When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R75 topology configuration?
A. Specific
B. External
C. Any
D. Not Defined
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R75. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
A. A Stealth Rule has been configured for the R75 Gateway.
B. The Allow Control Connections setting in Policy > Global Properties has been unchecked.
C. The Security Policy installed to the Gateway had no rules in it
D. The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?
A. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
B. Anti-spoofing not configured on the interfaces on the Gateway object.
C. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
D. Secure Internal Communications (SIC) not configured for the object.
You have configured a remote site Gateway that supports your boss's access from his home office using a DSL dialup connection. Everything worked fine yesterday, but today all connectivity is lost. Your initial investigation results in "nobody has touched anything", which you can support by taking a look in SmartView Tracker Management. What is the problem and what can be done about it?
A. You cannot use NAT and a dialup connection.
B. The NAT configuration is not correct; you can only use private IP addresses in a static NAT setup.
C. A static NAT setup may not work with DSL, since the external IP may change. Hide NAT behind the Gateway is the preferred method here.
D. According to published limitations of Security Gateway R75, there's a bug with NAT. A restart of the Gateway will help here.
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R75 Security Gateway and then start a new HTTP connection from host
10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
A. i=inbound kernel, before the virtual machine
B. O=outbound kernel, after the virtual machine
C. o=outbound kernel, before the virtual machine
D. I=inbound kernel, after the virtual machine
You are a Security Administrator who has installed Security Gateway R75 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following:
1.
Created manual Static NAT rules for the Web server.
2.
Created the following settings in the Global Properties' Network Address Translation screen Allow bidirectional NAT* Translate destination on client side
Do you above settings limit the partner's access?
A. Yes, This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.
B. Yes, Both of these settings are only application to automatically NAT rules.
C. No, The first setting is not applicable. The second setting will reduce performance, by translating traffic in the kernel nearest the intranet server.
D. No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing.
Which specific R75 GUI would you use to add an address translation rule?
A. SmartConsole
B. SmartDashboard
C. SmartNAT
D. SmartView Monitor
A _______ rule is used to prevent all traffic going to the R75 Security Gateway.
A. Cleanup
B. Reject
C. Stealth
D. IPS
In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy / Global Properties / FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.
A. 256
B. 80
C. 900
D. 259
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R75 Gateway, which connections to your ISP provider. How do you configure the Gateway to allow this network to go out to the internet?
A. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
B. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
C. Use automatic Static NAT for network 10.1.1.0/24.
D. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CheckPoint exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 156-215.75 exam preparations and CheckPoint certification application, do not hesitate to visit our Vcedump.com to find your solutions here.