Welcome to download the newest Pass4itsure 1z0-052 dumps:
Flydumps provides you with the most reliable practice exams to master CheckPoint 156-215 Certification. Our Microsoft questions and answers are certified by the senior lecturer and experienced technical experts in the Microsoft field. These CheckPoint 156-215 test questions provide you with the experience of taking the actual test.
QUESTION 141
Certkiller is the Security Administrator for a chain of grocery stores. Each grocery store is protected by a Security Gateway. Certkiller is generating a report for the information-technology audit department. The report must include the name of the Security Policy installed on each remote Security Gateway, the date and time the Security Policy was installed, and general performance statistics (CPU Use, average CPU time, active real memory, etc.). Which SmartConsole application should Certkiller use to gather this information?
A. SmartUpdate
B. SmartView Status
C. SmartView Tracker
D. SmartLSM
E. SmartView Monitor
Correct Answer: E
QUESTION 142
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security-Gateway from SmartDashboard
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the actrvation key Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC)
C. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of SmartCenter Server>-.
D. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of security Gateway>-.
E. Re-install the Security Gateway
Correct Answer: B
QUESTION 143
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
QUESTION 144
Certkiller is the Security Administrator for Certkiller .com’s large geographically distributed network. The internet connection at one of her remote sites failed during the weekend, and the Security Gateway logged locally for over 48 hours. Certkiller is concerned that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application should Certkiller use, to view the percent of free hard-disk space on the remote Security Gateway?
A. SmartView Status
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartLSM
Correct Answer: D
QUESTION 145
Certkiller is recently hired as the Security Administrator for a public relations company. Certkiller’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Certkiller must propose a plan based on the following required and desired results Required Result #1: Do not purchase new hardware Required Result #2: Use configuration changes that do not reduce security Desired Result #1: Reduce the number of explicit rules in the Rule Base Desired Result #2: Reduce the volume of logs Desired Result #3: Improve the Gateway’s performance Proposed Solution: Certkiller recommends the following changes to the Gateway’s configuration:
1.
Replace all domain objects with network and group objects.
2.
Stop logging Domain Name over UDP (queries)
3.
Use Global Properties, instead of explicit rules, to control ICMP. VRRP, and RIP. Does Certkiller’s proposed solution meet the required and desired result s?
A. The solution meets the required results, and two of the desired results
B. The solution does not meet the required results
C. The solution meets all required results, and none of the desired results
D. The solution meets all required and desired results
E. The solution meets the required results, and one of the desired results
Correct Answer: A
QUESTION 146
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter
Correct Answer: B
QUESTION 147
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object Reinstall the Security Policy
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig
D. Change the cluster mode to Unicast on the cluster-member object
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address
Correct Answer: A
QUESTION 148
Which command line interface utility allows the administrator to verify the name and timestamp of the Security Policy currently installed on a firewall module?
A. fw stat
B. fw ver
C. fw cog
D. fw print
E. fw ctl
F. fw printlic
G. fw ctl pstat
Correct Answer: A
QUESTION 149
When logging into SmartDashboard for the second time, what information is no longer requested?
A. User Name
B. Password
C. Finger verification
D. SmartCenter Server IP
Correct Answer: C
QUESTION 150
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
A. Publish a proxy ARP entry on the internal web server instead of the firewall for the valid IP address.
B. Place a static route on the router from the valid IP address to the firewall’s external address.
C. Place a static route on the router from the valid IP address to the internal web server.
D. Publish a proxy ARP entry on the router from the valid IP address to the firewall’s external address.
Correct Answer: B QUESTION 151
When launching SmartDashboard, what information is required to log into VPN-1 NGX?
A. Password, SmartCenter Server IP
B. User Name, SmartCenter Server IP, certificate fingerprint file
C. Password, SmartCenter Server IP, LDAP Server
D. User Name, Password, SmartCenter Server IP
Correct Answer: D
QUESTION 152
Your current security scenario gives you the option to choose between a stand-alone installation or a
distributed installation.
Which of the following factors would cause you to decide in favour of the stand-alone installation?
A. You are required to use Clientless VPN.
B. You are required to use Windows as operating system.
C. You are required to install HFA’s on the Security Gateway via SmartUpdate.
D. You are required to use few hardware resources as possible.
Correct Answer: D
QUESTION 153
You are a Security Administrator configuring Static NAT on an internal host-node object. You clear the box “Translate destination on client side”, accessed from Global Properties > NAT settings > Automatic NAT. Assuming all other Global Properties NAT settings are selected, what else must be configured for automatic Static NAT to work?
A. The NAT IP address must be added to the anti-spoofing group of the internal Gateway interface
B. Two address-translation rules in the Rule Base
C. No extra configuring needed
D. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s external interface
E. A dynamic route, to ensure packets destined for the public NAT IP address will reach the Gateway’s internal interface
Correct Answer: A
QUESTION 154
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: Source: Any Destination: web_public_IP Service: Any Translated Source: original Translated Destination: web_private_IP Service: original “web_public_IP” is the node object that represents the public IP address of the new Web server. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from the Global Properties > NAT. When you try to browse the Web server from the Internet, you see the error “page cannot be displayed”. Which of the following is NOT a possible reason?
A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
B. There is no ARP table entry for the public IP address of the protected Web server.
C. There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.
D. There is an ARP entry on the Gateway but the settings “Merge Manual proxy ARP” and “Automatic APR configuration” are enabled in Global Properties. The Security Gateway ignores manual ARP entries.
Correct Answer: C
QUESTION 155
Select the correct statement about Secure Internal Communications (SIC) Certificates? SIC Certificates:
A. may be used for securing internal network communications between the Security Gateway and an OPSEC device.
B. for the SmartView Tracker are created during the SmartCenter Server installation.
C. for NGX Security Gateways are created during the SmartCenter Server installation.
D. decrease network security by securing administrative communication among the SmartCenter Servers and the Security Gateway
Correct Answer: A
QUESTION 156
What settings in the “Track” field of your rules would you use to configure what types of information are
sent to Dshield.org?
Depending on how:
A. the Logs and Masters settings for the SmartCenter Server object, rules with tracking set to Log or None.
B. SmartDefense > DShield Storm Center is configured, rules with tracking set to Alerts or User Defined Alerts.
C. Web Intelligence > Information Disclosure is configured, rules with tracking set to User Defined Alerts or SNMP trap.
D. The Global Properties is configured, in the Log and Alerts section, rules with tracking set to Account or SNMP trap.
Correct Answer: B
QUESTION 157
VPN-1 NGX uses ____________ to retrieve the Interface Name, IP Address, and Network Mask when an administrator clicks the GET button in the Interfaces tab of an Externally Managed VPN Gateway object.
A. URI
B. Ioctl
C. SNMP
D. Control Connection
Correct Answer: C
QUESTION 158
Certkiller .com has a small Check Point installation which includes one Windows 2003 server working as
SmartConsole and a second server running SPLAT working as both SmartCenter server and the Security
Gateway.
This is an example of:
A. Hybrid Installation
B. StandAlone Installation
C. Unsupported Configuration
D. Distribution Installation
Correct Answer: B
FLYDUMPS has updated the latest version of CheckPoint 156-215 exam, which is a hot exam of Microsoft certification. FLYDUMPS provides you everything that you need to pass your CheckPoint 156-215 certification exam. Passcert also provides you the CheckPoint 156-215 exam objectives with there detailed and verified answer relevant to your certification.With our CheckPoint 156-215 practice test, you can be rest assured that you will pass your CheckPoint 156-215 Exam on Your First Try.
Welcome to download the newest Examwind 1Z0-052 dumps: https://www.pass4itsure.com/1z0-052.html