Check Point Certified Security Administrator R75 (156-215.75) Free Practice Test

Question 1

If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange?

A. 3

B. 6

C. 9

D. 2

Correct Answer: B

Question 2

Which of the following uses the same key to decrypt as it does to encrypt?

A. Symmetric encryption

B. Certificate-based encryption

C. Asymmetric encryption

D. Dynamic encryption

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

When translation occurs using automatic Hide NAT, what also happens?

A. The source port is modified.

B. Nothing happens.

C. The destination is modified.

D. The destination port is modified.

Correct Answer: A

Question 4

Which do you configure to give remote access VPN users a local IP address?

A. Office mode IP pool

B. Encryption domain pool

C. NAT pool

D. Authentication pool

Correct Answer: A

Question 5

Over the weekend, an Administrator without access to SmartDashboard installed a new R75 Security Gateway using SecurePlatform. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?

A. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on both the Security Gateway and the Management Server.

B. You first need to initialize SIC in SmartUpdate.

C. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.

D. You first need to run the fw unloadlocal command on the new Security Gateway.

Correct Answer: C

Question 6

By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:

A. Prompts you to enter a filename, and then saves the log file.

B. Saves the current log file, names the log file by date and time, and starts a new log file.

C. Purges the current log file, and prompts you for the new log's mode.

D. Purges the current log file and starts the new log file.

Correct Answer: B

Question 7

How many packets are required for IKE Phase 2?

A. 3

B. 6

C. 2

D. 12

Correct Answer: A

Question 8

If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?

A. SSL: VPN

B. SmartEvent Intro

C. IPS

D. Data Loss Prevention

Correct Answer: C

Question 9

You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?

A. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.

B. Log in as the default user expert and start cpinfo.

C. No action is needed because cpshell has a timeout of one hour by default.

D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinto.

Correct Answer: A

Question 10

Which of the following options is available with the SecurePlatform cpconfig utility?

A. GUI Clients

B. DHCP Server configuration

C. Export setup

D. Time & Date

Correct Answer: A

Question 11

Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?

A. Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.

B. Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.

C. Run the revert command to restore the snapshot, establish SIC, and install the Policy.

D. Run the revert command to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.

Correct Answer: B

Question 12

Nancy has lost SIC communication with her Security Gateway and she needs to reestablish SIC. What would be the correct order of steps needed to perform this task?
1) Create a new activation key on the Security Gateway, then exit cpconfig.
2) Click the Communication tab on the Security Gateway object, and then click Reset.
3) Run the cpconfig tool, and then select Secure Internal Communication to reset.
4) Input the new activation key in the Security Gateway object, and then click initialize
5) Run the cpconfig tool, then select source Internal Communication to reset.

A. 3, 1, 4, 2

B. 2, 5, 1, 4

C. 5, 4, 1, 2

D. 2, 3, 1, 4

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 13

You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?

A. When connecting to internal network 10 10.10 x. configure Hide NAT for the DMZ servers.

B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.

C. When connecting to the internal network 10.10.10x, configure Hide Nat for the DMZ network behind the DMZ interface of the Security Gateway

D. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers

Correct Answer: B

Welcome to TestSimulate

CheckPoint Check Point Certified Security Administrator R75 (156-215.75) Free Practice Test