CheckPoint CCSA 156-215.75 Questions & Answers

• Question 41:

  John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to

  designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway

  policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

  John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT

  department gave the laptop a static IP address, but that limits him to operating it only from his desk. The

  current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a

  static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR

  Web Server.

  To make this scenario work, the IT administrator:

  1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the

  policy.

  2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web

  Server from any machine and from any location.

  John plugged in his laptop to the network on a different network segment and he is not able to connect.

  How does he solve this problem?

  A. John should lock and unlock the computer

  B. Investigate this as a network connectivity issue

  C. John should install the Identity Awareness Agent

  D. The firewall admin should install the Security Policy

  Correct Answer: D

• Question 42:

  How can you activate the SNMP daemon on a Check Point Security Gateway?

  A. Using the command line, enter snmp_install.

  B. Any of these options will work.

  C. In SmartDashboard, right-click a Check Point object and select Activate SNMP.

  D. From cpconfig, select Activate SNMP extensions..

  Correct Answer: D

• Question 43:

  What will happen when Reset is pressed and confirmed in the Trust Communication window launched from the Gateway object?

  A. The Gateway certificate will be revoked on the Gateway only.

  B. The Gateway certificate will be revoked on the Security Management Server and SIC will be reset on the Gateway.

  C. SIC will be reset on the Gateway only.

  D. The Gateway certificate will be revoked on the Security Management Server only.

  Correct Answer: D

• Question 44:

  In the Security Policy shown here, which rule inhibits Rule 4?

  

  A. Rule 3

  B. Rule 1

  C. Rule 2

  D. No rule inhibits Rule 4.

  Correct Answer: D

• Question 45:

  Which command allows Security Policy name and install date verification on a Security Gateway?

  A. fw ver -p

  B. fw stat -l

  C. fw show policy

  D. fw ctl pstat -policy

  Correct Answer: B

• Question 46:

  Identity Awareness is implemented to manage access to protected resources based on a user's _____________.

  A. Time of connection

  B. Application requirement

  C. Identity

  D. Computer MAC address

  Correct Answer: C

• Question 47:

  John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a

  set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the

  gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

  He has received a new laptop and wants to access the HR Web Server from anywhere in the organization.

  The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk.

  The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop

  with a static IP (10.0.0.19).

  He wants to move around the organization and continue to have access to the HR Web Server.

  To make this scenario work, the IT administrator:

  1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs

  the policy.

  2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server

  from any machine and from any location and installs policy.

  John plugged in his laptop to the network on a different network segment and was not able to connect to

  the HR Web server. What is the next troubleshooting step?

  A. John should install the Identity Awareness Agent

  B. Investigate this as a network connectivity issue

  C. After enabling Identity Awareness, reboot the gateway

  D. He should lock and unlock the computer

  Correct Answer: D

• Question 48:

  How can you reset the Security Administrator password that was created during initial Security Management Server installation on SecurePlatform?

  A. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Password portion of the file. Then log in to the account without a password. You will be prompted to assign a new password.

  B. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.

  C. Type cpm -a, and provide the existing administrator's account name. Reset the Security Administrator's password.

  D. As expert user Type fwm -a, and provide the existing administrator's account name. Reset the Security Administrator's password.

  Correct Answer: D

• Question 49:

  The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign- On (SSO). What is not a recommended usage of this method?

  A. Leveraging identity for Data Center protection

  B. Protecting highly sensitive servers

  C. When accuracy in detecting identity is crucial

  D. Identity based enforcement for non-AD users (non-Windows and guest users)

  Correct Answer: D

• Question 50:

  Certificates for Security Gateways are created during a simple initialization from ___________.

  A. The ICA management tool

  B. SmartUpdate

  C. Sysconfig

  D. SmartDashboard

  Correct Answer: A