[Free] Download New Updated (April 2016) Checkpoint 156-215.77 Actual Tests 121-130

Ensurepass

QUESTION 121

You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?

 

A.

The POP3 rule is disabled.

B.

The POP3 rule is hidden.

C.

POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75.

D.

POP3 is accepted in Global Properties.

 

Correct Answer: B

 

 

QUESTION 122

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?

 

A.

SmartView Server

B.

SmartView Tracker

C.

None, SmartConsole applications only communicate with the Security Management Server.

D.

SmartUpdate

 

Correct Answer: B

 

 

QUESTION 123

You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?

 

A.

SmartView Tracker in Network and Endpoint Mode

B.

SmartView Tracker in Management Mode

C.

SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on the Security Management Server’s Operating System.

D.

SmartView Tracker in Active Mode

 

Correct Answer: B

 

 

QUESTION 124

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

 

A.

Configure Automatic Static NAT on network 10.10.20.0/24.

B.

Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule.

C.

Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24.

D.

Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service.

Correct Answer: C

 

 

QUESTION 125

You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:

 

1. Created manual Static NAT rules for the Web server.

2. Cleared the following settings in the Global Properties > Network Address Translation screen:

 

clip_image002Allow bi-directional NAT

clip_image002[1]Translate destination on client side

 

Do the above settings limit the partner’s access?

 

A.

No. The first setting is not applicable. The second setting will reduce performance.

B.

Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

C.

Yes. Both of these settings are only applicable to automatic NAT rules.

D.

No. The first setting is only applicabl
e to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.

 

Correct Answer: D

 

 

QUESTION 126

You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?

 

A.

After Stealth Rule

B.

First

C.

Before Last

D.

Last

 

Correct Answer: D

 

 

QUESTION 127

Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti- spoofing settings. What is causing this?

 

A.

Allow bi-directional NAT is not checked in Global Properties.

B.

Translate destination on client side is not checked in Global Properties under Manual NAT Rules.

C.

Manual NAT rules are not configured correctly.

D.

Routing is not configured correctly.

 

Correct Answer: B

 

 

 

QUESTION 128

You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface. What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?

 

clip_image004

 

A.

When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.

B.

When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.

C.

When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.

D.

When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ’s interface.

 

Correct Answer: C

 

 

QUESTION 129

Which of these Security Policy changes optimize Security Gateway performance?

 

A.

Use Automatic NAT rules instead of Manual NAT rules whenever possible.

B.

Using domain objects in rules when possible.

C.

Using groups within groups in the manual NAT Rule Base.

D.

Putting the least-used rule at the top of the Rule Base.

 

Correct Answer: A

 

 

QUESTION 130

What happens when you select File > Export from the SmartView Tracker menu?

 

A.

Exported log entries are not viewable in SmartView Tracker.

B.

Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

C.

Exported log entries are deleted from fw.log.

D.

Current logs are exported to a new *.log file.

 

Correct Answer: B

 

Free VCE & PDF File for Checkpoint 156-215.77 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …