Checkpoint 156-215.

75

Check Point Certified Security Administrator R75
Version: 3.0

Checkpoint 156-215.75 Exam Topic 1, Volume A QUESTION NO: 1 Of the three mechanisms Check Point uses for controlling traffic, which enables firewalls to incorporate layer 4 awareness in packet inspection? A. IPS B. Packet filtering C. Stateful Inspection D. Application Intelligence Answer: C Explanation:

QUESTION NO: 2 Which of the following statements about Bridge mode is TRUE? A. When managing a Security Gateway in Bridge mode, it is possible to use a bridge interface for Network Address Translation. B. Assuming a new installation, bridge mode requires changing the existing IP routing of the network. C. All ClusterXL modes are supported. D. A bridge must be configured with a pair of interfaces. Answer: D Explanation:

QUESTION NO: 3 Which SmartConsole component can Administrators use to track remote administrative activities? A. WebUI B. Eventia Reporter C. SmartView Monitor D. SmartView Tracker Answer: D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

2

Checkpoint 156-215.75 Exam QUESTION NO: 4 Which of the following statements is TRUE about management plug-ins? A. The plug-in is a package installed on the Security Gateway. B. A management plug-in interacts with a Security Management Server to provide new features and support for new products. C. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in. D. Installing a management plug-in is just like an upgrade process. (It overwrites existing components.) Answer: B Explanation:

QUESTION NO: 5 UDP packets are delivered if they are _________. A. A legal response to an allowed request on the inverse UDP ports and IP B. A Stateful ACK to a valid SYN-SYN-/ACK on the inverse UDP ports and IP C. Reference in the SAM related Dynamic tables D. Bypassing the Kernel by the “forwarding layer” of clusterXL Answer: A Explanation:

QUESTION NO: 6 The Check Point Security Gateway's virtual machine (kernel) exists between which two layers of the OSI model? A. Session and Network layers B. Application and Presentation layers C. Physical and Datalink layers D. Network and Datalink layers Answer: D Explanation:

QUESTION NO: 7

"Pass Any Exam. Any Time." - www.actualtests.com

3

www. Answer: C Explanation: "Pass Any Exam. Hybrid Installation. Distributed Installation C. B.com 4 . and a second server running Windows 2003 as both Security Management Server running Windows 2003 as both Security Management Server and Security Gateway. Stand-Alone Installation B. Hybrid Installation D. D. Hybrid Installation.actualtests. Distributed Installation. This is an example of a(n): A. Stand-Alone Installation.0 server working as the SmartConsole. C." . A.75 Exam The customer has a small Check Point installation.Checkpoint 156-215. one Solaris server working as Security Management Server. Unsupported configuration. Unsupported configuration Answer: D Explanation: QUESTION NO: 8 The customer has a small Check Point installation which includes one Windows 2003 server as the SmartConsole and a second server running SecurePlatform as both Security Management Server and the Security Gateway. Answer: D Explanation: QUESTION NO: 9 The customer has a small Check Point installation which includes one Windows XP workstation as the SmartConsole. which includes one Linux Enterprise 3. Unsupported configuration C. This is an example of a(n). This is an example of a(n): A. Stand-Alone Installation. Any Time. Distributed Installation. B. and a third server running SecurePlatform as Security Gateway. D.

Answer: A Explanation: "Pass Any Exam. On each network segment separately. Security Gateway C. B. SmartConsole D.actualtests. On the firewall itself to protect all connected networks centrally. On the LAN is enough. Answer: C Explanation: QUESTION NO: 11 When doing a Stand-Alone Installation." . D. In front of the firewall is enough. Any Time. Unsupported configuration. VPN and IPS solution. C. you would install the Security Management Server with which other Check Point architecture component? A. This is an example of a(n): A. B. SecureClient B. the DMZ does not need to be protected. D.75 Exam QUESTION NO: 10 The customer has a small Check Point installation which includes one Windows 2003 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. None. Stand-Alone Installation. Where would be the best place to install IPS in the topology if the internal network is already protected? A. Distributed Installation.com 5 . Security Management Server would be installed by itself Answer: B Explanation: QUESTION NO: 12 You are a security architect and need to design a secure firewall.www. Hybrid Installation.Checkpoint 156-215. C.

"Pass Any Exam. B. Then retype the activation key on the Security Gateway from SmartDashboard. This will automatically Sync SIC to both the Security Management Server and Gateway. choose the Secure Internal Communication option and retype the activation key. When configuring the Security Gateway object in SmartDashboard D." . When configuring the Gateway in the WebUl Answer: B Explanation: QUESTION NO: 15 How can you most quickly reset Secure Internal Communications (SIC) between a Security Management Server and Security Gateway? A. From cpconfig on the Gateway. Run the command fwm sic-reset to initialize the Internal Certificate Authority (ICA) of the Security Management Server. Use SmartDashboard to retype the activation key on the Security Gateway.www. Your security plan calls for three administrators for this particular server. When establishing SIC between the Security Management Server and the Gateway B. As many as you want Answer: C Explanation: QUESTION NO: 14 During which step in the installation process is it necessary to note the fingerprint for first-time verification? A. When configuring the Security Management Server using cpconfig C. Only one with full access and one with read-only access C.actualtests. Next.Checkpoint 156-215.75 Exam QUESTION NO: 13 You are installing a Security Management Server. One D. C.com 6 . Depends on the license installed on the Security Management Server B. retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC). How many can you create during installation? A. Any Time.

You will be prompted to create a new account. The client fails to connect to the Security Gateway. D. and delete the Administrator Account portion of the file. Recreate the account with the same name. D.75 Exam D. and provide the existing Administrator's account name. and delete the cpconfig administrator. The client has Active-X blocked.www. Export the user database into an ASCII file with fwm dbexport. C. Open this file with an editor. Reset the Security Administrator's password. B. C. Type cpm -a. The routing table on the client does not get modified.Checkpoint 156-215. Any Time. Launch SmartDashboard in the User Management screen. he forgot to configure DNS servers on his Security Gateway. The client is configured incorrectly. From the Security Management Server’s command line." . What is wrong? A. Type fw putkey –p <shared key> < IP Address of security Gateway>. The SecurePlatform Web User Interface is listening on port 443.actualtests. Answer: C Explanation: QUESTION NO: 16 How can you recreate the account of the Security Administrator. Answer: D Explanation: QUESTION NO: 18 When Jon first installed the system. B.com 7 . "Pass Any Exam. Answer: A Explanation: QUESTION NO: 17 You are running the Security Gateway on SecurePlatform and configure SNX with default settings. Launch cpconfig and delete the Administrator's account. which was created during initial installation of the Management Server on SecurePlatform? A.

Network B.75 Exam How could Jon configure DNS servers now that his Security Gateway is in production? A. D. C. the R75 kernel resides directly below which layer of the OSI model? Note: Application is the top and Physical is the bottom of the IP stack. Presentation and Application B. Answer: D Explanation: QUESTION NO: 19 Once installed.actualtests.com 8 . Session Answer: A Explanation: QUESTION NO: 20 R75's INSPECT Engine inserts itself into the kernel between which two layers of the OSI model? A. then select Domain Name Servers. Transport C. Login to the SmartDashboard. Login to the firewall using SSH and run fwm. B. Data and Network Answer: D Explanation: QUESTION NO: 21 "Pass Any Exam. then Domain Name Servers. then select System Configuration and Domain Name Servers. A.Checkpoint 156-215.www. edit the firewall Gateway object. Physical and Data C. Login to the firewall using SSH and run sysconfig. select the tab Interfaces. Data Link D. Any Time. Login to the firewall using SSH and run cpconfig." . then select Domain Name Servers. Session and Transport D.

B. The SmartDefense technology expands IPS-1 to IPS R75. TCP 4433 D. 2. and 5 only Answer: C Explanation: QUESTION NO: 23 The Security Gateway is installed on SecurePlatform R75. Answer: C Explanation: QUESTION NO: 22 You need to completely reboot the Operating System after making which of the following changes on the Security Gateway? i. 1.Checkpoint 156-215.75 Exam What would be the benefit of upgrading from SmartDefense to IPS R75? A. Completely rewritten engine provides improved security performance and reporting. 2." . There is no difference . A. TCP 443 Answer: D Explanation: QUESTION NO: 24 "Pass Any Exam. Any Time.com 9 . D. TCP 18211 B. 4. the command cprestart is not sufficient. 3 only D. A. and 5 C.www. TCP 257 C. 3.actualtests. 3. C. 3 only B.e. The default port for the Web User Interface is _______. 4.IPS R75is the new name. The SmartDefense is replaced by the technology of IPS-1.

where is this fingerprint generated? A.www. Any Time.com 10 . Security Management Server C.actualtests. 500 MB Free disk space and 512 MB RAM B. SmartUpdate B." . A. SmartConsole Answer: B Explanation: "Pass Any Exam. 1 GB Free disk space and 512 MB RAM C. What are the minimum hardware requirements for R75? Give the BEST answer. SmartDashboard D.75 Exam Your customer wishes to install the SmartConsole on a Windows system.Checkpoint 156-215. 1 GB Free disk space and 1 GB RAM D. 512 MB Free disk space and 1 GB RAM Answer: A Explanation: QUESTION NO: 25 From the output below.

Answer: B Explanation: QUESTION NO: 28 An Administrator without access to SmartDashboard installed a new IPSO-based R75 Security Gateway over the weekend. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server.75 Exam QUESTION NO: 26 Tom has been tasked to install Check Point R75 in a distributed deployment. You must initialize SIC on both the Security Gateway and the Management Server. He e-mailed you the SIC activation key. One machine.www. You first need to initialize SIC in SmartUpdate. You first need to run the fw unloadlocal command on the new Security Gateway. Before Tom installs the systems this way. What might prevent you from installing the Policy? "Pass Any Exam. What might prevent you from installing the Policy? A. C. D. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. Two machines Answer: D Explanation: QUESTION NO: 27 Over the weekend. Three machines D. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. an Administrator without access to SmartDashboard installed a new R75 Security Gateway using SecurePlatform. Any Time.actualtests. how many machines will he need if he does not include a SmartConsole machine in his calculations? A. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. One machine B. but it needs to be installed using SecurePlatform for compatibility purposes C. B.com 11 . You must initialize SIC on the Security Management Server.Checkpoint 156-215." .

C. B. The SNX client application must be installed on the client. Type cpm -a. Type fwm -a. The client connects to the Security Gateway and the user enters the authentication credentials. Answer: A Explanation: QUESTION NO: 29 How can you reset the password of the Security Administrator that was created during initial installation of the Security Management Server on SecurePlatform? A. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance Resolve by running the tw unloadlocal command on the local Security Gateway. An office mode address must be obtained by the client. and provide the existing administrator's account name. Export the user database into an ASCII file with fwm dbexport. Reset the Security Administrator's password Answer: D Explanation: QUESTION NO: 30 You have configured SNX on the Security Gateway. B. You first need to run the fw unloadlocal command on theR75Security Gateway appliance in order to remove the restrictive default policy. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain? A.www. establish SIC via the Communication button. D. Open this file with an editor. Any Time. Then log in to the account without a password. Active-X must be allowed on the client." .75 Exam A. Launch SmartDashboard in the User Management screen. Reset the Security Administrator's password.Checkpoint 156-215. and define the Gateway's topology. "Pass Any Exam. and provide the existing administrator's account name. and delete the "Password" portion of the file.actualtests.com 12 . D. SNX modifies the routing table to forward VPN traffic to the Security Gateway. and edit the cpconfig administrator. C. You first need to create a new Gateway object in SmartDashboard. C. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server You must initialize SIC on the Security Management Server. D. You will be prompted to assign a new password. B.

ask your provider if they have some firewall rules that filters out your management traffic.75 Exam Answer: C Explanation: QUESTION NO: 31 The Administrator of the Tokyo Security Management Server cannot connect from his workstation in Osaka. this is likely to be a problem with the server itself. If pcosaka and your user account are valid. Any Time. If so. login to sgtokyo. verify management connectivity and Rule Base. If this looks okay." .com 13 . scan the log files for any denied management packets. service provider. If still unsuccessful. remote network and target machine. D. Call Tokyo to check if they can ping the Security Management Server locally. Check the allowed clients and users on the Security Management Server. verify that pcosaka is a valid client IP address.www.actualtests. If there are no network related issues. check for network problems. ping the Gateways to verify connectivity. remote Gateway.Checkpoint 156-215. Check for any patches and upgrades. If successful. open a case with Technical Support. test for firewall rules that deny management access to the target. Answer: C Explanation: QUESTION NO: 32 The Internal Certificate Authority (ICA) CANNOT be used for: "Pass Any Exam. Verify basic network connectivity to the local Gateway. Then. If successful. Which of the following lists the BEST sequence of steps to troubleshoot this issue? A. B. C. Check for matching OS and product versions of the Security Management Server and the client. Then.

www.actualtests. C1>F2. Each command has one function only listed. Virtual Private Network (VPN) Certificates for gateways B. Remote-access users D. C1>F4.com 14 .75 Exam A. C3>F2. C4>F5 C. C4>F5 D. C3>F3. C3>F6. C4>F2 Answer: B Explanation: QUESTION NO: 34 Which command displays the installed Security Gateway version? A.Checkpoint 156-215. C4>F4. C1>F2. C1>F6. C2>F4. C2>F6. A. Any Time. C4>F4 B. SIC connections Answer: B Explanation: QUESTION NO: 33 Match each of the following command to there correct function. cpstat -gw C. C3>F1. fw ver D." . tw printver "Pass Any Exam. fw stat B. C2>F1. NAT rules C.

cpstop C. fwm unload.www.com 15 .75 Exam Answer: C Explanation: QUESTION NO: 35 Which command line interface utility allows the administrator to verify the name and timestamp of the Security Policy currently installed on a firewall module? A.actualtests. Any Time. C. fw stat C. cpstat fwd D." .local B.Checkpoint 156-215. fw ctl pstat B. fw ver Answer: B Explanation: QUESTION NO: 36 The command fw fetch causes the: A. B. Security Management Server to retrieve the IP addresses of the target Security Gateway. Security Management Server to retrieve the debug logs of the target Security Gateway Answer: B Explanation: QUESTION NO: 37 Which command is used to uninstall the Security Policy directly from the Security Gateway? A. Security Gateway to retrieve the compiled policy and inspect code from the Security Management Server and install it to the kernel. fwm load <gtwynames-IP> NULL "Pass Any Exam. Security Gateway to retrieve the user database information from the tables on the Security Management Server D.

Reinstall any necessary Check Point products and previously applied hotfixes. Reinstall the base operating system (i. Answer: D Explanation: QUESTION NO: 39 Which of the following statements accurately describes the upgrade_export command? A.e. C.. Used primarily when upgrading the Security Management Server. D. and allows certain files to be included before exporting. fw unloadlocal Answer: D Explanation: QUESTION NO: 38 Suppose the Security Gateway hard drive fails and you are forced to rebuild it.actualtests. D. and the data base revisions prior to upgrading the security Management Server.com 16 . Establish SIC and install the Policy. Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Upgrade_export is used when upgrading the Security Gateway. global properties. Upgrade_export stores network-configuration data.. Reinstall the base operating system (i. Revert to the stored snapshot image. and install the Security Policy. Answer: D Explanation: "Pass Any Exam. and install the Policy. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. Reinstall any necessary Check Point products. Any Time. Revert to the stored snapshot image. What is the correct procedure for rebuilding the Gateway quickly? A. establish SIC." . upgrade_export stores all object databases and the conf directories for importing to a newer version of the Security Gateway. C.e. Run the revert command to restore the snapshot. upgrade_export includes modified files directory. B. Used when upgrading the Security Gateway. objects. Configure the Gateway interface so that the Gateway can communicate with the TFTP server.75 Exam D.www.Checkpoint 156-215. B. and install the Policy. Run the revert command to restore the snapshot. SecurePlatform). SecurePlatform).

How do you restore a local snapshot named MySnapshot. type the command snapshot – r MySnapshot. type the command snapshot – R to restore from a local file.tgz? A. B. provide the correct file name. provide the Expert password and select [L] for a restore from a local file. Run cpconfig and set yourself up as a GUI client. Close all GUI clients Answer: D Explanation: QUESTION NO: 41 A snapshot delivers a complete backup of SecurePlatform.75 Exam QUESTION NO: 40 What are you required to do before running upgrade__ export? A. Then. upgrade_export will back up routing tables.tgz. Run a cpstop on the Security Management Server C. Then." . B. where backup and snapshot will not.Checkpoint 156-215. As expert user.tgz. As expert user.www. upgrade_export is operating system independent and can be used when backup or snapshot is "Pass Any Exam. Answer: C Explanation: QUESTION NO: 42 What is the primary benefit of using upgrade_export over either backup of snapshot? A.actualtests. D. Any Time. Reboot the system and call the start menu. The backup and snapshot commands can take long time to run whereas upgrade_export will take a much shorter amount of time. As expert user. C. type the command revert --file MySnapshot. The resulting file can be stored on servers or as a local file in /var/cpsnapshot/snapshots. C. D. Select the option Snapshot Management. Run a cpstop on the Security Gateway. provide the correct name. and manual ARP configurations. B. hosts files.com 17 .

–i (full pathname of package) Answer: C Explanation: QUESTION NO: 45 Which utility allows you to configure the DHCP service on SecurePlatform from the command line? A. upgrade_export has an option to backup the system and SmartView tracker logs while back and snapshot will not. newpkg CANNOT be used to uninstall D. /opt/backups B. –s (pathname of package) B.Checkpoint 156-215." .www.actualtests.75 Exam not available. Any Time. /var/CPbackup/backups C. Answer: C Explanation: QUESTION NO: 43 Amy is unsure that her nightly backup configured from the Check Point backup tool is working. dhcp_cfg "Pass Any Exam. –u (pathname of package) C. sysconfig B. in which directory would she find her nightly backups? A. /var/backups Answer: B Explanation: QUESTION NO: 44 What is the syntax for uninstalling a package using newpkg? A. /backups D.com 18 . If she logged into her Gateway using SSH. D.

com 19 .actualtests. Run fw unloadlocal on the Security Gateway. sysconfig Answer: B Explanation: QUESTION NO: 47 You are consulting with an Administrator who has locked himself out of SmartDashboard installed on a standalone SecurePlatform Security Gateway. Delete the $fwdir/database/manage. ifconfig Answer: A Explanation: QUESTION NO: 46 Which utility is necessary for reestablishing SIC? A.75 Exam C. How can you get him reconnected to SmartDashboard? A.www. C. Any Time. Run fw unlocklocal on the Security Management Server. Run fw uninstall localhost on the Security Gateway. cpconfig C. fwm sic_reset B. How can you unlock this account? "Pass Any Exam." . Now. he cannot access the Security Management Server via SmartDashboard or any other SmartConsole tools. D.lock file and run cprestart. cpconfig D. cplic D. B. Answer: B Explanation: QUESTION NO: 48 The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account.Checkpoint 156-215.

lock in the $FWDIR/tmp/ directory of the Security Management Server.com 20 .ent server. /etc/conf/route.C C. How should you unlock these accounts? A. Type fwm unlock_admin from the command line of the Security Management Server. /etc/sysconfig/netconf. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. Answer: A Explanation: QUESTION NO: 49 The third shift administrator was updating security management server access setting in global properties. Type fwm unlock_admin -u from the command line of the Security Gateway. A. Reinstall the security management Server and restore using upgrade _imort D.lock in the sfwdir/ tmp/directory of the security managem. /etc/sysconfig/network Answer: B Explanation: "Pass Any Exam. B. D.Checkpoint 156-215.C B. Delete the file admin. Type fwm lock_admin -u <account name> from the command line of the Security Management Server. C." .www. He managed to lock the entire Administrator out of their accounts. Where can you view them? Give the BEST answer. Logging to smart dash board as special cpconfig_admin account. Any Time. B. Right click on each administrator object and select Unlock. Delete the file admin . You would like to verify your entries in the corresponding file(s) on SecurePlatform. Type fwm lock_admin –ua from the command line of the security management server C.75 Exam A. /etc/sysconfig/network-scripts/ifcfg-ethx D.actualtests. Answer: B Explanation: QUESTION NO: 50 You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and in use on SecurePlatform.

go to Policy / Policy Installation Targets and select the correct firewall via Specific Targets. only this Firewall is shown in the list of possible installation targets after selecting Policy / Install on Target. These rules must be installed on this machine and not on the Internet Firewall.www. B.com 21 . B. When selecting the correct Firewall in each line of the row Install On of the Rule Base. Any Time. select Network > Connections > eth0. The Firewall protecting Human Resources' servers should have its own Policy Package. A Rule Base can always be installed on any Check Point Firewall object. it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. The rules to be installed on a Firewall are defined by the selection in the row Install On of the Rule Base.c and put the new MAC address in the field (conf : (conns :( conn :hwaddr (“00:0C:29:12:34:56”) Answer: B Explanation: QUESTION NO: 52 Several Security Policies can be used for different installation targets.actualtests. How can this be accomplished? A. Open the WebUI." . D. It is necessary to select the appropriate target directly after selecting Policy / Install on Target. A Rule Base is always installed on all possible targets. Edit the file /etc/sysconfig/netconf. Place the new MAC address in the field Physical Address. As expert user. After restarting the network the old MAC address should be active. issue the command: # IP link set eth0 addr 00:0C:29:12:34:56 D. In the menu of SmartDashboard. How do you configure this change? A. and press Apply to save the settings. issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up C.Checkpoint 156-215. C. As expert user.75 Exam QUESTION NO: 51 When using SecurePlatform. Answer: C Explanation: "Pass Any Exam.

Export setup Answer: B Explanation: QUESTION NO: 55 Which of the following options is available with the SecurePlatform cpconfig utility? A. EXCEPT: A. GUI Clients C." .actualtests. Time & Date C. GUI Clients B. DHCP Server configuration Answer: A Explanation: QUESTION NO: 56 "Pass Any Exam. Any Time.75 Exam QUESTION NO: 53 Where is the IPSO Boot Manager physically located on an IP Appliance? A. On built-in compact Flash memory Answer: D Explanation: QUESTION NO: 54 ALL of the following options are provided by the SecurePlatform sysconfig utility. Time & Date D. On an external jump drive C. On the platform’s BIOS D. In the / nvram directory B.www.com 22 .Checkpoint 156-215. Export setup D. DHCP Server configuration B.

cpinfo -o date. C.cpinfo.Checkpoint 156-215. Check Point product information. and configuration settings during an upgrade of a SecurePlatform Security Gateway.netstat. diag B. fw unload policy Answer: C Explanation: "Pass Any Exam. cpstat > date. Answer: A Explanation: QUESTION NO: 58 How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out via a rule or policy mis-configuration? A. snapshot creates a full system-level backup of the Security Management Server on any OS D. B. netstat > date. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server. including network-interface data. fw unloadlocal D.txt Answer: B Explanation: QUESTION NO: 57 Which of the following statements accurately describes the snapshot command? A. snapshot stores only the system-configuration settings on the Gateway.75 Exam Which command would provide the most comprehensive diagnostic information to Check Point Technical Support? A. cpstop C.cpatat. fw delete all.actualtests. snapshot creates a full OS-level backup.all@localhost B." .txt C. Any Time.www.com 23 .txt D.

fw ctl iflist C. clish –c show routing active enable B.com 24 . ipsofwd list D. 3 D.actualtests. fw ver -k D. 4 C. echo 1 > /proc/sys/net/ipv4/ip_forwarding C.www." . fw ver B. cat/proc/sys/net/ipv4/ip_forward Answer: C Explanation: QUESTION NO: 60 For normal packet transmission of an accepted communication to a host protected by a Security Gateway. fw stat Answer: D Explanation: "Pass Any Exam. Any Time. how many lines per packet are recorded on a packet analyzer like Wireshark using fw monitor? A.Checkpoint 156-215.75 Exam QUESTION NO: 59 How can you check whether IP forwarding is enabled on an IP Security Appliance? A. 2 B. None Answer: B Explanation: QUESTION NO: 61 How can I verify the policy version locally installed on the Firewall? A.

