CheckPoint 156-815.71 Online Practice Questions and Exam Preparation

CheckPoint 156-815.71 Online Questions & Answers

• Question 71:

  Which of the following is not an MDS level process?

  A. CPD
  B. FWD
  C. status_proxy
  D. fwm mds
  C. status_proxy

• Question 72:

  What type of user does the icon signify?

  

  A. Provider Superuser
  B. Customer Superuser
  C. Custom Administrator
  D. Customer Manager
  B. Customer Superuser

• Question 73:

  Michelle is the manager in charge of a large Multi-Domain Management with Provider-1 deployment Due to job responsibility changes, she needs someone to manage everything within the Provider-1 environment should she be unavailable while traveling She has chosen her assistant Josh for this duty.

  What administrator account type should she assign to Josh in the MDG?

  A. Customer Superuser
  B. Provider-1 Superuser
  C. Customer Manager
  D. Global Administrator
  B. Provider-1 Superuser

• Question 74:

  When configuring a Global Rule Base, you discover that it is necessary to define a NAT rule. How do you configure this requirement?

  A. Select the NAT tab in the Global SmartDashboard to define manual NAT rules
  B. Automatic NAT rules cannot be configured with the Global SmartDashboard Manual NAT rules can be configured by switching to the NAT tab
  C. In the Global SmartDashboard there is no NAT tab, so no manual rules can be defined ?but it is possible to configure automatic NAT rules in the properties of a Network or Host, respectively
  D. It is not possible to define a NAT Rule Base in the Global SmartDashboard Global objects might be defined, but NAT has to be configured at the local CMA
  D. It is not possible to define a NAT Rule Base in the Global SmartDashboard Global objects might be defined, but NAT has to be configured at the local CMA

• Question 75:

  Which of the following is the correct syntax for mirroring all CMA's from FirstMDS to SecondMDS?

  A. cma_mirror_all -s FirstMDS -t SecondMDS
  B. p1shell/mirrorcma -s FirstMDS -t SecondMDS -c 2
  C. mdscmd mirrorcma -s FirstMDS -t SecondMDS -c 2
  D. mirrorcma -s FirstMDS -t SecondMDS -c 2
  C. mdscmd mirrorcma -s FirstMDS -t SecondMDS -c 2

• Question 76:

  What information can NOT be obtained from the mdsstat output?

  A. Hostname of the MDS
  B. Up / down status
  C. IP address of the CMA
  D. PID number FWD
  A. Hostname of the MDS

• Question 77:

  Which of the following statements is TRUE about Multi-Domain Management with Provider-1?

  A. Provider-1 encrypts all traffic among modules - so no firewall is necessary to protect the Provider-1 system
  B. The MDS Manager has a built-in firewall for the Provider-1 system, protecting the MDS Containers
  C. The added security of a firewall to protect the Provider-1 system is difficult to implement, and is not recommended
  D. A separately managed Security Gateway is recommended to protect the Provider-1 environment
  D. A separately managed Security Gateway is recommended to protect the Provider-1 environment

• Question 78:

  As in the example below,

  

  MDS-ManagerAndContainer is Active whereas MDS-Manager2 is in Standby mode If a Multi-Domain Management with Provider-1 Superuser logs into MDS- ManagerAndContainer in Read/Write mode using the MDG while the first user is still logged in, and another Provider-1 Superuser tries to log in to MDS-Manager2, what will happen? The second user will:

  A. get an application error and the MDG will close
  B. get a message informing him that another user is logged in with Read/Write access Hence, he will be allowed to log in with Read-Only access
  C. also be allowed to log in through the MDG in Read/Write mode and they can both make changes to the Provider-1 configuration within the MDG
  D. get a message informing him that another user is logged in with Read/Write access, and an option to disconnect the first user will be given
  C. also be allowed to log in through the MDG in Read/Write mode and they can both make changes to the Provider-1 configuration within the MDG

• Question 79:

  Tom has been asked to add a rule that applies to only the perimeter firewalls and not the internal firewalls of all the customers managed by Multi-Domain Management with Provider-1 He sees that there is one single global policy assigned to all the customers and feels very happy that he will have to just add one rule in that global policy and reassign and install the policy to all the customers at once While doing so, he realizes that this action will also install the rule on the internal firewalls managed by the CMA's He's afraid that he will now have to put the rule in each individual policy applied to perimeter gateways.

  Is he right or is there a better way?

  A. He can create a single rule in the global policy with install on policy targets While reassigning the policy to the customers, there is a button on the right side, Select Groups; he can select that button and designate the perimeter gateways for each customer
  B. He is right, there is no other way to do it
  C. He can create a single rule in the global policy with a dynamic object with _global suffix in the Install On column Then at each CMA, he can create a group with the same name as the dynamic object and include the perimeter gateway in that group Reassigning and installing the policy to all customers will only install the rule to the perimeter gateway
  D. He can create a single rule in the global policy and use the negate option in the Install On column to exclude all the internal firewalls
  C. He can create a single rule in the global policy with a dynamic object with _global suffix in the Install On column Then at each CMA, he can create a group with the same name as the dynamic object and include the perimeter gateway in that group Reassigning and installing the policy to all customers will only install the rule to the perimeter gateway

• Question 80:

  Where would you configure a Global VPN community between gateways on different CMAs?

  A. On each individual CMA
  B. Using a third party OPSEC certified VPN application
  C. In the Global Rule Base, under VPN communities
  D. Gateways on different CMA's can't participate in a single VPN community
  C. In the Global Rule Base, under VPN communities