156-215.75 Online Practice Questions and Answers

When Jon first installed the system, he forgot to configure DNS servers on his Security Gateway. How could Jon configure DNS servers now that his Security Gateway is in production?

A. Login to the firewall using SSH and run cpconfig, then select Domain Name Servers.

B. Login to the firewall using SSH and run fwm, then select System Configuration and Domain Name Servers.

C. Login to the SmartDashboard, edit the firewall Gateway object, select the tab Interfaces, then Domain Name Servers.

D. Login to the firewall using SSH and run sysconfig, then select Domain Name Servers.

The Security Gateway is installed on SecurePlatform R75. The default port for the Web User Interface is _______.

A. TCP 18211

B. TCP 257

C. TCP 4433

D. TCP 443

When restoring R75 using the command upgrade > Port. Which of the following items is NOT restored?

A. Licenses

B. Global properties

C. SIC Certificates

D. Route tables

Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?

A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.

B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.

C. In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewall to be put into the list via Specific Targets.

D. A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install.

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

A. Are used for securing internal network communications between the SmartDashboard and the Security Management Server.

B. For R75 Security Gateways are created during the Security Management Server installation.

C. Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.

D. Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.

You are a Security Administrator who has installed Security Gateway R75 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following:

1.

Created manual Static NAT rules for the Web server.

2.

Created the following settings in the Global Properties' Network Address Translation screen Allow bidirectional NAT* Translate destination on client side

Do you above settings limit the partner's access?

A. Yes, This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

B. Yes, Both of these settings are only application to automatically NAT rules.

C. No, The first setting is not applicable. The second setting will reduce performance, by translating traffic in the kernel nearest the intranet server.

D. No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing.

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute Only and choosing the target Gateway, the:

A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.

C. SmartUpdate wizard walks the Administrator through a distributed installation.

D. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.

Your current Check Point enterprise consists of one Management Server and four Gateways in four different locations with the following versions:

All devices are running SecurePlatform. You are upgrading your enterprise to R75. Place the required tasks from the following list in the correct order for upgrading your enterprise to R75.

1) Upgrade all gateways to R75 2) Upgrade all gateways 3 and 4 to R 65 3) Upgrade all gateways 2, 3, and 4 to R 65 4) Upgrade all gateway 4 to R 65 5) Perform pre-upgrade verifier on Security management server 6) Perform pre-upgrade verifier on all Gateways 7) Perform License upgrade checker on Gateway 2 8) Perform License upgrade checker on Gateway 3 9) Perform License upgrade checker on Gateway 4 10) Perform License upgrade checker on Security Management Server 11) Perform License upgrade checker on all devices 12) Upgrade security management server to R 70

A. 11, 5, 12, 3, 1

B. 9, 4, 5, 12, 1

C. 5, 6, 12, 1

D. 11, 5, 12, 2, 1

As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

A. in the user object's Authentication screen

B. in the Gateway object's Authentication screen

C. in the Limit tab of the Client Authentication Action Properties screen

D. in the Global Properties Authentication screen

How do you control the maximum number of mail messages in a spool directory?

A. In the Gateway object's SMTP settings under the Advanced window

B. in the smtp.conf file on the Security Management Server

C. In the Security Server window in Global Properties

D. In IPS SMTP settings

The SIC certificate is stored in the directory _______________.

A. $CPDIR/conf

B. $FWDIR/database

C. $CPDIR/registry

D. $FWDIR/conf

What information is found in the SmartView Tracker Management log?

A. Administrator SmartDashboard logout event

B. SecurePlatform expert login event

C. Creation of an administrator using cpconfig

D. FTP username authentication failure

Which command allows Security Policy name and install date verification on a Security Gateway?

A. fw ver -p

B. fw stat -l

C. fw show policy

D. fw ctl pstat -policy

How granular may an administrator filter an Access Role?

A. Windows Domain

B. AD User

C. Radius Group

D. Specific ICA Certificate

Match the terms with their definitions: A. A-3, B-4, C-1, D-2

B. A-2, B-3, C-4, D-1

C. A-3, B-2, C-1, D-4

D. A-3, B-2, C-4, D-1