English Русский Contacts Site map Add to favorites
Profile
Registration
Login
Braindumps
Master braindump list
New braindumps
Submit a dump
Get latest dump
Forums
braindumps.com.ua
flame
Vendor
3COM (7)
Adobe (1)
BEA (1)
Checkpoint (22)
Cisco (20)
Citrix (17)
CIW (15)
Compaq (0)
CompTIA (51)
CWNA (2)
EMC (2)
Exin (4)
GEJOS (4)
HDI (1)
HP (4)
IBM (13)
Juniper (1)
Linux Prof Institute (LPI) (2)
Lotus (11)
Microsoft (2461)
Network Appliance (2)
Novell (16)
Oracle (412)
PLSQL (1)
PMI (4)
SAS (1)
Sun (87)
Teradata (4)
Authorization
Login:
Password:
RSS feed

Contacts
Certification links
Links
Authorized users can rate dumps.
Please log in or sign up.

  № 3343, Checkpoint 156-210: Checkpoint  14.10.2002 
  Rates: 0 

I think this dump is going to help everybody going for CCSA NG exam.
Just rem that these days there are no
questions on FALSE, Wrong/Right Answers and VPN.
and some questions has more than one ans. so be very careful while attempting these questions.
I
have verified all the answers and they are perfectly all right as far as I am concerned.


Sincerely,

Waqar, Toronto, Canada
email:
waqarcan@netscape.net


This is a Collection of Great Questions that WE collected from
other dumps....


1. What
component of CheckPoint NG allows you to export Logs to an external program such as Access or Excel.

A. ELA
B. LEA
C. Logs cannot be exported
to external programs.
D. ULLLS
E. something else

answer: b


2. Customer has created a rule so that everytime a user wants to go to the
Internet that user must be authenticated. FIREWALL LOAD IS A CONCERN FOR THE CUSTOMER. What authentication method does not result in any additional
connections to the firewall?

A. Client
B. User
C. Session
D. Something else
E. None of above

answer: c

3. Which is not a step in
Session Authentication?

A. The user initiates a connection directly to the server.
B. The Session Authentication agent prompts the user for the
authentication data and returns this information to the Inspection Module.
C. If the authentication is sucessful , then the VPN-1/Firewall-1 NG
module allows the connection to pass through the gateway, and continue to the target server.
D. The Session Authentication agent prompts the user
for authentication data and returns this information to the Inspection Module.
E. The Session Authentication agent prompts the user for
authentication data after a valid check of (something) and returns this information to the Inspection Module.

answer: e

4. What is not a a
feature of the SVN Foundation.

A. Watch dog for critical services
B. Cpstart/CPstop
C. CPMAD
D. Check Point Registry
E. something
else

answer: c

5. What mode would you use to check if someone is pinging the firewall.

A. Security Log
B. Log Viewer
C. Active
Connections
D. Accounting Log
E. Audit Log

answer: b

6. The system display status displays a firewall with "!", what does this mean?

A.
The firewall is defined as external
B. The firewall has been turned off
C. Nothing is wrong
D. The firewall is unprotected, no security policy is
loaded
E. something else

answer: d

7. If you want a user to authenticate everytime they use the internet what authentication scheme would you
use?

A.User
B. Client
C. Session
D. something else
E. something else

answer: a

8. What is true of the Enforcement Module.

A. Usually
installed on a multihomed machine
B. Manages logging
C. Is installed on a host enforcement point
D. Examines all communications according to a
Enterprise Security Policy
E. Can provide authentication and Content Security features at the application level

answer: A C D E

9. What can
NAT be performed on?

A. Domains, Networks & Workstations
B. Domains & Networks
C. Security Servers & Networks
D. something else.

answer:
a

10. What Implicit Rules are allowed by default in the Global Properties?

A. Accept RIP
B. Accept Firewall Control Connections
C. Accept
Domain Name over UDP (Queries)
D. Accept ICMP Requests
E. Accept CPRID connections (SecureUpdate)

answer: b e

11. You have 72 privately
addresses internal addresses. How would you reduce the time it takes to install a policy?

A. Create an object for all the networks and use this
in the rule base rather than the 72 individual networks.

answer: a

12. How does the firewall implement Transparent authentication?

A. The
firewall allows the connection but hides the fact that the user is connected to the firewall, the user will always be prompted for a username even
if the username is not recognised by the user database.

answer: a

13. When can Hide Mode not be used.

A. Where the port number cannot be
changed
B. Where the port number can be changed
C. Where the external server must distinguish between clients based on their IP address
D.
something else

answer: a c


14. To block an active connection with Block Intruder, select the connection you want to block, and then select
Block Intruder from the Select mune. The following default options are available from the Block Intruder window:

A. Block access to this
gateway
B. Block access from this source
C. Block only this connection
D. Block access for specific packets to the destination
E. Block access
to this destination

answer: b c e

15. User Authentication can be used to authenticate which services?

A. HTTP
B. HTTPS
C. RLOGIN
D.
FTP
E. TELNET

answer: a b c d e

16. Doctors in your building want to be able to get access to files on an ftp server on the DMZ (there is a
diagram in the exam). The doctors move around PC's in the building, what is the best authentication scheme to use so they can access the FTP
server?

A. Session
B. User
C. Reverse
D. Client
E. IKE

answer: B

17. (With Diagram) What level of the OSI model does the Firewall
Module sit.

A. Presentation
B. Data
C. Network
D. Physical
E. Session

answer: C

18. The ICA creates certificates for the VPN-1/FireWall-
1 Modules and any other communicating component are created via initialisation of the Policy Editor. The ICA creates, signs, and delivers a
certificate to the communicating component. When would the certificate become invalid?

A. If you rename the gateway
B. If you rename the rule
base
C. When you Reset the ICA
D. Delete the Module object from the Policy Editor
E. something else

answer: c d

19. You Enterprise Security
Policy is made up off:

A. Explicit rules created by the user
B. Implicit rules created by VPN-1/Firewall-1, and are derived from the security
properties
C. something else
D. something else
E. something else

answer: a b

20. Within the Secure Internal Communications (SIC) framework
the Management Server and Modules are identified by their SIC name. What is this commonly known as:

A. IP Address
B. Host Name
C. Friendly Name
given by Administrator
D. Distinguished Name (DN)
E. Workstation Name

answer: d

21. Which is false about SIC communications?

A. VPN
Certificates, such as those for IKE are used for secure communications
B. The Policy Editior initiates an SSL based connection with the Management
Server
C. The Policy Editor must be defined as being authorised to use the Management Server
D. The Management Server verifies that the Clients IP
address belongs to an authorised Policy Editor Client

answer: a

22. With SecureUpdate you are able to:

A. Change Central Licenses to Local
Licenses
B. Track current installed versions of Check Point and OPSEC products
C. Update Check Point and OPSEC software remotely from a central
location
D. Centrally manage Licenses
E. Perform a new installation of VPN-1/FW-1 remotely

answer: B C D

23. The three blocking scope
options in the Block Intruder windows are

A. Block every connection
B. Block only this connection
C. Block access from this source
D. Block
access to this destination
E. Block all access from local firewall

answer: b c d

24. User authentication cannot provide access privilege for
which services?

A. HTTP
B. FTP
C. TELNET
D. RPC
E. RLOGIN

answer: d

25. George was initiating a client authentication session by
beginning an HTTP session on port 259 with the gateway named London. What do you think might be wrong with the address George specified in the
browser?

A. THE user should use Session Authentication method to successfully connect to the destination server.
B. The user should be able to
connect, since he was using the right port
C. The user was using the wrong port. He needs to use port 900 to connect successfully.
D. The user
should bypass the firewall at port 900 to connect successfully.
E. The user should bypass the firewall at port 259 to connect
successfully.

answer: c

26. You can choose to hide your internal IP addresses in which of the following ways? Two ans.

A. Hide behind the
IP address of the gateway's external interface
B. Hide behind 255.255.255.255
C. Hide behind an imaginary IP address
D. Hide behind the IP
address of the gateway's internal interface
E. Hide behind 0.0.0.0

answer: a e

27. The implicit-drop rule follows the principle В“that which
is not expressly permitted is _____В”

A. Prohibited
B. Allowed
C. Rejected
D. Dropped
E. Moved

answer: a

28. How would you remedy a
conflict between Anti-Spoofing and NAT?

A. By adding the translated, external IP address to the Valid Addresses on the external interface
B. By
removing die translated, external I? address to the invalid Addresses on the internal interface
C. By adding the translated external IP address to
the Valid Addresses on the internal interface
D. Reinstall NAT rules
E. Do nothing

answer: c

29. From what two windows can you use to block
or terminate any connection from or to a specific IP address in Log Viewer NG?

A. Request window
B. Intruder window
C. Block Intruder
window
D. Block Request window
E. Block Request/Intruder window

answer: e or c, d

30. What are the advantages of Central Licensing?

A.
Only one IP address is needed for all licenses
13- Multiple IP address are needed for all licenses
C. The licenses remain valid when changing the
IP address of a Module
D. The licenses are revoked when changing the IP address of a Module
E. A license can be removed from one Module and
installed on another Module

answer: a c e

31. Select what is true of hidden rules

A. Whether they are displayed, or not, hidden rules are
made redundant when the security Policy is
installed
B. Whether they are displayed, or not, hidden rules are displayed when the security Policy is
installed
C. Whether they are displayed, or not, hidden rules are enforced when the security Policy is installed
D. Whether they are displayed, or
not hidden rules numbering would change when the security Policy is installed
E. None of the above

answer: c

32. As a firewall administrator
you encounter the following you error message:

Authentication for command failed.

What is the most logical reasoning for this type of error
message?

a. The Rule Base has been corrupted.
b. The kernel cannot communicate with the management module.
c. The administrator does not have
the ability to push the policy.
d. Remote encryption keys cannot be fetched.
e. Client authentication has failed.

answer: b

33. System
Administrators use session authentication when they want users to

a. Authenticate each time they use a supported service
b. Authenticate all
services
c. Use only TENET, FTP, RLOGIN, and HTTP services.
d. Authenticate once, and then be able to use any service until logging
off.

answer: b d

34. What NAT mode is necessary if you want to start an HTTP session on a Reserved or Illegal IP address?

a. Static
Source
b. Static Destination
C. Dynamic Source
D. Dynamic
E. None of the above

answer: b

35. Which of the following statements are TRUE
?

a. Dynamic NAT can not be used for protocols where the port number can not be changed.
b. Dynamic NAT can not be used when a n external server
must distinguish between clients based on their IP addresses.
c. With Dynamic NAT, packet's source port numbers are modified.
d. In Dynamic NAT,
public internal addresses are hidden behind a single private external address using dynamically assigned port numbers to distinguish between
them.
e. Dynamically assigned post numbers are used to distinguish between hidden private addresses

answer: a b c e

36. A connection
initiated by the client in the figure below will be hidden behind the IP address of the interface through which the connection was routed on the
server side of the gateway (behind either interface 2 or interface 3). Specifying 0.0.0.0 as the address is convenient because of network address
translation (NAT) is performed dynamically. And if the IP addresses of the gateway are changed, it is not necessary to reconfigure the NAT
parameters.

Which of the following is true about the following figure?

a. A connection initiated by the client will be hidden behind the IP
address of the exit interface.
b. A connection initiated by the server will be hidden behind the IP address of the exit interface.
c. A connection
initiated by the server will be hidden by the IP address of the client.
d. Source addresses of outbound packets from the client will be translated
to 0.0.0.0
e. Source addresses of outbound packets from the server will be translated to 0.0.0.0

answer: a

37. What is the command for
installing a Security Policy from a *.W file?

a. fw gen and then the name of the.W file
b. fw load and then the name of theW file.
c. fW regen
and then the name of the W file
d. fW reload and then the directory location of the W file
e. fW import and then the name of the. W
file

answer: b


38. What components are necessary for VPN-I/FireWall-I NG to scan e-mail, passing
through the firewall, for macro
viruses?

a. UFP and OPSEC-certified scanning product.
b. CVP and OPSEC-certified virus scanning product.
c. UFP and CVP.
d. UTP, CVP and OPSEC-
certified content filter.
e. None of the above, VPN- I /FireWall- I NG scans fro macro viruses by default.

answer: b



39. SecureUpdate
allows you to do which of the following?

A. Track current installed versions of Check Point and OPSEC products
B. Update installed Check Point
and OPSEC software remotely from a centralized location
C. Centrally manage licenses
D. Convert Local licenses to Central licenses
E. Allows you
track all the firewall objects that are operational

answer: a b c

40. Which of the following describes the behaviour of VPN-1/Firewall-1
NG?

a. Traffic not expressly prohibited is permitted.
b. Traffic not expressly permitted is prohibited.
c. TELNET, SMTP and HTTP are allowed by
default.
d. Secure connections are authorized by default, unsecured connections are not.
e. All traffic is controlled by explicit
rules.

answer: b

41. What are the two components of SecureUpdate?

A. Central License
B. Installation Manager
C. Local Manager
D. License
Manager
E. Installation Service

answer: b d

42. What configuration is said to be used if the Policy Editor and the Management Server are
deployed on separate machines?

A. Client/Server
B. Server/Server
C. Firewall
D. Client/Client
E. None of the above

answer: a


43. What
is the purpose of Stealth Rule?

A. To specify users that should be allowed to connect to the firewall.
B. To disable a firewall.
C. To allow
any connection to the firewall.
D. To prevent any user from connecting directly to the firewall.
E. To specify users that should be prevented from
connecting to the firewall.

answer: d

44. Which type of authentication will require users to TELNET to port 259 or connect via HTTP at port
900 to be authenticated for a service?

