1074 お客様のコメント
質問 1:
You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. No, it is not possible to have more one NAT rule matching a connection. When the firewall receives a packet belonging to a concentration, it compares it against the first rule in the Rule Base, then the second rule, and so on When it finds a rule that matches, it stops checking and applies that rule.
B. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
C. Yes, there are always as many active NAT rules as there are connections.
D. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT)
正解:B
質問 2:
What statement is true regarding Visitor Mode?
A. Only ESP traffic is tunneled through port TCP 443.
B. Only Main mode and Quick mode traffic are tunneled on TCP port 443.
C. All VPN traffic is tunneled through UDP port 4500.
D. VPN authentication and encrypted traffic are tunneled through port TCP 443.
正解:D
質問 3:
What is the difference between Standard and Specific Sign On methods?
A. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect.
B. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service specifically defined in the window Specific Action Properties.
C. Standard Sign On allows the user to be automatically authorized for all services that the rule allows, but re-authenticate for each host to which he is trying to connect. Specific Sign On requires that the user re-authenticate for each service.
D. Standard Sign On requires the user to re-authenticate for each service and each host to which he is trying to connect. Specific Sign On allows the user to sign on only to a specific IP address.
正解:A
質問 4:
Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Why?
A. You checked the cache password on desktop option in Global Properties.
B. Users must use the SecuRemote Client, to use the User Authentication Rule.
C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
D. Another rule that accepts HTTP without authentication exists in the Rule Base.
正解:D
質問 5:
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute Only and choosing the target Gateway, the:
A. SmartUpdate wizard walks the Administrator through a distributed installation.
B. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
C. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
D. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
正解:C
質問 6:
Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
A. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one f;or London and New York headquarters.
B. One star Community with the option to "mesh" the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite window.
C. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the center of the Community and its branches as satellites. The mesh Community includes only New York and London Gateways.
D. Two mesh and one star Community One mesh Community is set up for each of the headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite.
正解:C
質問 7:
Nancy has lost SIC communication with her Security Gateway and she needs to re-establish SIC. What would be the correct order of steps needed to perform this task?
1) Create a new activation key on the Security Gateway, then exit cpconfig.
2) Click the Communication tab on the Security Gateway object, and then click Reset.
3) Run the cpconfig tool, and then select Secure Internal Communication to reset.
4) Input the new activation key in the Security Gateway object, and then click initialize
5) Run the cpconfig tool, then select source Internal Communication to reset.
A. 3, 1, 4, 2
B. 2, 3, 1, 4
C. 5, 4, 1, 2
D. 2, 5, 1, 4
正解:D
You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. No, it is not possible to have more one NAT rule matching a connection. When the firewall receives a packet belonging to a concentration, it compares it against the first rule in the Rule Base, then the second rule, and so on When it finds a rule that matches, it stops checking and applies that rule.
B. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
C. Yes, there are always as many active NAT rules as there are connections.
D. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT)
正解:B
質問 2:
What statement is true regarding Visitor Mode?
A. Only ESP traffic is tunneled through port TCP 443.
B. Only Main mode and Quick mode traffic are tunneled on TCP port 443.
C. All VPN traffic is tunneled through UDP port 4500.
D. VPN authentication and encrypted traffic are tunneled through port TCP 443.
正解:D
質問 3:
What is the difference between Standard and Specific Sign On methods?
A. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect.
B. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service specifically defined in the window Specific Action Properties.
C. Standard Sign On allows the user to be automatically authorized for all services that the rule allows, but re-authenticate for each host to which he is trying to connect. Specific Sign On requires that the user re-authenticate for each service.
D. Standard Sign On requires the user to re-authenticate for each service and each host to which he is trying to connect. Specific Sign On allows the user to sign on only to a specific IP address.
正解:A
質問 4:
Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Why?
A. You checked the cache password on desktop option in Global Properties.
B. Users must use the SecuRemote Client, to use the User Authentication Rule.
C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
D. Another rule that accepts HTTP without authentication exists in the Rule Base.
正解:D
質問 5:
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute Only and choosing the target Gateway, the:
A. SmartUpdate wizard walks the Administrator through a distributed installation.
B. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
C. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
D. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
正解:C
質問 6:
Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
A. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one f;or London and New York headquarters.
B. One star Community with the option to "mesh" the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite window.
C. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the center of the Community and its branches as satellites. The mesh Community includes only New York and London Gateways.
D. Two mesh and one star Community One mesh Community is set up for each of the headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite.
正解:C
質問 7:
Nancy has lost SIC communication with her Security Gateway and she needs to re-establish SIC. What would be the correct order of steps needed to perform this task?
1) Create a new activation key on the Security Gateway, then exit cpconfig.
2) Click the Communication tab on the Security Gateway object, and then click Reset.
3) Run the cpconfig tool, and then select Secure Internal Communication to reset.
4) Input the new activation key in the Security Gateway object, and then click initialize
5) Run the cpconfig tool, then select source Internal Communication to reset.
A. 3, 1, 4, 2
B. 2, 3, 1, 4
C. 5, 4, 1, 2
D. 2, 5, 1, 4
正解:D
Kitamura -
156-215.71問題集は専門的な知識です。また、156-215.71問題集の的中率が高いです。その二つ点で、156-215.71試験に合格することは簡単です。