CheckPoint 156-215-75 問題集

質問 1：
Which rule is responsible for the installation failure?

Checkpoint 156-215.75 : Practice Test
A. Rule 3
B. Rule 5
C. Rule 6
D. Rule 4
正解：D

質問 2：
You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/sysconfig/netconf.C
B. /etc/sysconfig/network-scripts/ifcfg-ethx
C. /etc/conf/route.C
D. /etc/sysconfig/network
正解：A

質問 3：
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?

A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers
B. When connecting to internal network 10 10.10 x. configure Hide NAT for the DMZ servers.
C. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
D. When connecting to the internal network 10.10.10x, configure Hide Nat for the DMZ network behind the DMZ interface of the Security Gateway
正解：C

質問 4：
Your network includes a SecurePlatform machine running NG with Application Intelligence (AI) R55. This configuration acts as both the primary Security Management Server and VPN-1 Pro Gateway. You add one machine, so you can implement Security Gateway R75 in a distributed environment. The new machine is an Intel CoreDuo processor, with 2 GB RAM and a 500-GB hard drive. How do you use these two machines to successfully migrate the NG with AI R55 configuration?
A. 1. On the existing machine, export the NG with AJ R55 configuration to a network share.
2.Insert the R75 CD-ROM in the old machine Install the R7D Security Gateway only while reinstalling the SecurePlatform OS over the top of the existing installation. Complete sysconfig.
3.On the new machine, install SecurePlatform as the primary Security Management Server only.
4.Transfer the exported. tgz file into the new machine, import the configuration, and then reboot
5.Open SmartDashboard, change the Gateway object to the new version, and reset SIC for the Gateway object.
B. 1. Export the configuration on the existing machine to a tape drive
2.Uninstall the Security Management Server from the existing machine, using sysconfig.
3.Insert the R75 CD-ROM. run the patch add CD-ROM command to upgrade the existing machine to the R75 Security Gateway, and reboot
4.Install a new primary Security Management Server on the new machine
5.Change the Gateway object to the new version, and reset SIC
C. 1. Export the configuration on the existing machine to a network share
2.Uninstall the Security Gateway from the existing machine, using sysconfig
3.Insert the R75 CD ROM. and run the patch add CD-HGM command to upgrade the Security Management Server to Security Gateway R 70
4.Select upgrade with imported file, and reboot
5.Install a new R75 Security Gateway as the only module on the new machine, and reset SIC to the new Gateway
D. 1. Export the configuration on the existing machine as a backup only
2.Edit $FWDIR\product. conf on the existing machine, to disable the VPN-1 Pro Gateway package
3.Reboot the existing machine
4.Perform an in place upgrade on the Security Management Server using the command "patch odd cd"
5.On the new machine, install SecurePlatform as the R75 Security Gateway only
6.Run sysconfig to complete the configuration
7.From SmartDashboard, reconfigure the Gateway object to the new version, and reset SIC
正解：A

質問 5：
You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communication. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a(n):
A. private key
B. AES flag
C. digital signature
D. diffie-Helman verification
正解：C

質問 6：
If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:
A. three-packet IKE Phase 1 exchange is replaced by a six-packet exchange
B. three-packet IKE Phase 2 exchange is replaced by a two-packet exchange
C. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange
D. six-packet IKE Phase 1 exchange is replaced by a three-packet exchange
正解：D

質問 7：
You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?
A. Eventia Tracker
B. SmartView Monitor
C. Eventia Monitor
D. SmartView Tracker
正解：D

質問 8：
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute Only and choosing the target Gateway, the:
A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
C. SmartUpdate wizard walks the Administrator through a distributed installation.
D. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the
Security Gateway and the installation IS performed.
正解：B