Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?
A. Intrusion Detection System (IDS) Policy install
B. Block Intruder feature of SmartView Tracker
C. Change the Rule Base and install the Policy to all Security Gateways
D. SAM - Suspicious Activity Rules feature of SmartView Monitor
正解:B
質問 2:
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?
A. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
B. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.
C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
D. No extra configuration is needed.
正解:B
質問 3:
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself.
B. Security Gateway
C. SmartConsole
D. SecureClient
正解:B
質問 4:
The ____________ and ____________ Rules are the two basic rules which should be used by all Security Administrators?
A. Cleanup; Stealth
B. Administrator Access; Stealth
C. Network Traffic; Stealth
D. Cleanup; Administrator Access
正解:A
質問 5:
In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?
A. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.
B. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.
C. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address.
D. If you chose Automatic NAT instead, all necessary entries are done for you.
正解:C
質問 6:
Reviewing the Rule Base,
you see that ________ is responsible for the installation failure.
A. Rule 5
B. Rule 4
C. Rule 8
D. Rule 7
正解:B
高井** -
出題確率の高い項目を重点的に解説するのが本当に助かりました。156-215.13試験直前に苦手なテーマだけを集中的に学習することも有効な対策って感じかな!