156-915.80試験無料問題集（500題）「CheckPoint Check Point Certified Security Expert Update

出題：1

If an administrator wants to add manual NAT for addresses not owned by the Check Point firewall, what else is necessary to be completed for it to function properly?

A. Nothing - the proxy ARP is automatically handled in the R80 version

B. Add the proxy ARP configuration in a file called $FWDIR/conf/local.arp

C. Add the proxy ARP configuration in a file called /etc/conf/local.arp

D. Add the proxy ARP configurations in a file called $CPDIR/config/local.arp

正解：B 解答を投票する

出題：2

Which is NOT an example of a Check Point API?

A. Threat Prevention API

B. Gateway API

C. Management API

D. OPSEC SDK

正解：B 解答を投票する

出題：3

Fill in the blank.

In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108. Review the exhibit and type the IP address of the member serving as the pivot machine in the space below.

正解：

10.4.8.2

出題：4

Customer's R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?

A. SmartUpdate upgrade

B. Export R80 configuration, clean install R80.10 and import the configuration

C. CPUSE online upgrade

D. CPUSE offline upgrade

正解：D 解答を投票する

出題：5

When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called, and what are you defining?

A. Topology; and you are defining the Internal network

B. Internal addresses; you are defining the gateways

C. Internal network(s); you are defining your networks

D. Network; and defining your Class A space

正解：A 解答を投票する

出題：6

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original
"web_public_IP" is the node object that represents the new Web server's public IP address. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error "page cannot be displayed". Which of the following is NOT a possible reason?

A. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

B. There is no ARP table entry for the protected Web server's public IP address.

C. There is no Security Policy defined that allows HTTP traffic to the protected Web server.

D. There is no route defined on the Security Gateway for the public IP address to the Web server's private IP address.

正解：A 解答を投票する

出題：7

Fill in the blank. To verify that a VPN Tunnel is properly established, use the command _________

正解：

vpn tunnelutil

出題：8

In what way are SSL VPN and IPSec VPN different?

A. SSL VPN adds and extra VPN header to the packet, IPsec VPN does not

B. IPsec VPN does not support two factor authentication, SSL VPN does support this

C. IPsec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only

D. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless

正解：C 解答を投票する

出題：9

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.

B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

D. Place a static host route on the firewall for the valid IP address to the internal Web server.

正解：B 解答を投票する

出題：10

VPN Tunnel Sharing can be configured with any of the options below, EXCEPT One:

A. IP range based

B. Gateway-based

C. Host-based

D. Subnet-based

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

What scenario indicates that SecureXL is enabled?

A. SecureXL can be disabled in cpconfig

B. fwaccel commands can be used in clish

C. Dynamic objects are available in the Object Explorer

D. Only one packet in a stream is seen in a fw monitor packet capture

正解：B 解答を投票する

出題：12

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R80 Firewall Rule Base.
To make this scenario work, the IT administrator must:
1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.
Ms. McHanry tries to access the resource but is unable. What should she do?

A. Install the Identity Awareness agent on her iPad

B. Have the security administrator select the Action field of the Firewall Rule "Redirect HTTP connections to an authentication (captive) portal"

C. Have the security administrator select Any for the Machines tab in the appropriate Access Role

D. Have the security administrator reboot the firewall

正解：B 解答を投票する

出題：13

Fill in the blank with a numeric value. The default port number for standard TCP connections with the LDAP server is

正解：

389

156-915.80試験無料問題集「CheckPoint Check Point Certified Security Expert Update - R80 認定」