Latest 156-215.71 Real Exam Download 451-465

Ensurepass

QUESTION 451

Review the following rules. Assume domain UDP is enabled in the implied rules.

What happens when a user from the internal network tries to browse to the Internet using HTTP? The user:

clip_image002

A. is prompted three times before connecting to the Internet successfully.

B. can go to the Internet after Telnetting to the client auth daemon port 259.

C. can connect to the Internet successfully after being authenticated.

D. can go to the Internet, without being prompted for authentication.

 

Answer: D

 

 

QUESTION 452

Reviews the following rules and note the Client Authentication Action properties screen, as shown below:

clip_image004

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:

 

A. user is prompted from that FTP site only, and does not need to enter his username and password for Client Authentication.

B. User is prompted for Authentication by the Security Gateway again.

C. FTP data connection is dropped after the user is authenticated successfully.

D. FTP connection is dropped by rules 2.

 

Answer: A

 

 

QUESTION 453

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package’s NAT rules?

clip_image006

A. Rules 1 and 5 will be appear in the new package

B. Rules 1, 3, 4 and 5 will appear in the new package

C. Rules 2, 3 and 4 will appear in the new package

D. NAT rules will be empty in the new package

 

Answer: C

 

 

QUESTION 454

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:

clip_image008

“web_public_IP” is the node object that represents the public IP address of the new Web server. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT.

When you try to browse the Web server from the Internet, you see the error “page cannot be displayed”. Which statements are possible reasons for this?

i) There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.

ii) There is no Security Policy defined that allows HTTP traffic to the protected Web server.

iii) There is an ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration are enabled in Global Properties. The Security Gateway ignores manual ARP entries.

iv) There is no ARP table entry for the public IP address of the protected Web server.

 

A. (iii)

B. (i), (ii), (iii), (iv)

C. (i), (ii), (iv)

D. (i), (ii)

 

Answer: A

 

 

QUESTION 455

Cara wants to monitor the top services on her Security Gateway (fw-chicago), but she is getting an error message. Other Security Gateways are reporting the information except a new Security Gateway that was just recently deployed. Analyze the error message from the output below and determine what Cara can do to correct the problem.

clip_image010

A. She should re-install the security policy on the security Gateway since it was using the default rule base

B. She should create a firewall rule to allow the CPMI traffic back to her smart console.

C. She should let the monitoring run longer in order for it to collect sampled data

D. She should edit the security Gateway object and enable the monitoring Software Blade.

 

Answer: D

 

 

QUESTION 456

What will happen when Reset is pressed and confirmed?

clip_image012

A. The gateway certificate will be revoked on the security management server only

B. SIC will be reset on the Gateway only

C. The Gateway certificate will be revoked on the security management server and SIC will be reset on the Gateway

D. The gateway certificate on the gateway only

 

Answer: A

 

 

QUESTION 457

Which rule is responsible for the installation failure?

clip_image014

A. Rule 4

B. Rule 3

C. Rule 5

D. Rule 6

 

Answer: A

 

 

QUESTION 458

Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

clip_image016

A. There is not enough information provided in the Wireshark capture to determine NAT settings.

B. This is an example hide NAT.

C. There is an example of Static NAT and translate destination on client side unchecked in Global Properties.

D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

 

Answer: D

 

 

QUESTION 459

You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?

clip_image018

A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers

B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.

C. When connecting to internal network 10 10.10 x. configure Hide NAT for the DMZ servers.

D. When connecting to the internal network 10.10.10x, configure Hide Nat for the DMZ network behind the DMZ interface of the Security Gateway

 

Answer: B

 

 

QUESTION 460

Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:

clip_image020

Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.

200.200.5.

The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.

Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

 

A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter

200.200.200.5 as the hiding IP address. Add and ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.

C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

D. Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create a manual NAT rule like the following Original source –group object; Destination – any Service – any, Translated source – 200.200.200.5; Destination – original, Service – original.

 

Answer: C

 

 

QUESTION 461

Examine the following Security Policy. What, if any, changes could be made to accommodate Rule 4?

clip_image022

A. Nothing at all

B. Modify the Source or Destination columns in Rule 4

C. Remove the service HTTPS from the Service column in Rule A

D. Modify the VPN column in Rule 2 to limit access to specific traffic

 

Answer: D

 

 

QUESTION 462

What information is provided from the options in this screenshot?

clip_image024

(i)                  Whether a SIC certificate was generated for the Gateway

(ii)                Whether the operating system is SecurePlatform or SecurePlatform Pro

(iii)                Whether this is a standalone or distributed installation

 

A. (i), (ii) and (iii)

B. (i) and (iii)

C. (i) and (ii)

D. (ii) and (iii)

 

Answer: D

 

 

QUESTION 463

Match each of the following command to there correct function. Each command has one function only listed.

clip_image026

A. C1>F2; C2>F1; C3>F6; C4>F4

B. C1>F6; C2>F4; C3>F2; C4>F5

C. C1>F2; C4>F4; C3>F1; C4>F5

D. C1>F4; C2>F6, C3>F3; C4>F2

 

Answer: B

 

 

QUESTION 464

The Administrator of the Tokyo Security Management Server cannot connect from his workstation in Osaka. Which of the following lists the BEST sequence of steps to troubleshoot this issue?

clip_image028

A. Check for matching OS and product versions of the Security Management Server and the client. Then, ping the Gateways to verify connectivity. If successful, scan the log files for any denied management packets.

B. Call Tokyo to check if they can ping the Security Management Server locally. If so, login to sgtokyo, verify management connectivity and Rule Base. If this looks okay, ask your provider if they have some firewall rules that filters out your management traffic.

C. Verify basic network connectivity to the local Gateway, service provider, remote Gateway, remote network and target machine. Then, test for firewall rules that deny management access to the target. If successful, verify that pcosaka is a valid client IP address.

D. Check the allowed clients and users on the Security Management Server. If pcosaka and your user account are valid, check for network problems. If there are no network related issues, this is likely to be a problem with the server itself. Check for any patches and upgrades. If still unsuccessful, open a case with Technical Support.

 

Answer: C

 

 

QUESTION 465

From the output below, where is this fingerprint generated?

clip_image030

A. SmartUpdate

B. Security Management Server

C. SmartDashboard

D. SmartConsole

 

Answer: B

 

Download Latest Checkpoint 156-215.70 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.