156-215.75 Online Practice Questions and Answers

From the output below, where is this fingerprint generated?

A. SmartUpdate

B. Security Management Server

C. SmartDashboard

D. SmartConsole

Your primary Security Management Server runs on SecurePlatform. What is the easiest way to back up your Security Gateway R75 configuration, including routing and network configuration files?

A. Using the upgrade_export command.

B. Copying the $FWDIR/conf and $FWDIR/lib directory to another location.

C. Run the pre_upgrade_verifier and save the .tgz file to the /temp directory.

D. Using the native SecurePlatform backup utility from command line or in the Web based user interface.

A ____________ rule is designed to log and drop all other communication that does not match another rule.

A. Stealth

B. Cleanup

C. Reject

D. Anti-Spoofing

When you use the Global Properties' default settings on R75, which type of traffic will be dropped if no explicit rule allows the traffic?

A. SmartUpdate connections

B. Firewall logging and ICA key-exchange information

C. Outgoing traffic originating from the Security Gateway

D. RIP traffic

What port is used for communication to the User Center with SmartUpdate?

A. CPMI 200

B. HTTPS 443

C. HTTP 80

D. TCP 8080

Your current Check Point enterprise consists of one Management Server and four Gateways in four different locations with the following versions:

All devices are running SecurePlatform. You are upgrading your enterprise to R75. Place the required tasks from the following list in the correct order for upgrading your enterprise to R75.

1) Upgrade all gateways to R75 2) Upgrade all gateways 3 and 4 to R 65 3) Upgrade all gateways 2, 3, and 4 to R 65 4) Upgrade all gateway 4 to R 65 5) Perform pre-upgrade verifier on Security management server 6) Perform pre-upgrade verifier on all Gateways 7) Perform License upgrade checker on Gateway 2 8) Perform License upgrade checker on Gateway 3 9) Perform License upgrade checker on Gateway 4 10) Perform License upgrade checker on Security Management Server 11) Perform License upgrade checker on all devices 12) Upgrade security management server to R 70

A. 11, 5, 12, 3, 1

B. 9, 4, 5, 12, 1

C. 5, 6, 12, 1

D. 11, 5, 12, 2, 1

Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:

A. Client Authentication for fully automatic sign on

B. Client Authentication rule using the manual sign-on method, using HTTP on port 900

C. Client Authentication rule, using partially automatic sign on

D. Session Authentication rule

If you need strong protection for the encryption of user data, what option would be the BEST choice?

A. When you need strong encryption, IPsec is not the best choice. SSL VPNs are a better choice.

B. Disable Diffie Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.

C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.

D. Use Diffie Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.

A security audit has determined that your unpatched Web application server is accessing a SQL server. Which IPS setting will allow the Security Gateway to prevent this error page from displaying information about the SQL server in your DMZ?

A. In Web Intelligence / General / HTTP Protocol Inspection, enables ASCII only response headers.

B. In web intelligence / HTTP Protocol Inspection, select the box Enforce Strict HTTP response parsing.

C. In application intelligence / FingerPrint Scrambling / WEB Apps, Select the Scramble error message checkbox.

D. In Web Intelligence / Information Disclosure / Error Concealment

You install and deploy SecurePlatform with default settings. You allow visitor Mode in the Gateway object's Remote Access properties and install policy, but SecureClient refuses to connect. What is the cause of this?

A. Set the Visitor Mode Policy > Global Properties > Remote-Access > VPN Advanced

B. Offline mode is not configured C. You need to start SSL Network Extended first, then use Visitor Mode

D. The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port.