156-215 Dumps | CheckPoint

Latest 156-215 Real Exam Download 111-120

November 5, 2013

Ensurepass
Latest 156-215 Real Exam Download 111-120

 

QUESTION 111
Anti-Spoofing is typically set up on which object types?

A. Security Gateway
B. Host
C. Domain
D. Network

Answer: A

 

QUESTION 112
Web Filtering can make exceptions for specific sites by being enforced:

A. Only for specific sources and destinations.
B. For all traffic. There are no exceptions.
C. For all traffic, except on specific sources and destinations.
D. For all traffic, except blocked sites.

Answer: C

 

QUESTION 113
Which option or utility includes Security Policies and Global Properties settings?

A. File > Save fromSmartDashboard
B. Backup
C. Database Revision Control
D. Policy Package Management

Answer: C

 

QUESTION 114
You are the Security Administrator for a university. The university’s FTP servers have old hardware and software. Certain FTP commands cause the FTP servers to malfunction. Upgrading the FTP servers is not an option at this time. Where can you define Blocked FTP Commands passing through the Security Gateway protecting the FTP servers?

A. Rule Base > Action Field > Properties
B. SmartDefense > Application Intelligence > FTP > FTP Security Server
C. Global Properties > Security Server > Allowed FTP Commands
D. FTP Service Object > Advanced > Blocked FTP Commands

Answer: B

 

QUESTION 115
It is possible to configure Network Address Translation in all of the following areas, EXCEPT:

A. Dynamic Object Properties
B. Object Properties
C. Global Properties
D. Address-translation rules

Answer: A

 

QUESTION 116
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?

A.The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections.
B.Burst traffic matching the Default Rule is exhausting the Check PointQoS global packet buffers.
C.The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself.
D.The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.

Answer: A

 

QUESTION 117
You are configuring SmartDefense to block the CWD and FIND commands. What should you do before you install the Security Policy to keep the Security Gateway from continuing to pass the commands?

A.Include CWD and FIND in the FTP Service Object > Advanced > Blocked FTP Commands list.
B.Delete the rule accepting FTP to any source, and from any destination from the Rule Base.
C.Check the Global Properties > Security Server > “Control FTP Commands” box.
D.Set the radio button on theSmartDefense > Application Intelligence > FTP Security Server screen to “Configurations apply to all connections”.

Answer: D

 

QUESTION 118
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of VPN-1 NGX R65. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?

A.A Stealth Rule has been configured for the NGX R65 Gateway.
B.The Allow VPN-1 Control Connections setting in Policy>Global Properties has been unchecked.
C.The Gateway Object representing your gateway was configured as an Externally Managed VPN-1 Gateway.
D.The Security policy installed to the Gateway had no rules in it.

Answer: B

 

QUESTION 119
You are working with multiple Security Gateways that enforce a common set of rules. To minimize the number of policy packages, which one of the following would you choose to do?

A.Create a separate Security Policy Package for each remote Security Gateway and specify “InstallOn?Gateways”
B.Install a separate localSmartCenter Server and SmartConsole for each remote Security Gateway
C.Create a single Security Policy Package with “Installon?Target” defined whenever a unique rule is required for a specific gateway
D.Run separateSmartDashboard instances to login and configure each Security Gateway directly

Answer: C

 

QUESTION 120
An unprotected SMTP Server causes your site to be reported as a spam relay. Which of the following is the most efficient configuration method to implement an SMTP Security Server to prevent this?

A.Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.
B.Configure the SMTP Security Server to allow only mail to or from names, within your corporate domain.
C.Configure the SMTP Security Server to apply a generic “from” address to all outgoing mail.
D.Configure the SMTP Security Server to work with an OPSEC based product, for content checking.

Answer: B

Download Latest Checkpoint 156-215 Real Free Tests , help you to pass exam 100%.