CheckPoint CCSA 156-215.75 Questions & Answers

• Question 311:

  By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:

  A. Purges the current log file, and prompts you for the new log's mode.

  B. Saves the current log file, names the log file by date and time, and starts a new log file.

  C. Purges the current log file and starts the new log file.

  D. Prompts you to enter a filename, and then saves the log file.

  Correct Answer: B

• Question 312:

  A security audit has determined that your unpatched Web application server is accessing a SQL server. You believe that you have enabled the proper IPS setting but would like to verify this using SmartView Tracker. Which of the following entries confirms that this information is being blocked against attack?

  A. ASCII Only Response Header detecteD. SQL

  B. Fingerprint Scrambling: Changed [SQL] to [Perl]

  C. Concealed HTTP response [SQL Server]. (Error Code WSE0160003)

  D. HTTP response spoofing: remove signature [SQL Server]

  Correct Answer: C

• Question 313:

  Which SmartConsole tool would you use to see the last policy pushed in the audit log?

  A. SmartView Tracker

  B. None, SmartConsole applications only communicate with the Security Management Server.

  C. SmartView Status

  D. SmartView Server

  Correct Answer: A

• Question 314:

  SmartView Tracker logs the following Security Administrator activities, EXCEPT:

  A. Administrator login and logout

  B. Object creation, deletion, and editing

  C. Tracking SLA compliance

  D. Rule Base changes

  Correct Answer: C

• Question 315:

  Where are automatic NAT rules added to the Rule Base?

  A. Before last

  B. Middle

  C. First

  D. Last

  Correct Answer: C

• Question 316:

  What is the default setting when you use NAT?

  A. Manual NAT

  B. Server-side NAT

  C. Hide NAT

  D. Client-side NAT

  Correct Answer: D

• Question 317:

  You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of

  inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:

  "Unknown established connection"

  How do you resolve this problem without causing other security issues? Choose the BEST answer.

  A. Increase the service-based session timeout of the default Telnet service to 24-hours.

  B. Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session Timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

  C. Ask the mainframe users to reconnect every time this error occurs.

  D. Increase the TCP session timeout under Global Properties > Stateful Inspection.

  Correct Answer: B

• Question 318:

  A Hide NAT rule has been created which includes a source address group of ten (10) networks and three

  (3)

  other group objects (containing 4, 5, and 6 host objects respectively). Assuming all addresses are non-repetitive, how many effective rules have you created?

  B.

  25

  C.

  2

  D.

  13

  Correct Answer: B

• Question 319:

  What is the purpose of a Stealth Rule?

  A. To permit implied rules

  B. To permit management traffic

  C. To prevent users from connecting directly to the gateway

  D. To drop all traffic to the management server that is not explicitly permitted

  Correct Answer: C

• Question 320:

  You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package's NAT rules?

  

  A. Rules 1 and 5 will be appear in the new package

  B. Rules 1, 3, 4 and 5 will appear in the new package

  C. Rules 1, 2, 3 and 4 will appear in the new package

  D. NAT rules will be empty in the new package

  Correct Answer: C