156-915.77無料問題集「CheckPoint Check Point Certified Security Expert Update Blade」

質問 1

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?

（A）After enabling Identity Awareness, reboot the gateway

（B）John should install the Identity Awareness Agent

（C）Investigate this as a network connectivity issue

（D）He should lock and unlock the computer

正解：D 解答を投票する

質問 2

You are running a R76 Security Gateway on Secure Platform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What backup method could be used to quickly put the secondary firewall into production?

（A）snapshot

（B）upgrade export

（C）backup

（D）manual backup

正解：A 解答を投票する

質問 3

Which command would you use to save the routing information before upgrading a
Windows Gateway?

（A）cp /etc/sysconfig/network.C [location]

（B）ipconfig -a > [filename].txt

（C）netstat -rn > [filename].txt

（D）ifconfig > [filename].txt

正解：C 解答を投票する

質問 4

CORRECT TEXT
Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member.

正解：

fw ctl setsync off

質問 5

In an R76 Cluster, some features such as VPN only function properly when:

（A）All cluster members have the same Hot Fix Accumulator pack installed

（B）All cluster members have the same number of interfaces configured

（C）All cluster members' clocks are synchronized

（D）All cluster members have the same policy

正解：C 解答を投票する

質問 6

CORRECT TEXT
Fill in the blank. To verify the SecureXL status, you would enter command _____________ .

正解：

fwaccel stat

質問 7

In R76, My Organization e-mail addresses or domains are used for:

（A）Scanning e-mails only if its sender e-mail address is part of this definition, by default.

（B）Defining the e-mail address of the SMTP relay server.

（C）FTP traffic sent from a user where his e-mail is part of this definition scanned by DLP, by default.

（D）HTTP traffic sent from a user where his e-mail is part of this definition scanned by DLP, by default.

正解：A 解答を投票する

質問 8

You are troubleshooting a HTTP connection problem. You've started fw monitor -o http.pcap. When you open http. cap with Wire shark there is only one line. What is the most likely reason?

（A）fw monitor was restricted to the wrong interface.

（B）By default only SYN pakets are captured.

（C）Like Smart View Tracker only the first packet of a connection will be captured by fw monitor.

（D）Acceleration was turned on and therefore fw monitor sees only SYN.

正解：D 解答を投票する

質問 9

What happens if the identity of a user is known?

（A）If the user credentials do not match an Access Role, the traffic is automatically dropped.

（B）If the user credentials do not match an Access Role, the system displays the Captive Portal.

（C）If the user credentials do not match an Access Role, the system displays a sandbox.

（D）If the user credentials do not match an Access Role, the gateway moves onto the next rule.

正解：D 解答を投票する

質問 10

A VPN Tunnel Interface (VTI) is defined on Secure Platform Pro as:
vpn shell interface add numbered 10.10.0.1 10.10.0.2 madrid.cp
What do you know about this VTI?

（A）The peer Security Gateway's name is madrid.cp.

（B）The local Gateway's object name is madrid.cp.

（C）The VTI name is madrid.cp.

（D）10.10.0.1 is the local Gateway's internal interface, and 10.10.0.2 is the internal interface of the remote Gateway.

正解：A 解答を投票する

質問 11

You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that?

（A）All

（B）(i) or (iii)

（C）(ii) or (iii)

（D）(i) or (ii)

正解：B 解答を投票する

質問 12

Each entry in Smart Directory has a unique _______________ ?

（A）Organizational Unit

（B）Distinguished Name

（C）Schema

（D）Port Number Association

正解：B 解答を投票する

質問 13

The process that performs the authentication for Smart Dashboard is:

（A）cvpnd

（B）fwm

（C）vpnd

（D）cpd

正解：B 解答を投票する

質問 14

When configuring an LDAP Group object, select option _______________ if you want the gateway to reference a specific group defined on the LDAP server for authentication purposes.

（A）All Account-Unit's Users

（B）Group Agnostic

（C）Only Group in Branch

（D）Only Sub Tree

正解：D 解答を投票する

質問 15

Which of these four Check Point QoS technologies prevents the transmission of redundant packets when multiple copies of a packet are concurrently queued on the same flow?

（A）Retransmission Detection Early Drop (RDED)

（B）Stateful Inspection

（C）Weighted Flow Random Early Drop (WFRED)

（D）Intelligent Queuing Engine

正解：A 解答を投票する

質問 16

Which technology would describe RDED for Qos?

（A）A mechanism for managing packet buffers.

（B）A mechanism for reducing the number of retransmits and retransmit storms.

（C）A mechanism to derive complete state and context information for all network traffic.

（D）A mechanism to accurately classify traffic and place it in the proper transmission queue.

正解：B 解答を投票する

質問 17

Which of the following does NOT happen when using Pivot Mode inCluster XL?

（A）The Pivot's Load Sharing decision function decides which cluster member should handle the packet.

（B）The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.

（C）The Pivot forwards the packet to the appropriate cluster member.

（D）The Security Gateway analyzes the packet and forwards it to the Pivot.

正解：D 解答を投票する

質問 18

Use the table to match the BEST Management High Availabilitysynchronization-status descriptions for your Security Management Server (SMS).

（A）A-3, B-1.C-5, D-4

（B）A-3, B-1.C-5, D-4

（C）A-3, B-1.C-4, D-2

（D）A-5, B-3, C-1.D-2

正解：A 解答を投票する

質問 19

When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered?

（A）2 and 3

（B）1, 3, and 4

（C）1, 2, 3 and 4

（D）1, 2, and 4

正解：C 解答を投票する

156-915.77 無料問題集「CheckPoint Check Point Certified Security Expert Update Blade」

弊社を連絡する

関連リンク

トップ試験