156-215.71試験無料問題集（465題）「CheckPoint Check Point Certified Security Administrator R71 認定」

出題：1

When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?

A. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up

B. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field (conf : (conns
:( conn :hwaddr ("00:0C:29:12:34:56")

C. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56

D. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.

正解：A 解答を投票する

出題：2

SmartView Tracker R71 consists of three different modes. They are:

A. Log, Active, and Audit

B. Log, Track, and Management

C. Log, Active, and Management

D. Network & Endpoint, Active, and Management

正解：D 解答を投票する

出題：3

What are the two basic rules which should be used by all Security Administrators?

A. Cleanup and Stealth rules

B. Administrator Access and Stealth rules

C. Network Traffic and Stealth rules

D. Cleanup and Administrator Access rules

正解：A 解答を投票する

出題：4

Of the following VPN Community options, which is most likely to provide a balance between IKE compatibility to VPN-capable devices (Check Point and non-Check Point) and preserving resources on the R71 Gateway? VPN tunnel sharing per:

A. pair of hosts, permanent tunnels, Diffie-Hellman Group 2 for Phase 1.

B. subnet, permanent tunnels, Diffie-Hellman Group 1 for Phase 1.

C. subnet, no permanent tunnels, Diffie-Hellman Group 2 for Phase 1.

D. pair of hosts, no permanent tunnels, Diffie-Hellman Group 1 for Phase 1.

正解：C 解答を投票する

出題：5

When configuring the network interfaces of a Check Point Gateway, the direction can be defined
as Internal or External. What is the meaning of Interface leads to DMZ?

Checkpoint 156-215-71 Exam

A. Activating this option automatically turns this interface to External

B. Using restricted Gateways, this option automatically turns off the counting of IP Addresses originating from this interface

C. When selecting this option. Ann-Spoofing is configured automatically to this net.

D. It defines the DMZ Interface since this information is necessary for Content Control.

正解：D 解答を投票する

出題：6

NAT can NOT be configured on which of the following objects?

A. Host

B. Address Range

C. HTTP Logical Server

D. Gateway

正解：C 解答を投票する

出題：7

Peter is your new Security Administrator. On his first working day, he is very nervous and sets the wrong password three times. His account is locked. What can be done to unlock Peter's account? Give the BEST answer.

A. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Management Server.

B. It is not possible to unlock Peter's account. You have to install the firewall once again or abstain from Peter's help.

C. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Gateway.

D. You can unlock Peter's account by using the command fwm lock_admin -u Peter on the Security Management Server.

正解：D 解答を投票する

出題：8

In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy / Global Properties / FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.

A. 900

B. 256

C. 80

D. 259

正解：B 解答を投票する

出題：9

An internal host initiates a session to www.google.com and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.

A. Client side NAT

B. None of these

C. Destination NAT

D. Source NAT

正解：D 解答を投票する

出題：10

A Hide NAT rule has been created which includes a source address group of ten (10) networks and three (3) other group objects (containing 4, 5, and 6 host objects respectively). Assuming all addresses are non-repetitive, how many effective rules have you created?

A. 2

B. 1

C. 13

D. 25

正解：D 解答を投票する

出題：11

For remote user authentication, which authentication scheme is NOT supported?

A. RADIUS

B. SecurlD

C. Check Point Password

D. TACACS

正解：D 解答を投票する

出題：12

You currently do not have a Check Point software subscription for one of your products. What will happen if you attempt to upgrade the license for this product?

A. It is upgraded with new available features, but cannot be activated

B. It is deleted

C. The license will be upgraded with a warning

D. The license is not upgraded

正解：D 解答を投票する

出題：13

Which of the following is NOT supported with office mode?

A. SSL Network Extender

B. L2TP

C. Transparent mode

D. Secure Client

正解：C 解答を投票する

出題：14

A rule _______ is designed to log and drop all other communication that does not match another rule?

A. Cleanup

B. Anti-Spoofing

C. Reject

D. Stealth

正解：A 解答を投票する

出題：15

You installed Security Management Server on a computer using SecurePlatform in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second SecurePlatform computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?
1) Run cpconfig on the gateway, set secure internal communication, enter the activation key and reconfirm.
2) Initialize internal certificate authority (ICA) on the security Management server.
3) Confirm the gateway object with the host name and IP address for the remote site.
4) Click the communication button in the gateway object's general screen, enter the activation key, and click initialize and ok.
5) Install the security policy.

A. 2, 3, 4, 5, 1

B. 2, 1, 3, 4, 5

C. 1, 3, 2, 4, 5

D. 2, 3, 4, 1, 5

正解：B 解答を投票する

出題：16

You are running a R71 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What backup method could be used to quickly put the secondary firewall into production?

A. snapshot

B. backup

C. upgrade_export

D. manual backup

正解：A 解答を投票する

出題：17

The Security Gateway is installed on SecurePlatform R71. The default port for the Web User Interface is _______.

A. TCP 4433

B. TCP 257

C. TCP 18211

D. TCP 443

正解：D 解答を投票する

出題：18

How does the Get Address button, found on the Host Node Object / General Properties page retrieve the address?

A. SNMP Get

B. Address resolution (ARP. RARP)

C. Name resolution (hosts file, DNS, cache)

D. Route Table

正解：C 解答を投票する

出題：19

Which of the following is a viable consideration when determining Rule Base order?

A. Grouping functionally related rules together

B. Grouping reject and drop rules after the cleanup rule

C. Grouping authentication rules with address translation rules

D. Grouping rules by date of creation

正解：A 解答を投票する

156-215.71試験無料問題集「CheckPoint Check Point Certified Security Administrator R71 認定」