156-215.76 Exam Questions
379 real 156-215.76 exam questions with expert-verified answers and explanations. Page 3 of 8.
- Question #101
What CANNOT be configured for existing connections during a policy install?
- Question #102
What is the purpose of a Stealth Rule?
- Question #103
Which of these Security Policy changes optimize Security Gateway performance?
- Question #104
Your perimeter Security Gateway's external IP is 200.200.200.(3) Your network diagram shows: RequireD. Allow only network 19(2)168.10.0 and 19(2)168.20.0 to go out to the Internet,...
- Question #105
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traff...
- Question #106
You enable Hide NAT on the network object, 10.(1)(1)0 behind the Security Gateway's external interface. You browse to from host, 10.(1)(1)10 successfully. You enable a log on the r...
- Question #107
Which of the following statements BEST describes Check Point's Hide Network Address Translation method?
- Question #108
Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?
- Question #109
NAT can NOT be configured on which of the following objects?
- Question #110
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?
- Question #111
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an un...
- Question #112
You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?
- Question #113
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
- Question #114
Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to conf...
- Question #115
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10...
- Question #116
An internal host initiates a session to and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of ____________.
- Question #117
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will...
- Question #118
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to th...
- Question #119
When translation occurs using automatic Hide NAT, what also happens?
- Question #120
The fw monitor utility is used to troubleshoot which of the following problems?
- Question #121
Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.
- Question #122
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
- Question #123
Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:
- Question #124
Static NAT connections, by default, translate on which firewall kernel inspection point?
- Question #125
You are MegaCorp's Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Sta...
- Question #126
Which answers are TRUE? Automatic Static NAT CANNOT be used when: (1) NAT decision is based on the destination port. (2) Both Source and Destination IP's have to be translated. (3)...
- Question #127
In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?
- Question #128
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely s...
- Question #129
Your internal network is configured to be 10.(1)(1)0/2(4) This network is behind your perimeter R76 Gateway, which connects to your ISP provider. How do you configure the Gateway t...
- Question #130
You are a Security Administrator who has installed Security Gateway R76 on your network. You need to allow a specific IP address range for a partner site to access your intranet We...
- Question #131
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.(5) (You use the default settings in Global...
- Question #132
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NA...
- Question #133
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: "web_public_IP" is the node object that rep...
- Question #134
You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
- Question #135
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRU...
- Question #136
What is the default setting when you use NAT?
- Question #137
A marketing firm's networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check t...
- Question #138
Which statement below describes the most correct strategy for implementing a Rule Base?
- Question #139
Which of the following is a viable consideration when determining Rule Base order?
- Question #140
Which of the following is a viable consideration when determining Rule Base order?
- Question #141
Which of the following is a viable consideration when determining Rule Base order?
- Question #142
You would use the Hide Rule feature to:
- Question #143
You are a Security Administrator using one Security Management Server managing three different firewalls. One firewall does NOT show up in the dialog box when attempting to install...
- Question #144
Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the di...
- Question #145
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object d...
- Question #146
A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R76. After running the command fw unload...
- Question #147
When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R76 topology configuration?
- Question #148
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Ru...
- Question #149
Which rule is responsible for the installation failure?
- Question #150
Which command allows Security Policy name and install date verification on a Security Gateway?