Tips to Pass 156-215.75 Exam (161 to 170)

Act now and download your Check Point 156-215.75 test today! Do not waste time for the worthless Check Point 156-215.75 tutorials. Download Refresh Check Point Check Point Certified Security Administrator exam with real questions and answers and begin to learn Check Point 156-215.75 with a classic professional.

2016 Jul 156-215.75 Study Guide Questions:

Q161. While in Smart View Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 but cannot remember all the steps. What is the correct order of steps needed to perform this? 

1) Select the Active Mode tab In Smart view Tracker 

2) Select Tools > Block Intruder 

3) Select the Log Viewing tab in SmartView Tracker 

4) Set the Blocking Time out value to 60 minutes 

5) Highlight the connection he wishes to block 

A. 3, 2, 5, 4 

B. 3, 5, 2, 4 

C. 1, 5, 2, 4 

D. 1, 2, 5, 4 

Answer: C 

Q162. You plan to create a backup of the rules, objects, policies, and global properties from an R75 Security Management Server. Which of the following backup and restore solution can you use? 

1. Upgrade_export and upgrade_import utilities 

2. Database revision control 

3. SecurePlatform backup utilities 

4. Policy package management 

5. Manual copies of the $CPDIR/conf directory 

A. 2, 4, 5 

B. 1, 3, 4 

C. 1, 2, 3 

D. 1, 2, 3, 4, 5 

Answer: C 

Q163. You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: 

"web_public_IP" is the node object that represents the public IP address of the new Web server. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT. 

When you try to browse the Web server from the Internet you see the error "page cannot be displayed". Which of the following is NOT a possible reason? 

A. There is no NAT rule translating the source IP address of packets coming from the protected Web server. 

B. There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server. 

C. There is no ARP table entry for the public IP address of the protected Web server. 

D. There is no Security Policy defined that allows HTTP traffic to the protected Web server. 

Answer: A 

156-215.75  book

Update 156-215.75 free practice test:

Q164. Peter is your new Security Administrator. On his first working day, he is very nervous and sets the wrong password three times. His account is locked. What can be done to unlock Peter's account? Give the BEST answer. 

A. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Gateway. 

B. It is not possible to unlock Peter's account. You have to install the firewall once again or abstain from Peter's help. 

C. You can unlock Peter's account by using the command fwm lock_admin -u Peter on the Security Management Server. 

D. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Management Server. 

Answer: C 

Q165. What is the purpose of an Identity Agent? 

A. Manual entry of user credentials for LDAP authentication 

B. Audit a user's access, and send that data to a log server 

C. Disable Single Sign On 

D. Provide user and machine identity to a gateway 

Answer: D 

Q166. Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access after the next Phase 2 exchange occurs? 

A. Perfect Forward Secrecy 

B. SHA1 Hash Completion 

C. Phase 3 Key Revocation 

D. M05 Hash Completion 

Answer: A

High value 156-215.75 samples:

Q167. After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue? 

A. The packet has been sent out through a VPN tunnel unencrypted. 

B. An IPSO ACL has blocked the outbound passage of the packet. 

C. A SmartDefense module has blocked the packet 

D. It is an issue with NAT 

Answer: D 

Q168. Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%? 

A. Real Time Monitor / Gateway Settings / Status Monitor 

B. SmartView Tracker / Audit Tab / Gateway Counters 

C. This can only be monitored by a user-defined script. 

D. SmartView Monitor / Gateway Status / Threshold Settings 

Answer: D 

Q169. Which of the following actions do NOT take place in IKE Phase 1? 

A. Each side generates a session key from its private key and peer’s public key 

B. Peers agree on integrity method 

C. Diffie-Hillman key is combined with the key material to produce the symmetrical IPsec key. 

D. Peers agree on encryption method 

Answer: C 

Q170. Static NAT connections, by default, translate on which firewall kernel inspection point? 

A. Post-inbound 

B. Eitherbound 

C. Inbound 

D. Outbound 

Answer: C 

About 156-215.75 Information: 156-215.75 Dumps