Free Download Latest 2014 Pass4sure&Lead2pass Check Point 156-215.76 PDF (131-140)

      Comments Off on Free Download Latest 2014 Pass4sure&Lead2pass Check Point 156-215.76 PDF (131-140)

QUESTION 131
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R76 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

A.    O=outbound kernel, after the virtual machine
B.    i=inbound kernel, before the virtual machine
C.    I=inbound kernel, after the virtual machine
D.    o=outbound kernel, before the virtual machine

Answer: C

QUESTION 132
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

A.    A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s
external interface.
B.    No extra configuration is needed.
C.    The NAT IP address must be added to the external Gateway interface anti-spoofing group.
D.    A static route, to ensure packets destined for the public NAT IP address will reach the Gateway’s internal
interface.

Answer: D

QUESTION 133
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:

image
“web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason?

A.    There is no route defined on the Security Gateway for the public IP address to the Web server’s private
IP address.
B.    There is no ARP table entry for the protected Web server’s public IP address.
C.    There is no Security Policy defined that allows HTTP traffic to the protected Web server.
D.    There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Answer: D

QUESTION 134
You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.

A.    Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT
(bidirectional NAT).
B.    Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT
(bidirectional NAT).
C.    Yes, there are always as many active NAT rules as there are connections.
D.    No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives
a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second
rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.

Answer: A

QUESTION 135
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.

image

image
What is TRUE about the new package’s NAT rules?

A.    NAT rules will be empty in the new package.
B.    Rules 4 and 5 will appear in the new package.
C.    Rules 1, 2, 3 will appear in the new package.
D.    Only rule 1 will appear in the new package.

Answer: C

QUESTION 136
What is the default setting when you use NAT?

A.    Source Translated on Client side
B.    Source Translated on both sides
C.    Destination Translated on Client side
D.    Destination Translated on Server side

Answer: C

QUESTION 137
A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?

A.    SmartView Tracker
B.    SmartView Monitor
C.    SmartDashboard
D.    SmartView Status

Answer: C

QUESTION 138
Which statement below describes the most correct strategy for implementing a Rule Base?

A.    Place a network-traffic rule above the administrator access rule.
B.    Limit grouping to rules regarding specific access.
C.    Place the most frequently used rules at the top of the Policy and the ones that are not frequently
used further down.
D.    Add the Stealth Rule before the last rule.

Answer: C

QUESTION 139
Which of the following is a viable consideration when determining Rule Base order?

A.    Grouping authentication rules with address-translation rules
B.    Grouping rules by date of creation
C.    Grouping reject and drop rules after the Cleanup Rule
D.    Grouping functionally related rules together

Answer: D

QUESTION 140
Which of the following is a viable consideration when determining Rule Base order?

A.    Adding SAM rules at the top of the Rule Base
B.    Placing frequently accessed rules before less frequently accessed rules
C.    Grouping rules by date of creation
D.    Grouping IPS rules with dynamic drop rules

Answer: B

If you want to pass Check Point 156-215.76 exam successfully, donot missing to read latest lead2pass Check Point 156-215.76 practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/156-215-76.html