CheckPoint CCSA 156-215.75 Questions & Answers

• Question 411:

  Which statement is TRUE about implicit rules?

  A. They are derived from Global Properties and explicit object properties.

  B. The Gateway enforces implicit rules that enable outgoing packets only.

  C. You create them in SmartDashboard.

  D. Changes to the Security Gateway's default settings do not affect implicit rules.

  Correct Answer: A

• Question 412:

  You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?

  A. First

  B. Before Last

  C. Last

  D. After Stealth Rule

  Correct Answer: C

• Question 413:

  A Clean-up rule is used to:

  A. Drop without logging connections that would otherwise be dropped and logged fry default

  B. Log connections that would otherwise be accepted without logging by default.

  C. Log connections that would otherwise be dropped without logging by default.

  D. Drop without logging connections that would otherwise be accepted and logged by default

  Correct Answer: C

• Question 414:

  A ____________ rule is designed to log and drop all other communication that does not match another rule.

  A. Stealth

  B. Cleanup

  C. Reject

  D. Anti-Spoofing

  Correct Answer: B

• Question 415:

  A Stealth rule is used to:

  A. Use the Security Gateway to hide the border router from internal attacks.

  B. Cloak the type of Web server in use behind the Security Gateway.

  C. Prevent communication to the Security Gateway itself.

  D. Prevent tracking of hosts behind the Security Gateway.

  Correct Answer: C

• Question 416:

  What are the two basic rules which should be used by all Security Administrators?

  A. Administrator Access and Stealth rules

  B. Cleanup and Administrator Access rules

  C. Network Traffic and Stealth rules

  D. Cleanup and Stealth rules

  Correct Answer: D

• Question 417:

  Which item below in a Security Policy would be enforced first?

  A. Administrator-defined Rule Base

  B. Network Address Translation

  C. IP spoofing/IP options

  D. Security Policy "First" rule

  Correct Answer: C

• Question 418:

  When you hide a rule in a Rule Base, how can you then disable the rule?

  A. Use the search utility in SmartDashboard to view all hidden rules Select the relevant rule and click Disable Rule(s).

  B. Right-click on the hidden rule place-holder bar and select Disable Rule(s).

  C. Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.

  D. Hidden rules are already effectively disabled from Security Gateway enforcement.

  Correct Answer: C

• Question 419:

  Which rule should be the Cleanup Rule in the Rule Base?

  A. Last. It serves a logging function before the implicit drop.

  B. Last, it explicitly drops otherwise accepted traffic

  C. Before last followed by the Stealth Rule.

  D. First, it explicitly accepts otherwise dropped traffic.

  Correct Answer: A

• Question 420:

  You want to reset SIC between smberlin and sgosaka.

  

  In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key.

  The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:

  

  What is the reason for this behavior?

  A. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup / Initialize).

  B. The Gateway was not rebooted, which is necessary to change the SIC key.

  C. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.

  D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.

  Correct Answer: C