Check Point-Certified Security Administrator NGX Set 2

Question - 15 Maximum mark : - 28

Home
All Exams
Check Point-Certified Security Administrator NGX Online Practice Exams
Check Point-Certified Security Administrator NGX Set 2

Which of the following describes the default behavior of an R76 Security Gateway?

Traffic is filtered using controlled port scanning. ✘ IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected. ✘ All traffic is expressly permitted via explicit rules. ✘ Traffic not explicitly permitted is dropped. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?

Allow bi-directional NAT is not checked in Global Properties. ✘ Translate destination on client side is not checked in Global Properties under Manual NAT Rules. ✘ Manual NAT rules are not configured correctly. ✘ Routing is not configured correctly. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?

Two, one for outbound, one for inbound ✘ Only one, inbound ✘ Only one, outbound ✘ Two, both outbound, one for the real IP connection and one for the NAT IP connection ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Which of the following statements BEST describes Check Point's Hide Network Address Translation method?

Translates many source IP addresses into one source IP address ✘ Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source andDestination IP address translation ✘ Translates many destination IP addresses into one destination IP address ✘ One-to-one NAT which implements PAT (Port Address Translation) for accomplishing bothSource and Destination IP address translation ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?

Static Source ✘ Static Destination ✘ Dynamic Destination ✘ Hide ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

NAT can NOT be configured on which of the following objects?

Host ✘ HTTP Logical Server ✘ Address Range ✘ Gateway ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

Hide Address Translation ✘ Static Destination Address Translation ✘ Port Address Translation ✘ Dynamic Source Address Translation ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address. ✘ Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address. ✘ Place a static host route on the firewall for the valid IP address to the internal Web server. ✘ Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Which of the following is the MOST LIKELY cause?

The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side. ✘ The Global Properties setting Translate destination on client side is unchecked. But the topology on theexternal interface is set to Others +. Change topology to External. ✘ The Global Properties setting Translate destination on client side is checked. But the topology on theexternal interface is set to External. Change topology to Others +. ✘ The Global Properties setting Translate destination on client side is unchecked. But the topology on theDMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

10.

Which NAT option applicable for Automatic NAT applies to Manual NAT as well?

Translate destination on client-side ✘ Enable IP Pool NAT ✘ Allow bi-directional NAT ✘ Automatic ARP configuration ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Prev Next

Congratulations

you have successfully completed the test

Back to Question View Result

Detail Form

We will send your result on your email id and phone no. please fill detail

Name

Email ID Note: Report will be send to the above Email ID

Phone No

Check Point-Certified Security Administrator NGX Set 2

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner