CheckPoint 156-215.75 Online Practice Questions and Exam Preparation

CheckPoint 156-215.75 Online Questions & Answers

• Question 341:

  Using SmartProvisioning Profiles, which of the following could be configured for both SecurePlatform AND UTM-1 Edge devices?

  (i)

  Backup

  (ii)

  Routing

  (iii) Interfaces

  (iv)

  Hosts

  (v)

  NTP server

  (vi)

  DNS

  A. (ii), (iii), (iv) and (vi)
  B. (i), (iii), (iv) and (vi)
  C. none of these options are available for both.
  D. (i), (ii) and (iv)
  C. none of these options are available for both.

• Question 342:

  The file snapshot generates is very large, and can only be restored to:

  A. The device that created it, after it has been upgraded
  B. Individual members of a cluster configuration
  C. Windows Server class systems
  D. A device having exactly the same Operating System as the device that created the file
  D. A device having exactly the same Operating System as the device that created the file

• Question 343:

  Which statement defines Public Key Infrastructure? Security is provided:

  A. by Certificate Authorities, digital certificates, and two-way symmetric-key encryption.
  B. by Certificate Authorities, digital certificates, and public key encryption.
  C. via both private and public keys, without the use of digital Certificates.
  D. by authentication.
  B. by Certificate Authorities, digital certificates, and public key encryption.

• Question 344:

  You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

  A. Manually import your partner's Access Control List.
  B. Manually import your partner's Certificate Revocation List.
  C. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA).
  D. Create a new logical-server object to represent your partner's CA.
  C. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA).

• Question 345:

  What process is responsible for transferring the policy file from SmartCenter to the Gateway?

  A. FWD
  B. FWM
  C. CPRID
  D. CPD
  D. CPD

• Question 346:

  David is the MultiCorp Security Manager and approves the proposals submitted by the Security Administrator Peter. One day, David believes he has detected a vulnerability in the Security Policy. He submits a change proposal and tries to approve his own submission. The system does not allow him to perform this procedure.

  

  What is the reason for this behavior?

  A. The company does not allow David to submit and also approve the same policy change. David was assigned the Approve only permission (instead of Submit and Approve).
  B. The company does not allow David to submit and approve the same policy change. The setting Manager cannot approve their submitted sessions in Global Properties was set to On.
  C. The company does not allow David to submit and approve the same policy change. The setting Manager cannot approve their submitted sessions in the SmartWorkflow section of the Firewall object properties was set to On.
  D. The proposal contains some logical contradictions. The Check Point verification control does not permit this change to be carried out.
  B. The company does not allow David to submit and approve the same policy change. The setting Manager cannot approve their submitted sessions in Global Properties was set to On.

• Question 347:

  Your R75 enterprise Security Management Server is running abnormally on Windows 2008 Server. You decide to try reinstalling the Security Management Server, but you want to try keeping the critical Security Management Server configuration settings intact (i.e., all Security Policies, databases, SIC, licensing etc.) What is the BEST method to reinstall the Server and keep its critical configuration?

  A. 1. Create a database revision control backup using the SmartDashboard 2. Create a compressed archive of the *FWDlR*\ conf and »FWDiR8\lib directories and copy them to another networked machine. 3. Uninstall all R70 packages via Add/Remove Programs and reboot. 4. Install again as a primary Security Management Server using the R70 CD. 5. Reboot and restore the two archived directories over the top of the new installation, choosing to overwrite existing files.
  B. 1. Download the latest upgrade_export utility and run it from a c; \temp directory to export the configuration into a . tgz file 2. Skip any upgarde__verification warnings since you are not upgrading 3. Transfer the . tgz file to another networked machine 4. Download and run the cpclean utility and reboot 5. Use the R70 CD-ROM to select the uuarade import ootion to import the confiauration
  C. 1. Download the latest upqrade_expoct utility and run it from a \temp directory to export the configuration into a . tgz file 2. Perform any requested upgcade_veri£ic«tion suggested steps 3. Uninstall all R70 packages via Add/Remove Programs and reboot 4. Use SmartUpdate to reinstall the Security Management Server and reboot 5. Transfer the tgz file back to the local \temp 6. Run upgrade__import to import the configuration
  D. 1. Insert the F70 CD-ROM, and select the option to export the configuration using the latest upgrade utilities 2. Perform any requested upgrade_verification suggested steps and re-export the configuration if needed 3. Save the export " tgz file to a local c: \temp directory 4. Uninstall all R70 packages via Add/Remove Programs and reboot 5. Install again using the R70 CD-ROM as a primary Security Management Server and reboot 6. Run upgrade_import to import the configuration
  C. 1. Download the latest upqrade_expoct utility and run it from a \temp directory to export the configuration into a . tgz file 2. Perform any requested upgcade_veri£ic«tion suggested steps 3. Uninstall all R70 packages via Add/Remove Programs and reboot 4. Use SmartUpdate to reinstall the Security Management Server and reboot 5. Transfer the tgz file back to the local \temp 6. Run upgrade__import to import the configuration

• Question 348:

  Which statement is TRUE for route-based VPN's?

  A. Route-based VPN's replace domain-based VPN's.
  B. Route-based VPN's are a form of partial overlap VPN Domain.
  C. Dynamic-routing protocols are not required.
  D. IP Pool NAT must be configured on each Gateway.
  C. Dynamic-routing protocols are not required.

• Question 349:

  Laura notices the Microsoft Visual Basic Bits Protection is set to inactive. She wants to set the Microsoft Visual Basic Kill Bits Protection and all other Low Performance Impact Protections to Prevent. She asks her manager for approval and stated she can turn theses on. But he wants Laura to make sure no high Performance Impacted Protections are turned on while changing this setting.

  

  Using the out below, how would Laura change the Default_Protection on Performance Impact Protections classified as low from inactive to prevent until meeting her other criteria?

  A. Go to Profiles / Default_Protection and uncheck Do not activate protections with performance impact to medium or above
  B. Go to Profiles / Default_Protection and select Do not activate protections with performance impact to low or above
  C. Go to Profiles / Default_Protection and select Do not activate protections with performance impact to medium or above
  D. Go to Profiles / Default_Protection and uncheck Do not activate protections with performance impact to high or above
  C. Go to Profiles / Default_Protection and select Do not activate protections with performance impact to medium or above

• Question 350:

  If you are experiencing LDAP issues, which of the following should you check?

  A. Secure Internal Communications (SIC)
  B. Domain name resolution
  C. Overlapping VPN Domains
  D. Connectivity between the R75 Gateway and LDAP server
  D. Connectivity between the R75 Gateway and LDAP server