CheckPoint 156-215.

71

Check Point Certified Security Administrator R71

Version Demo
Version：Demo

Total Questions 9）
Questions（9
Question: 1
The main drawback to tunneling-mode encryption is:

A. The security of the packet size

B. The decrease in the packet size
C. The increase in the packet size
D. The de-cryption of the packet size

Answer: C

Question: 2
The rule below show the Encrypt rule in a Traditional Mode Rule Base. What is likely to be
Simplified Mode equivalent if the connections originates at X and its destination is Y, within
any Site-to-Site Community (i.e. All_GW_to_GW).
A. Rule C
B. Rule E
C. Rule A
D. Rule B
E. Rule D

Answer: B

Question: 3
As a Security Administrator, you are required to create users for authentication. When you
create a user for user authentication, the data is stored in the __________.

A. SmartUpdate repository
B. User Database
C. Rules Database
D. Objects Database

Answer: B

Question: 4
You are running a R71 Security Gateway on SecurePlatform, in case of a hardware failure.
You have a server with the exact same hardware and firewall version installed. What backup
method could be used to quickly put the secondary firewall into production?

A. Upgrade_export
B. Manual backup
C. snapshot
D. Backup

Answer: C

Question: 5
The smartUpdate command line “cprinstall get” will:

A. Install Check Point products on remote Check Point gateways

B. Verify if a specific product can be installed on the remote Check Point gateway
C. Obtain details of the products and the Operation System installed on the specified Check
Point gateway, and to update the database
D. Verify that the Operating System and currently installed products are appropriate for the
package.

Answer: C

Question: 6
Which of the following is true of Symmetric Encryption?

A. Both Communicating parties using Symmetric Encryption use different keys for encryption
and decryption
B. The material used to build these keys must be exchanged in a secure manner
C. Both communicating parties using Symmetric Encryption use the same key for encryption
and decryption
D. The material used to build these keys does not have to be exchanged in a secure manner
E. Information can be securely exchanged only if the key belongs exclusively to the
communicating parties

Answer: B, C, E

Question: 7
How can you configure and application to automatically launch on the Security Management
Server when traffic is dropped Security Policy?

A. Pop-up alert script

B. User-defined alert script
C. Custom scripts cannot be executed through alert scripts
D. SNMP trap alert script

Answer: B

Question: 8
Which port must be allowed to pass through enforcement points in order to allow packet
logging to operate correctly?

A. 514
B. 256
C. 257
D. 258

Answer: A

Question: 9
If you were NOT using IKE aggressive mode for your IPSec tunnel, how many packets would
you see for normal phase exchange?

A. 6
B. 2
C. 3
D. 9

Answer: A