CheckPoint 156-215.77 Online Practice Questions and Exam Preparation

CheckPoint 156-215.77 Online Questions & Answers

• Question 161:

  Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

  A. The two algorithms do not have the same key length and so don't work together. You will get the error .... No proposal chosen....
  B. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
  C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
  D. All is fine and can be used as is.
  C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

• Question 162:

  How can you check whether IP forwarding is enabled on an IP Security Appliance?

  A. clish -c show routing active enable
  B. cat /proc/sys/net/ipv4/ip_forward
  C. echo 1 > /proc/sys/net/ipv4/ip_forward
  D. ipsofwd list
  D. ipsofwd list

• Question 163:

  Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti- spoofing settings. What is causing this?

  A. Manual NAT rules are not configured correctly.
  B. Allow bi-directional NAT is not checked in Global Properties.
  C. Routing is not configured correctly.
  D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.
  D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.

• Question 164:

  Exhibit: Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What would be the correct order of steps needed to perform this task?

  

  A. 5, 1, 2, 4
  B. 5, 1, 4, 2
  C. 3, 1, 4, 2
  D. 2, 3, 1, 4
  A. 5, 1, 2, 4

• Question 165:

  When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?

  

  As expert user, issue these commands:

  

  A. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field
  B. As expert user, issue the command:
  C. # IP link set eth0 addr 00:0C:29:12:34:56
  D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
  C. # IP link set eth0 addr 00:0C:29:12:34:56

• Question 166:

  Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?

  A. Management tab
  B. Custom filter
  C. Network and Endpoint tab
  D. Active tab
  A. Management tab

• Question 167:

  You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?

  A. Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.
  B. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.
  C. Restore the entire database, except the user database, and then create the new user and user group.
  D. Restore the entire database, except the user database.
  D. Restore the entire database, except the user database.

• Question 168:

  Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker's IP at a peak time of day?

  A. Intrusion Detection System (IDS) Policy install
  B. Change the Rule Base and install the Policy to all Security Gateways
  C. SAM - Block Intruder feature of SmartView Tracker
  D. SAM - Suspicious Activity Rules feature of SmartView Monitor
  D. SAM - Suspicious Activity Rules feature of SmartView Monitor

• Question 169:

  You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community? Exhibit:

  

  A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key Security Gateway R77 supports.
  B. Changing the setting Perform key exchange encryption with from AES-256 to 3DES will enhance the VPN Community's security , and reduce encryption overhead.
  C. Change the data-integrity setting for this VPN Community because MD5 is incompatible with AES.
  D. Changing the setting Perform IPsec data encryption with from AES-128 to 3Des will increase the encryption overhead.
  D. Changing the setting Perform IPsec data encryption with from AES-128 to 3Des will increase the encryption overhead.

• Question 170:

  You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?

  

  A. XlateDst
  B. XlateSPort
  C. XlateDPort
  D. XlateSrc
  B. XlateSPort