最新的思科 微软 IBM Oracle HP 题库免费共享 又一个 WordPress 博客

  • 156-215.1题库demo免费下载

    Filed under CheckPoint
    Aug 3

    CheckPoint认证156-215.1考试题库介绍

    考试代号: 156-215.1
    问题数量:254 Q&As

    更新时间: 2009-08-27
    注册地点: Prometric/Pearson VUE
    题库全称:Check Point Certified Security Administrator NGX

    免费156-215.1题库Demo赏析

     
     
    Exam : Check Point 156-215.1
    Title : Check Point Certified Security Administrator NGX

    1. Which SmartConsole tool verifies the installed Security Policy name?
    A. SmartView Server
    B. SmartUpdate
    C. SmartView Status
    D. Eventia Reporter
    E. SmartView Monitor
    Answer: E

    2. In NGX, what happens if a Distinguished Name (DN) is NOT found in LDAP?
    A. NGX takes the common-name value from the Certificate subject, and searches the LDAP account unit for a matching user id.
    B. NGX searches the internal database for the username.
    C. The Security Gateway uses the subject of the Certificate as the DN for the initial lookup.
    D. If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute.
    E. When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the external LDAP user database.
    Answer: B

    3. You create implicit and explicit rules for the following network. The group object "internal-networks" includes networks 10.10.10.0 and 10.10.0. Assume "Accept ICMP requests" is enabled as before last in the Global Properties.Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet, by IP address? ICMP will be:
    A. dropped by rule 0.
    B. dropped by rule 2, the Cleanup Rule.
    C. accepted by rule 1.
    D. dropped by the last implicit rule.
    E. accepted by the implicit rule.
    Answer: C

    4. Which NGX logs can you configure to send to DShield.org?
    A. Account and alert logs
    B. SNMP and account logs
    C. Active and alert logs
    D. Audit and alert logs
    E. Alert and user-defined alert logs
    Answer: E

    5. Brianna has three servers located in a DMZ, using private IP addresses. She wants internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.
    What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?
    A. Configure automatic Static NAT rules for the DMZ servers.
    B. Configure manual Static NAT rules to translate the DMZ servers, when connecting to the Internet.
    C. Configure manual static NAT rules to translate the DMZ servers, when the source is the internal network 10.10.10.x.
    D. Configure Hide NAT for the DMZ network behind the DMZ interface of the Security Gateway, when connecting to internal network 10.10.10.x.
    E. Configure Hide NAT for 10.10.10.x behind DMZ’s interface, when trying to access DMZ servers.
    Answer: C

    6. When you change an implicit rule’s order from "last" to "first" in Global Properties, how do you make the change effective?
    A. Close SmartDashboard, and reopen it.
    B. Select install database from the Policy menu.
    C. Select save from the file menu.
    D. Reinstall the Security Policy.
    E. Run fw fetch from the Security Gateway.
    Answer: D

    7. Your users are defined in a Windows 2000 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in NGX?
    A. All Users
    B. A group with generic* user
    C. External-user group
    D. LDAP account-unit group
    E. LDAP group
    Answer: E

    8. Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server:
    A. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit.
    B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
    C. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application.
    D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
    E. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
    Answer: A

    9. Gary is a Security Administrator in a small company. He needs to determine if the company’s Web servers are accessed for an excessive number of times from the same host. How would he configure this setting in SmartDefense?
    A. Successive multiple connections
    B. HTTP protocol inspection
    C. Successive alerts
    D. General HTTP worm catcher
    E. Successive DoS attacks
    Answer: A

    10. Which of the following commands is used to restore NGX configuration information?
    A. cpconfig
    B. cpinfo -i
    C. restore
    D. fwm dbimport
    E. upgrade_import
    Answer: E

    11. Larry is the Security Administrator for a software-development company. To isolate the corporate network from the developers’ network, Larry installs an internal Security Gateway. Larry wants to optimize the performance of this Gateway. Which of the following actions is most likely to improve the Gateway’s performance?
    A. Remove unused Security Policies from Policy Packages.
    B. Clear all Global Properties check boxes, and use explicit rules.
    C. Use groups within groups in the manual NAT Rule Base.
    D. Put the least-used rules at the top of the Rule Base.
    E. Use domain objects in rules, where possible.
    Answer: A

    12. If the LDAP scheme is not updated on the LDAP server, which Check Point user settings are stored locally in the Check Point user template?
    A. Time settings, Authentication type, Location settings
    B. Location settings, Authentication type, Password
    C. Authentication type, Time settings, Password
    D. Password, Authentication type, Time settings
    Answer: A

    13. Which of the following is the final step in an NGX backup?
    A. Test restoration in a non-production environment, using the upgrade_import command.
    B. Move the *.tgz file to another location.
    C. Run the upgrade_export command.
    D. Copy the conf directory to another location.
    E. Run the cpstop command.
    Answer: A

    14. In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
    A. Define a secondary SmartCenter Server as a log server, to transfer the old logs.
    B. Configure a script to archive old logs to another directory, before old log files are deleted.
    C. Do nothing. Old logs are deleted, until free space is restored.
    D. Use the fwm logexport command to export the old log files to other location.
    E. Do nothing. The SmartCenter Server archives old logs to another directory.
    Answer: B

