Flydumps just published the newest CheckPoint 156-215 dumps with all the new updated exam questions and answers. Flydumps provides the latest version of CheckPoint 156-215 and VCE files with up-to-date questions and answers to ensure your exam is 100% pass, on our website you will get the free newest CheckPoint 156-215 version VCE Player along with your VCE dumps.
QUESTION 51
Amanda is compiling traffic statistics for her company’s Internet activity during production hours. How could she use SmartView Monitor to find this information? By:
A. using the “Traffic Counters” settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day
B. monitoring each specific user’s Web traffic use
C. viewing total packets passed through the Security Gateway
D. selecting the “Tunnels” view, and generating a report on the statistics
E. configuring a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the
Gateway Correct Answer: A QUESTION 52
Anna has created an HTTP rule via User Authentication. When users access their Web servers, they are not prompted for authentication. Why?
A. Users are transparently authenticated via User Authority.
B. Another rule that accepts HTTP without authentication exists in the Rule Base.
C. Anna has forgotten to place the User Authentication Rule before the Stealth Rule.
D. Anna checked the “cache password on desktop” option in Global Properties.
E. Users must use SecuRemote Client, to use the User Authentication Rule.
Correct Answer: B QUESTION 53
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: Source: Any Destination: web_public_IP Service: Any Translated Source: original Translated Destination: web_private_IP Service: original
“web_public_IP” is the node object that represents the public IP address of the new Web server. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from the Global Properties > NAT.
When you try to browse the Web server from the Internet, you see the error “page cannot be displayed”. Which of the following are NOT possible reasons? Choose two.
A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
B. There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.
C. There is no ARP table entry for the public IP address of the protected Web server.
D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.
E. There is an ARP entry on the Gateway but the settings “Merge Manual proxy ARP” and “Automatic ARP configuration” are enabled in Global Properties. The Security Gateway ignores manual ARP entries.
Correct Answer: DE
QUESTION 54
Review the following rules. Assume domain UDP is enabled in the implied rules:What happens when a user from the internal network tries to browse to the Internet using HTTP? The:
A. user can connect to the Internet successfully after being authenticated successfully.
B. user’s connection is dropped by the last implied rule.
C. user can go to the Internet, without being prompted for authentication.
D. user is prompted three times before connecting to the Internet successfully.
Correct Answer: C QUESTION 55
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
A. Restore the entire database, except the user database, and then create the new user and user group.
B. Restore the entire database, including the user database.
C. Run fwm_dbimport to import the users.
D. Run fwm_dbexport to export the user database. Select “restore the entire database except the user database” in the Database Revision screen.
E. Restore the entire database, except the user database.
Correct Answer: E QUESTION 56
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results:
Required Result #1:Do not purchase new hardware.
Required Result #2:Use configuration changes that do not reduce security.
Desired Result #1:Reduce the number of explicit rules in the Rule Base.
Desired Result #2:Reduce the volume of logs.
Desired Result #3:Improve the Gateway’s performance.
Proposed Solution:
Mary recommends the following changes to the Gateway’s configuration:
Replace all domain objects with network and group objects.
Stop logging Domain Name over UDP (queries).
Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP.
Does Mary’s proposed solution meet the required and desired results?
A. The solution meets the required results, and two of the desired results.
B. The solution does not meet the required results.
C. The solution meets all required results, and none of the desired results.
D. The solution meets all required and desired results.
E. The solution meets the required results, and one of the desired results.
Correct Answer: D QUESTION 57
Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:Required:
Allow only network 192.168.10.0 and 192.168.20.0 to go out to Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assume you enable all the settings in the NAT page of Global Properties.
How do you achieve this requirement?
A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the Address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source – group object; Destination ? any; Service ?any; Translated source – 200.200.200.5; Destination ?original; Service ?original.
Correct Answer: C
QUESTION 58
Your standby SmartCenter Server’s status is collision. What does that mean, and how do you synchronize the Server and its peer?
A. The standby and active Servers have two Internal Certificate Authority (ICA) Certificates. Uninstall and reinstall the standby Server.
B. The active Server detected a keep-alive packet from the standby Server.
C. The peer Server has not been properly synchronized. Manually synchronize both Servers again.
D. The peer Server is more up-to-date. Manually synchronize both Servers again.
E. The active SmartCenter Server and its peer have different Security Policies and databases. Manually synchronize the Servers, and decide which Server’s configuration to overwrite.
Correct Answer: E QUESTION 59
You have installed a new NGX Security Gateway. You want to test the communication between the Security Gateway and the SmartCenter Server by installing the Security Policy on the Security Gateway. Why can the Policy NOT be installed on the Security Gateway?
A. You have not established Secure Internal Communications (SIC) between the Security Gateway and SmartCenter Server. You must initialize SIC on the SmartCenter Server.
