CheckPoint 156-215.13 Online Practice Questions and Exam Preparation

CheckPoint 156-215.13 Online Questions & Answers

• Question 241:

  Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?

  A. The Security Policy is not correct.
  B. You can't use any port other than the standard port 900 for Client Authentication via HTTP.
  C. The service FW_clntauth_http configuration is incorrect.
  D. The configuration file $FWDIR/conf/fwauthd.conf is incorrect.
  D. The configuration file $FWDIR/conf/fwauthd.conf is incorrect.

• Question 242:

  John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only

  from John's desktop which is assigned a static IP address 10.0.0.19.

  John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a

  rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

  To make this scenario work, the IT administrator:

  1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

  2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

  John plugged in his laptop to the network on a different network segment and he is not able to connect.

  How does he solve this problem?

  A. John should lock and unlock the computer
  B. Investigate this as a network connectivity issue
  C. John should install the Identity Awareness Agent
  D. The firewall admin should install the Security Policy
  D. The firewall admin should install the Security Policy

• Question 243:

  Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service?

  A. ipsofwd on admin
  B. ipsofwd slowpath
  C. fw fwd routing
  D. fw load routed
  A. ipsofwd on admin

• Question 244:

  When configuring the Check Point Gateway network interfaces, you can define the direction as Internal or External.

  

  What does the option Interface leads to DMZ mean?

  A. Using restricted Gateways, this option automatically turns off the counting of IP Addresses originating from this interface.
  B. Activating this option automatically turns this interface to External.
  C. It defines the DMZ Interface since this information is necessary for Content Control
  D. Select this option to automatically configure Anti-Spoofing to this net.
  C. It defines the DMZ Interface since this information is necessary for Content Control

• Question 245:

  Looking at the SYN packets in the Wireshark output,

  

  select the statement that is true about NAT.

  A. This is an example of Hide NAT.
  B. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
  C. There is not enough information provided in the Wireshark capture to determine the NAT settings.
  D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.
  D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

• Question 246:

  Which command allows you to view the contents of an R76 table?

  A. fw tab -s
  B. fw tab -t
  C. fw tab -x
  D. fw tab -a
  B. fw tab -t

• Question 247:

  What is the purpose of an Identity Agent?

  A. Manual entry of user credentials for LDAP authentication
  B. Audit a user's access, and send that data to a log server
  C. Disable Single Sign On
  D. Provide user and machine identity to a gateway
  D. Provide user and machine identity to a gateway

• Question 248:

  Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the .

  A. ICA Certificate
  B. SecureClient
  C. Full Endpoint Client
  D. Identity Awareness Agent
  D. Identity Awareness Agent

• Question 249:

  Which authentication type requires specifying a contact agent in the Rule Base?

  A. Session Authentication
  B. User Authentication
  C. Client Authentication with Partially Automatic Sign On
  D. Client Authentication with Manual Sign On
  A. Session Authentication

• Question 250:

  When attempting to connect with SecureClient Mobile you get the following error message:

  The certificate provided is invalid. Please provide the username and password.

  What is the probable cause of the error?

  A. Your user configuration does not have an office mode IP address so the connection failed.
  B. There is no connection to the server, and the client disconnected.
  C. Your certificate is invalid.
  D. Your user credentials are invalid.
  C. Your certificate is invalid.