[Free] Download New Updated (April 2016) Checkpoint 156-215.77 Actual Tests 111-120

Ensurepass

QUESTION 111

To reduce the information given to you in SmartView Tracker, what can you do to find information about data being sent between pcosaka and pctokyo?

 

A.

Apply a source filter by adding both endpoint IP addresses with the equal option set.

B.

Use a regular expression to filter out relevant logging entries.

C.

Double-click an entry representing a connection between both endpoints.

D.

Press CTRL+F in order to open the find dialog, and then search the corresponding IP addresses.

 

Correct Answer: A

 

 

QUESTION 112

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

 

A.

A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s external interface.

B.

No extra configuration is needed.

C.

The NAT IP address must be added to the external Gateway interface anti-spoofing group.

D.

A static route, to ensure packets destined for the public NAT IP address will reach the Gateway’s internal interface.

 

Correct Answer: D

 

 

QUESTION 113

In a distributed management environment, the administrator has removed the defa
ult check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port __________.

 

A.

259

B.

256

C.

80

D.

900

 

Correct Answer: B

 

 

QUESTION 114

How do you view a Security Administrator’s activities with SmartConsole?

 

A.

SmartView Tracker in the Network and Endpoint tabs

B.

Eventia Suite

C.

SmartView Tracker in the Management tab

D.

SmartView Monitor using the Administrator Activity filter

 

Correct Answer: C

 

 

 

QUESTION 115

In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?

 

A.

When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway’s internal interface IP address.

B.

When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.

C.

If you chose Automatic NAT instead, all necessary entries are done for you.

D.

When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.

 

Correct Answer: A

 

 

QUESTION 116

Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:

 

clip_image002

 

Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.

 

The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.

 

Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

 

A.

Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

B.

Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

C.

Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

D.

Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source – group object; Destination – any; Service – any; Translated source – 200.200.200.5; Destination – original; Service – original.

 

Correct Answer: C

 

 

QUESTION 117

Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?

 

A.

Do nothing, as long as 10.1.1.0 network has the correct default Gateway.

B.

Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.

C.

Use automatic Static NAT for network 10.1.1.0/24.

D.

Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

 

Correct Answer: D

 

 

QUESTION 118

Which of the following is a viable consideration when determining Rule Base order?

 

A.

Grouping authentication rules with address-translation rules

B.

Grouping rules by date of creation

C.

Grouping reject and drop rules after the Cleanup Rule

D.

Grouping functionally related rules together

 

Correct Answer: D

 

 

QUESTION 119

What information is found in the SmartView Tracker Management log?

 

A.

Destination IP address

B.

SIC revoke certificate event

C.

Number of concurrent IKE negotiations

D.

Most accessed Rule Base rule

 

Correct Answer: B

 

 

QUESTION 120

In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.

 

A.

257

B.

256

C.

259

D.

900

 

Correct Answer: A

 

Free VCE & PDF File for Checkpoint 156-215.77 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …