Check Point Certified Security Administrator R71 (156-215.71) Free Practice Test

Question 1

You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.

A. It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.

B. In SmartReporter, in the section Firewall Blade - Activity / Network Activity with information concerning Top Matched Logged Rules.

C. In the SmartView Tracker, if you activate the column Matching Rate.

D. SmartReporter provides this information in the section Firewall Blade - Security / Rule Base Analysis with information concerning Top Matched Logged Rules.

Correct Answer: D

Question 2

You are installing a Security Management Server. Your security plan calls for three administrators for this particular server. How many can you create during installation?

A. One

B. As many as you want

C. Depends on the license installed on the Security Management Server

D. Only one with full access and one with read-only access

Correct Answer: A

Question 3

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties / NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

A. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.

B. The NAT IP address must be added to the anti-spoofing group of the external gateway interface

C. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

D. No extra configuration is needed

Correct Answer: C

Question 4

How many packets are required for IKE Phase 2?

A. 3

B. 6

C. 2

D. 12

Correct Answer: A

Question 5

Which command allows you to view the contents of an R71 table?

A. fw tab -t <tablename>

B. fw tab -s <tablename>

C. fw tab -a <tablename>

D. fw tab -x <tablename>

Correct Answer: A

Question 6

If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?

A. SSL: VPN

B. SmartEvent Intro

C. IPS

D. Data Loss Prevention

Correct Answer: C

Question 7

What happens to evaluation licenses during the license-upgrade process?

A. They are dropped.

B. They are upgraded with new available features.

C. They remain untouched, but may not activate all features of a new version.

D. They automatically expire.

Correct Answer: C

Question 8

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute and Install Selected Package and choosing the target Gateway, the:

A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.

B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

C. SmartUpdate wizard walks the Administrator through a distributed installation.

D. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.

Correct Answer: A

Question 9

By default, when you click File / Switch Active File in SmartView Tracker, the Security Management Server:

A. Prompts you to enter a filename, and then saves the log file.

B. Saves the current log file, names the log file by date and time, and starts a new log file.

C. Purges the current log file, and prompts you for the new log's mode.

D. Purges the current log file and starts the new log file.

Correct Answer: B

Question 10

Which of the following tools is used to generate a Security Gateway R71 configuration report?

A. ethereal

B. infoview

C. cpinfo

D. licview

Correct Answer: C

Question 11

Which R71 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?

A. None, SmartConsole applications only communicate with the Security Management Server.

B. SmartUpdate

C. SmartView Monitor

D. SmartView Status

Correct Answer: C

Question 12

Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway's side with the cpconfig command and put in the same activation key in the Gateway's object on the Security Management Server Unfortunately SIC cannot be established. What is a possible reason for the problem?

A. Joe forgot to exit from cpconfig.

B. Joe forgot to reboot the Gateway.

C. The installed policy blocks the communication.

D. The old Gateway object should have been deleted and recreated.

Correct Answer: A

Question 13

When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R71 topology configuration?

A. External

B. Any

C. Not Defined

D. Specific

Correct Answer: B

Question 14

Which Security Servers can perform authentication tasks, but CANNOT perform content security tasks?

A. HTTPS

B. FTP

C. HTTP

D. Telnet

Correct Answer: D

Welcome to TestSimulate

CheckPoint Check Point Certified Security Administrator R71 (156-215.71) Free Practice Test