156-215 - Check Point Certified Security Administrator NGX

Go back to CheckPoint

Example Questions

Which NAT option applicable for Automatic NAT applies to Manual NAT as well? You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second SecurePlatform computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it? Spoofing is a method of: Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates: you have created a rule base for firewall, webSydney. Now you are going to create a new policy with security and address translation rules or second gateway.what is true about the new package's NAT rule? When translation occurs using automatic Hide NAT, what also happens? All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication? Which of the following actions do NOT take place in IKE Phase 1? How can you activate the SNMP daemon on a Check Point Security Management Server? Which of the following statements BEST describes Check Point's Hide Network Address Translation method? What happens when you select File > Export from the SmartView Tracker menu? How can you most quickly reset secure internal communication (SIC) between a security management server and security Gateway? You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline? Why are certificates preferred over pre-shared keys in an IPsec VPN? Which of the following describes the default behavior of an R76 Security Gateway? The customer has a small Check Point installation, which includes one SecurePlatform server working as the SmartConsole, and a second server running Windows 2008 as both Security Management Server and Security Gateway. This is an example of a(n): If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange? You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout? Which of the below is the MOST correct process to reset SIC from SmartDashboard? Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway's Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose? Which of the following describes the default behavior of an R77 Security Gateway? Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured? How granular may an administrator filter an Access Role with identity awareness? Per: Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection? You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout? Which utility is necessary for reestablishing SIC? You have detected a possible intruder listed in SmartView Tracker's active pane. What is the fastest method to block this intruder from accessing your network indefinitely? Where is the easiest and BEST place to find information about connections between two machines? Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet? Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service? Access Role objects define users, machines, and network locations as: Which of these attributes would be critical for a site-to-site VPN? Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network? Which authentication type requires specifying a contact agent in the Rule Base? Central license management allows a Security Administrator to perform which of the following functions? 1. Check for expired licenses. 2. Sort licenses and view license properties. 3. Attach both R76 Central and Local licesnes to a remote module. 4. Delete both R76 Local Licenses and Central licenses from a remote module. 5. Add or remove a license to or from the license repository. 6. Attach and/or delete only R76 Central licenses to a remote module (not Local licenses). Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? How can you reset the Security Administrator password that was created during initial Security Management Server installation on GAiA? Captive Portal may be used with HTTPS: Which of the following items should be configured for the Security Management Server to authenticate using LDAP? Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the . What CANNOT be configured for existing connections during a policy install? Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly? You are running a R77 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production? In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB? What is the bit size of a DES key? A Security Policy has several database versions. What configuration remains the same no matter which version is used? Security Gateway R76 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services. You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes? John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard - "Trust established" SIC still does not seem to work because the policy won't install and interface fetching does not work. What might be a reason for this? In previous versions, the full TCP three-way handshake was sent to the firewall kernel for inspection. How is this improved in the current version of IPSO Flows/SecureXL?