[2022年08月最新リリース]156-215.81問題集でCheckPoint Certification認証
最新の完璧な156-215.81問題集問題と解答で100%パスさせます
質問 145
To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?
- A. Distributed
- B. Standalone
- C. Full HA Cluster
- D. High Availability
正解: D
質問 146
You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?
- A. XlateSrc
- B. XlateDst
- C. XlateSPort
- D. XlateDPort
正解: C
質問 147
What are the advantages of a "shared policy" in R80?
- A. Allows the administrator to install a policy on one Security Gateway and it gets installed on another managed Security Gateway
- B. Allows the administrator to share a policy so that it is available to use in another Policy Package
- C. Allows the administrator to share a policy between all the administrators managing the Security Management Server
- D. Allows the administrator to share a policy between all the users identified by the Security Gateway
正解: B
質問 148
At what point is the Internal Certificate Authority (ICA) created?
- A. Upon creation of a certificate
- B. During the primary Security Management Server installation process.
- C. When an administrator decides to create one.
- D. When an administrator initially logs into SmartConsole.
正解: B
解説:
Introduction to the ICA
The ICA is a Certificate Authority which is an integral part of the Check Point product suite. It is fully compliant with X.509 standards for both certificates and CRLs. See the relevant X.509 and PKI documentation, as well as RFC 2459 standards for more information. You can read more about Check Point and PKI in the R76 VPN Administration Guide.
The ICA is located on the Security Management server. It is created during the installation process, when the Security Management server is configured.
質問 149
Which two of these Check Point Protocols are used by ?
- A. ELA and CPLOG
- B. FWD and CPLOG
- C. FWD and LEA
- D. ELA and CPD
正解: C
質問 150
What is a reason for manual creation of a NAT rule?
- A. The public IP-address is different from the gateway's external IP
- B. Network Address Translation of RFC1918-compliant networks is needed to access the Internet.
- C. Network Address Translation is desired for some services, but not for others.
- D. In R80 all Network Address Translation is done automatically and there is no need for manually defined NAT-rules.
正解: A
質問 151
Fill in the blank: The _________ software blade enables Application Security policies to allow, block, or limit website access based on user, group, and machine identities.
- A. Data Awareness
- B. Application Control
- C. URL Filtering
- D. Threat Emulation
正解: B
質問 152
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
- A. TCP port 265
- B. UDP port 256
- C. TCP port 256
- D. UDP port 265
正解: A
質問 153
What is the purpose of a Stealth Rule?
- A. A rule at the end of your policy to drop any traffic that is not explicitly allowed.
- B. A rule that allows administrators to access SmartDashboard from any device.
- C. A rule used to hide a server's IP address from the outside world.
- D. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.
正解: D
質問 154
Which of the below is the MOST correct process to reset SIC from SmartDashboard?
- A. Run cpconfig, and click Reset.
- B. Click the Communication button for the firewall object, then click Reset. Run cpconfig on the gateway and type a new activation key.
- C. Run cpconfig, and select Secure Internal Communication > Change One Time Password.
- D. Click Communication > Reset on the Gateway object, and type a new activation key.
正解: B
質問 155
Which option will match a connection regardless of its association with a VPN community?
- A. Specific VPN Communities
- B. Accept all encrypted traffic
- C. All Site-to-Site VPN Communities
- D. All Connections (Clear or Encrypted)
正解: B
質問 156
Which of the following is the most secure means of authentication?
- A. Pre-shared secret
- B. Certificate
- C. Token
- D. Password
正解: B
質問 157
Customer's R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?
- A. Export R80 configuration, clean install R80.10 and import the configuration
- B. CPUSE offline upgrade
- C. SmartUpdate upgrade
- D. CPUSE online upgrade
正解: B
質問 158
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?
- A. She needs to run sysconfig and restart the SSH process.
- B. She needs to edit /etc/scpusers and add the Standard Mode account.
- C. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
- D. She needs to run cpconfig to enable the ability to SCP files.
正解: B
質問 159
What is the purpose of a Clean-up Rule?
- A. Clean-up Rules do not server any purpose.
- B. Provide a metric for determining unnecessary rules.
- C. Used to better optimize a policy.
- D. To drop any traffic that is not explicitly allowed.
正解: D
解説:
These are basic access control rules we recommend for all Rule Bases:
There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.
質問 160
John is using Management HA. Which Smartcenter should be connected to for making changes?
- A. primary Smartcenter
- B. connect virtual IP of Smartcenter HA
- C. active Smartcenter
- D. secondary Smartcenter
正解: C
質問 161
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
- A. Pentagon
- B. Combined
- C. Star
- D. Meshed
正解: C
解説:
VPN communities are based on Star and Mesh topologies. In a Mesh community, there are VPN connections between each Security Gateway. In a Star community, satellites have a VPN connection with the center Security Gateway, but not to each other.
質問 162
Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?
- A. The firewall topologies
- B. The VPN Domains
- C. The Rule Base
- D. NAT Rules
正解: C
質問 163
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
- A. Network location, identity of a user, and identity of a machine
- B. Browser-Based Authentication, identity of a user, and network location
- C. Name of the application, identity of the user, and identity of the machine
- D. Identity of the machine, username, and certificate
正解: A
質問 164
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
- A. LDAP
- B. TACACS
- C. Windows password
- D. Check Point Password
正解: A
質問 165
Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?
- A. JSON
- B. RC4 Encryption
- C. Microsoft Word
- D. Microsoft Publisher
正解: A
質問 166
What is also referred to as Dynamic NAT?
- A. Static NAT
- B. Manual NAT
- C. Automatic NAT
- D. Hide NAT
正解: D
質問 167
Which of the following is NOT a policy type available for each policy package?
- A. Desktop Security
- B. Threat Prevention
- C. Access Control
- D. Threat Emulation
正解: D
質問 168
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
- A. Specific VPN Communities
- B. Accept all encrypted traffic
- C. All Site-to-Site VPN Communities
- D. All Connections (Clear or Encrypted)
正解: B
解説:
The first rule is the automatic rule for the Accept All Encrypted Traffic feature. The Firewalls for the Security Gateways in the BranchOffices and LondonOffices VPN communities allow all VPN traffic from hosts in clients in these communities. Traffic to the Security Gateways is dropped. This rule is installed on all Security Gateways in these communities.
2. Site to site VPN - Connections between hosts in the VPN domains of all Site to Site VPN communities are allowed. These are the only protocols that are allowed: FTP, HTTP, HTTPS and SMTP.
3. Remote access - Connections between hosts in the VPN domains of RemoteAccess VPN community are allowed. These are the only protocols that are allowed: HTTP, HTTPS, and IMAP.
質問 169
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?
- A. Certificates and IPsec
- B. 3DES and MD5
- C. Certificates and pre-shared secret
- D. IPsec and VPN Domains
正解: C
質問 170
......
CheckPoint 156-215.81 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
最新の156-215.81試験問題集でCheckPoint試験トレーニング:https://www.jpntest.com/shiken/156-215.81-mondaishu