75 Exam QUESTION NO: 62 If you run fw monitor without any parameters... In /var/adm/monitor. what does the output display? A..133 -> 172.133 (TCP) len=197 id=44599 TCP: 18190 -> 1050 .actualtests. seq=941b05bc ack=bf8bca83 eth0:o[1500]: 172. monitor: loading monitor: monitoring (control-C to stop) eth0:i[285]: 172. In /tmp/log/monitor – out D. In / var/log/monitor. seq=941b0659 ack=bf8bca83 monitor: caught sig 2 monitor: unloading "Pass Any Exam.1.16.PA.16.1..2 -> 172.PA.1.133 (TCP) len=1500 id=44600 TCP ^C 18190 -> 1050 . Please note that the same packet is appearing several times (two times in the example below).2 (TCP) len=285 id=1075 TCP: 1050 -> 18190 .1. Out B.1.Checkpoint 156-215. On the console C. seq=941b05bc ack=bf8bca83 eth0:O[197]: 172.133 (TCP) len=197 id=44599 TCP: 18190 -> 1050 . Output cpmodule]# fw monitor monitor: getting filter (from command line) monitor: compiling monitorfilter: Compiled OK.16.com 25 .1.1.. This is caused byfw monitorcapturing the packets at different capture points.www.PA.2 (TCP) len=285 id=1075 TCP: 1050 -> 18190 .16..2 -> 172.133 -> 172.16.PA.1.A.16.1.. Any Time.. out Answer: B Explanation: From user guide: ExampleThe easiest way to usefw monitoris to invoke it without any parameter...16. seq=bf8bc98e ack=941b05bc eth0:o[197]: 172.16." .1.16.2 -> 172. This will output every packet from every interface that passes (or at least reaches) the Check Point gateway.16. seq=bf8bc98e ack=941b05bc eth0:I[285]: 172..

Send output to a file called cpinfo. cpstop D. you are both locked out of the firewall that is called myfw1. What command would you execute on your system console on myfw1 in order for you to push out a new Security Policy? A.www.75 Exam QUESTION NO: 63 What is the desired outcome when running the command cpinfo -z -o cpinfo. fw ctl filter Answer: B Explanation: QUESTION NO: 65 Which of the following commands will completely remove the Security Policy from being enforced on a Security Gateway? A.actualtests. Having done this.out in compressed format.com 26 . fw unloadlocal C. fw unloadlocal C.out? A. fw unload local Answer: B Explanation: "Pass Any Exam.out and provide a screen print at the same time. Send output to a file called cpinfo. cpstop D. Send output to a file called cpinfo. Send output to a file called cpinfo.Checkpoint 156-215. D.out in usable format for the CP InfoView utility. Any Time. fw unload B. fw dbloadlocal B. C. B. Answer: A Explanation: QUESTION NO: 64 Another administrator accidentally installed a Security Policy on the wrong firewall." .out without address resolution.

cpinfo C. Client side NAT is enabled in the Global Properties. infoview D.75 Exam QUESTION NO: 66 Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the initial policy? A. fw monitor B. o D. cp stat D. snoop B. A client on the Internet initiates a session to the Web Server. NAT occurs on which inspection point? A.www. what is the BEST utility to use? A. O C. Any Time. fw stat Answer: D Explanation: QUESTION NO: 67 A Web server behind the Security Gateway is set to Automatic Static NAT. fw ctl pstat C." .com 27 . On the initiating packet. tcpdump Answer: D Explanation: "Pass Any Exam. I B.actualtests.Checkpoint 156-215. i Answer: A Explanation: QUESTION NO: 68 To monitor all traffic between a network and the Internet on a SecurePlatform Gateway.

fw ctl pstat "Pass Any Exam. You can analyze it with Wireshark or Ethereal. so you can use MS Excel to analyze it. You cannot analyze it with any tool as the syntax should be:fw monitor -e accept ([12. You can analyze the output file with any ASCI editor. Any Time. C.20.20.40 or dst=10. Answer: A Explanation: QUESTION NO: 70 You issue the fw monitor command with no arguments.b]=10. Before the virtual machine. B. in the outbound direction C.75 Exam QUESTION NO: 69 You are creating an output file with the following command: fw monitor -e "accept (src=10. Which of the following inspection points will be displayed? A. fw ctl install B.40). fwm stat C. in the inbound direction B.20. After the virtual machine.actualtests.40). The output file format is CSV.20.b]=10. All inspection points D. -o ~/output.40 or [16. D.com 28 .30.30.30.Checkpoint 156-215." . Before the virtual machine.www. in the outbound direction Answer: C Explanation: QUESTION NO: 71 What is the command used to view which policy is installed? A.30." -o ~/output Which tool do you use to analyze this file? A.

75 Exam D. allowing easy replacement. B." . The rest are handled by IPSO. Packets are offloaded to a third-party hardware card for near-line inspection.www. fw stat Answer: D Explanation: QUESTION NO: 72 How can you view cpinfo on a SecurePlatform machine? A. C. PRAM flash devices are used. the full TCP three-way handshake was sent to the firewall kernel for inspection. D. Text editor. dynamically loading when the firewall is booted. infotab D. A RAM drive reduces the swap file thrashing which causes fast wear on the device. Only the initial SYN packet is inspected. "Pass Any Exam. The external PCMCIA-based flash extension has the swap file mapped to it.Checkpoint 156-215. eliminating the longevity. Issue FW-1 bases its package structure on the Security Management Server. snoop – i C. Answer: A Explanation: QUESTION NO: 74 In previous versions. Any Time. B. tcpdump B. How is this improved in the current version of IPSO Flows/SecureXL? A.com 29 . such as vi Answer: D Explanation: QUESTION NO: 73 How is wear on the flash storage device mitigated on appliance diskless platforms? A.actualtests.

To decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway. D. Answer: B Explanation: QUESTION NO: 76 Select the correct statement about Secure Internal Communications (SIC) Certificates. For the Security Management Server during the Security Management Server installation.Checkpoint 156-215. Are for Security Gateways created during the Security Management Server installation. D. SIC Certificates: A.75 Exam C. Resources are proactively assigned using predictive algorithmic techniques. SIC Certificates are created: A. And used for securing internal network communications between SmartView Tracker and an OPSEC device. Increase network security by securing administrative communication with a two-factor challenge response authentication. They have the same function as RSA Authentication Certificates." . D. Can be used for securing internal network communications between the Security Gateway and an OPSEC device.www. Any Time.actualtests. For Security Gateways during the Security Gateway installation.com 30 . B. Answer: D Explanation: QUESTION NO: 77 "Pass Any Exam. C. Uniquely identify machines installed with Check Point software only. Answer: A Explanation: QUESTION NO: 75 Select the correct statement about Secure Internal Communications (SIC) Certificates. B. C. Packets are virtualized to a RAM drive-based FW VM.

The IPS Software Blade can be used for an unlimited time. You need to turn on most of the integrated IPS checks while maintaining high throughput. Answer: A "Pass Any Exam.Checkpoint 156-215. VPN. CoreXL enables multi-core processing for program interfaces. Software Blades were introduced. What would be the BEST solution for this scenario? A. C. Any Time.75 Exam Which of the following statements regarding SecureXL and CoreXL is TRUE? A. Answer: A Explanation: QUESTION NO: 78 Beginning with R75. B. Bad luck.g. There is no need to renew the service contract after one year. some blades are included. Answer: D Explanation: QUESTION NO: 79 You need to plan the company's new security system. One of the Software Blades is the IPS Software Blade as a replacement for SmartDefense. When buying or upgrading to a bundle." . D. B.actualtests. The IPS system does not affect the firewall performance and CoreXL is not needed in this scenario. e. IPS in SG103. After one year. The company needs a very high level of security and also high performance and high throughput for their applications. The IPS does not run when CoreXL is enabled. C. FW. Which statement is NOT true? A. C. The license price includes IPS Updates for the first year.com 31 . You need to buy a strong multi-core machine and run R70 or later on SecurePlatform with CoreXL technology enabled. it is mandatory to renew the service contract for the IPS Software Blade because it has been bundled with the license when purchased. D. CoreXL is included in SecureXL. B.www. D. SecureXL is only available inR75. both together can not be achieved. SecureXL is an application for accelerating connections.

licensing etc. He needs to maintain the highest level of security on the firewalls he manages.Checkpoint 156-215. 1) Run the latest upgrade_export utility to export the configuration "Pass Any Exam. Any Time.www. but can’t be uploaded without the license like SmartDefense.) What is the BEST method to reinstall the Server and keep its critical configuration? A. fw tab -s <tablename> D. No. No.e.75 Exam Explanation: QUESTION NO: 80 John is the Security Administrator in his company. D. SIC. the Gateway will always be protected and the IPS checks can’t be managed without a license. fw tab -t <tablename> Answer: D Explanation: QUESTION NO: 82 Your R75 enterprise Security Management Server is running abnormally on Windows 2003 Server. Answer: B Explanation: QUESTION NO: 81 Which command allows you to view the contents of an R75 table? A. B. all IPS protections are active. databases. all Security Policies. Does he need the IPS Software Blade for achieving this goal? A.. Yes.com 32 . fw tab -a <tablename> C. Yes. He is using Check Point R75. You decide to try reinstalling the Security Management Server. C.actualtests. otherwise no protections can be enabled." . but you want to try keeping the critical Security Management Server configuration settings intact (i. fw tab -x <tablename> B. otherwise the firewall will pass all traffic unfiltered and unchecked.

Using the native SecurePlatform backup utility from command line or in the Web based user interface.www. 3) Install the primary security Management Server on top of the current installation 4) Run upgrade_import to Import the configuration. C. and select the option to export the configuration into a . B. 2) Perform any requested upgrade verification suggested steps. 6) Run upgrade_import to import the configuration. D. 3) Transfer the. What is the easiest way to back up your Security Gateway R75 configuration.tgz file to the /temp directory. 3) Uninstall allR75packages via Add/Remove Programs and reboot 4) Use smartUpdate to reinstall the Security Management server and reboot 5) Transfer the . Copying the $FWDIR/conf and $FWDIR/lib directory to another location. D. B.actualtests. 1) Insert theR75CD-ROM.tgz file to another network machine 3) Uninstall allR75packages via Add/Remove Programs and reboot 4) Install again using theR75CD ROM as a primary security management server 5) Reboot and than transfer the . 4) Download and run the cpclean utility and reboot. tgz file to another networked machine. 1) Download the latest upgrade_export utility and run it from a \ temp directory to export the Configuration. Answer: C Explanation: QUESTION NO: 83 Your primary Security Management Server runs on SecurePlatform. tgz file 2) Skip any upgrade verification warnings since you are not upgrading. 2) Transferee . including routing and network configuration files? A.tgz file in %FWDIR\bin.com 33 .tgz file back to the local \ temp.tgz file back to the local\ tem p 6) Run upgcade_import to import the configuration. Run the pre_upgrade_verifier and save the . Any Time.Checkpoint 156-215. 1) Download the latest upgrade_export utility and run it from a \ temp directory to export the Configuration.75 Exam 2) Leave the exported . 5) Use theR75CD_ROM to select the upgrade__import option to import the c C." . Using the upgrade_export command. Answer: D Explanation: "Pass Any Exam.

Open the Security Gateway object's Logs and Masters window. Open the primary Security Management Server object's Logs and Masters window.75 Exam QUESTION NO: 84 You need to back up the routing. On a SecurePlatform Security Management Server. Database Revision Control "Pass Any Exam. and select the Time object. D. How do you create this schedule? A. upgrade_export command D. C. Which backup-and-restore solution do you use? A. enable Schedule log switch.Checkpoint 156-215. and select the Time object. Create a time object. this can only be accomplished by configuring the fw logswitch command via the cron utility. Manual copies of the $FWDIR/conf directory Answer: A Explanation: QUESTION NO: 85 Your R75 primary Security Management Server is installed on SecurePlatform. SecurePlatform backup utilities B. B. Create a time object. Create a time object. and add 48 hours as the interval. enable Schedule log switch. interface. Policy Package Management B. Select that time object's Global Properties > Logs and Masters window.www. upgrade_export and upgrade_import commands C. Copying the $PWDIR\conf and $CPDIR\conf directories to another server C. and add 48 hours as the interval. Answer: A Explanation: QUESTION NO: 86 Which of the following methods will provide the most complete backup of an R75 configuration? A. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. and add 48 hours as the interval. and DNS configuration information from your R75 SecurePlatform Security Gateway.com 34 .actualtests." . Any Time. to schedule a logswitch. Database Revision Control D.

fwm dbimport -p D. Upgrade_import C. Any Time. SIC Certificates D." . Desired Objective: The R75 components that enforce the Security Polices should be blocked up at "Pass Any Exam. cpinfo -recover Answer: B Explanation: QUESTION NO: 88 When restoring R75 using the command upgrade > Port.actualtests. Route tables Answer: D Explanation: QUESTION NO: 89 Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R75 installation.75 Exam Answer: C Explanation: QUESTION NO: 87 Which of the following commands can provide the most complete restore of an R75 configuration? A.www. Your plan must meet the following required and desired objectives: Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours.com 35 .Checkpoint 156-215. Licenses B. Cpconfig B. Which of the following items is NOT restored? A. Global properties C.

B.75 Exam least once a week. Using cpconftg on the Security Management Server. choose Administrators Answer: A "Pass Any Exam. Any Time. C. Meets the required objective and only one desired objective. Using SmartDashboard or cpconf ig D.Checkpoint 156-215.com 36 . Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night Use the cron utility to run the upgrade export: command each Saturday niqht on the log servers Configure an automatic. Desired Objective: Back up R75 logs at least once a week Your disaster recovery plan is as follows: Use the cron utility to run the upgrade_ export command each night on the Security Management Servers. select Administrators C. nightly loqswitch Configure the organization's routine backup software to back up the switched logs every night Upon evaluation.actualtests. Does not meet the required objective. Configure the organization's routine backup software to back up the files created by the upgrade_ export command.1. Meets the required objective but does not meet either desired objective. D.www. Using the Web console on SecurePlatform under Product configuration. under Users. your plan: A. Meets the required objective and both desired objectives." . which has been migrated through each version starting from Check Point 4. Answer: D Explanation: QUESTION NO: 90 Your company is running Security Management Server R75 on SecurePlatform. select Add New Administrator B. Using SmartDashboard. How do you add a new administrator account? A.

75 Exam Explanation: QUESTION NO: 91 Which of the following tools is used to generate a Security Gateway R75 configuration report? A." .www. ethereal B. fw merge D. infoview Answer: B Explanation: QUESTION NO: 92 Which of the following is a CLI command for Security Gateway R75? A. fwm policy_print <policyname> B.com 37 . licview D. Any Time. fw shutdown C. fw tab -u Answer: D Explanation: QUESTION NO: 93 What information is provided from the options in this screenshot? "Pass Any Exam.Checkpoint 156-215.actualtests. cpinfo C.

You have to install the firewall once again or abstain from Peter's help. What can be done to unlock Peter's account? Give the BEST answer. D. C. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Gateway. (ii) and (iii) B. It is not possible to unlock Peter's account. (ii) and (iii) Answer: D Explanation: QUESTION NO: 94 Peter is your new Security Administrator. B. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Management Server." . A.Checkpoint 156-215. You can unlock Peter's account by using the command fwm lock_admin -u Peter on the Security Management Server. (i) and (iii) C. he is very nervous and sets the wrong password three times. Any Time. On his first working day. (i). "Pass Any Exam. His account is locked.actualtests.75 Exam (i)Whether a SIC certificate was generated for the Gateway (ii)Whether the operating system is SecurePlatform or SecurePlatform Pro (iii)Whether this is a standalone or distributed installation A.com 38 . (i) and (ii) D.www.

Checkpoint 156-215.75 Exam Answer: C Explanation:

QUESTION NO: 95 Which CLI command verifies the number of cores on your firewall machine? A. fw ctl pstat B. fw ctl core stat C. fw ctl multik stat D. cpstat fw -f core Answer: C Explanation:

QUESTION NO: 96 John currently administers a network using NGX R65.4 on the Security Management Server and NGX R65.2.100 (the VOIP release with the VOIP plug-ins enabled). He wants to upgrade to R75 to get the benefits of Check Point's Software Blades. What would be the best way of doing this? A. This can not be done yet asR75can not manage NGX R65 Gateways due to SmartDefense and IPS mismatch problems. B. Run upgrade_export on R65 management, then installR75on this machine and run upgrade_import and re-license the systems to use software blades. C. Just insert theR75CD-ROM and run the in-place upgrade. D. This is not supported today as currently the VOIP Software Blade and VOIP plug-in is not available inR75. Answer: D Explanation:

QUESTION NO: 97 John currently administers a network using single CPU single core servers for the Security Gateways and is running R75. His company is now going to implement VOIP and needs more performance on the Gateways. He is now adding more memory to the systems and also upgrades the CPU to a modern quad core CPU in the server. He wants to use CoreXL technology to benefit

"Pass Any Exam. Any Time." - www.actualtests.com

39

Checkpoint 156-215.75 Exam from the new performance benchmarks of this technology. How can he achieve this? A. Nothing needs to be done. SecurePlatform recognized the change during reboot and adjusted all the settings automatically. B. He just needs to go to cpconfig on the CLI and enable CoreXL. Only a restart of the firewall is required to benefit from CoreXL technology. C. He needs to reinstall the Gateways because during the initial installation, it was a single-core CPU but the wrong Linux kernel was installed. There is no other upgrade path available. D. He just needs to go to cpconfig on the CLI and enable CoreXL. After the required reboot he will benefit from the new technology. Answer: D Explanation:

QUESTION NO: 98 You are running a R75 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What backup method could be used to quickly put the secondary firewall into production? A. upgrade_export B. manual backup C. snapshot D. backup Answer: C Explanation:

QUESTION NO: 99 Before upgrading SecurePlatform, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration. An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing? A. The restore can be done easily by the command restore and selecting the appropriate backup file. "Pass Any Exam. Any Time." - www.actualtests.com 40

Checkpoint 156-215.75 Exam B. A backup cannot be restored, because the binary files are missing. C. The restore is not possible because the backup file does not have the same build number (version). D. The restore is done by selecting Snapshot Management from the boot menu of SecurePlatform. Answer: A Explanation:

QUESTION NO: 100 Which operating systems are supported by a Check Point Security Gateway on an open server? A. Check Point SecurePlatform and Microsoft Windows B. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows C. Check Point SecurePlatform, IPSO, Sun Solaris, Microsoft Windows D. Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO Answer: A Explanation:

Topic 2, Volume B QUESTION NO: 101 You intend to upgrade a Check Point Gateway from R65 to R75. Prior to upgrading, you want to backup the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time? A. Backup B. Snapshot C. Upgrade_export D. Database_revision Answer: C Explanation:

QUESTION NO: 102

"Pass Any Exam. Any Time." - www.actualtests.com

41

ipsofwd slowpath Answer: B Explanation: QUESTION NO: 103 Where can you find the Check Point's SNMP MIB file? A. There is no specific MIB file for Check Point products.mib B. ipsofwd on admin C. Log in as admin.75 Exam Your network is experiencing connectivity problems and you want to verify if routing problems are present. B. $CPDIR/lib/snmp/chkpt. C. Log in as Administrator." . then start cpinto.com 42 . D. It is obtained only by request from the TAC. idle 60. C. No action is needed because cpshell has a timeout of one hour by default. $FWDIR/conf/snmp.mib D.actualtests. set the timeout to one hour with the command idle 60 and start cpinfo. Answer: C Explanation: QUESTION NO: 104 You want to generate a cpinfo file via CLI on a system running SecurePlatform. What action do you need to take regarding timeout? A. set the timeout to one hour with the command. fw fwd routing B.Checkpoint 156-215. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. This will take about 40 minutes since the log files are also needed.www. switch to expert mode. fw load routed D. Answer: C Explanation: "Pass Any Exam. Any Time. Log in as the default user expert and start cpinfo. What command do you need to run after stopping the firewall service? A.

B. Ipsinfo B.actualtests. C.com 43 . In the General Properties of the object representing the specific Firewall.75 Exam QUESTION NO: 105 Many companies have defined more than one administrator." . Which of the following commands can be used to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer. Right-click in the menu. CST D. Any Time. but restrict it to all other firewalls by placing them in the Policy Targets field. "Pass Any Exam. D. select Administrator to Install to define only this administrator. Then. cpinfo Answer: C Explanation: QUESTION NO: 107 You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a SecurePlatform. an administrator with this permission profile cannot install a policy on any Firewall not listed here. How do you configure this? A. Uag-diag C. go to the Software Blades product list and select Firewall. Define a permission profile in SmartDashboard with read/write privileges.Checkpoint 156-215. and select that Firewall in Policy Targets.www. Right-click on the object representing the specific administrator. Answer: C Explanation: QUESTION NO: 106 What is the officially accepted diagnostic tool for IP appliance support? A. only one administrator should be able to install a Rule Base on a specific Firewall. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced / Permission to Install. To increase security. You have trouble configuring the speed and duplex settings of your Ethernet interfaces.

75 Exam A. echo 1 > /proc/sys/net/ipv4/ip_forward B." . I "Pass Any Exam. cthtool B. A. eth_set D.Checkpoint 156-215. 2 B. 4 Answer: D Explanation: QUESTION NO: 110 Looking at an fw monitor capture in Wireshark. ipsofwd on admin Answer: D Explanation: QUESTION NO: 109 How many inspection capture points are shown in fw monitor? A.actualtests. 1 C. clish -c set routing active enable C. ifconfig – a C.com 44 . the initiating packet in Hide NAT translates on________.www. echo 0 > /proc/sys/net/ipv4/ip_forward D. Any Time. Depends on the number of interfaces on the Gateway D. mii_tool Answer: C Explanation: QUESTION NO: 108 Which command enables IP forwarding on IPSO? A.

C.www." -w /tmp/monitor. before and after the inbound inspection. before and after the outbound inspection.txt C. Any Time. Only outbound traffic.actualtests.75 Exam B.txt Answer: A Explanation: QUESTION NO: 112 When you run the fw monitor -e "accept. will retrieve what? A. fw monitor -e "accept. D." command. All traffic coming in all directions. B. fw monitor -e "accept. What is the correct syntax to accomplish this task? A. what type of traffic is captured? A." -f > /tmp/monitor. O C. i Answer: B Explanation: QUESTION NO: 111 You want to create an ASCII formatted output file of the fw monitor command.Checkpoint 156-215." > /tmp/monitor. fw monitor -m iO -e "accept. The IP address "Pass Any Exam." -o /tmp/monitor." .txt D. o D. fw monitor -e "accept. All traffic accepted by the Rule Base. Only inbound traffic.com 45 . before and after inbound and outbound inspection. found on the Host Node Object / General Properties page.txt B. Answer: B Explanation: QUESTION NO: 113 The Get Address button.

and two of the desired results. Your manager gives you the following requirements for controlling DNS traffic: Required Result #1: Accept domain-name-over-TCP traffic (zone-transfer traffic) Required Result #2: Log domain-name-over-TCP traffic (zone-transfer traffic) Desired Result #1: Accept domain-name-over-UDP traffic (queries traffic) Desired Result #2: Do not log domain-name-over-UDP traffic (queries traffic) Desired Result #3: Do not clutter the Rule Base try creating explicit rules for traffic that can be controlled using Global Properties To begin. The fully qualified domain name D.Select the box Accept Domain Name over UDP (Queries) in Global Properties . B. The actions do not achieve the required results. The Mac address Answer: A Explanation: QUESTION NO: 114 You have just been hired as the Security Administrator for the Insure-It-All insurance company. but none of the desired results. and install the Security Policy . C.Select the box Accept Domain Name over TCP (Zone Transfer) in Global Properties . The actions meet all required and desired results. D." .75 Exam B.www. Any Time.com 46 .Select the box Log Implied Rules in Global Properties Do your initial actions meet the required and desired results? A. how do you make "Pass Any Exam. The actions achieve all required results.Checkpoint 156-215. Answer: A Explanation: QUESTION NO: 115 When you change an implicit rule’s order from last to first in global properties. The domain name C. The actions achieve the required results. you make the following configuration changes.actualtests.

0 and 10. found on the Host Node Object > General Properties page retrieve the address? A. Answer: C Explanation: QUESTION NO: 117 How does the Get Address button.10. Based on these rules. SNMP Get C. Address resolution (ARP.0.10.www. Name resolution (hosts file.20. Run fw fetch from the security gateway Answer: B Explanation: QUESTION NO: 116 You create implicit and explicit rules for the following network. what happens if you Ping from host 10.10. Route Table B. Assume Accept ICMP requests is enabled as Before last in Global Properties. Any Time.actualtests. Reinstall the security policy C. Select save from the file menu B. D. the Cleanup Rule.10. RARP) D.com 47 . B. Select install database from the policy menu D.75 Exam the change take effect? A. cache) Answer: D Explanation: "Pass Any Exam.5 to a host on the Internet by IP address? ICMP will be: A. C. dropped by rule 0. dropped by rule 2. accepted by rule 1. The group object internal-networks includes networks 10." .10. DNS.Checkpoint 156-215. dropped by the last Implicit rule.

Detecting people using false or wrong authentication logins.www. Hiding your firewall from unauthorized users. D. sysconfig C. SmartUpdate B. Disguising an illegal IP address behind an authorized IP address through port address Translation. Any Time. Security Gateway Answer: D Explanation: QUESTION NO: 119 Spoofing is a method of: A. SmartDashboard Answer: D Explanation: "Pass Any Exam. Answer: C Explanation: QUESTION NO: 120 Certificates for Security Gateways are created during a simple initialization from______.com 48 . Domain C. The ICA management tool. A.Checkpoint 156-215.actualtests. Host B. C.75 Exam QUESTION NO: 118 Anti-Spoofing is typically set up on which object type? A. Making packets appear as if they come from an authorized IP address D. B. Network D." .

You also installed the Security Gateway on a second SecurePlatform computer." . and click initialize and ok. 2. enter the activation key.actualtests.75 Exam QUESTION NO: 121 Which of the below is most correct process to reset SIC from SmartDashboard? A. 3) Confirm the gateway object with the host name and IP address for the remote site. Run cpconfig. What is the correct order for pushing SIC certificates to the Gateway before shipping it? 1) Run cpconfig on the gateway. Run cpconfig. Any Time. 5 Answer: B Explanation: "Pass Any Exam.Checkpoint 156-215. 1 B.1. 3. 5 D. 4. 4. 1. 2. 5) Install the security policy. A. set secure internal communication. 2) Initialize internal certificate authority (ICA) on the security Management server.1. and type a new activation key D. then click Reset Run cpconfig and type a new activation key C. 1. and click reset B. 5.com 49 . and select Secure Internal Communication > Change One Time Password Answer: B Explanation: QUESTION NO: 122 You installed Security Management Server on a computer using SecurePlatform in the MegaCorp home office. 5 C. 3. 4. 1. 3. 4) Click the communication button in the gateway object’s general screen. 3. Click the Communication > button for the firewall object. 2.www.1. 4. 2. enter the activation key and reconfirm. You use IP address 10. Click Communication > Reset on the Gateway object. which you plan to ship to another Administrator at a MegaCorp hub office.

The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility. you start cpconfig. you receive this error message: What is the reason for this behavior? A. B. On sgosaka. The old Gateway object should have been deleted and recreated. you choose sgosaka.com 50 .www. The Gateway was not rebooted. Answer: C Explanation: QUESTION NO: 124 You want to reset SIC between smberlin and sgosaka. The activation key contains letters that are on different keys on localized keyboards. B. D. What is a possible reason for the problem? A. which is necessary to change the SIC key. You must first initialize the Gateway object in SmartDashboard (i. Therefore. He set a new activation key on the Gateway's side with the cpconfig command and put in the same activation key in the Gateway's object on the Security Management Server Unfortunately SIC cannot be established. Answer: C Explanation: QUESTION NO: 125 Which rule should be the Cleanup Rule in the Rule Base? "Pass Any Exam. C. Joe forgot to reboot the Gateway. When trying to establish a connection.75 Exam QUESTION NO: 123 Although SIC was already established and running. Joe reset SIC between the Security Management Server and a remote Gateway. Reset. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. In SmartDashboard. Any Time. choose Secure Internal Communication and enter the new SIC Activation Key. Communication. D. choose Basic Setup / Initialize). right-click on the object. instead of a working connection. The installed policy blocks the communication. Joe forgot to exit from cpconfig.Checkpoint 156-215. C.actualtests." . the activation can not be typed in a matching fashion.e..

Cleanup and Administrator Access rules C. First.com 51 .actualtests. Answer: A Explanation: QUESTION NO: 126 What are the two basic rules which should be used by all Security Administrators? A. it explicitly accepts otherwise dropped traffic. It serves a logging function before the implicit drop. Cleanup and Stealth rules Answer: D Explanation: QUESTION NO: 127 Which item below in a Security Policy would be enforced first? A. Network Traffic and Stealth rules D. Any Time. how can you then disable the rule? A. Administrator-defined Rule Base B. Last. Last." . B. it explicitly drops otherwise accepted traffic C. Before last followed by the Stealth Rule.Checkpoint 156-215. "Pass Any Exam. Use the search utility in SmartDashboard to view all hidden rules Select the relevant rule and click Disable Rule(s). D.75 Exam A. IP spoofing/IP options D. Administrator Access and Stealth rules B. Security Policy "First" rule Answer: C Explanation: QUESTION NO: 128 When you hide a rule in a Rule Base.www. Network Address Translation C.

" .actualtests. D. Answer: C Explanation: QUESTION NO: 130 A Clean-up rule is used to: A. re-hide the rule. Answer: C Explanation: QUESTION NO: 129 A Stealth rule is used to: A. A. Hidden rules are already effectively disabled from Security Gateway enforcement. Drop without logging connections that would otherwise be dropped and logged fry default B. B. Right-click on the hidden rule place-holder bar and uncheck Hide. Right-click on the hidden rule place-holder bar and select Disable Rule(s). Stealth "Pass Any Exam. Drop without logging connections that would otherwise be accepted and logged by default Answer: C Explanation: QUESTION NO: 131 A ____________ rule is designed to log and drop all other communication that does not match another rule. C. D. C. Cloak the type of Web server in use behind the Security Gateway. Prevent tracking of hosts behind the Security Gateway. D. Log connections that would otherwise be dropped without logging by default. Use the Security Gateway to hide the border router from internal attacks.75 Exam B. Log connections that would otherwise be accepted without logging by default. Prevent communication to the Security Gateway itself.www. Any Time.Checkpoint 156-215.com 52 . C. then right-click and select Disable Rule(s).

C.www.Checkpoint 156-215. EXCEPT: A. Reject D. They are derived from Global Properties and explicit object properties. After Stealth Rule Answer: C Explanation: QUESTION NO: 134 All of the following are Security Gateway control connections defined by default implied rules. The Gateway enforces implicit rules that enable outgoing packets only. Changes to the Security Gateway's default settings do not affect implicit rules.75 Exam B. "Pass Any Exam. First B. Anti-Spoofing Answer: B Explanation: QUESTION NO: 132 Which statement is TRUE about implicit rules? A. Before Last C. B. D. Last D. Acceptance of IKE and RDP traffic for communication and encryption purposes." .actualtests. Answer: A Explanation: QUESTION NO: 133 You have included the Cleanup Rule in your Rule Base. Cleanup C. Any Time. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect? A. You create them in SmartDashboard.com 53 .

259 B. UFP. CVP. Any Time.www.75 Exam B. In order for the Security Gateway to send logs to the Security Management Server.Checkpoint 156-215. Communication with server types. if any. management. the administrator has removed all default check boxes from the Policy / Global Properties / Firewall tab. Exclusion of specific services for reporting purposes. 900 D. 256 Answer: B Explanation: QUESTION NO: 136 Examine the following Security Policy. and key exchange.actualtests. and LDAP. TACACS. such as RADIUS. an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______. Nothing at all "Pass Any Exam. What. D." . 257 C.com 54 . A. C. Answer: B Explanation: QUESTION NO: 135 In a distributed management environment. such as logging. changes could be made to accommodate Rule 4? A. Specific traffic that facilitates functionality.

com 55 ." . Any Time. which one of the following would you choose to do? "Pass Any Exam.75 Exam B. Create network objects that restrict all applicable rules to only certain networks Answer: A Explanation: QUESTION NO: 139 You are working with multiple Security Gateways that enforce a common set of rules. Create a separate Security Policy package for each remote Security Gateway B. Internal Certificate Authority (ICA) certificate C.www. Fwauth. To simplify Security administration. To minimize the number of policy packages. Objects_5_0. What configuration remains the same no matter which version is used? A.NDB D. Rule Bases_5_0.C Answer: B Explanation: QUESTION NO: 138 You are working with multiple Security Gateways that enforce an extensive number of rules. Modify the VPN column in Rule 2 to limit access to specific traffic Answer: D Explanation: QUESTION NO: 137 A Security Policy has several database versions. Modify the Source or Destination columns in Rule 4 C. Remove the service HTTPS from the Service column in Rule A D.actualtests.fws B. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules D. Run separate SmartConsole instances to login and configure each Security Gateway directly C.Checkpoint 156-215. which one of the following would you choose to do? A.

User Authentication C.www. Install a separate local Security Management Server and SmartConsole for each remote Security Gateway. Which statement is TRUE? A. Create a single Security Policy package with Install On / Target defined whenever a unique rule is required for a specific Gateway." . Site-to-Site VPNs need to re-authenticate. Client Authentication Answer: B Explanation: QUESTION NO: 141 Installing a policy usually has no impact on currently existing connections. Users being authenticated by Client Authentication have to re-authenticate. All FTP downloads are reset. D.actualtests. Answer: A Explanation: QUESTION NO: 142 "Pass Any Exam. C. Create a separate Security Policy package for each remote Security Gateway and specify Install On / Gateways. Any Time.75 Exam A. users have to start their downloads again. Session Authentication D. so a policy install is recommended during announced downtime only. C. Cleanup B.com 56 . All connections are reset. B.Checkpoint 156-215. so Phase 1 is passed again after installing the Security Policy. B. Run separate SmartDashbord instance to login and configure each Security Gateway directly. D. Answer: C Explanation: QUESTION NO: 140 Which rules are not applied on a first-match basis? A.

75 Exam Several Security Policies can be used for different installation targets. A Rule Base is always installed on all possible targets. only this firewall is shown in the list of possible installation targets after selecting Policy > Install. Answer: C Explanation: QUESTION NO: 143 Which of these security policy changes optimize Security Gateway performance? A.Checkpoint 156-215. These rules may only be installed on this machine and not accidentally on the Internet firewall. D." .actualtests. C.www. Your network diagram shows: "Pass Any Exam. In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewall to be put into the list via Specific Targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base. Any Time. B.com 57 . Use Automatic NAT rules instead of Manual NAT rules whenever possible B. Using groups within groups in the manual NAT Rule Base D. When selecting the correct firewall in each line of the row Install On of the Rule Base.3. Putting the least-used rule at the top of the Rule Base C. The firewall protecting Human Resources' servers should have a unique Policy Package. Using domain objects in rules when possible Answer: A Explanation: QUESTION NO: 144 Your perimeter Security Gateway's external IP is 200. How can this be configured? A.200.200. A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install.

Add an ARP entry for 200.200.1.5 for the MAC address of 200.5.200.5 as hiding IP address Add an ARP entry for 200.20.0/24. Create a network object 192. Enable Hide NAT on both network objects. Enter 200.200.0 to go out to the Internet.200.168. using 200." . Add and ARP entry for 200.168.168. how could you achieve these requirements? A.200.200.200.3 for the MAC address of 200.20.200. Create two network objects: 192. using 200. and 192.200. Create network objects for 192.5. D.Checkpoint 156-215.200.254.168.10.10.3.168.200. Service – original.actualtests.0/24 needs to use 200. B.168.0/24.0/24.200. 200.168.10. Answer: C Explanation: QUESTION NO: 145 "Pass Any Exam. Any Time. Translated source – 200.0.200.5 as the hiding IP address. Destination – any Service – any.20. Enable Hide NAT on the NAT page.3 to go out to the Internet. Enter Hiding IP address 200.0 and 192. Add the two network objects.5 for the MAC address of 200. Assuming you enable all the settings in the NAT page of Global Properties.200.5.200. The local network 192. C.200. Enable Hide NAT on the NAT page of the address range object.0/16.200.20.5.168.1 to 192.168.200.200. Destination – original.75 Exam Required: Allow only network 192. starting from 192.3. Create a manual NAT rule like the following Original source –group object.com 58 .10.200. Create an Address Range object.168.www.0/24 and 192.200.200.200.

1. Translate destination on client side is not checked in Global Properties under manual NAT rules. one for the real IP connection and one for the NAT IP connection Answer: A Explanation: QUESTION NO: 147 Which of the following statements BEST describes Check Point's Hide Network Address Translation method? A.1. 10.1.0 to exit the network. Manual NAT rules are not configured correctly. your FTP server and SMTP server are both using automatic NAT rules. inbound D. but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. B. D.com 59 .actualtests.www. you set up manual NAT rules for your HTTP server. However. 10.0 behind the Security Gateway's external interface. Answer: C Explanation: QUESTION NO: 146 You enable Hide NAT on the network object. Only one. Two. Routing is not configured correctly. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation B.1. outbound B.1.10 successfully. Any Time. Translates many destination IP addresses into one destination IP address C.Checkpoint 156-215. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem. both outbound. one for outbound. How many log entries do you see for that connection in SmartView Tracker? A. What is causing this? A. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both "Pass Any Exam. Translates many source IP addresses into one source IP address D. Only one. You browse to from host." . You enable a log on the rule that allows 10.75 Exam Because of a pre-existing design constraints. one for inbound C. C. Two. Allow bi-directional NAT is not checked in Global Properties.1.

com 60 .www. Host network C. Host D. Dynamic Destination D. HTTP Logical Server C. Static Destination B. Host user D. Network.Checkpoint 156-215.75 Exam Source and Destination IP address translation Answer: C Explanation: QUESTION NO: 148 Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity? A. Static Source Answer: B Explanation: QUESTION NO: 149 NAT can NOT be configured on which of the following objects? A. Address Range B. Any Time. Gateway Answer: B Explanation: QUESTION NO: 150 NAT can be implemented on which of the following lists of objects? A. Dynamic Object "Pass Any Exam." . Domain network B.actualtests. Hide C.

B. Port Address Translation C.www.com 61 . Place a static host route on the firewall for the valid IP address to the internal Web server.75 Exam Answer: B Explanation: QUESTION NO: 151 Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ? A. Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. C. Dynamic Source Address Translation D. Any Time. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address. D. Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address." . Hide Address Translation Answer: A Explanation: QUESTION NO: 152 You want to implement Static Destination NAT in order to provide external.Checkpoint 156-215.actualtests. Static Destination Address Translation B. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway? A. you notice that any NATed connections to that machine are being dropped by anti"Pass Any Exam. Answer: B Explanation: QUESTION NO: 153 After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

0/24 allows all traffic to the Internet using Hide NAT. Automatic ARP configuration C. Configure Automatic Hide NAT on network 10. Any Time. The Global Properties setting Translate destination on client side is unchecked.actualtests.0 tries to access the Internet for HTTP. Configure three Manual Static NAT rules for network 10.10. Answer: D Explanation: QUESTION NO: 154 Which NAT option applicable for Automatic NAT applies to Manual NAT as well? A. The Global Properties setting Translate destination on client side is checked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Uncheck the Global Properties setting Translate destination on client side D." .Checkpoint 156-215.10.com 62 .www.10.10. Enable IP Pool NAT D.10.20.10. B.10. Allow bi-directional NAT B. You also have a small network 10. You want to configure the kernel to translate the source address only when network 10.0/24 and then edit the Service column in "Pass Any Exam.Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side. Configure one Manual Hide NAT rule for HTTP.20.Change topology to Others +.0/24 C.20. But the topology on the external interface is set to Others +. The Global Properties setting Translate destination on client side is unchecked.75 Exam spoofing protections.0/24 behind the internal router.20. one for each service B. and FTP services. The Global Properties setting Translate destination on client side is checked.0/24. FTP. But the topology on the external interface is set to External. SMTP. But the topology on the DMZ interface is set to Internal . and SMTP services for network 10. Translate destination on client-side Answer: D Explanation: QUESTION NO: 155 Your main internal network 10. Change topology to External C.20. Which of the following is the MOST LIKELY cause? A. Which of the following configurations will allow this network to access the Internet? A.

configure manual static NAT rules to translate the DMZ servers.10.x is configured for Hide NAT behind the Security Gateway's external interface.actualtests. using the DMZ servers' public IP addresses? A.10.20. Internal_net 10. When connecting to the internal network 10.x users to access the DMZ servers.com 63 .10. configure Hide NAT for the DMZ servers.10 x.0/24 Answer: B Explanation: QUESTION NO: 156 You have three servers located in a DMZ.10.10x. You want internal users from 10. configure Hide Nat for the DMZ network behind the DMZ interface of the Security Gateway Answer: B Explanation: "Pass Any Exam." .www.Checkpoint 156-215. When connecting to internal network 10 10.10.75 Exam the NAT Rule Base on the automatic rule D.10.10.10.10. configure manual Static NAT rules to translate the DMZ servers B. Any Time. Configure Automatic Static NAT on network 10.10.x to access the DMZ servers by public IP addresses. D. When connecting to the Internet.x. What is the best configuration for 10. C. When the source is the internal network 10. using private IP addresses.

D. B. The initiating traffic is an example of __________.google. A. source on client side B. Client side NAT B. A.Checkpoint 156-215.www.actualtests. A client on the Internet initiates a session to the Web Server. Any Time. C. destination on server side C.com 64 . Assuming there is a rule allowing this traffic. the initiating packet will translate the_________. "Pass Any Exam. destination on client side D. Source NAT D.com and is set for Hide NAT behind the Security Gateway. With the default settings in place for NAT. A static route must be added on the Security Gateway to the internal host." . Client side NAT is not checked in the Global Properties. None of these Answer: C Explanation: QUESTION NO: 158 A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. what other configuration must be done to allow the traffic to reach the Web server? A. Destination NAT C.75 Exam QUESTION NO: 157 An internal host initiates a session to www. source on server side Answer: C Explanation: QUESTION NO: 159 A Web server behind the Security Gateway is set to Automatic Static NAT. A static route for the NAT IP must be added to the Gateway's upstream router. Automatic ARP must be unchecked in the Global Properties. Nothing else must be configured.

Answer: B Explanation: QUESTION NO: 161 The fw monitor utility is used to troubleshoot which of the following problems? A.75 Exam Answer: B Explanation: QUESTION NO: 160 When translation occurs using automatic Hide NAT. An error occurs when editing a network object in SmartDashboard B.www.com 65 . what also happens? A.actualtests. Log Consolidation Engine Answer: C Explanation: QUESTION NO: 162 The fw monitor utility would be best to troubleshoot which of the following problems? A. You get an invalid ID error in SmartView Tracker for phase 2 IKE key negotiations." .Checkpoint 156-215. A statically NATed Web server behind a Security Gateway cannot be reached from the Internet. B. Address translation D. Phase two key negotiation B. D. The destination port is modified. A user in the user database is corrupt. Nothing happens. The source port is modified. D. C. User data base corruption C. The destination is modified. C. Any Time. Answer: B Explanation: "Pass Any Exam.

C.Checkpoint 156-215. The Security Gateway's ARP file must be modified. A.actualtests. There is an example of Static NAT and translate destination on client side unchecked in Global Properties. Answer: D Explanation: QUESTION NO: 164 In SmartDashboard. VLAN tagging cannot be defined for any hosts protected by the Gateway. This is an example hide NAT. Translate destination on client side is checked in Global Properties. When Network Address Translation is used: A. select the statement that is true about NAT. D. B. It is not necessary to add a static route to the Gateway's routing table. C.www. Any Time. It is necessary to add a static route to the Gateway's routing table. D.75 Exam QUESTION NO: 163 Looking at the SYN packets in the Wireshark output. This is an example of Static NAT and Translate destination on client side checked in Global Properties. There is not enough information provided in the Wireshark capture to determine NAT settings. Answer: C Explanation: QUESTION NO: 165 Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on: "Pass Any Exam. B.com 66 ." .

while others use the Automatic Static NAT method. SIC names. Post-inbound Answer: C Explanation: QUESTION NO: 167 In a Hide NAT connection outbound.www. What is the order of the rules if both methods are used together? Give the best answer. Destination IP address and destination port C. SIC is not NAT-tolerant. Outbound B.Checkpoint 156-215. by default. MAC addresses.com 67 . "Pass Any Exam. C. Inbound D. Source IP address and destination port B. Source IP address and source port D. There are various network objects which must be NATed. D.actualtests.75 Exam A. IP addresses. Any Time. B. Answer: B Explanation: QUESTION NO: 166 Static NAT connections." . Eitherbound C. Destination IP address and destination port Answer: C Explanation: QUESTION NO: 168 You are MegaCorp's Security Administrator. Some of them use the Automatic Hide NAT method. which portion of the packet is modified? A. translate on which inspection point of the firewall kernel? A.

you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address. and (iii) B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range C. (ii). When using Dynamic Hide NAT with an address that is not configured on a Gateway interface. B.www. (i). Which is of the following is NOT true? A. and (ii) C. Any Time.actualtests.com 68 . (ii) and (iv) D. you decide to use Manual NAT entries instead of Automatic NAT rules." .Checkpoint 156-215. B. (i). The Administrator decides on the order of the rules by shifting the corresponding rules up and down. The rules created first are placed at the top. you need to add a proxy ARP entry for that address. only (i) Answer: D Explanation: QUESTION NO: 170 In order to have full control. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range D. Answer: B Explanation: QUESTION NO: 169 Which answers are TRUE? Automatic Static NAT CANNOT be used when: i) NAT decision is based on the destination port ii) Source and Destination IP both have to be translated iii) The NAT rule should only be installed on a dedicated Gateway only iv) NAT should be performed on the server side A. When using Static NAT. "Pass Any Exam. rules created later are placed successively below the others. The position of the rules depends on the time of their creation.75 Exam A.

Any Time.75 Exam C. but not in the O inspection point. I. D. C. An IPSO ACL has blocked the outbound passage of the packet. you must add proxy ARP entries to the Gateway for all hiding addresses. Which SmartConsole application should you use to check these objects and rules? A. The packet has been sent out through a VPN tunnel unencrypted.Checkpoint 156-215. SmartView Status C. Which is the likely source of the issue? A. all necessary entries are done for you. Answer: B Explanation: QUESTION NO: 171 After filtering a fw monitor trace by port and IP. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. If you chose Automatic NAT instead. a packet is displayed three times. SmartDashboard Answer: D Explanation: QUESTION NO: 173 Which statement below describes the most correct strategy for implementing a Rule Base? "Pass Any Exam. SmartView Tracker B. in the i." . B. It is an issue with NAT Answer: D Explanation: QUESTION NO: 172 A marketing firm's networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. SmartView Monitor D. When using Static NAT.www. A SmartDefense module has blocked the packet D. and o inspection points.actualtests.com 69 .

