156-215.1 Exam

Quality and Value for the 156-215.1 Exam

Test4pass Practice Exams for CheckPoint 156-215.1 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.

100% Guarantee to Pass Your 156-215.1 Exam

If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the CheckPoint 156-215.1 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.

CheckPoint 156-215.1 Downloadable, Printable Exams (in PDF format)

Our Exam 156-215.1 Preparation Material provides you everything you will need to take your 156-215.1 Exam. The 156-215.1 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.

156-215.1 Downloadable, Interactive Testing engines

We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our CheckPoint 156-215.1 Exam will provide you with free 156-215.1 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 156-215.1 Exam:100% Guarantee to Pass Your CheckPoint exam and get your CheckPoint Certification.

Hot KeyWords On 156-215.1 test

We collect some hot keywords about this exam:
Test4pass , Pass 4 Sure , Test in Side ,Pass Guide ,Test King 156-215.1 exam | 156-215.1 pdf exam | 156-215.1 braindumps | 156-215.1 study guides | 156-215.1 trainning materials | 156-215.1 simulations | 156-215.1 testing engine | 156-215.1 vce | 156-215.1 torrent | 156-215.1 dumps | free download 156-215.1 | 156-215.1 practice exam | 156-215.1 preparation files | 156-215.1 questions | 156-215.1 answers.

How to pass your 156-215.1 exam

You can search on Search Engine and Find Best IT Certification site: Test4pass.com - Find the Method to succeed 156-215.1 test,The safer.easier way to get CheckPoint Certification .

��
��
Exam : Check Point 156-215.1
Title : Check Point Certified Security Administrator NGX


1. In NGX, what happens if a Distinguished Name (DN) is NOT found in LDAP?
A. NGX takes the common-name value from the Certificate subject, and searches the LDAP account unit for a matching user id.
B. NGX searches the internal database for the username.
C. The Security Gateway uses the subject of the Certificate as the DN for the initial lookup.
D. If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute.
E. When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the external LDAP user database.
Answer: B

2. When you change an implicit rule's order from "last" to "first" in Global Properties, how do you make the change effective?
A. Close SmartDashboard, and reopen it.
B. Select install database from the Policy menu.
C. Select save from the file menu.
D. Reinstall the Security Policy.
E. Run fw fetch from the Security Gateway.
Answer: D

3. Gary is a Security Administrator in a small company. He needs to determine if the company's Web servers are accessed for an excessive number of times from the same host. How would he configure this setting in SmartDefense?
A. Successive multiple connections
B. HTTP protocol inspection
C. Successive alerts
D. General HTTP worm catcher
E. Successive DoS attacks
Answer: A

4. Ellen is performing penetration tests against SmartDefense for her Web server farm. She needs to verify that the Web servers are secure against traffic hijacks. She has selected the "Products > Web Server" box on each of the node objects. What other settings would be appropriate? Ellen:
A. needs to configure TCP defenses such as "Small PMTU" size.
B. should enable all settings in Web Intelligence.
C. needs to create resource objects for the web farm servers and configure rules for the web farm.
D. must activate the Cross-Site Scripting property.
E. should also enable the Web intelligence > SQL injection setting.
Answer: D

5. Your users are defined in a Windows 2000 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in NGX?
A. All Users
B. A group with generic* user
C. External-user group
D. LDAP account-unit group
E. LDAP group
Answer: E

6. Which of the following commands is used to restore NGX configuration information?
A. cpconfig
B. cpinfo -i
C. restore
D. fwm dbimport
E. upgrade_import
Answer: E

7. How do you block some seldom-used FTP commands, such as CWD, and FIND from passing through the Gateway?
A. Use FTP Security Server settings in SmartDefense.
B. Use an FTP resource object.
C. Configure the restricted FTP commands in the Security Servers screen of the Global properties.
D. Enable FTP Bounce checking in SmartDefense.
E. Add the restricted commands to the aftpd.conf file in the SmartCenter Server.
Answer: A

8. In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
A. Define a secondary SmartCenter Server as a log server, to transfer the old logs.
B. Configure a script to archive old logs to another directory, before old log files are deleted.
C. Do nothing. Old logs are deleted, until free space is restored.
D. Use the fwm logexport command to export the old log files to other location.
E. Do nothing. The SmartCenter Server archives old logs to another directory.
Answer: B

9. Which NGX logs can you configure to send to DShield.org?
A. Account and alert logs
B. SNMP and account logs
C. Active and alert logs
D. Audit and alert logs
E. Alert and user-defined alert logs
Answer: E

10. If a digital signature is used to achieve both data-integrity checking and verification of sender, digital signatures are only used when implementing:
A. A symmetric encryption algorithm.
B. CBL-DES.
C. ESP.
D. An asymmetric encryption algorithm.
E. Triple DES.
Answer: D

11. Brianna has three servers located in a DMZ, using private IP addresses. She wants internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?
A. Configure automatic Static NAT rules for the DMZ servers.
B. Configure manual Static NAT rules to translate the DMZ servers, when connecting to the Internet.
C. Configure manual static NAT rules to translate the DMZ servers, when the source is the internal network 10.10.10.x.
D. Configure Hide NAT for the DMZ network behind the DMZ interface of the Security Gateway, when connecting to internal network 10.10.10.x.
E. Configure Hide NAT for 10.10.10.x behind DMZ's interface, when trying to access DMZ servers.
Answer: C

12. Frank wants to know why users on the corporate network cannot receive multicast transmissions from the Internet. An NGX Security Gateway protects the corporate network from the Internet. Which of the following is a possible cause for the connection problem?
A. NGX does not support multicast routing protocols and streaming media through the Security Gateway.
B. Frank did not install the necessary multicast license with SmartUpdate, when he upgraded to NGX.
C. The Multicast Rule is below the Stealth Rule. NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
D. Multicast restrictions are not configured properly on the corporate internal network interface properties of the Security Gateway object.
E. Anti-spoofing is enabled. NGX cannot pass multicast traffic, if anti-spoofing is enabled.
Answer: D

13. You are setting up a Virtual Private Network, and must select an encryption scheme. Network performance is a critical issue - even more so than the security of the packet. Which encryption scheme would you select?
A. In-place encryption
B. Tunneling mode encryption
C. Either one will work without compromising performance
Answer: A

14. Larry is the Security Administrator for a software-development company. To isolate the corporate network from the developers' network, Larry installs an internal Security Gateway. Larry wants to optimize the performance of this Gateway. Which of the following actions is most likely to improve the Gateway's performance?
A. Remove unused Security Policies from Policy Packages.
B. Clear all Global Properties check boxes, and use explicit rules.
C. Use groups within groups in the manual NAT Rule Base.
D. Put the least-used rules at the top of the Rule Base.
E. Use domain objects in rules, where possible.
Answer: A