    15. By default, when you click File > Switch Active File from SmartView Tracker, the SmartCenter Server:
    A. Opens a new window with a previously saved log file.
    B. Purges the current log file, and starts a new log file.
    C. Purges the current log, and prompts you for the new log’s mode.
    D. Saves the current log file, names the log file by date and time, and starts a new log file.
    E. Prompts you to enter a filename, then saves the log file.
    Answer: D

    16. If a digital signature is used to achieve both data-integrity checking and verification of sender, digital signatures are only used when implementing:
    A. A symmetric encryption algorithm.
    B. CBL-DES.
    C. ESP.
    D. An asymmetric encryption algorithm.
    E. Triple DES.
    Answer: D

    17. You are setting up a Virtual Private Network, and must select an encryption scheme. Network performance is a critical issue – even more so than the security of the packet. Which encryption scheme would you select?
    A. In-place encryption
    B. Tunneling mode encryption
    C. Either one will work without compromising performance
    Answer: A

    18. How do you block some seldom-used FTP commands, such as CWD, and FIND from passing through the Gateway?
    A. Use FTP Security Server settings in SmartDefense.
    B. Use an FTP resource object.
    C. Configure the restricted FTP commands in the Security Servers screen of the Global properties.
    D. Enable FTP Bounce checking in SmartDefense.
    E. Add the restricted commands to the aftpd.conf file in the SmartCenter Server.
    Answer: A

    19. Ellen is performing penetration tests against SmartDefense for her Web server farm. She needs to verify that the Web servers are secure against traffic hijacks. She has selected the "Products > Web Server" box on each of the node objects. What other settings would be appropriate? Ellen:
    A. needs to configure TCP defenses such as "Small PMTU" size.
    B. should enable all settings in Web Intelligence.
    C. needs to create resource objects for the web farm servers and configure rules for the web farm.
    D. must activate the Cross-Site Scripting property.
    E. should also enable the Web intelligence > SQL injection setting.
    Answer: D

    20. Frank wants to know why users on the corporate network cannot receive multicast transmissions from the Internet. An NGX Security Gateway protects the corporate network from the Internet. Which of the following is a possible cause for the connection problem?
    A. NGX does not support multicast routing protocols and streaming media through the Security Gateway.
    B. Frank did not install the necessary multicast license with SmartUpdate, when he upgraded to NGX.
    C. The Multicast Rule is below the Stealth Rule. NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
    D. Multicast restrictions are not configured properly on the corporate internal network interface properties of the Security Gateway object.
    E. Anti-spoofing is enabled. NGX cannot pass multicast traffic, if anti-spoofing is enabled.
    Answer: D

    免费下载156-215.1题库Demo

    Examsoon提供最新的CheckPoint认证 156-215.1题库,其全名为:(Check Point Certified Security Administrator NGX). 在您决定是否购买之前 可以先下载156-215.1题库的部分演示. Examsoon是全球唯一提供所有IT认证考试题库demo免费下载的厂商 ,以下为免费156-215.1模拟测试题的下载链接

    免费的156-215.1题库PDF下载链接

    CheckPoint 156-215.1学习指南

    CheckPoint认证 156-215.1考试已经证明了它在全世界的广泛性和重要性,因此明白这项认证考试的世界各地的人必须具备与认证考试相关领域所需的技能和知识。CheckPoint认证 156-215.1学习指南的目的是检查考生的能力和他对概念的意识。很多时候练习测试156-215.1考试都已经被修改过了,删掉了许多过时的东西,而那些需求是在考试课程。当应用到时候你所学的知识的时候,就会鉴定出你所学到的东西以及对所学知识的应用是多么的恰到好处。CheckPoint认证 156-215.1是在IT行业的知名品牌,所以如果您通过了这样一个知名公司举行的一次考试,你可以想象你将来的事业会做的多么好。

    想要通过这个考试当然存在很多困难。你所要做的就是准备好充足的勇气和信心,而这些都来源与你平时训练的好坏.建议大家可以去Examsoon这个网站看一下,它的156-215.1考试是为了测试您在这方面的知识的掌握程度,最好的部分是它可以使你不断更新你所学的知识,不断进步。如果你知道所有的概念和如何使用他们的时候才是你真正掌握了Examsoon的用意。这门考试检查了您的能力和一旦你通过这次考验你将成为最优秀的人才,其他156-215.1考试的Examsoon结算值得注意的影响就是你的薪水将直线上升这大概也是每个人都希望获得的,所以要找一些好的资源才行。

    Examsoon考题大师156-215.1试题都是考试原题的完美组合,覆盖率95%以上,答案由多位专业资深讲师原版破解得出,正确率100%,只要您使用Examsoon的考试题库参加156-215.1考试,保证您一次轻松通过考试;

    售后服务第一!我们相信要想在当今时代取得成功,必须为广大用户提供全套的周到细致的全程优质售后服务,只有客户满意了,才能发展。客户至上是Examsoon考题大师的一贯宗旨;

    No Comments

Leave a Reply

You must be logged in to post a comment.

 
Powered by Testinside考题大师
IT认证题库专家 || IT认证考试资源网

友情链接 | Examsoon IT 认证考试网 思科认证资源网 思科微軟考古題 IT證照模擬試題 考古題考試模擬軟件 70-649 70-643 70-646 640-802 640-863 e20-340 HP0-085 HP0-A25