B. You have not established Secure Internal Communications (SIC) between the Security Gateway and SmartCenter Server. You must initialize SIC on both the Security Gateway and the SmartCenter Server.
C. There is no Secure Internal Communications (SIC) established between the Security Gateway and SmartCenter Server. You must initialize SIC on the Security Gateway.
D. You first need to run the fw unloadlocal command on the Security Gateway.
E. You first need to run the fw unloadlocal command on the SmartCenter Server.
Correct Answer: B
QUESTION 60
Ben is the Security Administrator for a university. Ben configured and installed a new Security Policy this morning. An hour after installing the new Security Policy, Ben began receiving complaints that Internet access was very slow. Ben called his Internet Service Provider, who asked Ben how much virtual memory his Security Gateway had. Which SmartConsole application should Ben use to answer this question?
A. SmartView Tracker
B. SmartLSM
C. SmartUpdate
D. SmartView Monitor
E. SmartView Status
Correct Answer: D
QUESTION 61
Which of the followingypes of Attacksoes Anti-spoofing prevent?
A. Viruses
B. LAND
C. SMURF
D. Spyware
E. Ping of death
Correct Answer: B
QUESTION 62
What is the reason for the Critical Problem notification in this SmartView Monitor example?
A. Active real memory shortage on the Gateway
B. No Security Policy installed on the Security Gateway
C. Version mismatch between the SmartCenter Server and Security Gateway
D. Time not synchronized between the SmartCenter Server and Security Gateway
E. No Secure Internal Communications established between the SmartCenter Server and Security Gateway
Correct Answer: B
QUESTION 63
Which NGX component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time?
A. Reporting Module
B. Eventia Reporter
C. SmartUpdate
D. SmartView Status
E. SmartView Monitor
Correct Answer: A QUESTION 64
One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive error message “unknown”. What is the problem?
A. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.
B. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX.
C. The Internal Certificate Authority for the SmartCenter object has been removed from objects_5_0.C.
D. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection.
Correct Answer: E
QUESTION 65
Jordan’s company is streaming training videos provided by a third party on the Internet. Jordan configures NGX, so that each department ONLY views Webcasts specific to its department. Jordan created and configured the multicast groups for all interfaces, and configures them to “Drop all multicast packets except those whose destination is in the list”. However, no multicast transmissions are coming from the Internet. What is a possible cause for the connection problem?
A. The Multicast Rule is below the Stealth Rule. NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
B. Jordan did not create the necessary “to and through” rules, defining how NGX will handle the multicast traffic.
C. Multicast groups are configured improperly on the external interface properties of the Security Gateway object.
D. Anti-spoofing is enabled. NGX cannot pass multicast traffic, if anti-spoofing is enabled.
E. NGX does not support multicast routing protocols and streaming media through the Security Gateway.
Correct Answer: B
QUESTION 66
What is a disadvantage of a stand-alone installation versus a distributed installation?
A. You are forced to use Windows as operating system.
B. Clientless VPN would not work in a stand-alone installation.
C. The SmartCenter Server must be a secondary server. You are forced to install a separate primary server.
D. You must use a central license.
E. You cannot install software packages on a Security Gateway via SmartUpdate.
Correct Answer: E
QUESTION 67
Carol is the Security Administrator for a chain of grocery stores. Each grocery store is protected by a Security Gateway. Carol is generating a report for the information-technology audit department. The report must include the name of the Security Policy installed on each remote Security Gateway, the date and time the Security Policy was installed, and general performance statistics (CPU Use, average CPU time, active real memory, etc.). Which SmartConsole application should Carol use to gather this information?
A. SmartUpdate
B. SmartView Status
C. SmartView Tracker
D. SmartLSM
E. SmartView Monitor
Correct Answer: E
QUESTION 68
John is the Security Administrator for a public hospital. New health-care legislation requires logging for all traffic accepted through the perimeter Security Gateway. What must John do, to ensure implied rules meet the new requirement?
A. Use the “Implicit Rules” predefined query in SmartView Tracker.
B. Install the “View Implicit Rules” package using SmartUpdate.
C. Check the “Log Implied Rules Globally” box on the NGX Gateway object.
D. Set the position of all implicit rules to “Before Last”.
E. Check the “Log Implied Rules” box in Global Properties.
Correct Answer: E
QUESTION 69
What do you use to view an NGX Security Gateway’s status, including CPU use, amount of virtual memory, percent of free hard-disk space, and version?
A. SmartLSM
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartView Status
Correct Answer: D
QUESTION 70
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
The Cisco contains more than 400 practice questions for the CheckPoint 156-215 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the CheckPoint 156-215 exams network simulation software.
