156-215.75 Dumps CCSA Dumps Check Point Dumps

Free Download Check Point CCSA 156-215.75 Practice Tests with PDF & VCE (81-90)

March 12, 2014

Which of the following commands will completely remove the Security Policy from being enforced on a Security Gateway?

A.    fw unload
B.    fw unloadlocal
C.    cpstop
D.    fw unload local

Answer: B

Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the initial policy?

A.    fw monitor
B.    fw ctl pstat
C.    cp stat
D.    fw stat

Answer: D

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is enabled in the Global Properties. A client on the Internet initiates a session to the Web Server. On the initiating packet, NAT occurs on which inspection point?

A.    I
B.    O
C.    o
D.    i

Answer: A

To monitor all traffic between a network and the Internet on a SecurePlatform Gateway, what is the BEST utility to use?

A.    snoop
B.    cpinfo
C.    infoview
D.    tcpdump

Answer: D

You are creating an output file with the following command:

fw monitor -e “accept (src= or dst=;” -o ~/output

Which tool do you use to analyze this file?

A.    You can analyze it with Wireshark or Ethereal.
B.    You can analyze the output file with any ASCI editor.
C.    The output file format is CSV, so you can use MS Excel to analyze it.
D.    You cannot analyze it with any tool as the syntax should be:fw monitor -e accept ([12,b]=
or [16,b]=; -o ~/output.

Answer: A

You issue the fw monitor command with no arguments. Which of the following inspection points will be displayed?

A.    Before the virtual machine, in the inbound direction
B.    After the virtual machine, in the outbound direction
C.    All inspection points
D.    Before the virtual machine, in the outbound direction

Answer: C

What is the command used to view which policy is installed?

A.    fw ctl install
B.    fwm stat
C.    fw ctl pstat
D.    fw stat

Answer: D

How can you view cpinfo on a SecurePlatform machine?

A.    tcpdump
B.    snoop -i
C.    infotab
D.    Text editor, such as vi

Answer: D

In previous versions, the full TCP three-way handshake was sent to the firewall kernel for inspection. How is this improved in the current version of IPSO Flows/SecureXL?

A.    Only the initial SYN packet is inspected. The rest are handled by IPSO.
B.    Packets are offloaded to a third-party hardware card for near-line inspection.
C.    Packets are virtualized to a RAM drive-based FW VM.
D.    Resources are proactively assigned using predictive algorithmic techniques.

Answer: A

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates are created:

A.    And used for securing internal network communications between SmartView Tracker and an OPSEC
B.    For the Security Management Server during the Security Management Server installation.
C.    For Security Gateways during the Security Gateway installation.
D.    To decrease network security by securing administrative communication among the Security Management
Servers and the Security Gateway.

Answer: B

If you want to pass the Check Point CCSA 156-215.75 exam sucessfully, recommend to read latest Check Point CCSA 156-215.75 Test Engine full version.