number of packets dropped by each Gateway?
A. SmartView Status
B. SmartView Monitor
C. SmartDashboad
D. SmartView Tracker
E. SmartUpdate
Correct Answer: B
QUESTION 61
Katie is the Security Administrator for an insurance company. Her manager gives Katie the following requirements for controlling DNS traffic:
*
Required Result #1: Accept domain name-over-TCP traffic (zone-transfer traffic).
*
Required Result #2: Log domain name-over-TCP traffic (zone-transfer traffic).
*
Desired Result #1: Accept domain name-over-UDP traffic (queries traffic)
*
Desired Result #2: Do not log domain name-over-UDP traffic (queries traffic)
*
Desired Result #3: Do not clutter the Rule Base, by creating explicit rules for traffic that can be controlled using Global Properties. Katie makes the following configuration changes, and installs the Security Policy:
1.
She selects the box “Accept Domain Name over TCP (Zone transfer)” in Global Properties.
2.
She selects the box “Accept Domain Name over UDP (Queries)” in Global Properties.
3.
She selects the box “Log Implied Rules” in Global Properties Does Katie’s solution meet the required and desired results?
A. The solution meets all required results, and none of the desired results.
B. The solution does not meet the required results.
C. The solution meets all required and desired results.
D. The solution meets the required results, and one of the desired results.
E. The solution meets the required results, and two of the desired results.
Correct Answer: E
QUESTION 62
David is a consultant for a software-deployment company. David is working at a customer’s site this week. David’s ask is to create a map of the customer’s VPN tunnels, including down and destroyed tunnels. Which SmartConsole application will provide David with the information needed to create this map?
A. SmartView Tracker
B. SmartLSM
C. SmartView Monitor
D. SmartView Status
E. SmartUpdate
Correct Answer: C
QUESTION 63
Gail is the Security Administrator for a marketing firm. Gail is working with the networking team, to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks Gail to check he configuration settings for the perimeter Security Gateway. Which SmartConsole application should Gail use to check the configuration settings?
A. SmartView Tracker
B. SmartView Monitor
C. SmartUpdate
D. SmartDashboard
E. SmartView Status
Correct Answer: D
QUESTION 64
One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive an error message “unknown”. What is the problem?
A. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
B. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.
C. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX.
D. The Internal Certificate Authority for the SmartCenter object has been removed from objects_5_0.c.
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection.
Correct Answer: E
Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises,Checkpoint 156-215 helps you master the concepts and techniques that will enable you to succeed on the Checkpoint 156-215 exam the first time.
Flydumps just published the newest Checkpoint 156-816 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Checkpoint 156-816 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Checkpoint 156-816 version VCE Player along with your VCE dumps.
QUESTION 47
Consider the following scenario: Your network configuration requires that you configure a single interface on the VSX Gateway to lead to multiple networks. A different Virtual System must protect each network sending traffic through the VSX Gateway. You configured a dedicated management interface on the VSX Gateway, along with 1 External Virtual Router and 4 Virtual Systems, one for each Customer. Which of the following hardware devices must be used to connect the different networks to the single shared interface?
A. Frame cache-redirection enabled switch
B. Content-intelligent switch
C. Jumbo frame-enabled switch
D. Router
E. VLAN-capable switch
Correct Answer: E
QUESTION 48
Which of the following VLAN membership types is considered explicit in its propagation?
A. Application-based
B. Protocol-based
C. Session-based
D. MAC address-based
Correct Answer: B
QUESTION 49
Which of the following VSX components maintain layer 3 connectivity?
A. Virtual System in Bridge mode
B. Internal Virtual Switch
C. External Virtual Switch
D. Virtual Router
E. VLAN interface
Correct Answer: D
QUESTION 50
A Virtual System in Bridge mode can:
A. Operate without IP addresses.
B. Participate in VPNs.
C. Segment an existing network.
D. Perform NAT.
E. Automatically include a spanning tree protocol for multi-switch environments.
Correct Answer: A
QUESTION 51
Consider the following scenario: A hub connects four hosts to a VLAN-Tagged port on a switch. The hosts have IP addresses ranging from 10.0.0.1 to 10.0.0.4. The switch adds a VLAN Tag of 400 to all communication passing through it. Once communication from the second host on the hub passes through the switch port on the way to its destination on the external network, how does the traffic appear in SmartView Tracker? Assume that traffic enters the Gateway on interface eth3.
A. eth3.2
B. eth3.400.2
C. eth3.400
D. eth3.2.400
E. eth3.402
Correct Answer: C
QUESTION 52
Which of the following is NOT a virtual device that can be defined on a VSX Gateway?
A. Warp interface
B. Physical Interface
C. Virtual System
D. Virtual Switch
E. Virtual Router
Correct Answer: B
QUESTION 53
When configuring the interfaces for Virtual Systems leading to a Virtual Switch, which of the following is required?
A. IP addresses on separate networks
B. IP addresses on the same network
C. Shared CMA management of the Virtual Systems
D. Unique subnet-mask settings
E. Different default Gateways
Correct Answer: B
QUESTION 54
When configuring a VLAN environment for your VSX Gateway, you must first define the interface as VLAN-capable. Where is this interface configured?
A. Topology tab of the External Virtual Router
B. System Interfaces Allocation tab of the VSX Gateway object
C. System Interfaces tab of the VSX Gateway object
D. Resources tab of the Virtual System object
E. Topology tab of the Virtual System object
Correct Answer: C
QUESTION 55
Bridged Virtual Systems in a cluster monitor which of the following protocols, to fail over a bridged system?
A. VTP
B. MPLS
C. BPDU
D. STP
E. OSPF
Correct Answer: C
QUESTION 56
Virtual Switches make packet-forwarding decisions based on which of the following?
A. Subnet mask
B. MAC address
C. Routing table
D. IP address
E. Traffic flow direction
Correct Answer: B
QUESTION 57
Which of the following virtual devices will NOT fail over, if its interface fails in a VSX High Availability configuration?
A. Virtual System in Bridge mode
B. External Virtual Router
C. Internal Virtual Router
D. Virtual System with VLAN interfaces
E. Management Virtual System interface
Correct Answer: A
QUESTION 58
When configuring Virtual Switch leading to the Internet, which of the following items is required when creating a Virtual Switch object?
A. Subnet mask
B. VLAN Tag
C. IP address
D. Dedicated interface
E. Default Gateway
Correct Answer: D
QUESTION 59
At installation, the _________ is bound to all configured physical interfaces of a VSX Gateway, UNLESS the interfaces are specifically assigned to another component.
A. VSX Management Server
B. External Virtual Router
C. Synchronization Network
D. Management Virtual System
E. Internal Virtual Router
Correct Answer: D
QUESTION 60
When configuring a new Virtual System for your VSX Gateway configuration, what should you do first?
A. Create a new Customer and CMA, to be used as the Virtual System’s Management Server.
B. Open the Admin CMA SmartDashboard, and create a new CMA object to be used as the Virtual System’s Management Server.
C. Add a new Virtual System to the Main Customer, so that the Admin CMA can be used as the Management Server.
D. Open the Global SmartDashboard, and create a new Virtual System object.
E. Open the Admin CMA SmartDashboard, and create a new Virtual System object.
Correct Answer: A
QUESTION 61
A Virtual Router performs which of the following tasks?
A. Security Policy application for protected customer networks
B. Inter-Virtual System routing
C. Synchronization between VSX Gateways in a cluster
D. Network Address Translation for protected customer networks
E. Packet inspection for protected customer networks
Correct Answer: B
QUESTION 62
If you open the Policy Editor for a Virtual System in your VSX configuration and change the Global Properties settings to accept ICMP requests, which of the following occurs?
A. The settings for all Virtual Systems attached to the same Admin CMA are changed.
B. The settings for all Virtual Systems within a Customer are changed, regardless of CMA association.
C. No change takes place on any Policy. Global properties can only be configured in the Global Policy Editor.
D. The settings for all Virtual Systems on the MDS are updated to reflect the change.
E. The settings for all Virtual Systems managed by the same Customer CMA are changed.
Correct Answer: E
QUESTION 63
Which interface of the Management Virtual System (MVS) can be compared to the external interface of a traditional Security Gateway?
A. Warp interface leading from the MVS to the External Virtual Router
B. None; the External Virtual Router acts as the external interface to all Virtual Systems configured on the VSX Gateway.
C. Dedicated management interface, typically eth0
D. Synchronization interface
E. Virtual interface leading from the MVS to the External Virtual Router
Correct Answer: A
QUESTION 64
If a VSX Gateway is protecting multiple customer networks behind only one shared interface, the VSX Administrator must either configure __________ for source-based routing, or deploy a VLAN solution.
A. An Internal Virtual Router
B. Non-VLAN Interface Trunking
C. VSX Gateway High Availability
D. VSX Gateway Load Sharing
E. Multiple External Virtual Routers
Correct Answer: A
QUESTION 65
Which of the following is the only interface configured by running sysconfig, during the installation of a VSX Gateway in a single Gateway environment?
A. Synchronization interface
B. Dedicated Customer interface
C. Internal Virtual Router interface
D. Management interface
E. External interface
Correct Answer: D
QUESTION 66
The __________ forwards packets between interfaces of a Virtual System.
A. Internal Packet Routing Module
B. Context Identification Module
C. Virtual IP Stack
D. External Virtual Router
E. Virtual Switch
Correct Answer: C
QUESTION 67
The External Virtual Router is associated with a dedicated interface. It is considered to be which type of interface?
A. Warp
B. Synchronization
C. Virtual
D. Physical
E. Symbolic
Correct Answer: D
QUESTION 68
When installing the Security Policy of a Management Virtual System (MVS), what objects are available for Policy installation, other than the MVS?
A. All configured Virtual Routers
B. No other object is available for Policy installation.
C. All configured Virtual Systems
D. All configured Virtual Systems and the External Virtual Router
E. All configured Virtual Switches
Correct Answer: A
QUESTION 69
When configuring the VSX Gateway, it is important to reboot after running which of the following commands for the first time?
A. vsx sysconfig
B. fwconfig
C. cpconfig
D. cpconfig vsx
E. vsxconfig
Correct Answer: C
QUESTION 70
The __________ interface is configured in a VLAN environment, to allow multiple Virtual Systems to share a single physical interface on a VSX Gateway.
A. Synchronization
B. Warp
C. Symbolic
D. Physical
E. Virtual
Correct Answer: E
QUESTION 71
Which of the following virtual devices will NOT fail over, if its interface fails in a VSX High Availability configuration?
A. Virtual Switch
B. Virtual System with VLAN interfaces
C. Management Virtual System interfaces
D. External Virtual Router
E. Virtual System with dedicated interfaces
Correct Answer: A
QUESTION 72
A Virtual System in Bridge mode is a Virtual System that implements:
A. Dynamic IP routing.
B. Native layer-2 communications.
C. VLAN Tagging.
D. IP routing.
E. Network Address Translation.
Correct Answer: B
QUESTION 73
When deploying a VSX Gateway managed by a Provider-1 MDS, how many Certificate Authorities will the deployment have?
A. Three; one for the SmartCenter Server, one shared by all Virtual Systems, and one shared by all Virtual Routers
B. One, shared by all components
C. One for each CMA in your configuration
D. One for each Virtual System and Virtual Router configured on the VSX Gateway
E. Two; one for the SmartCenter Server, and one shared by all Virtual Systems and Virtual Routers
Correct Answer: C
QUESTION 74
When configuring Virtual Switch leading to the Internet, which of the following items is required when creating a Virtual Switch object?
A. Subnet mask
B. VLAN Tag
C. IP address
D. Dedicated interface
E. Default Gateway
Correct Answer: D QUESTION 75
A Virtual Router performs which of the following tasks?
A. Packet forwarding without inspection
B. IP spoofing inspection for protected customer networks
C. Layer 2 packet forwarding
D. VLAN Tagging
E. Routing from Virtual Systems to the Internet
Correct Answer: E
The Cisco contains more than 400 practice questions for the Checkpoint 156-816 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Checkpoint 156-816 exams network simulation software.