CheckPoint Checkpoint Certifications 156-215.81.20 Questions & Answers

• Question 371:

  Which of the following is NOT a valid option when configuring access for Captive Portal?

  A. From the Internet

  B. Through internal interfaces

  C. Through all interfaces

  D. According to the Firewall Policy

  Correct Answer: A

• Question 372:

  As you review this Security Policy, what changes could you make to accommodate Rule 4?

  

  A. Remove the service HTTP from the column Service in Rule 4.

  B. Modify the column VPN in Rule 2 to limit access to specific traffic.

  C. Nothing at all

  D. Modify the columns Source or Destination in Rule 4

  Correct Answer: B

• Question 373:

  What happens when you run the command: fw sam -J src [Source IP Address]?

  A. Connections from the specified source are blocked without the need to change the Security Policy.

  B. Connections to the specified target are blocked without the need to change the Security Policy.

  C. Connections to and from the specified target are blocked without the need to change the Security Policy.

  D. Connections to and from the specified target are blocked with the need to change the Security Policy.

  Correct Answer: A

• Question 374:

  VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?

  A. 3DES and MD5

  B. Certificates and IPsec

  C. Certificates and pre-shared secret

  D. IPsec and VPN Domains

  Correct Answer: C

• Question 375:

  According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):

  A. Gateway

  B. Interoperable Device

  C. Externally managed gateway

  D. Network Node

  Correct Answer: C

• Question 376:

  You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

  A. A group with generic user

  B. All users

  C. LDAP Account Unit Group

  D. Internal user Group

  Correct Answer: A

• Question 377:

  Where does the security administrator activate Identity Awareness within SmartDashboard?

  A. Gateway Object > General Properties

  B. Security Management Server > Identity Awareness

  C. Policy > Global Properties > Identity Awareness

  D. LDAP Server Object > General Properties

  Correct Answer: A

• Question 378:

  While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to

  set up the block?

  1) Select Active Mode tab in SmartView Tracker.

  2) Select Tools > Block Intruder.

  3) Select Log Viewing tab in SmartView Tracker.

  4) Set Blocking Timeout value to 60 minutes.

  5) Highlight connection that should be blocked.

  A. 1, 2, 5, 4

  B. 3, 2, 5, 4

  C. 1, 5, 2, 4

  D. 3, 5, 2, 4

  Correct Answer: C

• Question 379:

  You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?

  A. Manual copies of the directory $FWDIR/conf

  B. upgrade_export command

  C. Database Revision Control

  D. GAiA backup utilities

  Correct Answer: C

• Question 380:

  You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?

  

  A. XlateDst

  B. XlateSPort

  C. XlateDPort

  D. XlateSrc

  Correct Answer: B