156-215.71 無料問題集「CheckPoint Check Point Certified Security Administrator R71」

（A）Type cpm -a, and provide the existing Administrator's account name. Reset the Security Administrator's password.

（B）Launch SmartDashboard in the User Management screen, and delete the cpconfig administrator.

（C）Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Administrator Account portion of the file. You will be prompted to create a new account.

（D）Launch cpconfig and delete the Administrator's account. Recreate the account with the same name.

（A）fw unload policy

（B）cpstop

（C）fw unloadlocal

（D）fw delete all.all@localhost

（A）fwm stat

（B）fw stat

（C）fw ctl pstat

（D）fw ctl install

（A）The POP3 rule is disabled.

（B）The POP3 rule is hidden.

（C）POP3 is accepted in Global Properties.

（D）POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R71.

（A）The license for this specific firewall has expired.

（B）The firewall has failed to sync with the Security Management Server for 60 minutes.

（C）The firewall is not listed in the Policy Installation Targets screen for this policy package.

（D）The firewall object has been created but SIC has not yet been established.

（A）Meets the required objective and only one desired objective.

（B）Meets the required objective and both desired objectives.

（C）Does not meet the required objective.

（D）Meets the required objective but does not meet either desired objective.

（A）Check the Log Implied Rules Globally box on the R71 Gateway object.

（B）In Global Properties / Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.

（C）Define two log servers on the R71 Gateway object. Enable Log Implied Rules on the first log server. Enable log rule Base on the second log server. Use Smart Reporter to merge the two log server records into the same database for HIPPA log audits.

（D）Install the View Implicit Rules package using SmartUpdate.

（A）Send output to a file called cpinfo.out without address resolution.

（B）Send output to a file called cpinfo.out in usable format for the CP InfoView utility.

（C）Send output to a file called cpinfo.out in compressed format.

（D）Send output to a file called cpinfo.out and provide a screen print at the same time.

（A）cpstat fwd

（B）fw ver

（C）fw stat

（D）fw ctl pstat

（A）Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session Timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

（B）Ask the mainframe users to reconnect every time this error occurs.

（C）Increase the service-based session timeout of the default Telnet service to 24-hours.

（D）Increase the TCP session timeout under Global Properties > Stateful Inspection.

（A）can go to the Internet, without being prompted for authentication.

（B）can connect to the Internet successfully after being authenticated.

（C）can go to the Internet after Telnetting to the client auth daemon port 259.

（D）is prompted three times before connecting to the Internet successfully.

（A）Default filter

（B）Last policy that was installed

（C）Standard policy

（D）Initial policy

（A）Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create a manual NAT rule like the following Original source -group object; Destination - any Service - any, Translated source - 200.200.200.5; Destination - original, Service - original.

（B）Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

（C）Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

（D）Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter
200.200.200.5 as the hiding IP address. Add and ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

（A）All connections are reset, so a policy install is recommended during announced downtime only.

（B）All FTP downloads are reset; users have to start their downloads again.

（C）Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.

（D）Users being authenticated by Client Authentication have to re-authenticate.

（A）User-defined alert script

（B）SNMP trap

（C）Logging implied rules

（D）SmartView Monitor Threshold

（A）The object was created with Node / Gateway.

（B）The new Gateway's temporary license has expired.

（C）The Gateway object is not specified in the Install On column of the first policy rule.

（D）No Masters file is created for the new Gateway.

（A）SIC Certificates

（B）Route tables

（C）Licenses

（D）Global properties

（A）In front of the firewall is enough.

（B）On each network segment separately.

（C）On the LAN is enough, the DMZ does not need to be protected.

（D）On the firewall itself to protect all connected networks centrally.

（A）IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled

（B）Time properties, adjusted on the user objects for each user, in the source of the Client Authentication rule

（C）Refreshable Timeout setting, in the Limits tab of the Client Authentication Action Properties screen

（D）Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment