156-215.71試験無料問題集（465題）「CheckPoint Check Point Certified Security Administrator R71 認定」

出題：1

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties / NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

A. The NAT IP address must be added to the anti-spoofing group of the external gateway interface

B. No extra configuration is needed

C. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

D. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.

正解：C 解答を投票する

出題：2

Which statement defines Public Key Infrastructure? Security is provided:

A. By Certificate Authorities, digital certificates, and public key encryption.

B. By Certificate Authorities, digital certificates, and two-way symmetric- key encryption

C. By authentication

D. Via both private and public keys, without the use of digital Certificates.

正解：A 解答を投票する

出題：3

Which of the following can be found in cpinfo from an enforcement point?

A. Policy file information specific to this enforcement point

B. The complete file objects_5_0. c

C. VPN keys for all established connections to all enforcement points

D. Everything NOT contained in the file r2info

正解：A 解答を投票する

出題：4

You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communication. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a(n):

A. digital signature

B. diffie-Helman verification

C. private key

D. AES flag

正解：A 解答を投票する

出題：5

Which command enables IP forwarding on IPSO?

A. echo 1 > /proc/sys/net/ipv4/ip_forward

B. ipsofwd on admin

C. echo 0 > /proc/sys/net/ipv4/ip_forward

D. clish -c set routing active enable

正解：B 解答を投票する

出題：6

A digital signature:

A. Guarantees the authenticity and integrity of a message.

B. Automatically exchanges shared keys.

C. Provides a secure key exchange mechanism over the Internet

D. Decrypts data to its original form.

正解：B 解答を投票する

出題：7

Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:

A. Session Authentication rule

B. Client Authentication rule, using partially automatic sign on

C. Client Authentication for fully automatic sign on

D. Client Authentication rule using the manual sign-on method, using HTTP on port 900

正解：D 解答を投票する

出題：8

Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism when logging in to a remote server with Telnet?

A. Agent Automatic Sign On

B. Manual Sign On

C. Partially Automatic Sign On

D. Standard Sign On

正解：C 解答を投票する

出題：9

Which of these attributes would be critical for a site-to-site VPN?

A. Centralized management

B. Strong authentication

C. Scalability to accommodate user groups

D. Strong data encryption

正解：D 解答を投票する

出題：10

You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked?

A. Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools / Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.

B. Highlight the suspicious connection in SmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.

C. Highlight the suspicious connection in SmartView Tracker Log mode. Block it using Tools / Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.

D. Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools / Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as "dropped".

正解：A 解答を投票する

出題：11

In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which is of the following is NOT true?

A. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.

B. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address.

C. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.

D. If you chose Automatic NAT instead, all necessary entries are done for you.

正解：B 解答を投票する

出題：12

Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?

A. Real Time Monitor / Gateway Settings / Status Monitor

B. SmartView Tracker / Audit Tab / Gateway Counters

C. This can only be monitored by a user-defined script.

D. SmartView Monitor / Gateway Status / Threshold Settings

正解：D 解答を投票する

出題：13

Which of the following statements regarding SecureXL and CoreXL is TRUE?

A. SecureXL is only available in R71.

B. SecureXL is an application for accelerating connections.

C. CoreXL enables multi-core processing for program interfaces.

D. CoreXL is included in SecureXL.

正解：B 解答を投票する

出題：14

Where can you view anti-spam status?

A. SmartView Monitor

B. SmartUpdate

C. SmartView Tracker

D. SmartDashboard

正解：A 解答を投票する

出題：15

Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration?

A. This can not be done as it requires a SIC- reset on the Gateways first forcing an outage.

B. You first need to completely rewrite all policies in simplified mode and then push this new policy to all Gateways at the same time.

C. This cannot be done without downtime as a VPN between a traditional mode Gateway and a simplified mode Gateway does not work.

D. Convert the required Gateway policies using the simplified VPN wizard, check their logic and then migrate Gateway per Gateway.

正解：D 解答を投票する

156-215.71試験無料問題集「CheckPoint Check Point Certified Security Administrator R71 認定」