REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 

Catherine Guerin

 
 

 

Braindumps of 156-210
Check Point CCSA NG

Exam Questions, Answers, Braindumps (156-210)

Thanx to www.exams.ws for giving handi questions for the help of the students.Here is my Contribution.

Q: 1
Once you have installed Secure Internal Communcations (SIC) for a host-node object and issued a certificate for it. Which of the following can you perform? Choose two.
A. Rename the object
B. Rename the certificate
C. Edit the object properties
D. Rest SIC
E. Edit the object type
Answer: A, C
Explanation:
Object can be renamed and the properties can be edited even after establishing the SIC and issue the certificate
Incorrect Answers:
B. Once SIC has been established and a certificate has been issued, certificate can not be renamed
D. If SIC is reset, the trust has to be re-established, hence this is wrong
E. Type of the object created can not be modified once the certificate has been issued.
Q: 2
You are a Security Administrator preparing to implement Hide NAT. You must justify your decision. Which of the following statements justifies implementing a Hide NAT solution? Choose two.
A. You have more internal hosts than public IP addresses
B. Your organization requires internal hosts, with RFC 1918-compliant addresses to be assessable from the Internet.
C. Internally, your organization uses an RFC 1918-compliant addressing scheme.
D. Your organization does not allow internal hosts to access Internet resources
E. Internally, you have more public IP addresses than hosts.
Answer: A, C
Q: 3
Which critical files and directories need to be backed up? Choose three
A. $FWDIR/conf directory
B. rulebase_5_0.fws
C. objects_5_0.c
D. $CPDIR/temp directory
E. $FWDIR/state directory
Answer: A, B, C
Q: 4
Which of the following statements about the General HTTP Worm Catcher is FALSE?
A. The General HTTP Worm Catcher can detect only worms that are part of a URI.
B. Security Administrators can configure the type of notification that will take place, if a worm is detected.
C. SmartDefense allows you to configure worm signatures, using regular expressions.
D. The General HTTP Worm Catcher's detection takes place in the kernel, and does not require a Security Server.
E. Worm patterns cannot be imported from a file at this time.
Answer: A
Q: 5
You are a Security Administrator attempting to license a distributed VPN-1/Firewall-1 configuration with three Enforcement Modules and one SmartCenter Server. Which of the following must be considered when licensing the deployment? Choose two.
A. Local licenses are IP specific.
B. A license can be installed and removed on a VPN-1/Firewall-1 version 4.1, using SmartUpdate.
C. You must contact Check Point via E-mail or telephone to create a license for an Enforcement Module.
D. Licenses cannot be installed through SmartUpdate.
E. Licenses are obtained through the Check Point User Center
Answer: A, E
Q: 6
Which of the following are tasks performed by a VPN-1/FireWall-1 SmartCenter Server? Choose three.
A. Examines all communications according to the Enterprise Security Policy.
B. Stores VPN-1/FirWall-1 logs.
C. Manages the User Database.
D. Replicates state tables for high availability.
E. Compiles the Rule Base into an enforceable Security Policy.
Answer: B, C, E
Q: 7
You are a Security Administrator preparing to implement an address translation solution for Abc .com. The solution you choose must meet the following requirements:
1. RFC 1918-compliant internal addresses must be translated to public, external addresses when packets exit the Enforcement Module.
2. Public, external addresses must be translated to internal, RFC 1918-compliant addresses when packets enter the Enforcement Module.
Which address translation solution BEST meets your requirements?
A. Hide NAT
B. The requirements cannot be met with any address translation solution.
C. Dynamic NAT
D. IP Pool Nat
E. Static NAT
Answer: E
Q: 8
Which of the following suggestions regarding Security Policies will NOT improve performance?
A. If most incoming connections are HTTP, but the rule that accepts HTTP at the bottom of the Rule Base, before the Cleanup Rule
B. Use a network object, instead of multiple host-node objects.
C. Do not log unnecessary connections.
D. Keep the Rule Base simple.
E. Use IP address-range objects in rules, instead of a set of host-node objects.
Answer: A
Q: 9
You are a Security Administrator attempting to license a distributed VPN-1/Firwall-1 configuration with three Enforcement Modules and one SmartCenter Server. Which license type is the BEST for your deployemenet?
A. Discretionary
B. Remote
C. Central
D. Local
E. Mandatory
Answer: C
Q: 10
Network attacks attempt to exploit vulnerabilities in network applications, rather than targeting firewalls directly. What does this require of today's firewalls?
A. Firewalls should provide network-level protection, by inspecting packets all layers of the OSI model.
B. Firewall should not inspect traffic below the Application Layer of the OSI model, because such inspection is no longer relevant.
C. Firewalls should understand application behavior, to protect against application attacks and hazards.
D. Firewalls should provide separate proxy processes for each application accessed through the firewall.
E. Firewalls should be installed on all Web servers, behind organizations' intranet.
Answer: C.
Q: 11
What function does the Audit mode of SmartView Tracker perform?
A. It tracks detailed information about packets traversing the Enforcement Modules.
B. It maintains a detailed log of problems with VPN-1/FireWall-1 services on the SmartCenter Server.
C. It is used to maintain a record of the status of each Enforcement Module and SmartCenter server.
D. It maintains a detailed record of status of each Enforcement Module and SmartCenter Server.
E. It tracks changes and Security Policy installations, per Security Administrator, performed in SmartDashboard.
Answer: E
Q: 12
In the SmartView Tracker, what is the difference between the FireWall-1 and VPN-1 queries? Choose three.
A. A VPN-1 query only displays encrypted and decrypted traffic.
B. A FireWall-1 query displays all traffic matched by rules, which have logging activated.
C. A FireWall-1 query displays all traffic matched by all rules.
D. A FireWall-1 query also displays encryption and decryption information.
E. Implied rules, when logged, are viewed using the VPN-1 query.
Answer: A, B, D

 

156-210

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend