156-215-75試験無料問題集（543題）「CheckPoint Check Point Certified Security Administrator R75 認定」

出題：1

You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?

A. The SNX client application must be installed on the client.

B. An office mode address must be obtained by the client.

C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.

D. Active-X must be allowed on the client.

正解：C 解答を投票する

出題：2

You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:

A. Initial policy

B. Last policy that was installed

C. Default filter

D. Standard policy

正解：A 解答を投票する

出題：3

Multi-Corp must comply with industry regulations in implementing VPN solutions among multiple sites. The corporate Information Assurance policy defines the following requirements:
What is the most appropriate setting to comply with these requirements?
Portability Standard
Key management Automatic, external PKI
Session keys changed at configured times during a connection's lifetime
Key length No less than 128-bit
Data integrity Secure against inversion and brute-force attacks
What is the most appropriate setting to comply with theses requirements?

A. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash

B. IKE VPNs: DES encryption for IKE phase 1, and 3DES encryption for phase 2, MD 5 hash

C. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for phase 2, AES hash

D. IKE VPNs: CAST encryption for IKE Phase 1, and SHA 1 encryption for phase 2, DES hash

正解：A 解答を投票する

出題：4

Peter is your new Security Administrator. On his first working day, he is very nervous and sets the wrong password three times. His account is locked. What can be done to unlock Peter's account? Give the BEST answer.

A. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Management Server.

B. It is not possible to unlock Peter's account. You have to install the firewall once again or abstain from Peter's help.

C. You can unlock Peter's account by using the command fwm unlock_admin -u Peter on the Security Gateway.

D. You can unlock Peter's account by using the command fwm lock_admin -u Peter on the Security Management Server.

正解：D 解答を投票する

出題：5

Which utility is necessary for reestablishing SIC?

A. cpconfig

B. cplic

C. sysconfig

D. fwm sic_reset

正解：A 解答を投票する

出題：6

When you use the Global Properties' default settings on R75, which type of traffic will be dropped if no explicit rule allows the traffic?

A. Outgoing traffic originating from the Security Gateway

B. RIP traffic

C. Firewall logging and ICA key-exchange information

D. SmartUpdate connections

正解：B 解答を投票する

出題：7

How many packets does the IKE exchange use for Phase 1 Aggressive Mode?

A. 1

B. 6

C. 12

D. 3

正解：D 解答を投票する

出題：8

You install and deploy SecurePlatform with default settings. You allow visitor Mode in the
Gateway object's Remote Access properties and install policy, but SecureClient refuses to connect. What is the cause of this?

A. You need to start SSL Network Extended first, then use Visitor Mode

B. Set the Visitor Mode Policy > Global Properties > Remote-Access > VPN - Advanced

C. The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port.

D. Offline mode is not configured

正解：C 解答を投票する

出題：9

Where is the IPSO Boot Manager physically located on an IP Appliance?

A. In the / nvram directory

B. On the platform's BIOS

C. On an external jump drive

D. On built-in compact Flash memory

正解：D 解答を投票する

出題：10

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC
Certificates:

A. Increase network security by securing administrative communication with a two-factor challenge response authentication.

B. Are for Security Gateways created during the Security Management Server installation.

C. Uniquely identify machines installed with Check Point software only. They have the same function as RSA Authentication Certificates.

D. Can be used for securing internal network communications between the Security Gateway and an OPSEC device.

正解：D 解答を投票する

出題：11

The button Get Address, found on the Host Node Object > General Properties page, will retrieve what?

A. The fully qualified domain name

B. The domain name

C. The IP address

D. The Mac address

正解：C 解答を投票する

出題：12

In which IKE phase are IPsec SA's negotiated?

A. Phase 1

B. Phase 2

C. Phase 4

D. Phase 3

正解：B 解答を投票する

出題：13

Which of the following is NOT true for Clientless VPN?

A. Secure communication is provided between clients and servers that support HTTP

B. The Gateway can enforce the use of strong encryption

C. The Gateway accepts any encryption method that is proposed by the client and
supported in the VPN

D. User Authentication is supported

正解：A 解答を投票する

出題：14

Another administrator accidentally installed a Security Policy on the wrong firewall. Having done this, you are both locked out of the firewall that is called myfw1. What command would you execute on your system console on myfw1 in order for you to push out a new Security Policy?

A. cpstop

B. fw dbloadlocal

C. fw ctl filter

D. fw unloadlocal

正解：D 解答を投票する

156-215-75試験無料問題集「CheckPoint Check Point Certified Security Administrator R75 認定」