156-215.71無料問題集「CheckPoint Check Point Certified Security Administrator R71」

質問 1

How do you control the maximum number of mail messages in a spool directory?

（A）in the smtp.conf file on the Security Management Server

（B）In the Gateway object's SMTP settings under the Advanced window

（C）In the Security Server window in Global Properties

（D）In IPS SMTP settings

正解：B 解答を投票する

質問 2

UDP packets are delivered if they are _________.

（A）Reference in the SAM related Dynamic tables

（B）A Stateful ACK to a valid SYN-SYN-/ACK on the inverse UDP ports and IP

（C）Bypassing the Kernel by the "forwarding layer" of clusterXL

（D）A legal response to an allowed request on the inverse UDP ports and IP

正解：D 解答を投票する

質問 3

What is used to validate a digital certificate?

（A）IPsec

（B）PKCS

（C）S/MIME

（D）CRL

正解：D 解答を投票する

質問 4

John currently administers a network using single CPU single core servers for the Security Gateways and is running R71. His company is now going to implement VOIP and needs more performance on the Gateways. He is now adding more memory to the systems and also upgrades the CPU to a modern quad core CPU in the server. He wants to use CoreXL technology to benefit from the new performance benchmarks of this technology. How can he achieve this?

（A）He needs to reinstall the Gateways because during the initial installation, it was a single-core CPU but the wrong Linux kernel was installed. There is no other upgrade path available.

（B）He just needs to go to cpconfig on the CLI and enable CoreXL. Only a restart of the firewall is required to benefit from CoreXL technology.

（C）Nothing needs to be done. SecurePlatform recognized the change during reboot and adjusted all the settings automatically.

（D）He just needs to go to cpconfig on the CLI and enable CoreXL. After the required reboot he will benefit from the new technology.

正解：D 解答を投票する

質問 5

Which of these components does NOT require a Security Gateway R71 license?

（A）Check Point Gateway

（B）SmartUpdate upgrading/patching

（C）Security Management Server

（D）SmartConsole

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

You are Security Administrator for a large call center. The management team is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center's network is protected by an internal Security Gateway, configured to drop peer-to-peer file-sharing traffic. Which option do you use to determine the number of packets dropped by each Gateway?

（A）SmartView Status

（B）SmartView Monitor

（C）SmartView Tracker

（D）SmartDashboard

正解：B 解答を投票する

質問 7

Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?

（A）514

（B）256

（C）257

（D）258

正解：C 解答を投票する

質問 8

Of the three mechanisms Check Point uses for controlling traffic, which enables firewalls to incorporate layer 4 awareness in packet inspection?

（A）Packet filtering

（B）Stateful Inspection

（C）IPS

（D）Application Intelligence

正解：B 解答を投票する

質問 9

What rules send log information to Dshield.org when Storm Center is configured?

（A）Determined in IPS, Dshield Storm Center configuration: Security Management Server sends logs from rules with tracking set to either Alert or one of the specific User Defined Alerts

（B）Determined by the Dshield Storm Center Logging setting in Logs and Master of the Security Management Server object rules with tracking set to Log or None.

（C）Determined in Web Intelligence, configuration: Information Disclosure is configured; rules with tracking set to User Defined Alerts or SNMP trap.

（D）Determined by the Global Properties configuration: Log defined in the Log and Alerts section, rules with tracking sent to Account or SNMP trap.

正解：A 解答を投票する

質問 10

If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?

（A）IPS

（B）SmartEvent Intro

（C）Data Loss Prevention

（D）SSL: VPN

正解：A 解答を投票する

質問 11

You are a Security Administrator who has installed Security Gateway R71 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following:
1.Created manual Static NAT rules for the Web server.
2.Created the following settings in the Global Properties' Network Address Translation screen
-Allow bi-directional NAT* -Translate destination on client side
Do you above settings limit the partner's access?

（A）Yes, This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

（B）No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing.

（C）Yes, Both of these settings are only application to automatically NAT rules.

（D）No, The first setting is not applicable. The second setting will reduce performance, by translating traffic in the kernel nearest the intranet server.

正解：B 解答を投票する

質問 12

What information is found in the SmartView Tracker Management log?

（A）Destination IP address

（B）Most accessed Rule Base rule

（C）Policy Package rule modification date/time stamp

（D）Historical reports log

正解：C 解答を投票する

質問 13

Peter is your new Security Administrator. On his first working day, he is very nervous and sets the wrong password three times. His account is locked. What can be done to unlock Peter's account? Give the BEST answer.

（A）You can unlock Peter's account by using the command fwm lock_admin -u Peter on the Security Management Server.

（B）You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Management Server.

（C）It is not possible to unlock Peter's account. You have to install the firewall once again or abstain from Peter's help.

（D）You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Gateway.

正解：A 解答を投票する

質問 14

To monitor all traffic between a network and the Internet on a SecurePlatform Gateway, what is the BEST utility to use?

（A）cpinfo

（B）infoview

（C）tcpdump

（D）snoop

正解：C 解答を投票する

質問 15

Your customer wishes to install the SmartConsole on a Windows system. What are the minimum hardware requirements for R71? Give the BEST answer.

（A）1 GB Free disk space and 512 MB RAM

（B）512 MB Free disk space and 1 GB RAM

（C）500 MB Free disk space and 512 MB RAM

（D）1 GB Free disk space and 1 GB RAM

正解：C 解答を投票する

質問 16

John is the Security Administrator in his company. He installs a new R71 Security Management Server and a new R71 Gateway. He now wants to establish SIC between them. After entering the activation key, the message "Trust established" is displayed in SmartDashboard, but SIC still does not seem to work because the policy won't install and interface fetching still does not work. What might be a reason for this?

（A）SIC does not function over the network.

（B）It always works when the trust is established.

（C）The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid.

（D）This must be a human error.

正解：C 解答を投票する

質問 17

During which step in the installation process is it necessary to note the fingerprint for first-time verification?

（A）When configuring the Security Gateway object in SmartDashboard

（B）When configuring the Security Management Server using cpconfig

（C）When establishing SIC between the Security Management Server and the Gateway

（D）When configuring the Gateway in the WebUl

正解：B 解答を投票する

156-215.71 無料問題集「CheckPoint Check Point Certified Security Administrator R71」

弊社を連絡する

関連リンク

トップ試験