100% Valid Download From Flydumps Latest CheckPoint 156-210 Pdf Exam Free Practice Test

Exam A
QUESTION 1
Once you have installed Secure Internal Communcations (SIC) for a host-node object and issued a certificate for it. Which of the following can you perform? Choose two.
A. Rename the object
B. Rename the certificate
C. Edit the object properties
D. Rest SIC
E. Edit the object type
Correct Answer: AC
QUESTION 2
You are a Security Administrator preparing to implement Hide NAT. You must justify your decision. Which of the following statements justifies implementing a Hide NAT solution? Choose two.
A. You have more internal hosts than public IP addresses
B. Your organization requires internal hosts, with RFC 1918-compliant addresses to be assessable from the Internet.
C. Internally, your organization uses an RFC 1918-compliant addressing scheme.
D. Your organization does not allow internal hosts to access Internet resources
E. Internally, you have more public IP addresses than hosts.
Correct Answer: AC
QUESTION 3
Which critical files and directories need to be backed up? Choose three
A. $FWDIR/conf directory
B. rulebase_5_0.fws
C. objects_5_0.c
D. $CPDIR/temp directory
E. $FWDIR/state directory
Correct Answer: ABC
QUESTION 4
Which of the following statements about the General HTTP Worm Catcher is FALSE?
A. The General HTTP Worm Catcher can detect only worms that are part of a URI.
B. Security Administrators can configure the type of notification that will take place, if a worm is detected.
C. SmartDefense allows you to configure worm signatures, using regular expressions.
D. The General HTTP Worm Catcher’s detection takes place in the kernel, and does not require a Security Server.
E. Worm patterns cannot be imported from a file at this time.
Correct Answer: A
QUESTION 5
You are a Security Administrator attempting to license a distributed VPN-1/Firewall-1 configuration with three Enforcement Modules and one SmartCenter Server. Which of the following must be considered when licensing the deployment? Choose two.
A. Local licenses are IP specific.
B. A license can be installed and removed on a VPN-1/Firewall-1 version 4.1, using SmartUpdate.
C. You must contact Check Point via E-mail or telephone to create a license for an Enforcement Module.
D. Licenses cannot be installed through SmartUpdate.
E. Licenses are obtained through the Check Point User Center
Correct Answer: AE
QUESTION 6
Which of the following are tasks performed by a VPN-1/FireWall-1 SmartCenter Server? Choose three.
A. Examines all communications according to the Enterprise Security Policy.
B. Stores VPN-1/FirWall-1 logs.
C. Manages the User Database.
D. Replicates state tables for high availability.
E. Compiles the Rule Base into an enforceable Security Policy.
Correct Answer: BCE
QUESTION 7
You are a Security Administrator preparing to implement an address translation solution for Certkiller .com. The solution you choose must meet the following requirements:
1.
RFC 1918-compliant internal addresses must be translated to public, external addresses when packets
exit the Enforcement Module.
2.
Public, external addresses must be translated to internal, RFC 1918-compliant addresses when packets
enter the Enforcement Module.
Which address translation solution BEST meets your requirements?

A. Hide NAT

B. The requirements cannot be met with any address translation solution.

C. Dynamic NAT

D. IP Pool Nat

E. Static NAT

Correct Answer: E
QUESTION 8
Which of the following suggestions regarding Security Policies will NOT improve performance?
A. If most incoming connections are HTTP, but the rule that accepts HTTP at the bottom of the Rule Base, before the Cleanup Rule
B. Use a network object, instead of multiple host-node objects.
C. Do not log unnecessary connections.
D. Keep the Rule Base simple.
E. Use IP address-range objects in rules, instead of a set of host-node objects.
Correct Answer: A
QUESTION 9
You are a Security Administrator attempting to license a distributed VPN-1/Firwall-1 configuration with three Enforcement Modules and one SmartCenter Server. Which license type is the BEST for your deployemenet?
A. Discretionary
B. Remote
C. Central
D. Local
E. Mandatory
Correct Answer: C
QUESTION 10
Network attacks attempt to exploit vulnerabilities in network applications, rather than targeting firewalls
directly.
What does this require of today’s firewalls?

A. Firewalls should provide network-level protection, by inspecting packets all layers of the OSI model.
B. Firewall should not inspect traffic below the Application Layer of the OSI model, because such inspection is no longer relevant.
C. Firewalls should understand application behavior, to protect against application attacks and hazards.
D. Firewalls should provide separate proxy processes for each application accessed through the firewall.
E. Firewalls should be installed on all Web servers, behind organizations’ intranet.
Correct Answer: C