CheckPoint Checkpoint Certifications 156-915.80 Questions & Answers

• Question 481:

  You cannot use SmartDashboard's User Directory features to connect to the LDAP server. What should you investigate?

  1) Verify you have read-only permissions as administrator for the operating system.

  2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.

  3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.

  A. 1, 2, and 3

  B. 2 and 3

  C. 1 and 2

  D. 1 and 3

  Correct Answer: B

• Question 482:

  Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:

  A. Client Authentication rule using the manual sign-on method, using HTTP on port 900

  B. Client Authentication rule, using partially automatic sign on

  C. Client Authentication for fully automatic sign on

  D. Session Authentication rule

  Correct Answer: A

• Question 483:

  Which Security Gateway R80 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:

  A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.

  B. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.

  C. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.

  D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.

  Correct Answer: C

• Question 484:

  All R80 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

  A. FTP

  B. SMTP

  C. HTTP

  D. RLOGIN

  Correct Answer: B

• Question 485:

  Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?

  

  A. The configuration file $FWDIR/conf/fwauthd.conf is incorrect.

  B. The Security Policy is not correct.

  C. You can't use any port other than the standard port 900 for Client Authentication via HTTP.

  D. The service FW_clntauth_http configuration is incorrect.

  Correct Answer: A

• Question 486:

  Charles requests a Website while using a computer not in the net_singapore network. What is TRUE about his location restriction?

  A. Source setting in Source column always takes precedence.

  B. Source setting in User Properties always takes precedence.

  C. As location restrictions add up, he would be allowed from net_singapore and net_sydney.

  D. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.

  Correct Answer: D

• Question 487:

  In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group.

  

  What happens when Eric tries to connect to a server on the Internet?

  A. None of these things will happen.

  B. Eric will be authenticated and get access to the requested server.

  C. Eric will be blocked because LDAP is not allowed in the Rule Base.

  D. Eric will be dropped by the Stealth Rule.

  Correct Answer: D

• Question 488:

  As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

  A. in the user object's Authentication screen.

  B. in the Gateway object's Authentication screen.

  C. in the Limit tab of the Client Authentication Action Properties screen.

  D. in the Global Properties Authentication screen.

  Correct Answer: C

• Question 489:

  The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

  A. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.

  B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.

  C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.

  D. You can limit the authentication attempts in the User Properties' Authentication tab.

  Correct Answer: B

• Question 490:

  You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:

  Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original "web_public_IP" is the node object that represents the new Web server's public IP address.

  "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT. When you try to browse the Web server from the Internet you see the error "page cannot be

  displayed". Which of the following is NOT a possible reason?

  A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.

  B. There is no ARP table entry for the protected Web server's public IP address.

  C. There is no route defined on the Security Gateway for the public IP address to the Web server's private IP address.

  D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

  Correct Answer: D