You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you
investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
A. Add a "temporary" rule using SmartDashboard and select hide rule.
B. Create a Suspicious Activity Rule in SmartView Monitor
C. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0. fws configuration file.
D. Select block intruder from the tools menu in SmartView Tracker.
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Blank field under Rule Number
B. Rule 0
C. Cleanup Rule
D. Rule 1
Each grocery store in a regional chain is protected by a Security Gateway. The information- technology audit department wants a report including:
The name of the Security Policy installed on each remote Security Gateway. The date and time the Security Policy was installed. General performance statistics (CPU Use, average CPU time, active real memory, etc)
Which one SmartConsole application can you use to gather all this information?
A. SmartView Tracker
B. SmartView Monitor
C. SmartDashboard
D. SmartUpdate
You are the Security Administrator for MegaCorp and are enjoying your holiday. One day, you receive a call that some connectivity problems have occurred. Before the holiday, you configured the access from the holiday hotel to your Management Portal. You can see and analyze various objects. Which objects can you create?
A. None. SmartPortal access is read-only.
B. Network objects and services
C. Security rules only
D. Network objects, services and internal users
Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?
A. 514
B. 256
C. 257
D. 258
Which of the following explanations best describes the command fw logswitch [-h target] [+ | -] [oldlog]?
A. Display a remote machine's log-file list.
B. Control Kernel
C. Display protocol Hosts
D. Create a new Log file. The old log has moved
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R70 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every 1 minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.
Which of the following is the BEST explanation for this behavior?
A. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
B. The Log Server is failing to log GRE traffic property because it is VPN traffic. Disable all VPN configurations to the partner site to enable proper logging.
C. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R75 Security Gateway cannot distinguish between GRE sessions. This is a known issue with the GRE. Use IPSEC instead of the non GRE protocol for encapsulation.
D. The setting Log does not capture this level of details for GRE Set the rule tracking a action to audit since certain types of traffic can only tracked this way.
What are the results of the commanD. fw sam [Target IP Address]?
A. Connections from the specified target are blocked without the need to change the Security Policy.
B. Connections to and from the specified target are blocked with the need to change the Security Policy.
C. Connections to and from the specified target are blocked without the need to change the Security Policy.
D. Connections to the specified target are blocked without the need to change the Security Policy.
What information is found in the SmartView Tracker Management log?
A. Most accessed Rule Base rule
B. Number of concurrent IKE negotiations
C. SIC revoke certificate event
D. Destination IP address
What information is found in the SmartView Tracker Management log?
A. Destination IP address
B. Policy Package rule modification date/time stamp
C. Historical reports log
D. Most accessed Rule Base rule
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.75 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.