Looking at the SYN packets in the Wireshark output,
A. This is an example of Hide NAT.
B. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
C. There is not enough information provided in the Wireshark capture to determine the NAT settings.
D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
A. VLAN tagging cannot be defined for any hosts protected by the Gateway.
B. The Security Gateway’s ARP file must be modified.
C. It is not necessary to add a static route to the Gateway’s routing table.
D. It is necessary to add a static route to the Gateway’s routing table.
Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:
A. SIC names.
B. MAC addresses.
C. IP addresses.
D. SIC is not NAT-tolerant.
Static NAT connections, by default, translate on which firewall kernel inspection point?
You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the best answer.
A. The Administrator decides the rule order by shifting the corresponding rules up and down.
B. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over
the NAT on a network or an address range.
C. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over
the NAT on a network or an address range.
D. The rule position depends on the time of their creation. The rules created first are placed at the top;
rules created later are placed successively below the others.
Which answers are TRUE? Automatic Static NAT CANNOT be used when:
1) NAT decision is based on the destination port.
2) Both Source and Destination IP’s have to be translated.
3) The NAT rule should only be installed on a dedicated Gateway.
4) NAT should be performed on the server side.
A. 2 and 3
B. 1, 3, and 4
C. 1 and 2
D. 2 and 4
In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?
A. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the
NAT Gateway with that Gateway’s internal interface IP address.
B. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.
C. If you chose Automatic NAT instead, all necessary entries are done for you.
D. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you
need to add a proxy ARP entry for that address.
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?
A. A SmartDefense module has blocked the packet.
B. It is due to NAT.
C. An IPSO ACL has blocked the packet’s outbound passage.
D. The packet has been sent out through a VPN tunnel unencrypted.
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R76 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
A. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
C. Use automatic Static NAT for network 10.1.1.0/24.
D. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
You are a Security Administrator who has installed Security Gateway R76 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
– Allow bi-directional NAT
– Translate destination on client side
Do the above settings limit the partner’s access?
A. No. The first setting is not applicable. The second setting will reduce performance.
B. Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the
Gateway translates the traffic after accepting the packet.
C. Yes. Both of these settings are only applicable to automatic NAT rules.
D. No. The first setting is only applicable to automatic NAT rules. The second setting will force translation
by the kernel on the interface nearest to the client.
If you want to pass Check Point 156-215.76 exam successfully, donot missing to read latest lead2pass Check Point 156-215.76 practice tests.
If you can master all lead2pass questions you will able to pass 100% guaranteed.