A. Session authentication
B. User authentication
C. Client authentication
D. IP authentication
E.
None

answer: c


45. What is the purpose of NAT?

A. To conceal external computers and users from outside networks.
B. To translate
internal host names to IP addresses.
C. To conceal internal computers and users from outside networks.
D. To overcome IP addressing limitations,
by allowing usage of private I P address allocation and
unregistered internal addressing schemes.
E. To conceal external computers and users from
inside networks.

answer: c d


46. If the security policy is enforced by more than two firewalls how many rule bases would you need?

A- Two
rule bases.
B. Only one rule base.
C. One rule base each for each number of network objects there
D. Three rule bases.
E. No rule base is needed
to implement your security policy.

answer: b


47. In Log Viewer GUI what option do you select to delete all entries in the log file,
regardless of which entries are selected?

A. Kill
B. Delete
C. Purge
D. Cut
E. Remove

answer: c

48. ______ rules, defined in a firewall
object's properties, are enforced before any rule in the
Security Policy's Rule Base

A. Anti-spoofing
B. Explicit
C. implicit
D. Implicit
drop
E. None of the above

answer: a


49. What happens to current log file when you create a new log file?

A. New Log file cannot be
created when current file is opened.
B. The current file is appended to the new file.
C. The current Log file is opened in addition to the new Log
file.
D. The current Log file is closed and written to disk with a name that contains the current date and time, as only one Log file can be opened
in the Log Viewer at a time.
E. The current file is lost.

answer: d


50. The rules that you define in the Rule Base are known as ______
rules.

A. Implicit
B. Explicit
C. Properties setup
D. Stealth
E. Cleanup

answer: b


51. The ______________ maintains the VPN-
1/Firewall-1 NG database. The database includes
network object definitions, user definitions, security policy, and the log files.

A. Firewall
Module
B. Management Server
C. Client Module
D. Server Module
E. None of the above

answer: b


52. What command uninstalls the currently
loaded Inspection Code from selected targets?

A. cp load
B. cp putkey
C. cp unload
D. cp install
E. cp uninstall

answer: c


53. Why
would an administrator want to negate a selected object in the Rule Base?

A. To include all objects or users and exclude a specific object or
user
B. To include a specific object or user
C. To nest a specific object or user
D. To connect to any destination using tcp/ip service.
E. To
connect to any destination using ftp service.

answer: a


54. What NAT type translates valid IP addresses to invalid IP addresses for
connections initiated by external clients?

A. Static Source NAT
B. Static Destination NAT
C. Hide Mode
D. Static NAT
E. None of the
above

answer: b


55. Check Point Registry, cpstart/cpstop, cpshared Daemon, Watch Dog for critical Services, and cpconfig are components of
what?

A. CPShared
B. Enforcement Module
C. sic
D. SecureUpdate
E. Management Module

answer: a


56. What two services or protocols can
Client Authentication uses to initiate connection to the firewall?

A. TELNET and HTTP
B. TELNET and RPC
C. HTTP and HTTPS
D. HTTP and UDP E.
HTTP and TCP

answer: a


57. Why must Client Authentication rule be placed above Stealth rule in the Rule Base?

A. In order that they can
have access to the local Management Server
B. In order that they can have access to the Management Server
C. In order that they can have access to
the local firewall
D. In order that they can have access to the Policy Editor
E. In order that they can have access to the OS

answer: c

58.
Which of the following port would TELNET service use for communications?

A. 21
B. 23
C. 25
D. 29
E. 30

answer: b


59. What is the
advantage of a VPN-1/ Firewall-1 NG password authentication scheme over the OS password authentication scheme?

A. The user does not require an OS
account on the gateway to use a VPN-l/ Firewall-1 password.
B. The user does require an OS account on the gateway to use a VPN-l/ Firewall-I
password.
C. The VPN-I/ Firewall-I password has no advantage over OS password.
D. Using VPN-I/ Firewall-I password will allow the authenticating
user to bypass the gateway.

answer: a


60. SecureUpdate License Manager supports which two types of licenses for Check Point products?

A.
PE-bound
B. Firewall-I bound
C. OS-bound
D. Management-bound
E. Module-bound

answer: d e


61. Which of these is NOT a component of
SecureUpdate?

A. Installation Server
B. Installation Manager
C. License Manager
D. None of the above

answer: a
Up ^ gen. 0.091 Server date 06:22 22-11-2008 Developed by Zip © 2006 Up ^
Checkpoint 156-210
Forum
Start online exam simulation
Master braindump
User braindumps
Checkpoint
156-210 (20)
156-310 (2)