Welcome to download the newest Pass4itsure 70-210 dumps:
If you want to pass CheckPoint 156-215 successfully,do not missing to read Flydumps latest ChecPoint 156-215 practice tests.100% Guarantee! All the dumps are updated timely.
QUESTION 141
R71’s INSPECT Engine inserts itself into the kernel between which tow layers of the OSl model?
A. Physical and Data
B. Session and Transport
C. Presentation and Application
D. Data and Network
Correct Answer: C
QUESTION 142
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the “I”, “I”, and ‘o’ inspection points, but not in the ‘O’ inspection. Which is the likely source of the issue?
A. The packet has been sent out through a VPN tunnel unencrypted.
B. An IPSO ACL has blocked the outbound passage of the packet.
C. A SmartDefense module has blocked the packet
D. It is an issue with NAT
Correct Answer: D
QUESTION 143
Your company has two headquarters, one in London, and one in New York Each office includes ActualTests.com several branch offices. The branch offices need to rate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the center of the Community and its branches as satellites The mesh Community includes only New York and London Gateways.
B. One star Community with the option to “mesh” the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite window.
C. Two mesh and one star Community One mesh Community is set up for each of the headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite.
D. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
Correct Answer: A
QUESTION 144
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped Security Policy?
A. Pop-up alert script
B. User-defined alert script
C. Custom scripts cannot be executed through alert scripts
D. SNMP trap alert script
Correct Answer: B
QUESTION 145
The command fw fetch causes the:
A. Security Management Server to retrieve the IP addresses of the target Security Gateway. ActualTests.com
B. Security Gateway to retrieve the compiled policy and inspect code from the Security Management Server and install it to the kernel
C. Security Gateway to retrieve the user database information from the tables on the Security Management Server
D. Security Management Server to retrieve the debug logs of the target Security Gateway
Correct Answer: B
QUESTION 146
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credential. What must happen after authentication that
“Pass Any Exam. Any Time.” – www.actualtests.com 58 Checkpoint 156-215-71: Practice Exam allows the client to connect to the Security Gateway’s VPN domain?
A. Active-X must be allowed on the client.
B. An office mode address must be obtained by the client.
C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
D. The SNX client application must be installed on the client.
Correct Answer: A
QUESTION 147
Which authentication type requires specifying a contact agent in the Rule Base?
A. Client Authentication with Partially Automatic Sign On
B. User Authentication
C. Session Authentication
D. Client Authentication with Manual Sign On
Correct Answer: C
QUESTION 148
You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it m real time and verify it is successfully blocked?
A. Highlight the suspicious connection in SmartView Tracker > Active mode. Block it using Tools > ActualTests.com Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
B. Highlight the suspicious connection in SmartView Tracker > Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
C. Highlight the suspicious connection in SmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
D. Highlight the suspicious connection in SmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
Correct Answer: B
QUESTION 149
Your network includes a SecurePlatform machine running NG with Application Intelligence (Al) R55. This configuration acts as both the primary Security Management Server and VPN-1 Pro Gateway. You add one machine, so you can implement Security Gateway R71 in a distributed environment. The new machine is an Intel CoreDuo processor, with 2 GB RAM and a 500-GB hard drive. How do you use these two machines to successfully migrate the NG with Al R55 configuration?
A. 1. On the existing machine, export the NG with AJ R55 configuration to a network share.
2.
Insert the R71 CD-ROM in the old machine Install the R7D Security Gateway only while reinstalling the SecurePlatform OS over the top of the existing installation. Complete sysconfig.
3.
On the new machine, install SecurePlatform as the primary Security Management Server only.
4.
Transfer the exported. tgz file into the new machine, import the configuration, and then reboot
5.
Open SmartDashboard, change the Gateway object to the new version, and reset SIC for the
Gateway object.
B. 1. Export the configuration on the existing machine to a tape drive
2.
Uninstall the Security Management Server from the existing machine, using sysconfig.
3.
Insert the R71 CD-ROM. run the patch add CD-ROM command to upgrade the existing machine to the R71 Security Gateway, and reboot
4.
Install a new primary Security Management Server on the new machine
5.
Change the Gateway object to the new version, and reset SIC
C. 1. Export the configuration on the existing machine to a network share
2.
Uninstall the Security Gateway from the existing machine, using sysconfig
3.
Insert the R71 CD ROM. and run the patch add CD-HGM command to upgrade the Security
Management Server to Security Gateway R 70
4.
Select upgrade with imported file, and reboot
5.
Install a new R71 Security Gateway as the only module on the new machine, and reset SIC to the new Gateway ActualTests.com
D. 1. Export the configuration on the existing machine as a backup only
2.
Edit $FWDIR\product. conf on the existing machine, to disable the VPN-1 Pro Gateway package
3.
Reboot the existing machine
4.
Perform an in place upgrade on the Security Management Server using the command “patch odd cd”
5.
On the new machine, install SecurePlatform as the R71 Security Gateway only
6.
Run sysconfig to complete the configuration
7.
From SmartDashboard, reconfigure the Gateway object to the new version, and reset SIC
Correct Answer: A
QUESTION 150
How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Rule as the first explicit rule?
A. You can access the Revocation list by means of a browser using the URL: <https: //IP-FW: 18264/ICA_CRLI.crl> provided the implied rules are activated per default
B. The CRL is encrypted, so it is useless to attempt to access it.
C. You cannot access the CRL, since the Stealth Rule will drop the packets
D. You can only access the CRI via the Security Management Server as the internal CA is located on that server
Correct Answer: A
QUESTION 151
What port is used for communication to the User Center with SmartUpdate?
A. CPMI200
B. HTTPS443
C. HTTP 80
D. TCP 8080
Correct Answer: B
QUESTION 152
ActualTests.com You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interface and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/conf/route.C
B. /etc/sysconfig/netconf.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
Correct Answer: B
QUESTION 153
You are Security Administrator preparing to deploy a new HFA (HOTfix Accumulator) to ten Security Gateways at five geographically separate locations.
What is the BEST method to implement this HFA?
A. Send a Certified Security Engineer to each site to perform the update.
B. Use SmartUpdate to install the packages to each of the Security Gateways remotely
C. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, imitate a remote installation command and monitor the installation progress with SmartView Monitor
D. Send a CD-ROM with the HFA to each location and have local personnel install it.
Correct Answer: B
QUESTION 154
You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as the default user expert and start cpinfo.
B. No action is needed because cpshell has a timeout of one hour by default.
C. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinto.
Correct Answer: C
QUESTION 155
Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. Policy Package management
B. dbexport/dbimport
C. Database Revision Control
D. upgrade_export/upgrade_import
Correct Answer: C QUESTION 156
Your Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker’s IP at a peak time of day?
A. SAM – Block Intruder feature of SmartView Tracker
B. Intrusion Detection System (IDS) Policy install
C. SAM – Suspicious Activity Rules feature of SmartView Monitor
D. Change the Rule Base and install the Policy to all Security Gateways
Correct Answer: C QUESTION 157
Which of the following statements about the Port Scanning feature of IPS is TRUE?
A. The default scan detection is when more than 500 open inactive ports are open for a period of 120 seconds
B. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
C. Port Scanning does not block scanning; it detects port scans with one of three levels of detection sensitivity.
D. When a port scan is detected, only a log is issued, never an alert ActualTests.com
Correct Answer: C QUESTION 158
Certificates for Security Gateways are created during a simple initialization from______.
A. SmartUpdate
B. sysconfig
C. The ICA management tool.
D. SmartDashboard
Correct Answer: D QUESTION 159
Reviews the following rules and note the Client Authentication Action properties screen, as shown below: After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:
ActualTests.com
A. User is prompted from that FPT site only, and does not need to enter his user name and password for Client Authentication.
B. User is prompted for Authentication by the Security Gateway again.
C. FTP data connection is dropped after the user is authenticated successfully.
D. FTP connection is dropped by rules 2.
Correct Answer: A QUESTION 160
A Web server behind the Security Gateway is set to Automatic Static NAT Client side NAT is
“Pass Any Exam. Any Time.” – www.actualtests.com 64 Checkpoint 156-215-71: Practice Exam enabled in the Global Properties. A client on the Internet initiates a session to the Web Server. On the initiating packet, NAT occurs on which inspection point?
A. I B. O
B. o
C. i
Correct Answer: B QUESTION 161
Which of the following statements about file-type recognition in Content Inspection is TRUE?
A. Antivirus status is monitored using SrnartView Tracker.
B. A scan failure will only occur if the antivirus engine fails to initialize.
C. All file types are considered “at risk”, and are not configurable by the Administrator or the Security Policy.
D. The antivirus engine acts as a proxy, caching the scanned file before delivering it to the client.
Correct Answer: D QUESTION 162
Which Security Gateway R71 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:
ActualTests.com
A. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment
B. Time properties, adjusted on the user objects for each user, in the source of the Client Authentication rule
C. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled
D. Refreshable Timeout setting, in the Limits tab of the Client Authentication Action Properties screen
Correct Answer: D QUESTION 163
“Pass Any Exam. Any Time.” – www.actualtests.com 65 Checkpoint 156-215-71: Practice Exam What information is found in the SmartView Tracker Management log?
A. Most accessed Rule Base rule
B. Number of concurrent IKE negotiations
C. SIC revoke certificate event
D. Destination IP address
Correct Answer: C QUESTION 164
When configuring objects in SmartMap, it helps if you________ the objects so that they may be used in a policy rule.
A. Expand
B. Actualize
C. Physically connect to
D. Save
Correct Answer: B QUESTION 165
You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?
ActualTests.com
A. First
B. Before Last
C. Last
D. After Stealth Rule
Correct Answer: C QUESTION 166
Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R71 installation. Your plan must meet the following required and desired objectives: “Pass Any Exam. Any Time.” – www.actualtests.com 66 Checkpoint 156-215-71: Practice Exam Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours.
Desired Objective: The R71 components that enforce the Security Polices should be blocked up at least
once a week.
Desired Objective: Back up R71 logs at least once a week
Your disaster recovery plan is as follows:
Use the cron utility to run the upgrade_ export command each night on the Security Management Servers.
Configure the organization’s routine backup software to back up the files created by the upgrade_ export
command.
Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night
Use the cron utility to run the upgrade export: command each Saturday niqht on the log servers
Configure an automatic, nightly loqswitch
Configure the organization’s routine backup software to back up the switched logs every night
Upon evaluation, your plan:
A. Meets the required objective but does not meet either desired objective.
B. Does not meet the required objective.
C. Meets the required objective and only one desired objective.
D. Meets the required objective and both desired objectives.
Correct Answer: D QUESTION 167
Your Rule Base includes a Client Authentication rule, using partial authentication and standard sign-on for HTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted for authentication, and they see error “page cannot be displayed” in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What caused Client Authentication to fail?
A. You added a rule below the Client Authentication rule, blocking HTTP from the internal network.
B. You added the Stealth Rule before the Client Authentication rule.
C. You disabled R71 Control Connections in Global Properties.
D. You enabled Static NAT on the problematic machines.
Correct Answer: B QUESTION 168
Which SmartConsole component can Administrators use to track remote administrative activities?
A. WebUI
B. Eventia Reporter
C. SmartView Monitor
D. SmartView Tracker
Correct Answer: D QUESTION 169
Which of the following statements regarding SecureXL and CoreXL is TRUE?
A. SecureXL is an application for accelerating connections.
B. CoreXL enables multi-core processing for program interfaces.
C. SecureXL is only available in R71.
D. CoreXL is included in SecureXL.
Correct Answer: A QUESTION 170
Flydumps is an excellent source of information on IT Certifications. In the Flydumps, you can find study skills and learning materials for your exam. Flydumps CheckPoint 156-215 dumps are studied by the experienced IT experts. It has a strong accuracy and logic. To encounter Flydumps, you will encounter the best CheckPoint 156-215 dumps. You can rest assured that using our CheckPoint 156-215 dumps. With it, you have done fully prepared to meet this CheckPoint 156-215 exam.
Welcome to download the newest Pass4itsure 70-210 dumps: http://www.pass4itsure.com/70-210.html