156-215.75 Online Practice Questions and Answers

Which SmartConsole component can Administrators use to track remote administrative activities?

A. WebUI

B. Eventia Reporter

C. SmartView Monitor

D. SmartView Tracker

Where can you find the Check Point's SNMP MIB file?

A. $FWDIR/conf/snmp.mib

B. It is obtained only by request from the TAC.

C. $CPDIR/lib/snmp/chkpt.mib

D. There is no specific MIB file for Check Point products.

You are working with multiple Security Gateways that enforce a common set of rules. To minimize the number of policy packages, which one of the following would you choose to do?

A. Install a separate local Security Management Server and SmartConsole for each remote Security Gateway.

B. Create a separate Security Policy package for each remote Security Gateway and specify Install On / Gateways.

C. Create a single Security Policy package with Install On / Target defined whenever a unique rule is required for a specific Gateway.

D. Run separate SmartDashbord instance to login and configure each Security Gateway directly.

You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting

POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base.

Which of the following is the most likely cause?

A. The POP3 rule is disabled.

B. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75.

C. POP3 is accepted in Global Properties.

D. The POP3 rule is hidden.

Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:

A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the center of the Community and its branches as satellites. The mesh Community includes only New York and London Gateways.

B. One star Community with the option to "mesh" the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite window.

C. Two mesh and one star Community One mesh Community is set up for each of the headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite.

D. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one f;or London and New York headquarters.

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

A. Manually import your partner's Certificate Revocation List.

B. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA).

C. Create a new logical-server object to represent your partner's CA

D. Manually import your partner's Control List.

Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

A. fw ipsec tu

B. vpn ipsec

C. vpn debug ipsec

D. vpn tu

When using an encryption algorithm, which is generally considered the best encryption method?

A. DES

B. AES

C. Triple DES

D. CAST cipher

Which Security Servers can perform authentication tasks, but CANNOT perform content security tasks?

A. HTTPS

B. Telnet

C. FTP

D. HTTP

The London Security Gateway Administrator has just installed the Security Gateway and Management Server. He has not changed any default settings. As he tries to configure the Gateway, he is unable to connect. Which troubleshooting suggestion will NOT help him?

A. Check if some intermediate network device has a wrong routing table entry, VLAN assignment, duplex-mismatch, or trunk issue.

B. Verify that the Rule Base explicitly allows management connections.

C. Test the IP address assignment and routing settings of the Security Management Server, Gateway, and console client.

D. Verify the SIC initialization.