Grouping authentication rules with address translation rules D. Umit grouping to rules regarding specific access. Grouping IPS rules with dynamic drop rules Answer: C Explanation: QUESTION NO: 176 Which of the following is a viable consideration when determining Rule Base order? A. Any Time.Checkpoint 156-215. Adding SAM rules at the top of the Rule Base C. B. Placing frequently accessed rules before less frequently accessed rules D.com 70 . Grouping authentication rules with QOS rules "Pass Any Exam. Grouping reject and drop rules after the cleanup rule Answer: A Explanation: QUESTION NO: 175 Which of the following is a viable consideration when determining Rule Base order? A. Add the Stealth Rule before the last rule. D. Grouping functionally related rules together B.75 Exam A. Grouping rules by date of creation B." . Answer: C Explanation: QUESTION NO: 174 Which of the following is a viable consideration when determining Rule Base order? A. Place a network-traffic rule above the administrator access rule.actualtests. Grouping rules by date of creation C. C.www. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down.

All packets matching that rule are either encrypted or decrypted by the defined resource. Grouping reject and drop rules after the Cleanup Rule Answer: C Explanation: QUESTION NO: 177 You would use the Hide Rule feature to: A. "Pass Any Exam. Grouping IPS rules with dynamic drop rules C. All packets matching the resource service are analyzed through an application-layer proxy. Users attempting to connect to the destination of the rule will be required to authenticate.actualtests." . Answer: B Explanation: QUESTION NO: 178 When you add a resource object to a rule. All packets that match the resource will be dropped. Hide rules from read-only administrators.com 71 .Checkpoint 156-215. Which of the following is a possible cause? A. Answer: C Explanation: QUESTION NO: 179 You are a Security Administrator using one Security Management Server managing three different firewalls. B. Any Time.www. D. Hide rules from a SYN/ACK attack. D. Make rules invisible to incoming packets. One of the firewalls does NOT show up in the dialog box when attempting to install a Security Policy. B. C. which of the following occurs? A. The firewall object has been created but SIC has not yet been established. View only a few rules without the distraction of others C. Placing more restrictive rules before more permissive rules D.75 Exam B.

you want notification by a text message to your cellular phone. The number of packets that have been inspected B. Logging implied rules D. Since you are responsible for multiple sites.75 Exam B. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The firewall has failed to sync with the Security Management Server for 60 minutes. Which of the following would work BEST for your purpose? A. The number of packets that have been dropped Answer: C Explanation: QUESTION NO: 182 Which command allows verification of the Security Policy name and install date on a Security "Pass Any Exam. The number of times the policy has been installed D. Answer: D Explanation: QUESTION NO: 180 Your shipping company uses a custom application to update the shipping distribution database.actualtests.www." . User-defined alert script Answer: D Explanation: QUESTION NO: 181 The fw stat -l command includes all of the following except: A.com 72 . C. C. whenever traffic is accepted on this rule. SmartView Monitor Threshold B. The perimeter Security Gateway’s Rule Base includes a rule to accept this traffic. The firewall is not listed in the Policy Installation Targets screen for this policy package. D.Checkpoint 156-215. SNMP trap C. The date and time of the policy that is installed. Any Time. The license for this specific firewall has expired.

com 73 . Any Time.www.Checkpoint 156-215. Database Revision Control D. dbexport/dbimport C. Then. fw ctl pstat -policy C. Restore the entire database.75 Exam Gateway? A. How can you do this? A. run fwm dbimport -l filename to import the users. you decide to roll back to version 1 to use the Rule Base. Then.actualtests. except the user database. You create database version 1 for this configuration." . fw stat -l D. B. You save the Security Policy and create database version 2. ten users. and then create the new user and user group. and two user groups in a Security Policy. D. C. Restore the entire database. fw show policy B. Run fwm_dbexport to export the user database. run fwm_dbimport. except the user database. You modify one rule and add two new rules to the Rule Base. fwver-p Answer: C Explanation: QUESTION NO: 183 You have two rules. Restore the database. Answer: C Explanation: QUESTION NO: 184 Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration? A. Run fwm dbexport -l filename. Policy Package management B. After awhile. You then delete two existing users and add a new user group. Select restore the entire database in the Database Revision screen. upgrade_export/upgrade_import Answer: C "Pass Any Exam. but you want to keep your user database.

Any Time.com 74 . the remote Gateway uses the local Security Policy. Since the Security Management Server is not available. What occurs with the remote Gateway after reboot? A. Since the Security Management Server is not available. Pop-up alert script B.actualtests. Custom scripts cannot be executed through alert scripts D. all traffic is allowed through the Gateway. User-defined alert script C. no traffic is allowed through the Gateway." . Therefore. One of your remote Security Gateways managed by the Security Management Server reboots. SNMP trap alert script Answer: B Explanation: QUESTION NO: 187 Which of the following is NOT useful to verify whether or NOT a Security Policy is active on a Gateway? "Pass Any Exam. Therefore. the remote Gateway cannot fetch the Security Policy.www. D. the remote Gateway cannot fetch the Security Policy. C.75 Exam Explanation: QUESTION NO: 185 Your Security Management Server fails and does not reboot. The remote Gateway fetches the last installed Security Policy locally and passes traffic normally.Checkpoint 156-215. B. Answer: D Explanation: QUESTION NO: 186 How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy? A. The Gateway will log locally. Since the Security Management Server is not available. but does not log traffic. since the Security Management Server is not available.

fw ctl get string active_secpol Answer: D Explanation: QUESTION NO: 188 Of the following. 9. 4. Check the name of Security Policy of the appropriate Gateway in Smart Monitor. Cpstat fw – f policy C.actualtests. 6. 1.75 Exam A. 6.www. 5." . 3. 5. 9. 12.com 75 . 11 D. 13 C.Checkpoint 156-215. 2. 2. 13 B. 10. 11 Answer: A Explanation: "Pass Any Exam. what parameters will not be preserved when using Database Revision Control? 1) Simplified mode Rule Bases 2) Traditional mode Rule Bases 3) Secure Platform WebUI Users 4) SIC certificates 5) SmartView Tracker audit logs 6) SmartView Tracker traffic logs 7) Implied Rules 8) IPS Profiles 9) Blocked connections 10) Manual NAT rules 11) VPN communities 12) Gateway route table 13) Gateway licenses A. 12. fw stat D. 4. B. 10. Any Time. 8. 7.

D. D. All traffic is expressly permitted via explicit rules.actualtests. C. ICMP. Any Time. which type of traffic will be dropped if no explicit rule allows the traffic? A. you create a new Gateway object and Security Policy. i. "Pass Any Exam.e. Traffic not explicitly permitted is dropped.75 Exam QUESTION NO: 189 Which of the following describes the default behavior of an R75 Security Gateway? A. RIP traffic Answer: D Explanation: QUESTION NO: 191 You have installed a R75 Security Gateway on SecurePlatform. UDP sessions are inspected. B. TCP. The Gateway object is not specified in the Install On column of the first policy rule. B.www." . the Gateway object does not appear in the Install Policy window as a target. The new Gateway's temporary license has expired. Traffic is filtered using controlled port scanning. No Masters file is created for the new Gateway. SmartUpdate connections B. Answer: C Explanation: QUESTION NO: 190 When you use the Global Properties' default settings on R75. Firewall logging and ICA key-exchange information C.Checkpoint 156-215. What is the problem? A.com 76 . C. The object was created with Node / Gateway. Outgoing traffic originating from the Security Gateway D. When you install the new Policy from the Policy menu. IP protocol types listed as secure are allowed by default. To manage the Gateway from the enterprise Security Management Server.

What might be a reason for this? A. they have the same function as VPN Certificates. Uniquely identify Check Point enabled machines.com 77 . This must be a human error. He installs a new R75 Security Management Server and a new R75 Gateway. Any Time. B." .www. Answer: D Explanation: QUESTION NO: 193 John is the Security Administrator in his company. C. Answer: B Explanation: QUESTION NO: 194 "Pass Any Exam. C. but SIC still does not seem to work because the policy won't install and interface fetching still does not work. It always works when the trust is established. D. B. SIC Certificates: A. The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid. SIC does not function over the network. He now wants to establish SIC between them. D. ForR75Security Gateways are created during the Security Management Server installation.actualtests. the message "Trust established" is displayed in SmartDashboard. Are used for securing internal network communications between the SmartDashboard and the Security Management Server.75 Exam Answer: A Explanation: QUESTION NO: 192 Select the correct statement about Secure Internal Communications (SIC) Certificates. After entering the activation key.Checkpoint 156-215. Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.

B.1. which connections to your ISP provider. the administrator has removed the default check from Accept Control Connections under the Policy / Global Properties / FireWall tab.1. an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______. 256 B. D.0/24. C. 259 Answer: A Explanation: QUESTION NO: 196 Your internal network is configured to be 10.1.1.1.1. Use automatic Static NAT for network 10. 900 D. 80 C.1.0/24 behind the external IP address of your perimeter Gateway. Answer: B Explanation: "Pass Any Exam. A.actualtests. IPS Answer: C Explanation: QUESTION NO: 195 In a distributed management environment.0/24.0/24 behind the internal interface of your perimeter Gateway. Stealth D.1. Use Hide NAT for network 10.com 78 . as long as 10. Reject C. This network is behind your perimeter R75 Gateway.Checkpoint 156-215.www. Do nothing." . Any Time.75 Exam A _______ rule is used to prevent all traffic going to the R75 Security Gateway. Cleanup B. How do you configure the Gateway to allow this network to go out to the internet? A.0 network has the correct default Gateway.1. Use Hide NAT for network 10. A.1. In order for the Security Management Server to install a policy to the Firewall.

Checkpoint 156-215.75 Exam

QUESTION NO: 197 Which specific R75 GUI would you use to add an address translation rule? A. SmartConsole B. SmartDashboard C. SmartNAT D. SmartView Monitor Answer: B Explanation:

QUESTION NO: 198 You are a Security Administrator who has installed Security Gateway R75 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following: 1. Created manual Static NAT rules for the Web server. 2. Created the following settings in the Global Properties’ Network Address Translation screen - Allow bi-directional NAT* - Translate destination on client side Do you above settings limit the partner’s access? A. Yes, This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet. B. Yes, Both of these settings are only application to automatically NAT rules. C. No, The first setting is not applicable. The second setting will reduce performance, by translating traffic in the kernel nearest the intranet server. D. No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing. Answer: D Explanation:

QUESTION NO: 199 "Pass Any Exam. Any Time." - www.actualtests.com 79

Checkpoint 156-215.75 Exam You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R75 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5? A. i=inbound kernel, before the virtual machine B. O=outbound kernel, after the virtual machine C. o=outbound kernel, before the virtual machine D. I=inbound kernel, after the virtual machine Answer: D Explanation:

QUESTION NO: 200 You have configured a remote site Gateway that supports your boss's access from his home office using a DSL dialup connection. Everything worked fine yesterday, but today all connectivity is lost. Your initial investigation results in "nobody has touched anything", which you can support by taking a look in SmartView Tracker Management. What is the problem and what can be done about it? A. You cannot use NAT and a dialup connection. B. The NAT configuration is not correct; you can only use private IP addresses in a static NAT setup. C. A static NAT setup may not work with DSL, since the external IP may change. Hide NAT behind the Gateway is the preferred method here. D. According to published limitations of Security GatewayR75, there's a bug with NAT. A restart of the Gateway will help here. Answer: C Explanation:

Topic 3, Volume C QUESTION NO: 201 A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?

"Pass Any Exam. Any Time." - www.actualtests.com

80

Checkpoint 156-215.75 Exam A. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box. B. Anti-spoofing not configured on the interfaces on the Gateway object. C. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object. D. Secure Internal Communications (SIC) not configured for the object. Answer: A Explanation:

QUESTION NO: 202 A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R75. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block? A. A Stealth Rule has been configured for theR75Gateway. B. The Allow Control Connections setting in Policy / Global Properties has been unchecked. C. The Security Policy installed to the Gateway had no rules in it D. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway. Answer: B Explanation:

QUESTION NO: 203 Which of the following is NOT a valid selection for tracking and controlling packets in R75? A. Reject B. Accept C. Hold D. Session Auth Answer: C Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

81

but you do not see a rule allowing POP3 traffic in the Rule Base. D.Checkpoint 156-215.com 82 .actualtests. C. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes? A. and SMTP) accepted by the default mail object inR75. The POP3 rule is disabled. you notice logs accepting POP3 traffic. Database Revision Control Answer: D Explanation: "Pass Any Exam. Any D.www. Any Time. While reviewing configuration files and logs. POP3 is one of 3 services (POP3. upgrade export command B. POP3 is accepted in Global Properties. B. which of the following is NOT a valid R75 topology configuration? A. Answer: D Explanation: QUESTION NO: 206 You are about to test some rule and object changes suggested in an R75 news group. SecurePlatform backup utilities D. Not Defined Answer: C Explanation: QUESTION NO: 205 You are conducting a security audit." . IMAP. The POP3 rule is hidden.75 Exam QUESTION NO: 204 When configuring anti-spoofing on the Security Gateway object interfaces. Specific B. External C. Which of the following is the most likely cause? A. Manual copies of the $FWDIR/conf directory C.

upgrade_export/upgrade„import D. You clear the box Translate destination on client site from Global Properties / NAT. Define two log serves on the R75 Gateway object Enable Log Implied Rules on the first log server. C. Install the View Implicit Rules package using SmartUpdate B. Policy Package management C. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits. Any Time.www. Answer: C Explanation: QUESTION NO: 209 You have configured Automatic Static NAT on an internal host-node object. Database Revision Control Answer: B Explanation: QUESTION NO: 208 What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security gateway? A. Send these logs to a secondary log server for a complete logging history. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Assuming all other NAT settings in Global Properties are selected.75 Exam QUESTION NO: 207 Which R75 feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations? A. Use your normal log server for standard logging for troubleshooting." .com 83 . Check the Log Implied Rules Globally box on the R75 Gateway object.actualtests. fwm dbexport/fwm dbimport B. Enable Log Rule Base on the second log server. D. what else must be configured so that a host on the Internet can initiate an inbound connection to this host? "Pass Any Exam.Checkpoint 156-215.

but she is getting an error message.Checkpoint 156-215.actualtests. C. Other Security Gateways are reporting the information except a new Security Gateway that was just recently deployed. B.www. Any Time. to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface. A.75 Exam A." . A static route. No extra configuration is needed Answer: A Explanation: QUESTION NO: 210 Cara wants to monitor the top services on her Security Gateway (fw-chicago). The NAT IP address must be added to the anti-spoofing group of the external gateway interface D.com 84 . A proxy ARP entry. Analyze the error message from the output below and determine what Cara can do to correct the problem. She should re-install the security policy on the security Gateway since it was using the default "Pass Any Exam. to ensure packets destined for the public IP address will reach the Security Gateway’s external interface.

She should let the monitoring run longer in order for it to collect sampled data D. C. She should create a firewall rule to allow the CPMI traffic back to her smart console. Any Time.Checkpoint 156-215.actualtests. Answer: D Explanation: QUESTION NO: 211 What will happen when Reset is pressed and confirmed? A. The gateway certificate will be revoked on the security management server only B.com 85 .75 Exam rule base B. The Gateway certificate will be revoked on the security management server and SIC will be reset on the Gateway D. She should edit the security Gateway object and enable the monitoring Software Blade. The gateway certificate on the gateway only Answer: A Explanation: "Pass Any Exam." . SIC will be reset on the Gateway only C.www.

Answer: A "Pass Any Exam.75 Exam QUESTION NO: 212 Which rule is responsible for the installation failure? A. Rule 4 B." .www. Web Intelligence will be applied to the host. Any Time. D.com 86 .actualtests. An implied rule will be added allowing HTTP requests to the host. B. C.Checkpoint 156-215. Rule 6 Answer: A Explanation: QUESTION NO: 213 What happens if Web Server is checked? A. An implied rule will be added allowing HTTP request from and to the host. Rule 3 C. Rule 5 D. Anti-virus settings will be applied to the host.

What is the meaning of Interface leads to DMZ? A. Ann-Spoofing is configured automatically to this net. When selecting this option. the direction can be defined as Internal or External. Any Time." .www. D. It defines the DMZ Interface since this information is necessary for Content Control.75 Exam Explanation: QUESTION NO: 214 When configuring the network interfaces of a Check Point Gateway. this option automatically turns off the counting of IP Addresses originating from this interface C.actualtests. Activating this option automatically turns this interface to External "Pass Any Exam.com 87 . B. Using restricted Gateways.Checkpoint 156-215.

Last policy that was installed B." .com 88 . A. Answer: C Explanation: QUESTION NO: 216 The SIC certificate is stored in the________ directory. $CPDIR/conf C. $FWDIR/database D. Get interfaces will still show only the old interfaces but not the newly added ones. Establishing the SIC will fail.actualtests. C. After the SIC reset operation is complete. the policy that will be installed is the: A. $CPDIR/registry Answer: B Explanation: QUESTION NO: 217 You run cpconfig to reset SIC on the Security Gateway. $FUIDIR/conf B. B.Checkpoint 156-215. Default filter "Pass Any Exam.75 Exam Answer: A Explanation: QUESTION NO: 215 Security Administrator. Get interfaces will show all interfaces. Anna has done the following: What will happen when she recreates the firewall object? A. Creating the object will result in a duplicate IP address warning.www. Any Time. D.

2) Click the Communication tab on the Security Gateway object.g. some rules can be hidden so they do not distract the administrator from the unhidden rules. then exit cpconfig. Initial policy Answer: D Explanation: QUESTION NO: 218 Nancy has lost SIC communication with her Security Gateway and she needs to re-establish SIC. and then select Secure Internal Communication to reset. Standard policy D. select Search / Rule Base Queries. and then click Reset. 5. create a new Query. 1. This cannot be configured since two selections (Service. 2. define a second clause for the action Accept and combine them with the Boolean operator AND. 4. 3. 1. "HTTP_SSH") and define a clause regarding the two services HTTP and SSH. B. 3.www. How do you accomplish this? A. 1. 5. 1. 2. give it a name (e." . 2 B. Assume that only rules accepting HTTP or SSH will be shown. 4 C. Action) are not possible. 2 Answer: C Explanation: QUESTION NO: 219 To check the Rule Base. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the cpinfo file of the "Pass Any Exam. Any Time.Checkpoint 156-215. In SmartDashboard menu. 4. 3) Run the cpconfig tool.com 89 .75 Exam C. 4) Input the new activation key in the Security Gateway object. When having applied this. In the window that opens.actualtests. then select source Internal Communication to reset. What would be the correct order of steps needed to perform this task? 1) Create a new activation key on the Security Gateway. A. and then click initialize 5) Run the cpconfig tool. C. 4 D.

Do the same in the field Action and select Accept here. Then.Checkpoint 156-215. You create a manual Static NAT rule as follows: "web_public_IP" is the node object that represents the public IP address of the new Web server. Keep data connections C.com 90 . You enable all settings from Global Properties > NAT. right-click in the column field Service and select Query Column. "web_private_IP" is the node object that represents the new Web site's private IP address. Reset all connections D. Keep all connections B. In SmartDashboard.www. put the services HTTP and SSH in the list.75 Exam Security Management Server. Any Time.actualtests." . Re-match connections Answer: C Explanation: QUESTION NO: 221 You just installed a new Web server in the DMZ that must be reachable from the Internet. Answer: A Explanation: QUESTION NO: 220 What CANNOT be configured for existing connections during a policy install? A. When you try to browse the Web server from the Internet. D. you see the error "page cannot be "Pass Any Exam.

Which of the following is NOT a possible reason? A." .com 91 . (ii).www.actualtests. (iv) D. There is no NAT rule translating the source IP address of packets coming from the protected Web server. Answer: A Explanation: "Pass Any Exam. There is no Security Policy defined that allows HTTP traffic to the protected Web server. A. (iv) C. D.Checkpoint 156-215. (ii) Answer: A Explanation: QUESTION NO: 222 You just installed a new Web server in the DMZ that must be reachable from the Internet. C. ii) There is no Security Policy defined that allows HTTP traffic to the protected Web server. Any Time. (iii) B. Which statements are possible reasons for this? i) There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server. (i). (iii). "web_private_IP" is the node object that represents the new Web site's private IP address. The Security Gateway ignores manual ARP entries. When you try to browse the Web server from the Internet you see the error "page cannot be displayed". (i). There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server. You enable all settings from Global Properties > NAT. B.75 Exam displayed". iii) There is an ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration are enabled in Global Properties. There is no ARP table entry for the public IP address of the protected Web server. (ii). (i). iv) There is no ARP table entry for the public IP address of the protected Web server. You create a manual Static NAT rule as follows: "web_public_IP" is the node object that represents the public IP address of the new Web server.

Yes. websydney. there are always as many active NAT rules as there are connections. it is possible to have two NAT rules which match a connection. it stops checking and applies that rule. Any Time. Yes. You need to allow two NAT rules to match a connection.actualtests. it compares it against the first rule in the Rule Base. it is possible to have two NAT rules which match a connection. A. and so on When it finds a rule that matches.Checkpoint 156-215. it is not possible to have more one NAT rule matching a connection. B. C. Answer: A Explanation: QUESTION NO: 224 You have created a Rule Base for firewall. No. then the second rule. What is TRUE about the new package's NAT rules? "Pass Any Exam. but only in using Manual NAT (bidirectional NAT) D.75 Exam QUESTION NO: 223 You are responsible for the configuration of MegaCorp's Check Point Firewall." . Is it possible? Give the BEST answer.www. but only when using Automatic NAT (bidirectional NAT). Now you are going to create a new policy package with security and address translation rules for a second Gateway.com 92 . When the firewall receives a packet belonging to a concentration. Yes.

" .actualtests. NAT rules will be empty in the new package Answer: C Explanation: QUESTION NO: 225 A Hide NAT rule has been created which includes a source address group of ten (10) networks and three (3) other group objects (containing 4. 3. Rules 1 and 5 will be appear in the new package B. how many effective rules have you created? A.www.75 Exam A. and 6 host objects respectively).Checkpoint 156-215. 1 B. 4 and 5 will appear in the new package C. 2 D.com 93 . Assuming all addresses are non-repetitive. Any Time. 25 C. 5. Rules 1. 13 Answer: B Explanation: "Pass Any Exam. Rules 2. 3 and 4 will appear in the new package D.

First D. To permit management traffic C. Middle C. Manual NAT B.Checkpoint 156-215. To prevent users from connecting directly to the gateway D. To permit implied rules B.75 Exam QUESTION NO: 226 What is a Stealth rule used for? A. Any Time.com 94 . Before last B. Client-side NAT Answer: D Explanation: QUESTION NO: 229 "Pass Any Exam.www.actualtests. Server-side NAT C. Hide NAT D." . To drop all traffic to the management server that is not explicitly permitted Answer: C Explanation: QUESTION NO: 227 Where are automatic NAT rules added to the Rule Base? A. Last Answer: C Explanation: QUESTION NO: 228 What is the default setting when you use NAT? A.

Administrator login and logout B. C. Any Time.actualtests. Object creation. Rule Base changes Answer: C Explanation: "Pass Any Exam.www. Ask the mainframe users to reconnect every time this error occurs. deletion. D. Use this new object only in the rule that allows the Telnet connections to the mainframe. SmartView Tracker B. Reviewing SmartView Tracker shows the packet is dropped with the error: "Unknown established connection" How do you resolve this problem without causing other security issues? Choose the BEST answer." . Create a new TCP service object on port 23 called Telnet-mainframe.com 95 . B. SmartConsole applications only communicate with the Security Management Server.75 Exam You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Tracking SLA compliance D. Define a service-based session Timeout of 24-hours. None. Increase the service-based session timeout of the default Telnet service to 24-hours. Answer: B Explanation: QUESTION NO: 230 Which SmartConsole tool would you use to see the last policy pushed in the audit log? A. SmartView Server Answer: A Explanation: QUESTION NO: 231 SmartView Tracker logs the following Security Administrator activities. Increase the TCP session timeout under Global Properties > Stateful Inspection.Checkpoint 156-215. SmartView Status D. and editing C. C. EXCEPT: A. A.

Exported log entries are not viewable in SmartView Tracker. Purges the current log file.log. Exported log entries are deleted from fw.log are exported to a file that can be opened by Microsoft Excel. Current logs are exported to a new *. B. ASCII Only Response Header detected: SQL B. Purges the current log file and starts the new log file. C.75 Exam QUESTION NO: 232 A security audit has determined that your unpatched Web application server is accessing a SQL server. D. names the log file by date and time. the Security Management Server: A. D. You believe that you have enabled the proper IPS setting but would like to verify this using SmartView Tracker. HTTP response spoofing: remove signature [SQL Server] Answer: C Explanation: QUESTION NO: 233 What happens when you select File / Export from the SmartView Tracker menu? A. Logs in fw. and then saves the log file. Prompts you to enter a filename." . and starts a new log file. B. Saves the current log file. Fingerprint Scrambling: Changed [SQL] to [Perl] C. Answer: A Explanation: QUESTION NO: 234 By default.log file. Concealed HTTP response [SQL Server]. and prompts you for the new log’s mode.www.com 96 . Which of the following entries confirms that this information is being blocked against attack? A.actualtests. "Pass Any Exam. Any Time. when you click File > Switch Active File in SmartView Tracker.Checkpoint 156-215. C. (Error Code WSE0160003) D.

" . Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators? A. If you want to see ONLY those entries. what steps would you take? A.75 Exam Answer: B Explanation: QUESTION NO: 235 You are working with three other Security Administrators. Display Payload View C.actualtests. Left-click column. Search / Add string / Apply Filter D.Checkpoint 156-215. B. This is not a SmartView Tracker feature. Any Time. Right-click column. Specific / Add / Apply Filter "Pass Any Exam. Eventia Monitor B. SmartView Tracker D. Eventia Tracker Answer: C Explanation: QUESTION NO: 236 Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company? A. Edit Filter / Specific / Add / OK C.com 97 . Right-click column. Display Capture Action D. SmartView Monitor C.www. Network and Endpoint Tab Answer: A Explanation: QUESTION NO: 237 You want to display log entries containing information from a specific column in the SmartView Tracker. Search…/ Add string / Apply Filter B. Left-click column.

Tools / Custom Commands and configure the Linux command traceroute to the list.com 98 . There is no possibility to expand the three pre-defined options Ping.exe to the list. provide name and define protocol: 17. and Nslookup. D." . Whois. Manage Services / New Other. Manage Services / New TCP. The Security Management Server is running under SecurePlatform. Go to the menu. How do you run the command. C. and the GUI is on a system running Microsoft Windows. Manage Services / New Group.www. Manage Services / New Other. provide name and define protocol: x-y Answer: A Explanation: QUESTION NO: 239 External commands can be included in SmartView Tracker via the menu Tools / Custom Commands. Answer: B Explanation: QUESTION NO: 240 Where is the best place to find information about connections between two machines? "Pass Any Exam. provide name and define port: x-y B. Any Time. Go to the menu Tools / Custom Commands and configure the Windows command tracert. traceroute on an IP address? A.75 Exam Answer: B Explanation: QUESTION NO: 238 How do you define a service object for a TCP port range? A. B. Use the program GUIdbedit to add the command traceroute to the properties of the Security Management Server. provide name and add all service ports for range individually to the group object C.Checkpoint 156-215.actualtests. Range: x-y D.

Answer: A Explanation: "Pass Any Exam. Policy file information specific to this enforcement point C. Rules or routing may block the connection. When you click the Test SIC status button in the problematic Gateway object you receive an error message. C. All options are valid. c B. The complete file objects_5_0. VPN keys for all established connections to all enforcement points Answer: B Explanation: QUESTION NO: 242 One of your remote Security Gateway's suddenly stops sending logs. On a Security Gateway using the command fw log. and Policy installation is not affected. which invalidates the SIC Certificate. The time on the Security Management Server's clock has changed. All other remote Security Gateways are logging normally to the Security Management Server. What is the problem? A. C. The remote Gateway's IP address has changed.75 Exam A.www. B.actualtests.Checkpoint 156-215.com 99 ." . using SmartView Tracker B.C. There is no connection between the Security Management Server and the remote Gateway. it gives you detailed access to log files and state table information Answer: A Explanation: QUESTION NO: 241 Which of the following can be found in cpinfo from an enforcement point? A. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0. Any Time. D. and you cannot install the Security Policy on the Gateway. Everything NOT contained in the file r2info D. D. which invalidates the remote Gateway's Certificate. On a Security Management Server. On a Security Gateway Console interface.

Number of concurrent IKE negotiations C. Destination IP address B. Policy Package rule modification date/time stamp C.75 Exam QUESTION NO: 243 What information is found in the SmartView Tracker Management log? A.com 100 . View total packets passed through the security gateway B. Use the Traffic Counters settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day. Any Time. Most accessed Rule Base rule B. SIC revoke certificate event D.Checkpoint 156-215. Select the Tunnels view.actualtests." .www. Historical reports log D. C. Destination IP address Answer: C Explanation: QUESTION NO: 244 What information is found in the SmartView Tracker Management log? A. Most accessed Rule Base rule Answer: B Explanation: QUESTION NO: 245 How do you use SmartView Monitor to compile traffic statistics for your company's Internet activity during production hours? A. Configure a suspicious activity rule which triggers an alert when HTTP traffic pass through gateway Answer: B Explanation: "Pass Any Exam. and generate a report on the statistics D.

This is a known issue with the GRE. The setting Log does not capture this level of details for GRE Set the rule tracking a action to "Pass Any Exam. Connections to the specified target are blocked without the need to change the Security Policy. D. Which of the following is the BEST explanation for this behavior? A. Connections to and from the specified target are blocked with the need to change the Security Policy. Because it is encrypted. thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.Checkpoint 156-215. SmartView Tracker shows a log entry for the UDP keep-alive packet every minute. If GRE encapsulation is turned off on the router.75 Exam QUESTION NO: 246 What are the results of the command: fw sam [Target IP Address]? A. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. A rule for GRE traffic is configured for ACCEPT/LOG. Connections from the specified target are blocked without the need to change the Security Policy. a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install). C. Any Time. Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval. Use IPSEC instead of the non GRE protocol for encapsulation. B. C.actualtests. Answer: C Explanation: QUESTION NO: 247 An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R70 Security Gateway to a partner site. Although the keep-alive packets are being sent every 1 minute. Disable all VPN configurations to the partner site to enable proper logging.com 101 . B. Connections to and from the specified target are blocked without the need to change the Security Policy. theR75Security Gateway cannot distinguish between GRE sessions. D. GRE traffic has a 10 minute session timeout. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker." . The Log Server is failing to log GRE traffic property because it is VPN traffic.www.

Security rules only D. you receive a call that some connectivity problems have occurred. Display protocol Hosts D. Which objects can you create? A.75 Exam audit since certain types of traffic can only tracked this way." . Answer: A Explanation: QUESTION NO: 248 Which of the following explanations best describes the command fw logswitch [-h target] [+ | -] [oldlog]? A.com 102 .www. SmartPortal access is read-only. Display a remote machine’s log-file list.actualtests. Any Time. Create a new Log file. you configured the access from the holiday hotel to your Management Portal. None. One day. The old log has moved Answer: D Explanation: QUESTION NO: 249 You are the Security Administrator for MegaCorp and are enjoying your holiday. Network objects. B. services and internal users Answer: A Explanation: QUESTION NO: 250 Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly? "Pass Any Exam. Control Kernel C. Before the holiday. You can see and analyze various objects. B. Network objects and services C.Checkpoint 156-215.

Any Time. etc) Which one SmartConsole application can you use to gather all this information? A. average CPU time. SmartDashboard D.75 Exam A." . The informationtechnology audit department wants a report including: The name of the Security Policy installed on each remote Security Gateway. The date and time the Security Policy was installed. SmartView Tracker B. Rule 1 Answer: B Explanation: QUESTION NO: 252 Each grocery store in a regional chain is protected by a Security Gateway. Cleanup Rule D. 514 B.actualtests.www. 256 C. which rule shows when a packet is dropped due to anti-spoofing? A. Blank field under Rule Number B. Rule 0 C. SmartUpdate Answer: B Explanation: "Pass Any Exam. SmartView Monitor C.com 103 . active real memory. General performance statistics (CPU Use. 257 D.Checkpoint 156-215. 258 Answer: C Explanation: QUESTION NO: 251 In SmartView Tracker.

Which SmartConsole application displays the percent of free hard-disk space on the remote Security Gateway? A. and the Security Gateway logged locally for over 48 hours. Select block intruder from the tools menu in SmartView Tracker. It is possible that the logs may have consumed most of the free space on the Gateway's hard disk.www. but you do not want to add any rules to the Rule Base. Create a Suspicious Activity Rule in SmartView Monitor C. geographically distributed network.com 104 . This information can only be viewed with fw ctl pstat command from the CLI D. You want to block this for an hour while you investigate further. How can you view the blocked addresses? "Pass Any Exam. B.actualtests. fws configuration file. Add a “temporary” rule using SmartDashboard and select hide rule. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.Checkpoint 156-215. not just the problematic host.75 Exam QUESTION NO: 253 You administer a large. The Internet connection at a remote site failed during the weekend. SmartView Tracker B. Answer: B Explanation: QUESTION NO: 255 You have blocked an IP address via the Block Intruder feature of SmartView Tracker. D. Any Time. You decide that you want to block everything from that whole network." . Eventia Analyzer Answer: B Explanation: QUESTION NO: 254 You find a suspicious connection from a problematic host. SmartView Monitor C. How do you achieve this? A.

during their lunch breaks. Run f wm blockedview. C. click the Active tab. Configure a script to run fw logswitch and SCP the output file to a separate file server. and the actively blocked connections displays Answer: C Explanation: QUESTION NO: 256 In SmartDashboard. D. Old logs are deleted.75 Exam A.Checkpoint 156-215.com 105 . select the Blocked Intruder option from the query tree view C. The Security Management Server automatically copies old logs to a backup server before purging. The management team is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities. you configure 45 MB as the required free hard-disk space to accommodate logs. D. Do nothing. What can you do to keep old log files. select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list. B. SmartView Tracker C." .actualtests. SmartView Status D. until free space is restored. Use the fwm logexport command to export the old log files to another location. Any Time. In SmartView Monitor. In SmartView Monitor. Which option do you use to determine the number of packets dropped by each Gateway? A. The call center's network is protected by an internal Security Gateway. Do nothing. when free space falls below 45 MB? A. SmartDashboard Answer: A Explanation: "Pass Any Exam. In SmartView Tracker. B. SmartView Monitor B. Answer: A Explanation: QUESTION NO: 257 You are Security Administrator for a large call center.www. configured to drop peer-to-peer file-sharing traffic.

Checkpoint 156-215. By right-clicking on the Gateway. A. D. by choosing the Gateway and selecting System Information. Answer: B Explanation: QUESTION NO: 260 Which R75 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? A. by right-clicking on the Gateway and selecting Configure Thresholds. Answer: A Explanation: QUESTION NO: 259 True or False: SmartView Monitor can be used to create alerts on a specified Gateway.75 Exam QUESTION NO: 258 How do you configure an alert in SmartView Monitor? A. and Configure Thresholds. SmartView Status B. B. SmartUpdate Answer: B Explanation: QUESTION NO: 261 "Pass Any Exam. D. C. True. and selecting Properties. an alert cannot be created for a specified Gateway. By choosing the Gateway." . B.actualtests. Any Time. C. SmartView Monitor C. False. SmartConsole applications only communicate with the Security Management Server.com 106 .www. An alert cannot be configured in SmartView Monitor. None. alerts can only be set in SmartDashboard Global Properties. False. By right-clicking on the Gateway. True. D. and selecting System Information.

Answer: C Explanation: QUESTION NO: 262 You have detected a possible intruder listed in SmartView Tracker's active pane. In SmartView Tracker. None. Modify the Rule Base to drop these connections from the network.com 107 . SmartView Tracker D. In SmartView Monitor.Checkpoint 156-215. In SmartDashbourd.75 Exam Which R75 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? A.actualtests. Answer: B Explanation: QUESTION NO: 263 Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%? A.www. D. Any Time. SmartView Tracker / Audit Tab / Gateway Counters C." . D. select IPS / Network Security Denial of Service B. select Tools / Block Intruder C. What is the fastest method to block this intruder from accessing your network indefinitely? A. Real Time Monitor / Gateway Settings / Status Monitor B. SmartView Monitor / Gateway Status / Threshold Settings Answer: D Explanation: QUESTION NO: 264 "Pass Any Exam. select Tool / Suspicious Activity Rules. SmartUpdate B. SmartView Server C. SmartConsole applications only communicate with the Security Management Server. This can only be monitored by a user-defined script.

Answer: A Explanation: QUESTION NO: 266 How do you view a Security Administrator's activities with SmartConsole? A. SmartView Monitor / Gateways / Thresholds Settings C.Checkpoint 156-215. D. SmartView Tracker in the Management tab B. SmartDashboard / Policy Package Manager Answer: B Explanation: QUESTION NO: 265 Where are custom queries stored in R75 SmartView Tracker? A. SmartDashboard / Security Gateway Object / Advanced Properties Tab D." . SmartView Tracker in the Network and Endpoint tabs C.com 108 .www. SmartView Tracker / Audit Log B.75 Exam Where can an administrator configure the notification action in the event of a policy install time change? A. On the Security Management Server tied to the GUI client IP. On the SmartView Tracker PC local file system shared by all users of that local PC. SmartView Monitor using the Administrator Activity filter D.actualtests. B. C. On the SmartView Tracker PC local file system under the user's profile. Eventia Suite Answer: A Explanation: QUESTION NO: 267 Which SmartView Tracker selection would most effectively show who installed a Security Policy "Pass Any Exam. On the Security Management Server tied to the Administrator User Database login name. Any Time.

How do you view Security Administrator activity? A. Any Time. Account Query D. Custom filter B. SmartView Tracker in Network and Endpoint Mode Answer: B Explanation: QUESTION NO: 269 Which of the following R75 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway? A. All Records Query Answer: A Explanation: QUESTION NO: 270 "Pass Any Exam. Network and Endpoint tab C. view the system logs on the Security Management Server's Operating System B. SmartView Tracker in Management Mode C.75 Exam blocking all traffic from the corporate network? A. SmartView Tracker in Active Mode D. Management Tab D.actualtests. Audit Tab C." .www.com 109 . SmartView Tracker cannot display Security Administrator activity: instead. Active tab Answer: C Explanation: QUESTION NO: 268 You are reviewing the Security Administrator activity for a bank and comparing it to the change log. Active Tab B.Checkpoint 156-215.

and select IPS / Alerts "Pass Any Exam.actualtests. 3. select Tools / Alerts B. 5.75 Exam While in Smart View Tracker. 4 C. He decides to block the traffic for 60 but cannot remember all the steps. 4 Answer: C Explanation: QUESTION NO: 271 What information is found in the SmartView Tracker Management log? A. 5. In SmartView Monitor. 3. In SmartDashboard. Rule author B.www. In SmartView Tracker." . 2. 1. 5. 1. Top used QOS rule Answer: A Explanation: QUESTION NO: 272 Where do you enable popup alerts for IPS settings that have detected suspicious activity? A. 5. edit the Gateway object. 4 B. Any Time. TCP source port D.com 110 . What is the correct order of steps needed to perform this? 1) Select the Active Mode tab In Smart view Tracker 2) Select Tools > Block Intruder 3) Select the Log Viewing tab in SmartView Tracker 4) Set the Blocking Time out value to 60 minutes 5) Highlight the connection he wishes to block A. 2.Checkpoint 156-215. TCP handshake average duration C. select Tools / Custom Commands C. 2. 2. 4 D. Brady has noticed some very odd network traffic that he thinks could be an intrusion.

Answer: A Explanation: QUESTION NO: 275 The R75 fw monitor utility is used to troubleshoot which of the following problems? "Pass Any Exam. In SmartDashboard. B.actualtests.com 111 .www. SmartView Monitor B.75 Exam D. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally D. SmartView Tracker D.Checkpoint 156-215. but getting the following error "Could not save 'query-name' (Error Database is Read only). You have read-only rights to the Security Management Server database." . SmartView Status C. Which of the following is a likely explanation for this? A. Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server. select Global Properties / Log and Alert / Alert Commands Answer: A Explanation: QUESTION NO: 273 Which R75 GUI would you use to see the number of packets accepted since the last policy install? A. SmartDashboard Answer: A Explanation: QUESTION NO: 274 You are trying to save a custom log query in R75 SmartView Tracker. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization C. Any Time.

Traffic issues Answer: D Explanation: QUESTION NO: 276 You are the Security Administrator for MegaCorp. in the section Firewall Blade . Where can you see it? Give the BEST answer. C. B. In the SmartView Tracker.actualtests. User data base corruption C. Phase two key negotiation B. SmartReporter provides this information in the section Firewall Blade . Configure Additional Logging on a separate log server. SmartReporter analyzes all network traffic. if you activate the column Matching Rate. Answer: C Explanation: "Pass Any Exam. In order to see how efficient your firewall Rule Base is. Afterwards. Network traffic cannot be analyzed when the Security Management Server has a high load. C.Activity / Network Activity with information concerning Top Matched Logged Rules. Log Consolidation Engine D. A. Turn the field Track of each rule to LOG. It is not possible to see it directly. Any Time. D. you need to create your own program with an external counter.Checkpoint 156-215.Security / Rule Base Analysis with information concerning Top Matched Logged Rules. logged or not. Answer: D Explanation: QUESTION NO: 277 A company has disabled logging for some of the most commonly used Policy rules. B.com 112 . In SmartReporter. This was to decrease load on the Security Management Server and to make tracking dropped connections easier.www. What action would you recommend to get reliable statistics about the network traffic using SmartReporter? A. you would like to see how often the particular rules match. D.75 Exam A. You can open SmartDashboard and select UserDefined in the Track column." .

Highlight the suspicious connection in SmartView Tracker > Log mode. Answer: B Explanation: QUESTION NO: 279 Which feature in R75 permits blocking specific IP addresses for a specified time period? A. Block it using Tools / Block Intruder menu. How do you block it in real time and verify it is successfully blocked? A. B. C. Highlight the suspicious connection in SmartView Tracker Log mode. Block Port Overflow D. Local Interface Spoofing Answer: A Explanation: QUESTION NO: 280 You find a suspicious FTP connection trying to connect to one of your internal hosts. Suspicious Activity Monitoring B. A global Policy used to share a common enforcement policy for multiple Security Gateways. The collective name of the logs generated by SmartReporter.Checkpoint 156-215. Block it using Tools / Block Intruder menu. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database. Block it using Tools / Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as "dropped".www.75 Exam QUESTION NO: 278 What is a Consolidation Policy? A. B. The collective name of the Security Policy. Highlight the suspicious connection in SmartView Tracker Active mode.com 113 . Any Time. HTTP Methods C. C.actualtests. Address Translation. and IPS Policies. D. D. Observe in the Log mode that the suspicious connection does not appear "Pass Any Exam. Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view." .

Only possible via command line tools "Pass Any Exam.actualtests.www. Intrusion Detection System (IDS) Policy install D. Answer: B Explanation: QUESTION NO: 281 Your Security Gateways are running near performance capacity and will get upgraded hardware next week.75 Exam again in this SmartView Tracker view. and version? A. SAM . including CPU use. Change the Rule Base and install the Policy to all Security Gateways Answer: C Explanation: QUESTION NO: 282 Your company enforces a strict change control policy.Checkpoint 156-215. Intrusion Detection System (IDS) Policy install C. SAM .com 114 . Change the Rule Base and install the Policy to all Security Gateways C.Block Intruder feature of SmartView Tracker B." .Suspicious Activity Rules feature of SmartView Monitor B. amount of virtual memory. Any Time.Suspicious Activity Rules feature of SmartView Monitor D. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection? A. percent of free hard-disk space. Block Intruder feature of SmartView Tracker Answer: D Explanation: QUESTION NO: 283 What do you use to view a R75 Security Gateway's status. SAM . Which of the following would be MOST effective for quickly dropping all connections from a specific attacker's IP at a peak time of day? A.

Log. Active. Active. SmartView Tracker C. SmartUpdate Answer: C Explanation: QUESTION NO: 284 Which R75 component displays the number of packets accepted. and Management Answer: D Explanation: QUESTION NO: 286 You want to configure a mail alert for every time the policy is installed to a specific Gateway. In SmartView Monitor. Smart Event B. Where would you configure this alert? A.Checkpoint 156-215. and Audit B." . They are: A. Log.com 115 . and dropped on a specific Security Gateway. Any Time.www. Active. SmartView Monitor C. and Management D. Network & Endpoint. SmartView Status D. SmartUpdate Answer: B Explanation: QUESTION NO: 285 SmartView Tracker R75 consists of three different modes. rejected. in real time? A. Log. SmartView Monitor D. and Management C.75 Exam B.actualtests. Track. select Gateway > Configure Thresholds and in SmartDashboard Select "Pass Any Exam.

D. Which of the following methods is best to accomplish this task? A. "Pass Any Exam. Use SmartDashboard to add a rule in the firewall rule Base that matches his IP address and those of potential target and suspucious9 protocols." . Any Time. D. C. to get direct information about his wrong doing Answer: B Explanation: QUESTION NO: 288 MegaCorp's security infrastructure separates Security Gateways geographically. and applying the license on the Security Management Server with the cprlic put command. Send the suspect an email with a key logging Trojan attached.actualtests. Using the remote Gateway’s IP address. You cannot create a mail alert for Policy installation Answer: A Explanation: QUESTION NO: 287 Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. Using your Security Management Server’s IP address. In SmartDashboard. How do you apply the license? A. B. Apply the alert action or customized messaging. Using the remote Gateway’s IP address and applying the license locally with the cplic put command. select Global Properties > Log and Alerts > Alert Commands. export the corresponding entries to a separate log file for documentation. In SmartView Monitor.com 116 . and attaching the license to the remote Gateway via SmartUpdate. B. You must request a central license for one remote Security Gateway.www. select Gateway > Configure Thresholds. Then. C. Watch his IP in SmartView monitor by setting an alert action to any packet that matches your Rule base and his IP Address for inbound and outbound traffic. Using each of the Gateways’ IP addresses. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP source or destination port. B. C. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication.75 Exam Global Properties > Log and alerts > Alert Commands. D.Checkpoint 156-215. and attaching the license to the remote Gateway via SmartUpdate.

After selecting Packages / Distribute Only and choosing the target Gateway. SmartUpdate wizard walks the Administrator through a distributed installation. B. the: A. D. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.www. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.actualtests. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed. B. SmartUpdate wizard walks the Administrator through a distributed installation. Any Time. Answer: A Explanation: QUESTION NO: 291 Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.75 Exam Answer: B Explanation: QUESTION NO: 289 Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. C. D. C.com 117 .Checkpoint 156-215. After "Pass Any Exam." . the: A. After selecting Packages / Distribute Only and choosing the target Gateway. Answer: A Explanation: QUESTION NO: 290 Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.

selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. After selecting Packages Select / Add from CD. C. entire contents of the CD-ROM arc copied to the packages directory on the selected remote Security Gateway B. SmartUpdate installed Security Management Server PC Answer: A "Pass Any Exam.75 Exam selecting Packages / Distribute and Install Selected Package and choosing the target Gateway. selected package is copied to the Package Repository on the Security Management Server. Answer: D Explanation: QUESTION NO: 292 Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. the: A. C. SmartUpdate wizard walks the Administrator through a distributed installation. D. Any Time. the: A.www.com 118 .Checkpoint 156-215. SmartUpdate GUI PC B. entire contents of the CD-ROM are copied to the Package Repository on the Security Management Server D. SmartUpdate Repository SQL database Server C. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. B." .actualtests. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed. A Security Gateway retrieving the new upgrade package D. selected package is copied to the packages directory on the selected remote Security Gateway Answer: B Explanation: QUESTION NO: 293 What physical machine must have access to the User Center public IP address when checking for new packages with smartUpdate? A.

Once copied locally. The license must be renewed when changing the IP address of security Gateway. Licenses are automatically attached to their respective Security Gateways. Any Time.75 Exam Explanation: QUESTION NO: 294 What port is used for communication to the User Center with SmartUpdate? A. imitate a remote installation command and monitor the installation progress with SmartView Monitor D. Answer: B Explanation: QUESTION NO: 296 An advantage of using central instead of local licensing is: A. Send a CD-ROM with the HFA to each location and have local personnel install it." . CPMI 200 B. A license can be taken from one Security Management server and given to another Security Management Server. D. B. Use a SSH connection to SCP the HFA to each Security Gateway. C.com 119 .actualtests.Checkpoint 156-215. Only one IP address is used for all licenses. Use SmartUpdate to install the packages to each of the Security Gateways remotely. Each "Pass Any Exam. HTTP 80 D. HTTPS 443 C. B. What is the BEST method to implement this HFA? A. Send a Certified Security Engineer to each site to perform the update. C.www. TCP 8080 Answer: B Explanation: QUESTION NO: 295 You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations.

Which of the following can you NOT do with the upgrade tool? A. C. The Administrator must reinstall the last version via the command cprinstall revert <object name> <file name>. Any Time. SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade.Checkpoint 156-215. and re-attempt the upgrade. Answer: B Explanation: QUESTION NO: 297 You are running the license_upgrade tool on your SecurePlatform Gateway.tgz) be deleted after you complete the import process? "Pass Any Exam. View the licenses in the SmartUpdate License Repository D." . Simulate the license-upgrade process Answer: C Explanation: QUESTION NO: 298 If a SmartUpdate upgrade or distribution operation fails on SecurePlatfom. View the status of currently installed licenses B. Answer: D Explanation: QUESTION NO: 299 Why should the upgrade_export configuration file (. B.75 Exam module’s license has a unique IP address.com 120 . The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot <object name> <filename>.actualtests. The Administrator must remove the rpm packages manually. Perform the actual license-upgrade process C.www. how is the system recovered? A. D.

and one local VPN-1 Pro Gateway at your company's headquarters to R75. Reboot after installation and upgrade all licenses via SmartUpdate 3. D. 1. Security Management Server C. upgrade the security management server. Reinstall all gateways using R 70 and install a policy C. Move the saved directory contents to $ PWDIR\conf replacing the default installation files 5.com 121 .ROM in the security management server. 1. SmartUpdate upgrading/patching B. Uninstall the security management server. It will conflict with any future upgrades when using SmartUpdate. It will prevent a future successful upgrade_export since the . Copy the $PWDIR\ conf directory from the security management server 2. It contains your security configuration.actualtests.www.75 Exam A. using theR75CD B." . You also plan to upgrade four VPN-1 Pro Gateways at remote offices. which could be exploited. From theR75CD-ROM on the security management server. C. Answer: C Explanation: QUESTION NO: 300 Which of these components does NOT require a Security Gateway R75 license? A.tgz file cannot be overwritten. Reinstall all gateways usingR75and install a security policy D. Save directory contents to another file server 3. SmartConsole D. 1. Upgrade the remote gateway via smartUpdate. 2. Install R 70 on a new PC using the option installation using imported configuration 3. select export 2. Check Point Gateway Answer: C Explanation: Topic 4. What is the correct procedure to migrate the configuration? A. B.Checkpoint 156-215. Reboot after installation and update all licenses via smartUpdate "Pass Any Exam. SmartUpdate will start a new installation process if the machine is rebooted. and install anew security management server 4. select Upgrade 2. Volume D QUESTION NO: 301 You plan to migrate a Windows NG with Application Intelligence (AI) R55 SmartCenter Server to R75. Any Time. From theR75CD. 1. The Management Server configuration must be migrated.

If SmartDashboard is open during package upload and upgrade. Answer: A Explanation: QUESTION NO: 303 What action can be performed from SmartUpdate R75? A. C. remote_uninstall_verifier B. Upgrade software on all five remote Gateway via SmartUpdate Answer: D Explanation: QUESTION NO: 302 You are using SmartUpdate to fetch data and perform a remote upgrade to a R75 Security Gateway." . the upgrade will fail. A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway. upgrade_export C.www.actualtests. snapshot B. cpinfo "Pass Any Exam. B. cpinfo Answer: D Explanation: QUESTION NO: 304 Which tool CANNOT be launched from SmartUpdate R75? A.75 Exam 4. SmartUpdate can query license information running locally on the Gateway. Which of the following statements is FALSE? A.com 122 . SecurePlatform WebUI C.Checkpoint 156-215. fw stat -l D. Any Time. D. SmartUpdate can query the Security Management Server and Gateway for product information.

SmartEvent Intro C.com 123 . Malicious Code Protector.75 Exam D. 2) Sort licenses and view license properties 3) Attach both R75 Central and Local licenses to a remote module 4) Delete both R75 Local licenses and Central licenses from a remote module 5) Add or remove a license to or from the license repository 6) Attach and/or delete only R75 Central licenses to a remote module (not local licenses) A. 5.www. which Check Point license is required in SmartUpdate? A. 2. 1. 5. and Header Rejection. 4. 4. 3. & 5 C. 2. IP Appliance Voyager Answer: A Explanation: QUESTION NO: 305 If a Security Gateway enforces three protections. 1. Data Loss Prevention B. 3.Checkpoint 156-215. IPS Answer: D Explanation: QUESTION NO: 306 Central license management allows a Security Administrator to perform which of the following functions? 1) Check for expired licenses. & 5 Answer: D Explanation: "Pass Any Exam.actualtests. LDAP Injection. Any Time. 2." . & 6 B. SSL: VPN D. & 6 D. 2.

She needs to run cpconfig to enable the ability to SCP files. cplicense D. C. SmartEvent server C. Security Gateway B. cplic print B.com 124 . Any Time.www. lic print Answer: A Explanation: QUESTION NO: 309 Where are SmartEvent licenses installed? A. Log Server Answer: B "Pass Any Exam. D. She can SSH into the Security Gateway. What would be the most likely reason she cannot do so? A.actualtests. She needs to run sysconfig and restart the SSH process. Security Management Server D. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.Checkpoint 156-215." . She needs to edit /etc/scpusers and add the Standard Mode account. B. Answer: B Explanation: QUESTION NO: 308 Which command gives an overview of your installed licenses? A. but she has never been able to SCP files to it.75 Exam QUESTION NO: 307 Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with SecurePlatform. but she cannot SCP the HFA to the system. showlic C.

C. B.www.75 Exam Explanation: QUESTION NO: 310 You currently do not have a Check Point software subscription for one of your products. or support contract.. The contract file is stored on the Security Management Server and downloaded to all Security Gateways during the upgrade process. What will happen if you attempt to upgrade the license for this product? A. It is deleted C.com 125 . i." . Only theR75Security Gateway "Pass Any Exam. The license is not upgraded Answer: D Explanation: QUESTION NO: 311 Which of the following statements about service contracts. D. Most software-subscription contracts are permanent. and need not be renewed after a certain time passes.Checkpoint 156-215. what does this command allow you to upgrade? A. is FALSE? A.actualtests. It is upgraded with new available features. Service Contracts can apply for an entire User Center account. The license will be upgraded with a warning B. software subscription. A service contract can apply only for a single set of Security Gateways managed by the same Security Management Server. When you run patch add CD from the Security Gateway R75 CD-ROM. but cannot be activated D. Any Time. The Gateway also serves as a Policy Server.e. Certificate. Answer: C Explanation: QUESTION NO: 312 You have an NGX R65 Gateway running on SecurePlatform.

Uninstall the Security Management Server from the existing machine. Run sysconfig to complete the configuration "Pass Any Exam. Both the operating system and all Check Point products Answer: D Explanation: QUESTION NO: 313 Your network includes a SecurePlatform machine running NG with Application Intelligence (AI) R55. 3. Install a newR75Security Gateway as the only module on the new machine. Insert theR75CD ROM. On the existing machine.com 126 . and reboot 5. to disable the VPN-1 Pro Gateway package 3. Export the configuration on the existing machine to a network share 2. import the configuration. run the patch add CD-ROM command to upgrade the existing machine to theR75Security Gateway. and reset SIC for the Gateway object. Uninstall the Security Gateway from the existing machine. B. and reset SIC C. 1. The new machine is an Intel CoreDuo processor. Change the Gateway object to the new version. and reboot 4. export the NG with AJ R55 configuration to a network share. Insert theR75CD-ROM in the old machine Install the R7D Security Gateway only while reinstalling the SecurePlatform OS over the top of the existing installation. 2. How do you use these two machines to successfully migrate the NG with AI R55 configuration? A. Reboot the existing machine 4.Checkpoint 156-215. install SecurePlatform as theR75Security Gateway only 6. Open SmartDashboard. conf on the existing machine. You add one machine. tgz file into the new machine.www. 3. Insert theR75CD-ROM. change the Gateway object to the new version. This configuration acts as both the primary Security Management Server and VPN-1 Pro Gateway. so you can implement Security Gateway R75 in a distributed environment. Any Time. Perform an in place upgrade on the Security Management Server using the command "patch odd cd" 5. On the new machine. using sysconfig 3. On the new machine. Transfer the exported. and run the patch add CD-HGM command to upgrade the Security Management Server to Security Gateway R 70 4." . 1. Edit $FWDIR\product. Export the configuration on the existing machine as a backup only 2.actualtests. 1. except the Policy Server D. and reset SIC to the new Gateway D. Complete sysconfig. and then reboot 5. Export the configuration on the existing machine to a tape drive 2. Only the patch utility is upgraded using this command C. 1. Install a new primary Security Management Server on the new machine 5. install SecurePlatform as the primary Security Management Server only.75 Exam B. All products. 4. Select upgrade with imported file. with 2 GB RAM and a 500-GB hard drive. using sysconfig.

com 127 .www. Assign an IP address and subnet mask using the WebUI. reconfigure the Gateway object to the new version. C. Apply the latest SecurePlatformR75Hotfix Accumulator (HFA). IPSO Answer: A Explanation: QUESTION NO: 316 You plan to upgrade from R65 to R75 Software Blades. Your NIC driver is installed but was not recognized. Crossbeam B." . Answer: D Explanation: QUESTION NO: 315 You are installing your R75Security Gateway.Checkpoint 156-215. You will be prompted for the driver. Which is NOT a valid option for the hardware platform? A. and reinstall. B. D. Windows D. and reset SIC Answer: A Explanation: QUESTION NO: 314 After installing Security Gateway R75. The NIC is faulty. you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a Get Topology request.75 Exam 7. From SmartDashboard. If an interface is not configured. Do you need new licenses and license strings for this scenario? "Pass Any Exam. Solaris C. What is the most likely cause and solution? A. Make sure the driver for your particular NIC is available.actualtests. it is not recognized. Replace it and reinstall. Any Time.

No.actualtests. the upgrade will convert all licenses toR75. No." . but he remembers that he needs to have a contracts file from the User Center before he can start the upgrade. but you will need to reattach the new licenses. 3. upgrade_mgmt C. A. 4 "Pass Any Exam.75 Exam A. B. C. Any Time. 2) Enter your Username for your User Center account. Yes. fw install_mgmt Answer: C Explanation: QUESTION NO: 318 Jeff wanted to upgrade his Security Gateway to R75. the upgrade will do an automatic conversion in the User Center. 1. 3) Enter your Password for your User Center account. 4) Click the Browse button to specify the path to your download contracts file. patch add cd D. Answer: B Explanation: QUESTION NO: 317 What is the command to upgrade a SecurePlatform NG with Application Intelligence R55 Management Server to R75? A. 5. fwm upgrade_tool B. 2. the upgrade will preserve licenses. you need to buy/convert licenses in the User Center first.com 128 .www. and then reapply licenses to upgraded systems with the new Software Blades licenses. 4 B.Checkpoint 156-215. If Jeff wants to download the contracts file from the User Center. 5) Enter your Username and Password for your Security Gateway. D. what is the correct order of steps needed to perform this? 1) Select Update Contracts from User Center. Yes.

and 4 to R 65 4) Upgrade all gateway 4 to R 65 5) Perform pre-upgrade verifier on Security management server 6) Perform pre-upgrade verifier on all Gateways 7) Perform License upgrade checker on Gateway 2 8) Perform License upgrade checker on Gateway 3 9) Perform License upgrade checker on Gateway 4 10) Perform License upgrade checker on Security Management Server 11) Perform License upgrade checker on all devices 12) Upgrade security management server to R 70 A. 12. 3 D.www.75 Exam C. You are upgrading your enterprise to R75. 2. 5. 1 C. 6. 5. 9. 12. 1 D. 1.com 129 . 3 Answer: D Explanation: QUESTION NO: 319 Your current Check Point enterprise consists of one Management Server and four Gateways in four different locations with the following versions: All devices are running SecurePlatform. Place the required tasks from the following list in the correct order for upgrading your enterprise to R75. 1 Answer: B "Pass Any Exam. 1 B. 12. 11. 5. 2. Any Time. 3. 5. 3. 2." . 1) Upgrade all gateways to R75 2) Upgrade all gateways 3 and 4 to R 65 3) Upgrade all gateways 2. 5. 11. 12. 4.Checkpoint 156-215.actualtests.

It remains untouched. In $PWDIR/ conf. What happens to this license during the license-upgrade process? A. They remain untouched. in $PWDIR/ bin Answer: A Explanation: QUESTION NO: 321 What happens to evaluation licenses during the license-upgrade process? A. B. They are dropped. They automatically expire. It does not matter as long as the Administrator uses chmod to permit the file to execute." . B. D. It is upgraded with new available features but the IP remains the same B. Answer: B Explanation: QUESTION NO: 322 One of your licenses is set for an IP address no longer in use.75 Exam Explanation: QUESTION NO: 320 In which directory do you install the R75 pre-upgrade verifier on a SecurePlatform Security Management Server? A.Checkpoint 156-215. D. C.www. It is dropped "Pass Any Exam. Any Time.com 130 . C. C. but may not activate all features of a new version. They are upgraded with new available features. It is upgraded with the previous features using the new IP address D. It does not matter since the dynamic information entered by the Administrator will cause it to retrieve the proper configurations.actualtests.

No.75 Exam Answer: B Explanation: QUESTION NO: 323 All Check Point Suite products before version RXX need to be upgraded to RXX before you can upgrade them to R75. X. if you select the option zero downtime. 7. 7.actualtests. RXX is: A. 6. 8. R61 D. this is the default setting. No." . Yes. this is not possible. Yes. B.www. R65 C. you must bring all gateways down.X and above.com 131 .0 D.5 Answer: B Explanation: QUESTION NO: 325 Can you upgrade a clustered deployment with zero downtime? A.5 B. Any Time. Answer: B "Pass Any Exam. R60 Answer: B Explanation: QUESTION NO: 324 R75 is compatible with UTM-1 Edge gateways X. it will keep one member active C. D.Checkpoint 156-215. R55 B.5 C.X is: A.

You enabled Static NAT on the problematic machines. which of the following should you remember? "Pass Any Exam. using partial authentication and standard sign-on for HTTP. until this morning. in the Limit tab of the Client Authentication Action Properties screen D.75 Exam Explanation: QUESTION NO: 326 As a Security Administrator. When configuring a User Authentication rule to achieve this. Any Time. you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. Now users are not prompted for authentication." . D.actualtests. in the Gateway object’s Authentication screen C.Checkpoint 156-215. you discover the HTTP connection is dropped when the Gateway is the destination.www. Answer: B Explanation: QUESTION NO: 328 The technical-support department has a requirement to access an intranet server. C. and they see error page cannot be displayed in the browser. The rule was working. blocking HTTP from the internal network.com 132 . You disabledR75Control Connections in Global Properties. in the user object’s Authentication screen B. B. What caused Client Authentication to fail? A. In SmartView Tracker. How do you do this? Enable the Refreshable Timeout setting: A. in the Global Properties Authentication screen Answer: C Explanation: QUESTION NO: 327 Your Rule Base includes a Client Authentication rule. and FTP services. You added a rule below the Client Authentication rule. Telnet. You added the Stealth Rule before the Client Authentication rule.

com 133 .Checkpoint 156-215. Configure a server object for the LDAP Account Unit. Once a user is first authenticated. configure a server object for the LDAP in global properties. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server. Track D. You can limit the authentication attempts in the Authentication tab of the User Properties screen. Source B. and create an LDAP resource object. D. Configure a server object for the LDAP Account Unit. enable LDAP in Global Properties B. D. the user will not be prompted for authentication again until logging out. C.actualtests. configure a host-node object for the LDAP server. FTP. C. B. and rlogin services. Answer: A Explanation: QUESTION NO: 329 Which column in the Rule Base is used to define authentication parameters? A. Enable LDAP in Global Properties. SMTP. You can only use the rule for Telnet.www. A. Using an LDAP server. Service Answer: B Explanation: QUESTION NO: 330 Choose the BEST sequence for configuring user management in SmartDashboard. Configure a workstation object for the LDAP server. Action C. Any Time. and configure a server object for the LDAP Account Unit." .75 Exam A. Answer: C Explanation: "Pass Any Exam.

1 and 2 C.Checkpoint 156-215. 900 Answer: B Explanation: "Pass Any Exam. Any Time. 80. A.600 Answer: B Explanation: QUESTION NO: 333 What is the Manual Client Authentication TELNET Port? A. 529 B.com 134 . 8080. 256 D. 2 and 3 D. What should you investigate? A. 264 D.900 C. 23 B. and 3 Answer: C Explanation: QUESTION NO: 332 Identify the ports to which the Client Authentication daemon listens by default. 1 and 3 B.actualtests. 1.www. 256.75 Exam QUESTION NO: 331 You cannot use SmartDashboard's SmartDirectory features to connect to the LDAP server. 259. 259 C. 2." .

User Authentication Answer: B Explanation: QUESTION NO: 336 Which of the following objects is a valid source in an authentication rule? A. Client Authentication for fully automatic sign on B. Host@Any D. User@Network B. using HTTP on port 900 C. using partially automatic sign on D.www. before they can use any services. The Gateway does not allow the Telnet service to itself from any location. Client Authentication C. Session Authentication rule Answer: B Explanation: QUESTION NO: 335 Which authentication type permits five different sign-on methods in the authentication properties window? A. Client Authentication rule using the manual sign-on method.Checkpoint 156-215. Manual Authentication B. User_group@Network Answer: D Explanation: "Pass Any Exam. User@Any C." . Session Authentication D. Client Authentication rule. How would you configure authentication on the Gateway? With a: A. Any Time.75 Exam QUESTION NO: 334 Your company's Security Policy forces users to authenticate to the Gateway explicitly.com 135 .actualtests.

C. You have forgotten to place the User Authentication Rule before the Stealth Rule. Why? A. D.Checkpoint 156-215. Specific Sign On allows the user to sign on only to a specific IP address.75 Exam QUESTION NO: 337 Users are not prompted for authentication when they access their Web servers. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service specifically defined in the window Specific Action Properties. User Authentication C.www. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect. Answer: B Explanation: QUESTION NO: 338 Which authentication type requires specifying a contact agent in the Rule Base? A. but re-authenticate for each host to which he is trying to connect. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Another rule that accepts HTTP without authentication exists in the Rule Base. Any Time. "Pass Any Exam. Standard Sign On requires the user to re-authenticate for each service and each host to which he is trying to connect. Client Authentication with Manual Sign On Answer: C Explanation: QUESTION NO: 339 What is the difference between Standard and Specific Sign On methods? A.actualtests." . Specific Sign On requires that the user re-authenticate for each service. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. B. Session Authentication D.com 136 . to use the User Authentication Rule. D. You checked the cache password on desktop option in Global Properties. even though you have created an HTTP rule via User Authentication. Client Authentication with Partially Automatic Sign On B. B. C. Users must use the SecuRemote Client.

SmartUpdate repository B. What happens when a user from the internal network tries to browse to the Internet using HTTP? The user: "Pass Any Exam. Templates. Any Time. Networks C." . When you create a user for user authentication. Users.actualtests.75 Exam Answer: C Explanation: QUESTION NO: 340 Which set of objects have an Authentication tab? A. Rules Database D.com 137 .www. Objects Database Answer: B Explanation: QUESTION NO: 342 Review the following rules. Users Answer: D Explanation: QUESTION NO: 341 As a Security Administrator. the data is stored in the ___________. you are required to create users for authentication.Checkpoint 156-215. Hosts B. A. User Database C. Networks. Users. Assume domain UDP is enabled in the implied rules. User Groups D.

and does not need to enter his username and "Pass Any Exam.75 Exam A. is prompted three times before connecting to the Internet successfully. as shown below: After being authenticated by the Security Gateway. can go to the Internet. can go to the Internet after Telnetting to the client auth daemon port 259. can connect to the Internet successfully after being authenticated. Answer: D Explanation: QUESTION NO: 343 Reviews the following rules and note the Client Authentication Action properties screen. user is prompted from that FTP site only. What happens to the user? The: A. without being prompted for authentication." . C. the user tries to FTP to another site using the command line. Any Time. D.com 138 .Checkpoint 156-215.actualtests. when a user starts an HTTP connection to a Web site.www. B.

C. User is prompted for Authentication by the Security Gateway again.75 Exam password for Client Authentication. RLOGIN B. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled D.com 139 ." . HTTP C. each time a new user is authenticated? The: A. D.actualtests.Checkpoint 156-215. FTP connection is dropped by rules 2. Answer: A Explanation: QUESTION NO: 344 Which Security Gateway R75 configuration setting forces the Client Authentication authorization time-out to refresh. SMTP D. adjusted on the user objects for each user. Time properties. B. in the source of the Client Authentication rule C. Which of the Security Servers cannot perform authentication? A. adjusted to allow for Regular Client Refreshment B. Global Properties > Authentication parameters. Refreshable Timeout setting. FTP Answer: C Explanation: QUESTION NO: 346 "Pass Any Exam. in the Limits tab of the Client Authentication Action Properties screen Answer: D Explanation: QUESTION NO: 345 All R75 Security Servers can perform authentication with the exception of one. FTP data connection is dropped after the user is authenticated successfully. Any Time.www.

Client. LDAP D. Session D. Connection. TELNET C. TELNET D. you can create R75 user definitions on a(n) _______Server. FTP. FTP. FTP. SMTP. TELNET B. Proxied.75 Exam Which of the following are authentication methods that Security Gateway R75 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods. Radius B. SMTP. FTP. Any Time. Connection. NT Domain C. Session B. A. User. TELNET Answer: A Explanation: QUESTION NO: 348 With the User Directory Software Blade. HTTP.Checkpoint 156-215. Session Answer: C Explanation: QUESTION NO: 347 Security Gateway R75 supports User Authentication for which of the following services? Select the response below that contains the MOST complete list of supported services. User. A.actualtests. Client C.com 140 . HTTP.www." . A. SecureID Answer: C Explanation: "Pass Any Exam. User. Proxied. Dynamic.

By retrieving LDAP user information using the command fw fetchldap B.com 141 . By using the Clear User Cache button in Smart Dashboard C.Checkpoint 156-215.www. Secure Internal Communications (SIC) D. Domain name resolution B. User authority server D. RADIUS server B. Account management client server C.75 Exam QUESTION NO: 349 The User Directory Software Blade is used to integrate which of the following with Security Gateway R75? A. By installing a Security Policy Answer: D Explanation: QUESTION NO: 352 "Pass Any Exam. Usernames and password only clear from memory after they time out D. LDAP server Answer: D Explanation: QUESTION NO: 350 If you are experiencing LDAP issues. Overlapping VPN Domains C. Any Time." . which of the following should you check? A. Connectivity between theR75Gateway and LDAP server Answer: D Explanation: QUESTION NO: 351 How are cached usernames and passwords cleared from the memory of a R75 Security Gateway? A.actualtests.

D. The Security Administrator wants to use the Port 9001. B. A.conf is wrong. The Security Administrator selects client authentication with HTTP.actualtests. FTP Security Server B. LDAP group B. Which kind of user group do you need in the Client Authentication rule in R75? A. The Security Policy is not correct.Checkpoint 156-215. C.www. Smith needs access to other networks and should be able to use all services. Answer: C Explanation: "Pass Any Exam.75 Exam Your users are defined in a Windows 2003 Active Directory server. The standard authentication port for client HTTP authentication (Port 900) is already in use. The configuration file $FWDIR/conf/fwauthd. What is the reason for the connectivity problems? Give the BEST answer.com 142 . HTTPS Security Server Answer: B Explanation: QUESTION NO: 354 Mr. It is not possible to use any port other than the standard port 900 for the client authentication via HTTP. HTTP Security Server D. You must add LDAP users to a Client Authentication rule. External-user group Answer: A Explanation: QUESTION NO: 353 Which type of R75 Security Server does not provide User Authentication? A. All Users C. SMTP Security Server C. The configuration of the service FW1_clntauth_http is not correct. A group with a generic user D." . Any Time. but session authentication is not suitable. but there are some connectivity problems.

75 Exam QUESTION NO: 355 You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard? A.Checkpoint 156-215.com 143 . What is TRUE about his location restriction? "Pass Any Exam." .www. A group with generic user C. All users Answer: B Explanation: QUESTION NO: 356 User Marc is requesting a Website while he is using a computer out of the net_singapore network.actualtests. Any Time. internet user group B. LDAP account unit Group D.

what will happen? A. B.75 Exam A. Source setting in Source column always takes precedence D." . Answer: B Explanation: "Pass Any Exam. Any Time. he would be allowed from net_singapore and net_sydney. whether User Properties or Source Restriction takes precedence. Eric will be blocked by the Stealth Rule. B. Eric will be blocked because LDAP is not allowed in the Rule Base. MSAD_Group. None of these things will happen. Eric will be authenticated and get access to the requested server. When Eric tries to connect to a server on the Internet.actualtests. Answer: B Explanation: QUESTION NO: 357 In the given Rule Base.com 144 . Source setting in User Properties always takes precedence. Eric is a member of the LDAP group.www. C. the client authentication in rule 4 is configured as fully automatic.Checkpoint 156-215. C. As location restrictions add up. It depends on how the User Auth object is configured. D.

Select intersect with user database in the action properties window D. HTTPS B. Permit access to Finance_net B. TACACS C. What is the BEST way to resolve this conflict? A. Telnet Answer: C Explanation: "Pass Any Exam." .com 145 . Select Intersect with user database or Ignore Database in the Action Properties window. Answer: D Explanation: QUESTION NO: 359 When selecting an authentication scheme for a user.www. SSH D. Select ignore database in action properties window C.75 Exam QUESTION NO: 358 Assume you are a Security Administrator for ABCTech. Any Time. But in the user's properties. SecurID D. Check Point Password B. You have allowed authenticated access to users from Mkting_net to Finance_net.) A. OS Password Answer: A Explanation: QUESTION NO: 360 For which service is it NOT possible to configure user authentication? A. connections are only permitted within Mkting_net. FTP C.actualtests.Checkpoint 156-215. which scheme would you use if you only want the password to be stored locally? (The password is not stored at a third party component.

C. 112 B.75 Exam QUESTION NO: 361 For remote user authentication. The component must be time-and-date synchronized with the security management server." . The communication must use two-factor or biometric authentication. Answer: B Explanation: QUESTION NO: 363 What is the bit size of a DES key? A.www. SecurlD B. 64 Answer: C Explanation: "Pass Any Exam. what would NOT be required? A.com 146 . RADIUS Answer: B Explanation: QUESTION NO: 362 For information to pass securely between a Security Management Server and another Check Point component. Check Point Password D. TACACS C. which authentication scheme is NOT supported? A. 56 D. 168 C. The communication must be encrypted D. Any Time. The communication must be authenticated B.Checkpoint 156-215.actualtests.

Data integrity D. Nonrepudiation C.www. three-packet IKE Phase 1 exchange is replaced by a six-packet exchange Answer: C Explanation: QUESTION NO: 367 "Pass Any Exam. Authentication B. 40 D.com 147 . Availability Answer: D Explanation: QUESTION NO: 366 If you check the box Use Aggressive Mode in the IKE Properties dialog box. 160 Answer: D Explanation: QUESTION NO: 365 Public keys and digital certificates do NOT provide which of the following? A. six-packet IKE Phase 1 exchange is replaced by a three-packet exchange D.75 Exam QUESTION NO: 364 What is the size of a hash produced by SHA-1? A. three-packet IKE Phase 2 exchange is replaced by a two-packet exchange C. 128 B. the standard: A.Checkpoint 156-215. 56 C.actualtests. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange B." . Any Time.

C. This can only be done in traditional mode VPNs while not using simplified VPN settings. You attach a code to the electronically transmitted message that uniquely identifies the sender. thus compromising the security of the communication. A Key Agreement / Derivation Protocol that constructs secure keys over an insecure channel. B. This code is known as a(n): A. He requires you to choose the strongest and most secure available algorithms for the headquarters to the Research and Development branch office. you must use high performance algorithms for all sales offices with shorter key length for the VPN keys. AES flag Answer: B Explanation: QUESTION NO: 368 Your manager requires you to setup a new corporate VPN between all your branch offices. In addition. private key D. This can be done either in traditional mode or simplified VPN using 2 different communities and the headquarters as the center for both communities. "Pass Any Exam.com 148 . This can not be achieved at all as all algorithms need to be the very same for all VPNs. but the encrypt action in the security Rule Base needs to be configured for exceptions. An algorithm that is used in IPsec QuickMode and as an additional option in IPsec QuickMode (PFS) C.actualtests. How would you configure this scenario? A. This can be done in a single community. Any Time. digital signature C.www.Checkpoint 156-215. An encryption scheme that makes pre-shared keys obsolete B. diffie-Helman verification B. A Key Exchange Protocol for the advanced Encryption Standard D." .75 Exam You are concerned that a message may have been intercepted and retransmitted. D. Answer: C Explanation: QUESTION NO: 369 Whitfield Diffie and martin Hellman gave their names to what standard? A.

D. Disable Diffie Hellman by using stronger certificate based key-derivation. and use ESP protocol. AES for all encryption and PFS.www. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Choose SHA in Quick Mode and encrypt with AES.com 149 . Perfect Forward Secrecy "Pass Any Exam. When you need strong encryption. IPsec B. SSL VPNs are a better choice. what option would be the BEST choice? A.Checkpoint 156-215. SHA for all hashes. S/MIME D.75 Exam Answer: D Explanation: QUESTION NO: 370 If you need strong protection for the encryption of user data. Use AH protocol. Switch to Aggressive Mode. Any Time. PKCS Answer: B Explanation: QUESTION NO: 372 Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Use certificates for Phase 1. C. IPsec is not the best choice. Use Diffie Hellman for key construction and pre-shared keys for Quick Mode. Which of the following options will end the intruder’s access after the next Phase 2 exchange occurs? A.actualtests. B. Use double encryption by implementing AH and ESP as protocols. CRL C. Answer: C Explanation: QUESTION NO: 371 What is used to validate a digital certificate? A." .

com 150 . M05 Hash Completion Answer: A Explanation: QUESTION NO: 373 Which statement defines Public Key Infrastructure? Security is provided: A.Checkpoint 156-215. and public key encryption. The Policy Package has been configured for Simplified Mode VPN. Via both private and public keys. By Certificate Authorities.actualtests.75 Exam B.key encryption C." . Which technology should you explain to the executives? "Pass Any Exam. Reject. By authentication B. D. Encrypt. SHA1 Hash Completion C. Session Auth B. Reject. digital certificates. digital certificates. By Certificate Authorities.www. without the use of digital Certificates. Phase 3 Key Revocation D. Accept. Hold. Accept. Drop. Proxy Answer: C Explanation: QUESTION NO: 375 Your organization maintains several IKE VPNs. Reject. Drop C. Any Time. Client Auth D. Accept. Executives in your organization want to know which mechanism Security Gateway R75 uses to guarantee the authenticity and integrity of messages. Encrypt. Answer: C Explanation: QUESTION NO: 374 Review the following list of actions that Security Gateway R75 can take when it controls packets. Select the response below that includes the available actions: A. Drop. Accept. and two-way symmetric.

Asymmetric Encryption D. Two star and one mesh Community: One star Community is set up for each site.75 Exam A. The branch offices need to communicate with the headquarters in their country. Any Time. one for New York headquarters and its branches. but all New York branch offices defined m another satellite window. D. B. Digital signatures C.com 151 . Certificate Revocation Lists D. One star Community with the option to "mesh" the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked. all London branch offices defined m one satellite window. with headquarters as the center of the Community and its branches as satellites." . The mesh Community includes only New York and London Gateways. "Pass Any Exam.actualtests. Two mesh and one star Community One mesh Community is set up for each of the headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite.www. Digital signatures C. Symmetric Encryption Answer: D Explanation: QUESTION NO: 377 Your company has two headquarters.or London and New York headquarters. and one f. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of: A. C. Three mesh Communities: One for London headquarters and its branches. Cryptographic checksums B. and only the headquarters need to communicate directly. one in London. not with each other. Key-exchange protocols B. and one in New York.Checkpoint 156-215. Application Intelligence Answer: B Explanation: QUESTION NO: 376 Which of the following provides confidentiality services for data and messages in a Check Point VPN? A. Each office includes several branch offices.

com 152 . Secure communication is provided between clients and servers that support HTTP C. Your VPN will exchange certificates with an external partner.actualtests. B. User Authentication is supported D." . Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA).75 Exam Answer: A Explanation: QUESTION NO: 378 Which of these attributes would be critical for a site-to-site VPN? A. Strong data encryption D. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN B. Which of the following activities should you do first? A. Strong authentication B. Any Time. using certificates. Centralized management C.www. The Gateway can enforce the use of strong encryption Answer: B Explanation: QUESTION NO: 380 You want to establish a VPN.Checkpoint 156-215. Scalability to accommodate user groups Answer: C Explanation: QUESTION NO: 379 Which of the following is NOT true for Clientless VPN? A. Manually import your partner’s Certificate Revocation List. "Pass Any Exam.

Checkpoint 156-215.75 Exam C. Create a new logical-server object to represent your partner’s CA D. Manually import your partner’s Control List. Answer: B Explanation:

QUESTION NO: 381 Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration? A. This cannot be done without downtime as a VPN between a traditional mode Gateway and a simplified mode Gateway does not work. B. You first need to completely rewrite all policies in simplified mode and then push this new policy to all Gateways at the same time. C. This can not be done as it requires a SIC- reset on the Gateways first forcing an outage. D. Convert the required Gateway policies using the simplified VPN wizard, check their logic and then migrate Gateway per Gateway. Answer: D Explanation:

QUESTION NO: 382 Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup? A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel. B. All is fine and can be used as is. C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1. D. The 2 algorithms do not have the same key length and so don't work together. You will get the error ".... No proposal chosen...." Answer: C Explanation: "Pass Any Exam. Any Time." - www.actualtests.com 153

Checkpoint 156-215.75 Exam

QUESTION NO: 383 Why are certificates preferred over pre-shared keys in an IPsec VPN? A. Weak scalability: PSKs need to be set on each and every Gateway B. Weak performance: PSK takes more time to encrypt than Drffie-Hellman C. Weak security: PSKs can only have 112 bit length. D. Weak Security: PSK are static and can be brute-forced. Answer: D Explanation:

QUESTION NO: 384 Multi-Corp must comply with industry regulations in implementing VPN solutions among multiple sites. The corporate Information Assurance policy defines the following requirements: What is the most appropriate setting to comply with these requirements? Portability Standard Key management Automatic, external PKI Session keys changed at configured times during a connection’s lifetime Key length No less than 128-bit Data integrity Secure against inversion and brute-force attacks What is the most appropriate setting to comply with theses requirements? A. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for phase 2, AES hash B. IKE VPNs: DES encryption for IKE phase 1, and 3DES encryption for phase 2, MD 5 hash C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA 1 encryption for phase 2, DES hash D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash Answer: D Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

154

Checkpoint 156-215.75 Exam QUESTION NO: 385 What happens in relation to the CRL cache after a cpstop and cpstart have been initiated? A. The Gateway retrieves a new CRL on startup, and discards the old CRL as invalid. B. The Gateway continues to use the old CRL, as long as it is valid. C. The Gateway continuous to use the old CRL even if it is not valid, until a new CRL is cashed. D. The Gateway issues a crl_zap on startup, which empties the cache and forces certificate retrieval. Answer: B Explanation:

QUESTION NO: 386 Which of the following is TRUE concerning control connections between the Security Management Server and the Gateway in a VPN Community? Control Connections are: A. encrypted using SIC and re-encrypted again by the Community regardless of VPN domain configuration. B. encrypted by the Community. C. not encrypted, only authenticated. D. encrypted using SIC. Answer: D Explanation:

QUESTION NO: 387 How many times is the firewall kernel invoked for a packet to be passed through a VPN connection? A. Three times B. Twice C. Once D. None The IPSO kernel handles it Answer: B Explanation:

"Pass Any Exam. Any Time." - www.actualtests.com

155

Checkpoint 156-215. SmartView Status C." . Tunneling-mode encryption C. SmartView Tracker "Pass Any Exam. IPsec: It offers encryption. unlike IPsec. These are most likely open from all networks.com 156 . SSL VPN: It has more secure and robust encryption schemes than IPsec. Which technology would you choose? A.actualtests. i. authentication. Both encrypt the data and header B. B. D.e. including those that are down and destroyed. but the original header. In-place encryption Answer: B Explanation: QUESTION NO: 390 You wish to view the current state of the customer's VPN tunnels. replay protection and all algorithms that are state of the art (AES) or that perform very well. SmartView Monitor B. IPsec: It allows complex setups that match any network situation available to the client.www. SSL VPN: It only requires HTTPS connections between client and server. C. Which encryption scheme would you select? A. Any Time. Answer: C Explanation: QUESTION NO: 389 You wish to configure a VPN and you want to encrypt not just the data packet. Which SmartConsole application will provide you with this information? A. which uses protocols and ports which are blocked by many sites. so setup can easily be scripted. connection from a private customer network or various hotel networks.75 Exam QUESTION NO: 388 You have traveling salesmen connecting to your VPN community from all over the world. It is native to many client operating systems.

Checkpoint 156-215.75 Exam D. SmartUpdate Answer: A Explanation:

QUESTION NO: 391 Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard? A. Mesh B. Star C. Routed D. Remote Access Answer: B Explanation:

QUESTION NO: 392 When a user selects to allow Hot-spot, SecureClient modifies the Desktop Security Policy and/or Hub Mode routing to enable Hot-spot registration. Which of the following is NOT true concerning this modification? A. IP addresses accessed during registration are recorded. B. Ports accessed during registration are recorded. C. The number of IP addresses accessed is unrestricted. D. The modification is restricted by time. Answer: C Explanation:

QUESTION NO: 393 For VPN routing to succeed, what must be configured? A. VPN routing is not configured in the Rule Base or Community objects. Only the native-routing mechanism on each Gateway can direct the traffic via its VTI configured interfaces. B. No rules need to be created; implied rules that cover inbound and outbound traffic on the "Pass Any Exam. Any Time." - www.actualtests.com 157

Checkpoint 156-215.75 Exam central (HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections. C. At least two rules in the Rule Base must be created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway. D. A single rule in the Rule Base must cover all traffic on the central (HUB) Security Gateway for the VPN domain. Answer: D Explanation:

QUESTION NO: 394 What can NOT be selected for VPN tunnel sharing? A. One tunnel per subnet pair B. One tunnel per Gateway pair C. One tunnel per pair of hosts D. One tunnel per VPN domain pair Answer: D Explanation:

QUESTION NO: 395 Marc is a Security Administrator configuring a VPN tunnel between his site and a partner site. He just created the partner city's firewall object and a community. While trying to add the firewalls to the community only his firewall could be chosen. The partner city's firewall does not appear. What is a possible reason for the problem? A. IPsec VPN Software Blade on the partner city's firewall object is not activated. B. The partner city's firewall object was created as an interoperable device. C. The partner city's Gateway is running VPN-1 NG AI. D. Only Check Point Gateways could be added to a community. Answer: A Explanation:

QUESTION NO: 396

"Pass Any Exam. Any Time." - www.actualtests.com

158

Checkpoint 156-215.75 Exam If Henry wanted to configure Perfect Forward Secrecy for his VPN tunnel, in which phase would he be configuring this? A. Aggressive Mode B. Diffie-Hellman C. Phase 2 D. Phase 1 Answer: C Explanation:

QUESTION NO: 397 You install and deploy SecurePlatform with default settings. You allow Visitor Mode in the Remote Access properties of the Gateway object and install policy, but SecureClient refuses to connect. What is the cause of this? A. Set Visitor Mode in Policy > Global Properties / Remote-Access / VPN - Advanced. B. Office mode is not configured. C. The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port. D. You need to start SSL Network Extender first, than use Visitor Mode. Answer: C Explanation:

QUESTION NO: 398 With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem? A. Allow your users to turn off SecureClient B. Allow for unencrypted traffic C. Allow traffic outside the encrypted domain D. Enable Hot Spot/Hotel Registration Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com

159

Checkpoint 156-215. 2 C. 3 D. how many packets would you see for normal Phase 1 exchange? A. VPN authentication and encrypted traffic are tunneled through port TCP 443. Volume E QUESTION NO: 401 If you were NOT using IKE aggressive mode for your IPsec tunnel. A. Sequential C. 9 Answer: A "Pass Any Exam. 6 B." . C.75 Exam Explanation: QUESTION NO: 399 What statement is true regarding Visitor Mode? A. Any Time. Conditional B. Asymmetric D.www. Answer: A Explanation: QUESTION NO: 400 Phase 1 uses________. Only ESP traffic is tunneled through port TCP 443.com 160 . Symmetric Answer: C Explanation: Topic 5.actualtests. D. B. Only Main mode and Quick mode traffic are tunneled on TCP port 443. All VPN traffic is tunneled through UDP port 4500.

Peers authenticate using certificates or preshared secrets. Symmetric IPsec keys are generated. Each Security Gateway generates a private Diffie-Hellman (DH) key from random pools. D. The DH public keys are exchanged. 12 Answer: A Explanation: QUESTION NO: 403 How many packets does the IKE exchange use for Phase 1 Aggressive Mode? A. 12 B.75 Exam Explanation: QUESTION NO: 402 How many packets does the IKE exchange use for Phase 1 Main Mode? A.com 161 . C. Any Time." .actualtests. B.www. 1 C. Answer: C Explanation: "Pass Any Exam. 6 Answer: B Explanation: QUESTION NO: 404 Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled? A. 3 C.Checkpoint 156-215. 6 B. 3 D. 1 D.

Any Time." . Phase 3 D. Phase 1 C. Phase 3 B. vpn debug ipsec D. Phase 2 D. Phase 2 Answer: B Explanation: QUESTION NO: 407 In which IKE phase are IPsec SA's negotiated? A. Phase 4 B.com 162 .Checkpoint 156-215. vpn ipsec C.www.actualtests. fw ipsec tu B.75 Exam QUESTION NO: 405 Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)? A. Phase 4 Answer: C Explanation: "Pass Any Exam. vpn tu Answer: D Explanation: QUESTION NO: 406 In which IKE phase are IKE SA's negotiated? A. Phase 1 C.

SSL Network Extender users. The specific Security Gateway must be configured as a member of the Remote Access Community Answer: B Explanation: "Pass Any Exam.168.com 163 . C. The network behind one Gateway is 10. Hide NAT B. The Gateway must be configured to work with Visitor Mode.0. Windows XP SP2 C. B." . Manual NAT D. There are distinctly separate access rules required for SecureClient users vs.www. Windows Vista D. and network 192. IPSO 3.Checkpoint 156-215.75 Exam QUESTION NO: 408 You wish to configure an IKE VPN between two R75 Security Gateways. Static NAT C.15. D. to protect two networks. MacOS X B. Any Time.9. To use Integrity Clientless Security (ICS).0/24 is behind the peer's Gateway.0/16. Which type of address translation should you use to ensure the two networks access each other through the VPN tunnel? A. you must install the IC3 server or configuration tool.actualtests.9 Answer: D Explanation: QUESTION NO: 410 Which of the following SSL Network Extender server-side prerequisites is NOT correct? A. None Answer: D Explanation: QUESTION NO: 409 Which operating system is not supported by SecureClient? A.

SSL Network Extender Answer: A Explanation: QUESTION NO: 413 Your organization has many Edge Gateways at various branch offices allowing users to access company resources.www. To Internet and other targets only B. For security reasons. to Internet and other VPN targets C. SecureClient D. SSL Network Extender C." . your organization's Security Policy requires all Internet traffic initiated behind the Edge Gateways first be inspected by your headquarters' R75 Security Gateway. To center only Answer: B "Pass Any Exam.com 164 . Transparent mode B. Any Time. Endpoint Connect Answer: A Explanation: QUESTION NO: 412 Which of the following is NOT supported with office mode? A. L2TP C.actualtests. To center and other satellites. How do you configure VPN routing in this star VPN Community? A. SecuRemote B.Checkpoint 156-215. through center D.75 Exam QUESTION NO: 411 Which of the following is NOT supported with Office Mode? A. To center or through the center to other satellites. Secure Client D.

D. C. pair of hosts. No C. Diffie-Hellman Group 2 for Phase 1.75 Exam Explanation: QUESTION NO: 414 Of the following VPN Community options. Diffie-Hellman Group 2 for Phase 1. The certificate provided is invalid. pair of hosts. Diffie-Hellman Group 1 for Phase 1.com 165 . Answer: B Explanation: QUESTION NO: 415 There are three options available for configuring a firewall policy on the SecureClient Mobile device. "Pass Any Exam. no permanent tunnels. Configured on server D. The certificate provided is invalid.actualtests. permanent tunnels. Please provide the username and password. B.www. permanent tunnels. Which of the following is NOT an option? A.Checkpoint 156-215. yes Answer: C Explanation: QUESTION NO: 416 When attempting to connect with SecureClient Mobile the following error message is received. no permanent tunnels. subnet. What is the probable cause of the error? A." . subnet. Any Time. Diffie-Hellman Group 1 for Phase 1. which is most likely to provide a balance between IKE compatibility to VPN-capable devices (Check Point and non-Check Point) and preserving resources on the R75 Gateway? VPN tunnel sharing per: A. Configured on endpoint client B.

D. Meshed C. The user attempting to connect is not configured to have an office mode IP address so the connection failed. Windows Vista 64-bit SP1 D. Windows 2000 SP1 Answer: A Explanation: QUESTION NO: 418 Using the output below. This graphic displays the VPN properties in this mesh Community. Any Time. Traditional B. The user's credentials are invalid. what type of VPN Community is configured for fw-stlouis? A.75 Exam B. Windows XP SP2 O C.actualtests. C.www." . and the client disconnected. MacOS X B. Domain-Based D. C.com 166 . Answer: A Explanation: QUESTION NO: 417 Which operating system is NOT supported by Endpoint Connect R75? A.Checkpoint 156-215. There is no connection to the server. Star Answer: B Explanation: QUESTION NO: 419 You are evaluating the configuration of a mesh VPN Community used to create a site-to-site VPN. "Pass Any Exam.

com 167 . and reduce encryption overhead. D. Any Time. Change the data-integrity settings for this VPN CommunitybecauseMD5 is incompatible with AES. Changing the setting Perform IPsec data encryption with from AES-128 to 3DES will increase the encryption overhead.actualtests. C.www. B.75 Exam Which of the following would be the most valid conclusion? A. Changing the setting Perform key exchange encryption with 3DES to DES will enhance the VPN Community's security. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key Security GatewayR75supports. Answer: B Explanation: QUESTION NO: 420 What is a possible reason for the IKE failure shown in this screenshot? "Pass Any Exam." .Checkpoint 156-215.

C. B. Mismatch in VPN Domains. so it is useless to attempt to access it.75 Exam A. Mismatch in encryption schemes.crl1 provided the implied rules are activated per default. C. D.actualtests. The CRL is encrypted. Mismatch in Diffie-Hellman group. B. Answer: D Explanation: QUESTION NO: 421 How can you access the Certificate Revocation List (CRL) on the firewall. since the Stealth Rule will drop the packets D. Any Time." .Checkpoint 156-215. if you have configured a Stealth Rule as the first explicit rule? A. You can access the Revocation list by means of a browser using the URL: http://IPFW:18264/ICA CRL1.www. Mismatch in preshared secrets.com 168 . You cannot access the CRL. You can only access the CRI via the Security Management Server as the internal CA is located on that server Answer: A Explanation: "Pass Any Exam.

D.actualtests. an invalid IP address configured on one tunnel endpoint." . D.www. 2 B. C. Configure a DHCP server with IP reservation using the information gathered by the utility vpn macutil.com 169 . normally the internal one in the General tab. This can be solved with link selection or by changing this IP to the one facing the other tunnel endpoint. This can be resolved by adding the correct IPs to the Topology tab of both Gateways on both sites. conf on the management server with the correct user name and office mode ip address C. B.Checkpoint 156-215. a mismatch in the authentication algorithms used in IKE phase one and can be corrected by changing them to match. Edit $ PWDIA/conf/SCM_ assignment. normally the internal one in the General tab. an invalid IP address configured on one tunnel endpoint. 12 C. 6 "Pass Any Exam.75 Exam QUESTION NO: 422 Which could be an appropriate solution for assigning a unique Office Mode IP address to Endpoint Connect users? A. a mismatch in the IPs of the VPN tunnel endpoints and can not be resolved. Answer: B Explanation: QUESTION NO: 424 How many packets are required for IKE Phase 2? A. B. Fixed office mode IP can be configured as a user property in smart dash board Answer: A Explanation: QUESTION NO: 423 In the SmartView Tracker you receive the error. Create a DHCP resource with the fixed IP address to use name mapping. …peer send invalid ID information… while trying to establish an IKE VPN tunnel. Any Time. Where does this error normally result from and how can you solve it? This error normally results from: A.

SSL VPN D. Meshed C.com 170 . you need to set up a ___________ community. Triple DES D.Checkpoint 156-215. CAST cipher Answer: B Explanation: QUESTION NO: 427 Fill in the blank: When you want to create a VPN community where all participating gateways are able to connect to each other. DES B. D. AES C. Peers agree on integrity method C. Star "Pass Any Exam. Remote Access B. A. Peers agree on encryption method Answer: C Explanation: QUESTION NO: 426 When using an encryption algorithm. 3 Answer: D Explanation: QUESTION NO: 425 Which of the following actions do NOT take place in IKE Phase 1? A.www. Each side generates a session key from its private key and peer’s public key B. Any Time.actualtests. which is generally considered the best encryption method? A.75 Exam D. Diffie-Hillman key is combined with the key material to produce the symmetrical IPsec key." .

NAT pool C.www. Office mode IP pool B. which option must you choose if you only want to clear phase 2 for a specific IP (gateway)? A. which option must you choose if you want to rebuild your VPN for a specific IP (gateway)? "Pass Any Exam.com 171 . (5) Delete all IPsec SAs for a given peer (GW) Answer: D Explanation: QUESTION NO: 430 When using vpn tu. (6) Delete all IPsec SAs for a given User (Client) B. Encryption domain pool D. Authentication pool Answer: A Explanation: QUESTION NO: 429 When using vpn tu. (8) Delete all IPsec+IKE SAs for a given User (Client) D.Checkpoint 156-215." .actualtests. (7) Delete all IPsec+IKE SAs for a given peer (GW) C. Any Time.75 Exam Answer: B Explanation: QUESTION NO: 428 Which do you configure to give remote access VPN users a local IP address? A.

B. (8) Delete all IPsec+IKE SAs for a given User (Client) Answer: B Explanation: QUESTION NO: 431 Which of the following statements about file-type recognition in Content Inspection is TRUE? A. (5) Delete all IPsec SAs for a given peer (GW) D. Answer: D Explanation: QUESTION NO: 432 Which antivirus scanning method does not work if the Gateway is connected as a node in proxy mode? A. Scan by Direction B. and are not configurable by the Administrator or the Security Policy. Scan by Server "Pass Any Exam. (7) Delete all IPsec+IKE SAs for a given peer (GW) C.com 172 .Checkpoint 156-215. D. All file types are considered "at risk". Antivirus status is monitored using SmartView Tracker. A scan failure will only occur if the antivirus engine fails to initialize.www." . Any Time.75 Exam A.actualtests. (6) Delete all IPsec SAs for a given User (Client) B. The antivirus engine acts as a proxy. Scan by File Type C. C. caching the scanned file before delivering it to the client.

Configure a rule to block the address C.conf file on the Security Management Server C.actualtests. Activate an IPS protection "Pass Any Exam. in the smtp. In IPS SMTP settings Answer: A Explanation: QUESTION NO: 435 If you experience unwanted traffic from a specific IP address. In the Security Server window in Global Properties D. Create a SAM rule D. Check anti-spoofing settings B. CVP Answer: C Explanation: QUESTION NO: 434 How do you control the maximum number of mail messages in a spool directory? A.com 173 . how can you stop it most quickly? A.75 Exam D. In the Gateway object's SMTP settings under the Advanced window B. Scan by IP Address Answer: A Explanation: QUESTION NO: 433 Which OPSEC server can be used to prevent users from accessing certain Web sites? A. UFP D. AMON C. LEA B. Any Time.Checkpoint 156-215." .www.

Redirect users to a new URL.Checkpoint 156-215.com 174 ." . Block sites only once. There are no exceptions. except on specific sources and destinations.www. D. B. Answer: A Explanation: QUESTION NO: 438 Which type of resource could a Security Administrator use to control access to specific file shares on target machines? A. For all traffic.75 Exam Answer: C Explanation: QUESTION NO: 436 URL filtering policy can make exceptions for specific sites by being enforced: A. C. FTP Answer: B "Pass Any Exam. Telnet D. CIFS C. For alt traffic. Alert the Administrator to block a suspicious site. Only for specific sources and destinations. B. For all traffic. D. URI B. Log sites from blocked categories. Any Time. except blocked sites. Answer: B Explanation: QUESTION NO: 437 The URL Filtering Policy can be configured to monitor URLs in order to: A. C.actualtests.

"Pass Any Exam. rules with tracking set to User Defined Alerts or SNMP trap.Checkpoint 156-215. C. Determined by the Dshield Storm Center Logging setting in Logs and Master of the Security Management Server object rules with tracking set to Log or None. enables ASCII only response headers. Select the Scramble error message checkbox. configuration: Information Disclosure is configured. C. In application intelligence / FingerPrint Scrambling / WEB Apps. Determined in Web Intelligence. select the box Enforce Strict HTTP response parsing.org when Storm Center is configured? A. rules with tracking sent to Account or SNMP trap. Answer: A Explanation: QUESTION NO: 440 A security audit has determined that your unpatched Web application server is accessing a SQL server.75 Exam Explanation: QUESTION NO: 439 What rules send log information to Dshield. In web intelligence / HTTP Protocol Inspection. Dshield Storm Center configuration: Security Management Server sends logs from rules with tracking set to either Alert or one of the specific User Defined Alerts B. In Web Intelligence / Information Disclosure / Error Concealment Answer: D Explanation: QUESTION NO: 441 Antivirus protection on a Check Point Gateway is available for all of the following protocols. Any Time. Determined by the Global Properties configuration: Log defined in the Log and Alerts section.www.com 175 . In Web Intelligence / General / HTTP Protocol Inspection." . B.actualtests. D. Determined in IPS. D. Which IPS setting will allow the Security Gateway to prevent this error page from displaying information about the SQL server in your DMZ? A.

SMTP C. RLOGIN D. Telnet C. HTTP Answer: B Explanation: QUESTION NO: 444 "Pass Any Exam. TELNET Answer: D Explanation: QUESTION NO: 442 Which Security Servers can perform authentication tasks. HTTP D.actualtests.Checkpoint 156-215.www. HTTP Answer: C Explanation: QUESTION NO: 443 Which Security Servers can perform authentication tasks.75 Exam EXCEPT: A. FTP C. RHV HTTPS B.com 176 . FTP B." . HTTPS B. but CANNOT perform content security tasks? A. FTP D. but CANNOT perform content security tasks? A. Any Time.

SmartView Monitor B. SmartUpdate Answer: A Explanation: QUESTION NO: 447 Where can you view the anti-virus status? "Pass Any Exam. HTTPS D. C." . how are different file types analyzed? A.doc) Answer: B Explanation: QUESTION NO: 445 For which protocol is anti-virus not available? A. Any Time. B. . They are analyzed by their file extension (i. SMTP B. SmartView Tracker D.Checkpoint 156-215.75 Exam When using the Anti-Virus Content Security. They are analyzed by the MIME header. SmartDashboard C. They are analyzed by their magic number. .e.com 177 . D. FTP C.actualtests. HTTP Answer: C Explanation: QUESTION NO: 446 Where can you view anti-spam status? A.exe.bat.www. They are analyzed by their un-encoded format. .

It is not possible Answer: D Explanation: QUESTION NO: 449 You manage a global network extending from your base in Chicago to Tokyo.actualtests. SmartDashboard B.com 178 . By enabling it in URL Filtering /Advanced / Bypass C.Checkpoint 156-215. Management wants to report detailing the current software level of each Enterprise class Security Gateway.www." . You plan to take the opportunity to create a proposal outline listing the most costeffective way to upgrade your Gateways.75 Exam A. SmartDashboard and SmartView Tracker Answer: D Explanation: QUESTION NO: 450 Message digests use which of the following? "Pass Any Exam. By adding an exception in URL Filtering / Advanced I Network Exceptions B. By creating an authentication rule in the Firewall D. SmartView Tracker and SmartView Monitor C. SmartView Monitor and SmartUpdate D. Calcutta and Dallas. Which two SmartConsole applications will you use to create this report and outline? A. SmartView Monitor D. SmartLSM and SmartUpdate B. SmartView Tracking C. Any Time. SmartUpdate Answer: C Explanation: QUESTION NO: 448 How would you create a temporary user bypass to the URL Filtering policy in Security Gateway? A.

3DES Answer: C Explanation: QUESTION NO: 452 Which of the following uses the same key to decrypt as it does to encrypt? A. SSL and MD4 D. Dynamic encryption Answer: B Explanation: QUESTION NO: 453 You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm's business partners.com 179 . IDEA C.Checkpoint 156-215. IDEA and RC4 C. SHA-1 and MD5 B. Which SmartConsole application should you use to confirm your suspicions? A. MD5 D. DES and RC4 Answer: A Explanation: QUESTION NO: 451 Which of the following is a hash algorithm? A.www. DES B.actualtests. SmartDashboard "Pass Any Exam. Symmetric encryption C.75 Exam A." . Any Time. Certificate-based encryption D. Asymmetric encryption B.

www. SmartView Status Answer: B Explanation: QUESTION NO: 454 A digital signature: A. Provides a secure key exchange mechanism over the Internet B.actualtests. Management Server IP. what information is required to log into R75? A. SmartView Tracker B. SmartUpdate D.com 180 . Any Time. Smart Portal C. SmartDashboard Answer: C Explanation: QUESTION NO: 456 When launching SmartDashboard. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days? A. Answer: C Explanation: QUESTION NO: 455 Your bank's distributed R75 installation has Security Gateways up for renewal.75 Exam B. certificate fingerprint file "Pass Any Exam. Automatically exchanges shared keys.Checkpoint 156-215. D. Decrypts data to its original form. User Name. C. SmartView Tracker C." . Guarantees the authenticity and integrity of a message. SmartUpdate D.

D. Apply a source filter by adding both endpoint IP addresses with the equal option set. B. Double-click an entry representing a connection between both endpoints. Management Server IP. Management Server IP D. Use a regular expression to filter out relevant logging entries. Management Server IP C. and then search the corresponding IP addresses. what can you do to find information about data being sent between pcosaka and pctokyo? A. Password. C. "Pass Any Exam. Management Server C. Password. Security Gateway B. Policy Server D." . SmartLSM Answer: B Explanation: QUESTION NO: 458 To reduce the information given to you in SmartView Tracker. Any Time.actualtests. Press CTRL+F in order to open the find dialog. LDAP Server IP Answer: B Explanation: QUESTION NO: 457 Which component functions as the Internal Certificate Authority for R75? A.www.com 181 .75 Exam B. Password. User Name.Checkpoint 156-215.

Any Time. This information can only be viewed with fw ctl pstat command from the CLI. he tells you that he has been receiving complaints that Internet access is very slow.com 182 . Enable Monitoring on your Security Management Server.75 Exam Answer: C Explanation: QUESTION NO: 459 A third-shift Security Administrator configured and installed a new Security Policy early this morning. D. Answer: C Explanation: "Pass Any Exam. Purchase the SmartView Monitor license for your Security Management Server. What should you do to analyze the packet size distribution of your traffic? Give the BEST answer. the message. E. You suspect the Security Gateway virtual memory might be the problem." .www. SmartView Tracker B. Purchase the SmartView Monitor license for your Security Gateway. B. Unfortunately. When you arrive.actualtests. C.Checkpoint 156-215. D. Which SmartConsole component would you use to verify this? A. There are no machines that contain Firewall Blade and SmartView Monitor appears. A. Eventia Analyzer Answer: B Explanation: QUESTION NO: 460 You wish to analyze the packet size distribution of your traffic with SmartView Monitor. Enable Monitoring on your Security Gateway. SmartView Monitor C.

actualtests. which column do we need to check to view the new source IP when using NAT? A.www. XlateSrc Answer: C Explanation: QUESTION NO: 463 Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism when logging in to a remote server with Telnet? A. Standard Sign On B. XlateSPort C. Manual Sign On C. XlateDst B." .Checkpoint 156-215.75 Exam QUESTION NO: 461 When troubleshooting NAT entries in SmartView Tracker. XlateDst D. which column do we need to check to view the NAT'd source port when using source NAT? A. Partially Automatic Sign On Answer: D Explanation: "Pass Any Exam. XlateDPort Answer: A Explanation: QUESTION NO: 462 When troubleshooting NAT entries in SmartView Tracker. XlateSPort D. Agent Automatic Sign On D. XlateDPort C. XlateSrc B.com 183 . Any Time.

www. not with each other. Sequential D.Checkpoint 156-215. Asymmetric Answer: A "Pass Any Exam. Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. B. Answer: B Explanation: QUESTION NO: 465 Phase 2 uses ___________. all London branch offices defined in one satellite window. but. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the "mesh center Gateways" option checked.actualtests. and one for London and New York headquarters. The branch offices only need to communicate with the headquarters in their country. Any Time. and the headquarters need to communicate directly. A. one in London. Symmetric B. Each of the headquarters includes several branch offices. and between the two headquarters? VPN Communities comprised of: A. C.75 Exam QUESTION NO: 464 Your company has two headquarters. The third star Community is between New York and London headquarters but it is irrelevant which site is "center" and which "satellite". all New York branch offices defined in another satellite window. The star Community has New York as the center and London as its satellite. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters. Three mesh Communities: one for London headquarters and its branches. D.com 184 . one in New York. Three star Communities: The first one is between New York headquarters and its branches. The second star Community is between London headquarters and its branches." . one for New York headquarters and its branches. Conditional C. if not using Perfect Forward Secrecy.

Separate objects D. A.75 Exam Explanation: New Questions QUESTION NO: 466 The SIC certificate is stored in the directory______________.actualtests. adlog check__acoounts C. pdp check_log B. machines. $CPDIR/registry D. $FWDIR/conf Answer: B Explanation: QUESTION NO: 467 Access Role objects define users.com 185 .www. Credentialed objects C." . and network locations as: A. pdp show service D. adlog service_accounts "Pass Any Exam.Checkpoint 156-215. Linked objects Answer: A Explanation: QUESTION NO: 468 What command syntax would you use to see accounts the gateway suspects are service accounts? A. Any Time. $FWDIR/database C. One object B. $CPDIR/conf B.

" . unidentified users may be blocked. ICA Certificate B.actualtests. Identity Awareness Agent Explanation: QUESTION NO: 471 What is true about the Rule Base shown? "Pass Any Exam.com 186 . LDAP injection. SSL VPN D. Malicious Code Protector Rejection. Full Endpoint Client D.75 Exam Explanation: QUESTION NO: 469 If a security gateway enforces three protections. SecureClient C. Data Loss Prevention Answer: B Explanation: QUESTION NO: 470 Using Captive Portal.Checkpoint 156-215. Any Time.www. which checkpoint license is required in SmartPhone? A. or required to download: A. allowed to enter required credentials. IPS C. SmallEvent intro B.

www. He managed to lock himself out of his account. pdp log = l C. Type fwn unlock_admin – u from the Security Gateway command line D. HTTP traffic from websingapore to webrome will be encrypted (iii).actualtests. pdp tracker on B.75 Exam (i)." . (ii) and (iii) B. The fwn lock_admin –u <account name> from Security Management Server command line C. pdp logging on Explanation: "Pass Any Exam. (ii) and (iii) D. Delete the file sdmin. (i).com 187 . (iii) only Explanation: QUESTION NO: 472 The third-shift Administrator was updating Security Management Server Access settings in Global Properties and testing.lock in the Security Management Server directory $PWDIR/tmp/ B. HTTP traffic from websingapore to webromw will be blocked A. HTTP traffic from webrome to websingapore will be encrypted (ii). (iii) and (iv) C. How can you unlock this account? A. HTTP traffic from webrome ro websingapore will be encrypted (iv). Type fwn unlock_admin from the Security Management Server Command line Answer: B Explanation: QUESTION NO: 473 What command syntax would you use to turn on PDP logging in a distributed environment? A.Checkpoint 156-215. pdp track = l D. Any Time.

Source Server Explanation: QUESTIONNO: 477 Which rule is responsible for installation feature? "Pass Any Exam.www.actualtests. Any Time. A.com 188 . in which Rule Bases can it be implemented? A. Mobile Access C. Computer MAC address D. Time of connection Explanation: QUESTION NO: 476 Which of the following is NOT defined by an Access Role object? A. IPS Explanation: QUESTION NO: 475 Identity Awareness is implemented to manage access to protected resources based on a user's _____________. Location B. Source Logging and/or Alerting Rule C. Source Network B.Checkpoint 156-215. DLP B." .75 Exam QUESTION NO: 474 Once an Access Role is configured. Firewall D. Source Machine D. Application requirement C.

Checkpoint 156-215. Rule 4 B. Rule 5 Answer: QUESTION NO: 477 What information is found in the SmartView Tracker Management log? A.www. Rule 8 C. Rule 7 D.actualtests." . Transparent network inspection tool C. Creation of an administrator using cpconfig D. Any Time. Pre-configured and customizable web-based tool "Pass Any Exam. A.com 189 .JPG A. Administrator SmartDashboard logout event B. FTP username authentication failure Explanation: QUESTION NO: 478 Captive Portal is a _____________ that allows the gateway to request login information from the user. SecurePlatform expert login event C. Separately licensed feature D.75 Exam C:\Documents and Settings\user-nwz\Desktop\1. LDAP server add-on B.

1. policies. 3.75 Exam Explanation: QUESTION NO: 479 Which of the following items should be configured for the Security Management Server to authenticate via LDAP? A. Active Directory Server object C. 2. You allow visitor Mode in the Gateway object’s Remote Access properties and install policy. Manual copies of the $CPDIR/conf directory A. Policy package management 5. Upgrade_export and upgrade_import utilities 2. 4. SecurePlatform backup utilities 4. 5 B. 3. Any Time. 2.Checkpoint 156-215. 4 C.com 190 . Which of the following backup and restore solution can you use? 1.www." . Windows logon password B. 2. and global properties from an R75 Security Management Server. WMI object D. objects. 1. Database revision control 3. What is the cause of this? "Pass Any Exam. 3 D. 1. but SecureClient refuses to connect. 5 Explanation: QUESTION NO: 481 You install and deploy SecurePlatform with default settings. Check Point Password Explanation: QUESTION NO: 480 You plan to create a backup of the rules.actualtests. 4.

When you configure Visitor Mode it cannot bind to default port 443. because it’s used by another program (WebUI).75 Exam A. You need to change the WebUI port. then use Visitor Mode D. Access Rule C. Access Role B. Set the Visitor Mode Policy > Global Properties > Remote-Access > VPN – Advanced B. Run a cpstop on the Security Gateway C.com 191 . Offline mode is not configured C. Reboot Gateway B. Run cpconfig and set yourself up as a GUI client Explanation: QUESTION NO: 484 What action CANNOT be run from SmartUpdate R75? A. Fetch sync status C. Any Time. The WebUI on SecurePlatform runs on port 443 (HTTPS).www." .Checkpoint 156-215.actualtests. or run Visitor Mode on a different port. Explanation: QUESTION NO: 482 Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials? A. Access Policy D. Run a cpatop on the Security Management Server B. Close all GUI clients D. Get all Gateway Data D. Access Certificate Explanation: QUESTION NO: 483 What are you required to do before running the command upgrade_export? A. You need to start SSL Network Extended first. Preinstall verifier "Pass Any Exam.

If the user credentials do not match an Access Role.75 Exam Explanation: QUESTION NO: 485 What happens if the identity of a user is known? A.www. the system displays a sandbox. Time of connection B. the gateway moves onto the next rule.com 192 . the traffic is automatically dropped D.actualtests. Application requirement C. If the user credentials do not match an Access Role. You select a standard report as you can see here." . you can select the London Gateway. Identity D. "Pass Any Exam. the system displays the Captive Portal C. Explanation: QUESTION NO: 486 My Awareness is implemented to manage access to protected resources based on a user's _____________. If the user credentials do not match an Access Role. B. If the user credentials do not match an Access Role. Any Time. A. Computer MAC address Explanation: QUESTION NO: 487 You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter.Checkpoint 156-215.

You must enable Monitoring in the London Gateway object's General Properties C.actualtests. Explanation: "Pass Any Exam.75 Exam When you attempt to configure the Express Report. Any Time.com 193 .Checkpoint 156-215. What is the reason for this behavior? Give the BEST answer A. You have the license for Eventia Reporter in Standard mode only D. You must enable the Eventia Express Mode on the London Gateway B. you are unable to select Gateway." .www. You must enable the Express Mode inside Eventia Reporter.

Any Time. Identity based enforcement for non-AD users (non-windows and guest users) Explanation: QUESTION NO: 489 Certificates for Security Gateways are created during a simple initialization from ___________. Leveraging identity for Data Center protection B. CIFS Explanation: QUESTION NO: 491 Which of the following are available SmartConsole clients which can be installed from the R75 "Pass Any Exam. The ICA management tool B. What is not recommended usage of this method? A. Protecting highly sensitive identity is crucial C.75 Exam QUESTION NO: 488 The identity is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). WMI D. SmartUpdate C. A.com 194 .www. RCP B.actualtests. Sysconfig D. SmartDashboard Explanation: QUESTION NO: 490 What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server? A. LDAP C.Checkpoint 156-215." .

SmartView Status D. SmartUpdate. SmartDashboard. Is deployed from the Identity Awareness page in the Global Properties settings D. SmartDashboard. SmartView Tracker. Any Time.actualtests.www. Is only used for guest user authentication Explanation: "Pass Any Exam. SmartLSM.75 Exam Windows CD? Read all answer and select the most complete and valid list. Security Policy Editor. A. SmartView Tracker. SmartUpdate B. Acquires identities from unidentified users C.com 195 . Domain Admin password B." . SmartView Monitor C. Log viewer. CPINFO. WM1 object Explanation: QUESTION NO: 493 The Captive Portal tool A. Check Point Password C. Allows access to users already identified B.Checkpoint 156-215. Windows logon password D. SmartView Tracker. CPINFO. Real Time Monitor GUI Explanation: QUESTION NO: 492 Which of the following items should be configured for the Security Management Server to authenticate using LDAP? A.

Sign up to vote on this title
UsefulNot useful