Which of these Security Policy changes optimize Security Gateway performance?
A. Using groups within groups in the manual NAT Rule Base.
B. Use Automatic NAT rules instead of Manual NAT rules whenever possible.
C. Putting the least-used rule at the top of the Rule Base.
D. Using domain objects in rules when possible.
正解:B
質問 2:
When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field
B. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
C. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56
D. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
正解:D
質問 3:
Which of the following options is available with the SecurePlatform cpconfig utility?
A. Export setup
B. GUI Clients
C. Time & Date
D. DHCP Server configuration
正解:B
質問 4:
Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?
A. Intrusion Detection System (IDS) Policy install
B. Block Intruder feature of SmartView Tracker
C. Change the Rule Base and install the Policy to all Security Gateways
D. SAM - Suspicious Activity Rules feature of SmartView Monitor
正解:B
質問 5:
How can you check whether IP forwarding is enabled on an IP Security Appliance?
A. cat /proc/sys/net/ipv4/ip_forward
B. echo 1 > /proc/sys/net/ipv4/ip_forward
C. ipsofwd list
D. clish -c show routing active enable
正解:C
質問 6:
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
B. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
C. All is fine and can be used as is.
D. The two algorithms do not have the same key length and so don't work together. You will get the error .... No proposal chosen....
正解:B
質問 7:
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
A. Captive Portal
B. TACACS
C. Windows password
D. Check Point Password
正解:A
質問 8:
You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?
A. After Stealth Rule
B. First
C. Before Last
D. Last
正解:D
質問 9:
True or False? SmartView Monitor can be used to create alerts on a specified Gateway.
A. False, an alert cannot be created for a specified Gateway.
B. False, alerts can only be set in SmartDashboard Global Properties.
C. True, by choosing the Gateway and selecting System Information.
D. True, by right-clicking on the Gateway and selecting Configure Thresholds.
正解:D
小口** -
CheckPointのこの156-215.76の問題集はほかのサイトに比べて、わかりやすかったですし、内容も全面的で、一発で試験に合格いたしました。ありがとうございます。