CertsTopics Logo

Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Full Access Checkpoint 156-915.80 Tutorials

Page: 9 / 19
Total 502 questions
Get 156-915.80 Full Access Download 156-915.80 PDF

Check Point Certified Security Expert Update - R80.10 Questions and Answers

Question 33

Your R80 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?

Options:

A.

On a GAiA Security Management Server, this can only be accomplished byconfiguring the command fw logswitch via the cron utility.

B.

Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object.

C.

Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.

D.

Create a time object, and add 48 hours as the interval. Select that time object’sGlobal Properties > Logs and Masters window, to schedule a logswitch.

Question 34

You are a Security Administrator who has installed Security Gateway R80 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:

1)Created manual Static NAT rules for the Web server.

2) Cleared the following settings in the Global Properties > Network Address Translation screen:

- Allow bi-directional NAT

- Translate destination on client side

Do the above settings limit the partner’s access?

Options:

A.

Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

B.

No. The first setting is not applicable. The second setting will reduce performance.

C.

Yes. Both of these settings are only applicable to automatic NAT rules.

D.

No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.

Question 35

Which of the following statements accurately describes the command snapshot?

Options:

A.

snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.

B.

snapshot creates a Security Management Server full system-level backup on any OS.

C.

snapshot stores only the system-configuration settings on the Gateway.

D.

A Gateway snapshotincludes configuration settings and Check Point product information from the remote Security Management Server.

Question 36

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Serverthat has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.

What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

Options:

A.

Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.

B.

Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

C.

Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

D.

Place a static host route on the firewall for the valid IP address to the internal Web server.

Page: 9 / 19
Total 502 questions
Get 156-915.80 Full Access Download 156-915.80 PDF