CheckPoint CCSA 156-215.75 Questions & Answers

• Question 181:

  Public keys and digital certificates do NOT provide which of the following?

  A. Authentication

  B. Nonrepudiation

  C. Data integrity

  D. Availability

  Correct Answer: D

• Question 182:

  If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:

  A. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange

  B. three-packet IKE Phase 2 exchange is replaced by a two-packet exchange

  C. six-packet IKE Phase 1 exchange is replaced by a three-packet exchange

  D. three-packet IKE Phase 1 exchange is replaced by a six-packet exchange

  Correct Answer: C

• Question 183:

  Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?

  A. Permit access to Finance_net

  B. Select ignore database in action properties window

  C. Select intersect with user database in the action properties window

  D. Select Intersect with user database or Ignore Database in the Action Properties window.

  Correct Answer: D

• Question 184:

  When selecting an authentication scheme for a user, which scheme would you use if you only want the password to be stored locally? (The password is not stored at a third party component.)

  A. Check Point Password

  B. TACACS

  C. SecurID

  D. OS Password

  Correct Answer: A

• Question 185:

  For which service is it NOT possible to configure user authentication?

  A. HTTPS

  B. FTP

  C. SSH

  D. Telnet

  Correct Answer: C

• Question 186:

  For remote user authentication, which authentication scheme is NOT supported?

  A. SecurlD

  B. TACACS

  C. Check Point Password

  D. RADIUS

  Correct Answer: B

• Question 187:

  Mr. Smith needs access to other networks and should be able to use all services, but session authentication is not suitable. The Security Administrator selects client authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. The Security Administrator wants to use the Port 9001, but there are some connectivity problems. What is the reason for the connectivity problems? Give the BEST answer.

  A. The configuration of the service FW1_clntauth_http is not correct.

  B. The Security Policy is not correct.

  C. The configuration file $FWDIR/conf/fwauthd.conf is wrong.

  D. It is not possible to use any port other than the standard port 900 for the client authentication via HTTP.

  Correct Answer: C

• Question 188:

  You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

  A. internet user group

  B. A group with generic user

  C. LDAP account unit Group

  D. All users

  Correct Answer: B

• Question 189:

  User Mark is requesting a Website while he is using a computer out of the net_singapore network.

  

  What is TRUE about his location restriction?

  A. Source setting in User Properties always takes precedence.

  B. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.

  C. Source setting in Source column always takes precedence

  D. As location restrictions add up, he would be allowed from net_singapore and net_sydney.

  Correct Answer: B

• Question 190:

  In the given Rule Base, the client authentication in rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSAD_Group. When Eric tries to connect to a server on the Internet, what will happen?

  

  A. Eric will be blocked because LDAP is not allowed in the Rule Base.

  B. None of these things will happen.

  C. Eric will be authenticated and get access to the requested server.

  D. Eric will be blocked by the Stealth Rule.

  Correct Answer: B