English Русский Contacts Site map Add to favorites
Profile
Registration
Login
Braindumps
Master braindump list
New braindumps
Submit a dump
Get latest dump
Forums
braindumps.com.ua
flame
Vendor
3COM (7)
Adobe (1)
BEA (1)
Checkpoint (22)
Cisco (20)
Citrix (17)
CIW (15)
Compaq (0)
CompTIA (51)
CWNA (2)
EMC (2)
Exin (4)
GEJOS (4)
HDI (1)
HP (4)
IBM (13)
Juniper (1)
Linux Prof Institute (LPI) (2)
Lotus (11)
Microsoft (2461)
Network Appliance (2)
Novell (16)
Oracle (412)
PLSQL (1)
PMI (4)
SAS (1)
Sun (87)
Teradata (4)
Authorization
Login:
Password:
RSS feed

Contacts
Certification links
Links
Authorized users can rate dumps.
Please log in or sign up.

  № 3339, Checkpoint 156-210: all new question  12.06.2003 
  Rates: 0 

all new exam questions

QUESTION NO: 1
The VPN-1/Firewall-1 NG User Interface
consists of which of the following elements?
A. Security Policy Editor, Visual Policy Editor and Object tree view.
B. Management Server and VPN-
1/FireWall-1 Module.
C. Visual Policy Editor, Object Tree view and inspection Module.
D. Security Policy Server, System GUI and Module Log
Viewer.
E. VPN-1/FireWall-1 Module, Inspection Module and Security Server.
Answer: A
QUESTION NO: 2
You are attempting to implement Client
Authentication for FTP. You have the accept firewall control
connection option unchecked in the Policies and Properties dialog box.
In the
following Rule base, which rule would prevent a user from performing Client Authentication?
No SOURCE DESTINATION SERVICE ACTION
1 Any
fw.chicago.com Any drop
2 AllUsers@Sales.net Any ftp Client Encrypt
3 Any localNet http
telnet
Accept
4 Any Any Any drop
A. Rule 1
B. Rule
2
C. Rule 3
D. Rule 4
Answer: A
www.allitcertkiller.com
QUESTION NO: 3
As a VPN-1/Firewall-1 administrator, you have an undistributed range of
IP addresses for which you want
to perform address translation. You can simplify your efforts through the use of ADDRESS RANGE.
A. True
B.
False
Answer: A
- 4 -
QUESTION NO: 4
In the figure below, Localnet is an internal network with private addresses A corresponding set of
public
addresses is available as follows:
Public IP addresses Private IP addresses
199.203.73.15-199.203.73.115 200.0.0.100-200.0.0.200
The private
addresses are translated to public addresses by specifying addresses Translation in the
NAT tab of LocalnetВ’s network properties window. Source
addresses for the outbound packets from
hosts in Localnet will be translated to 199.203.73.12 as shown in the figure below.
A. True
B.
False
Answer: B
QUESTION NO: 5
You are working with multiple firewalls that have extensive Rule Bases. To simplify administration
task, which of
the following should you choose to do?
A. Create Network range objects that restrict all applicable rules to only certain networks.
B. Run
separate GUI clients for external and internal firewalls.
C. Eliminate all possible contradictory rules such as stealth and clean-up rules.
D.
Save a different Rule Base for each remote firewall.
E. None of the above.
Answer: D
QUESTION NO: 6
- 5 -
Currently, the Accounting Department
is FTP-ing a file in the bank. Which Log Viewer Module
would show you the activity occurring at the present time?
A. Security Log.
B. Active
Connections Log.
C. Accounting Log-
D. Administrative Log.
E. None of the above.
Answer: B
QUESTION NO: 7
With Blocking Scope default
settings, a selected connection is terminated:
A. And all further attempts to establish a connection from the same source IP address to the
same
destination IP address and port will be blocked.
B. But all further attempts to establish connections from this specific source IP address
will be
authenticated before being denied.
C. And all further attempts to establish connections to this specific destination IP address will be
denied.
D. And all further attempts to establish a connection from the same source IP address to the firewallВ’s IP
address will be blocked.
E.
Both A and D.
Answer: A
QUESTION NO: 8
Consider the following Rule Base for VPN-1/Firewall-1 NG.
Assuming the default settings in global
properties have NOT changed, ICMP would be allowed
through the firewall.
No SOURCE DESTINATION SERVICE ACTION TRACK
1 Any Web_Server http Accept
Long
2 Any Any Any Any Long
A. True
B. False
Answer: B
- 6 -
QUESTION NO: 9
Which is the correct rule in the following Rule Base?
No SOURCE
DESTINATION SERVICE ACTION TRACK
1 AllUsers@Chicago Any Any Session Auth Log
2 AllUsers@Chicago Chicago Any Session Auth Log
3 AllUsers@Any Any
Any Session Auth Log
4 AllUsers@Chicago Any Any User Auth Log
A. Rule 2
B. Rule 1
C. Rule 3
D. Rule 4
E. None of the rules allow
access.
Answer: B
QUESTION NO: 10
In the Client Authentication Action Properties window (below), for the required Sign On Method
section, Manual
is selected.
This means:
A. If a connection matches the Rule Base the service is an authenticated service, the client is signed on
after a
successful authentication.
- 7 -
B. The user must initiate the Client Authentication Session to the gateway.
C. If a connection using any service
matches Rule Base, the client is authenticated.
D. If authentication is successful, access is granted from the network that initiated the
connection.
E. The user must TELNET to the target server on port 259.
Answer: B
QUESTION NO: 11
Changes made to the Security Policy do not take
effect on the Enforcement Module until the
administrator performs which of the following actions?
A. Saves the policy.
B. Verifies the
policy.
C. Install the policy.
D. Stops firewall services on the Enforcement Module.
E. Stops firewall services on the Management
module.
Answer: C
QUESTION NO: 12
Consider the following network:
The public servers are a web form. Since the web servers accepts and initiate
connections Dynamic
translation is required.
A. True
www.allitcertkiller.com
B. False
Answer: B
QUESTION NO: 13
The fw fetch command perform
the following function:
A. Attempts to fetch the policy from the Management Server.
B. Fetches users from the Management server.
C. Produces an
output screen of the Rule Base.
D. Fetches the logs.
E. Fetches the systems status.
Answer: A
QUESTION NO: 14
Inclement weather and a UPS-
failure cause a firewall to reboot. Earlier that day a tornado destroyed
the building where the firewallВ’s Management Module was located. The
Management Module was not
recovered and has not been replaced.
Bases on the scenario, which of the following statements is FALSE?
A. The firewall
will continue to enforce the last rule base installed.
B. The firewall will log locally.
C. The firewall will fetch the last installed policy form
local host and install it.
D. Communication between the firewall and the replacement Management Module must be established
before the replacement
Management Module can install a policy on the firewall.
E. Because the firewall cannot contact the Management Module, no policy will be
installed.
Answer: E
QUESTION NO: 15
When configuring Anti-Spoofing for VPN-1/FireWall-1 NG on the firewall interfaces, all of the
following are
valid address choices except:
A. Network defined by Interface IP and Net Mask.
B. Not Defined.
C. Security Policy Installed.
D. Specific
- 9 -

E. None of the above.
Answer: C
QUESTION NO: 16
The security administrator for the following configuration only allows members of the
localnet
managers group access files in BigBen (the FTP Server)
Select below the rule that allows local managers to access the FTP server from any
location.
No SOURCE DESTINATION SERVICE ACTION
1 LocalManagers@Any BigBen ftp User Auth
2 LocalManagers@Net_London BigBen ftp Client Auth
3
LocalManagers@Any BigBen ftp Session Auth
4 LocalManagers@Net_Tokyo BigBen ftp User Auth
A. Rule 1.
B. Rule 2.
C. Rule 3.
D. Rule 4.
E. None
of these rules allow access.
Answer: A
QUESTION NO: 17
Assume that you are working on a Windows NT operating system. What is the default
expiration for a
Dynamic NAT connection NOT showing any UDP activity?
A. 30 Seconds.
B. 60 Seconds.
C. 40 Seconds.
D. 600 Seconds.
E. 3000
Seconds.
Answer: C
QUESTION NO: 18
Assume there has been no change made to default policy properties. To allow a telnet connection into
your
network, you must create two rules.
One to allow the initial Telnet connection in.
One to allow the destination machine to send information back
to the client.
A. True
B. False
Answer: B
QUESTION NO: 19
In Windows NT to force log entries other than the default directory.
A. You must use
the cpconfig command.
B. Change the fwlog environment variable.
C. Modify the registry.
D. Change the directory in log viewer.
E. Use the fw log
switch command.
Answer: E
QUESTION NO: 20
For most installations, the Clean-Up rule should be the last rule in Rule Base.
A. True
B.
False
Answer: A
www.allitcertkiller.com
QUESTION NO: 21
What complements are necessary for VPN-1/FireWall-1 NG to scan e-mail, passing through
the
firewall, for macro viruses?
A. UFP and OPSEC-certified scanning product.
B. CVP and OPSEC-certified virus scanning product.
C. UFP and
CVP.
D. UFP, CVP and OPSEC-certified content filter.
E. None of the above, VPN-1/FireWall-1 NG scans for macro viruses by default.
Answer:
B
QUESTION NO: 22
Why would you want to verify a Security Policy before installation?
A. To install Security Policy cleanly.
B. To check up the
enforcement-point firewall for errors.
C. To identify conflicting rules in your Security Policy.
D. To compress the Rule Base for faster
installation
E. There us no benefit verifying a Security Policy before installing it.
Answer: C
QUESTION NO: 23
To completely setup Static NAT,
you ONLY have to select Add Automatic Address Translation rules
on the NAT tab, and specify a public NAT IP address.
A. True
B. False
Answer:
B
QUESTION NO: 24
If you configure the Minutes interval for a firewall in the User Authentication session timeout box, as
shown below on the
Authentication Tab of the Workstations properties window, users of one time
password must re-authenticate for each request during this time period.-
12 -
A. True
B. False
Answer: B
QUESTION NO: 25
What does a status of Untrusted tell you?
A. A VPN-1/Firewall-1 NG firewall module has been
compromised.
B. A gateway cannot be reached.
C. A module is installed and responding to status checks, but the status is problematic.
D. A
gateway is connected, but the management module is not the master of the module installed on the
gateway.
E. None of the above.
Answer:
D
QUESTION NO: 26
Omanan Enterprises has the premier reclamation system for scrap aluminum in the western
hemisphere. Then phenomenal growth over
the last 10 years has led to the decision to establish a
presence in the Internet in order to their customers. To that end, Omanan Enterprise
network
administrator, Jason has acquired a Web Server, and email server and 14 IP addresses from their
ISP. Jason also purchased a Checkpoint VPN-
1/FireWall-1 stand alone gateway module, with these
interfaces, to protect Omanan enterprisesВ’ corporate data their ISP will be providing DNS
services.
The Web Server and email server must have Static routable IP addresses. The eight member
executive counsel of Omanan Enterprises would
to have routable IP addresses also, so that they can
video-conference with the companyВ’s suppliers. Omanan EnterprisesВ’ remaining 200 employees
would
like to have access to Internet, and the executive counsel believe that granting them access might
improve company morale.
Jason installs
and configured Checkpoint VPN-1/FireWall1 stand alone Gateway module at the
perimeter of Omanan Enterprises corporate LAN. He uses the 3rd NIC in
the stand alone firewall
gateway module to create DMZ. Jason installs the Web server and the email server on the DMZ. He
creates tools and objects
on the checkpoint VPN-1/FireWall-1 stand alone gateway module to allow
HTTP, POP3 and SMTP from the Internet to the DMZ. He Creates objects to
represent the web and
email server and configures them for Static NAT.
Jason reconfigures his DHCP server so that each of the members of the
executive counsel has reserved
IP address. He then sues those reservations co create Statically NAT-ed objects on the Checkpoint
VPN/Firewall-1
Standalone Gateway module. Jason creates another object represents the internal
network he configures this object for Dynamic NAT. He adds a rule
allowing HTTP traffic from the
www.allitcertkiller.com
internal network to any destination. Jason created an additional rule to allow POP3 and
SMTP traffic
between the internal networks and DMZ.
Choose the one phrase below that best describes JasonВ’s proposal.
A. The proposed solution
meets the required objectives and none of the desired objectives.
B. The proposed solution meets the required objectives and only one of the
desired objectives.
C. The proposed solution meets the required objectives and all desired objectives.
D. The proposed solution does not meet the
required objective.
Answer: C
QUESTION NO: 27
Anna is a security administrator setting up User Authentication for the first time. She has
correctly
configured her Authentication rule, but authentication still does not work. What is the Check Point
recommended way to troubleshoot this
issue?
A. Verify the properties of the user attempting authentication and the authentication method selected in
the Authentication Properties of
your firewall object.
B. Verify the firewall settings of your firewall object, and the properties for the user attempting
encryption and
authentication.
C. Verify the properties for the user attempting authentication and make sure that the file Stealth
Authentication method is
selected in the Authentication properties of both the peer gateway object and
your firewall object.
D. Verify both Client and User Authentication,
and the authentication method selected in the
Authentication properties of your Firewall object.
E. Re-import Schema from the VPN-1/FireWall-1 NG
installation CD.
Answer: A
QUESTION NO: 28
Session authentication provides an authentication method NOT supported by protocols that can
be
integrated with any application.
No. Source Destination Service Action Track Install On
1. Any Local_Net telnet Accept Long Gateways
2. Pub
Server1 Pub Server2 Any Accept Long Gateways
A. True
B. False
Answer: A
QUESTION NO: 29
How do recover communications between your management
module and enforcement module if you
lock yourself out via a rule policy that is configured incorrectly?
A. Cp delete all all.
B. Cp pause all
all.
C. Cp stop all all.
D. Cp unload all all.
E. Cp push all all.
Answer: D
QUESTION NO: 30
You have set up a firewall and management module
on one NT box and a remote module on a
different location. You receive only sporadic logs from the local firewall and only and control
message
from remote firewall. All rules on both firewalls are logging and you know the traffic is flowing
through the firewall using these rules.
All the firewall related services are running and you are using
NAT and you receive few logs from the local firewall.
What actions from the
choices below would you perform to find out why you cannot see logs?
A. Make sure there is no masters file in SFWDIR/conf on the remote module.
B.
Make sure there is no masters file in SFWDIR/conf on the local NT box.
C. See if you can do a fwfetch from the module.
D. Run the fw logexport В–t
В–n from the command line prompt on the remote module.
E. Use pulist.exe from the Windows NT resource kit.
Answer: C
QUESTION NO: 31
As a
firewall administrator you encounter the following you error message:
Authentication for command failed.
What is the most logical reasoning for
thus type of error message?
A. The Rule Base has been corrupted.
B. The kernel cannot communicate with the management module.
C. The
administrator does not have the ability to push the policy.
D. Remote encryption keys cannot be fetched.
E. Client authentication has
failed.
Answer: B
www.allitcertkiller.com
QUESTION NO: 32
Your customer has created a rule so that every time a user wants to go to the
Internet, that user must
be authenticated. Firewall load is a concern for the customer. Which authentication method does not
result in any
additional connections to the firewall?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Answer: A
QUESTION NO: 33
What
variable is used to extend the interval of the Timeout in a NAT to prevent a hidden UDP
connection from losing its port?
A.
Fwx_udp_todefaultextend.
B. Fwx_udp_expdefaultextend.
C. Fwx_udp_todefaultext
D. Fwx_udp_timeout.
E. Fwx_udp_expiration.
Answer: D

QUESTION
NO: 34
To hide data filed in the log viewer:
A. Select Hide from the Log Viewer menu.
B. Right-click anywhere in a column of the Log Viewer GUI
and select Show Details.
C. Right-click anywhere in the column of the Log Viewer GUI and select Disable.
D. Right-click anywhere in the column of
the Log Viewer GUI and select Hide.
E. Select Hide from the Log Viewer tool bar.
- 16 -
Up ^ gen. 0.11 Server date 04:48 22-11-2008 Developed by Zip © 2006 Up ^
Checkpoint 156-210
Forum
Start online exam simulation
Master braindump
User braindumps
Checkpoint
156-210 (20)
156-310 (2)