156-510(1).pdf

(71 KB) Pobierz

Checkpoint 156-510

CheckPoint 156-510.4 Check Point NG with

Application Intelligence - Management III CCSE

Practice Test

Version 2.0

Checkpoint 156-510: Practice Exam

QUESTION NO: 1

You can tell if CPMAD is enabled because you see the message

"FireWall-1: Starting cpmad (Malicious Activity Detection)"

when you perform a fwstart. True of false?

A. False

B. True

Answer: A

QUESTION NO: 2

When installing FW-1 on a Windows NT platform, what state should IP forwarding be in for correct

FW-1 operation?

A. Enabled

B. Disabled

Answer: A

QUESTION NO: 3

What is true about detecting "blocked connection port scanning"?

A. It requires less memory than general port scanning

B. It is less secure than general port scanning

C. It is more secure than general port scanning

D. It requires more memory than general port scanning

Answer: A,B

QUESTION NO: 4

In a load sharing MEP environment accessed by secuRemote. What is true about gateway

selection?

A. SecuRemote will choose the gateway closest to the server

B. SecuRemote will use the first gateway to respond

C. SecuRemote will chose the gateway randomly

"Pass Any Exam. Any Time." - www.actualtests.com

tua

lTe

sts

.co

Checkpoint 156-510: Practice Exam

D. SecuRemote will prefer its primary gateway if both respond

Answer: C

QUESTION NO: 5

Which two types of overlapping encryption domains are supported by FW-1?

A. Partial overlap

B. Full overlap

C. Proper subset

D. Partial subset

Answer: B,C

What does LDAP stand for?

A. Link level Direct Access Process

B. Layered Directory Administration Protocol

C. Layer Dependent Administration process

D. Lightweight Directory Access Protocol

Answer: D

QUESTION NO: 7

By default a Windows NT platform enables both TCP/IP and IPX. What does FW-1 do with any

IPX traffic?

A. Logs it, then drops it

B. Allows it through without being inspected

C. Drops all traffic regardless

D. Inspects the traffic and decide whether to allow it through

Answer: B

QUESTION NO: 8

"Pass Any Exam. Any Time." - www.actualtests.com

tua

lTe

sts

.co

QUESTION NO: 6

Checkpoint 156-510: Practice Exam

When using IP pools for MEP VPN access, where would you specify the pool to be used for a

particular gateway?

A. The NAT screen of the gateway's properties configuration

B. The ADVANCED screen of the gateway's properties configuration

C. The VPN screen of the gateway's properties screen

D. The TOPOLOGY screen of the gateway's properties configuration

Answer: A

QUESTION NO: 9

What is the maximum limit to the number of secondary management modules allowed?

A. No limit

B. 4

C. 2

D. 1

E. 8

Answer: A

QUESTION NO: 10

What is a land attack?

Answer: D

QUESTION NO: 11

If CPMAD terminates, how can you restart it?

A. By using the GUI log client

B. It automatically starts itself

C. By using fw cpmadstart

D. By using fwstop/fwstart

"Pass Any Exam. Any Time." - www.actualtests.com

A. It causes incomplete TCP connections

B. It involves gaining access by imitating an authorized IP address

C. It involves scanning for ports on an IP address that will allow access

D. It causes a server to send packets to itself

tua

lTe

sts

.co

Checkpoint 156-510: Practice Exam

Answer: D

QUESTION NO: 12

What is true when using SEP high availability encryption topologies?

A. Gateways must use the same FW-1 build level

B. All of these

C. You must use a distributed installation of VPN-1/FW-1

D. Gateways must use the same platform and OS

E. Gateways must run identical policies

Answer: B

QUESTION NO: 13

In a resilient MEP topology, what mechanism can be used by SecuRemote to determine that the

primary gateway is still available?

A. TCP Ping

B. TCP keepalives

C. RDP status queries

D. UDP ping

Answer: C

Which are two network related conditions required by high availability in SEP VPN's?

A. The gateways must be synchronized

B. Traffic must be redirected correctly to the backup gateway when the primary gateway fails

C. The gateways must use identical MAC addresses

D. NTP (network time protocol) must be configured between both gateways

Answer: A,B

QUESTION NO: 15

How much memory is reserved for the VPN-1/FW-1 kernel on a Nokia platform?

"Pass Any Exam. Any Time." - www.actualtests.com

QUESTION NO: 14

tua

lTe

sts

.co

Plik z chomika:

musli_com

Inne pliki z tego folderu:

156-210(1).pdf (1259 KB)
156-215-71(1).pdf (5176 KB)
156-215(2).pdf (798 KB)
156-310(1).pdf (5402 KB)
156-510(1).pdf (71 KB)

156-510(1).pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: