CheckPoint 156-215-75 問題集

質問 1：
Captive Portal is a _____________ that allows the gateway to request login information from the user.
A. Transparent network inspection tool
B. Separately licensed feature
C. LDAP server add-on
D. Pre-configured and customizable web-based tool
正解：D

質問 2：
Certificates for Security Gateways are created during a simple initialization from ___________.
A. SmartUpdate
B. Sysconfig
C. The ICA management tool
D. SmartDashboard
正解：C

質問 3：
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R75 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
A. i=inbound kernel, before the virtual machine
B. O=outbound kernel, after the virtual machine
C. o=outbound kernel, before the virtual machine
D. I=inbound kernel, after the virtual machine
正解：D

質問 4：
Which of the following is TRUE concerning control connections between the Security Management Server and the Gateway in a VPN Community? Control Connections are:
A. encrypted using SIC and re-encrypted again by the Community regardless of VPN domain configuration.
B. encrypted using SIC.
C. not encrypted, only authenticated.
D. encrypted by the Community.
正解：B

質問 5：
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?
A. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
B. In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewall to be put into the list via Specific Targets.
C. A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install.
D. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.
正解：B

質問 6：
How does the Get Address button, found on the Host Node Object > General Properties page retrieve the address?
A. Route Table
B. SNMP Get
C. Name resolution (hosts file, DNS, cache)
D. Address resolution (ARP. RARP)
正解：C

質問 7：
Your Rule Base includes a Client Authentication rule, using partial authentication and standard sign-on for HTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted for authentication, and they see error page cannot be displayed in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What did you do to cause Client Authentication to fail?
A. added the Stealth Rule before the Client Authentication rule
B. disabled R75 Control Connections in Global Properties
C. enabled Static NAT on the problematic machines
D. added a rule below the Client Authentication rule, blocking HTTP from the internal network
正解：A

質問 8：
Central license management allows a Security Administrator to perform which of the following functions?
1) Check for expired licenses. 2) Sort licenses and view license properties 3) Attach both R75 Central and Local licenses to a remote module 4) Delete both R75 Local licenses and Central licenses from a remote module 5) Add or remove a license to or from the license repository 6) Attach and/or delete only R75 Central licenses to a remote module (not local licenses)
A. 2, 5, & 6
B. 1, 2, 5, & 6
C. 2, 3, 4, & 5
D. 1, 2, 3, 4, & 5
正解：D