156-215.77 Check Point Certify Security Administrator Exam-1
Attend this 156-215.77 Check Point Certify Security Administrator Exam-11 will get a Good Score 80% on Main Exam
Language : english
Note: 0.0 (New) / 5.0
Q) Which method of Check Point address translation you are required if you want to connect to a host on the Internet via HTTP to a server with a reserved IP address (RFC 1918) on your DMZ? a) Dynamic Address Translation Source
b) Hide Address Translation
c) Port Address Translation
Q) You want to implement static NAT Destination in order to provide external, web users access to an internal Web server that has a private address (RFC 1918) IP. You have a valid IP address is not used on the network between the Security Gateway router and ISP. You can control the router that is located between the external interface of the firewall and Internet.What is an alternative configuration if proxy ARP can not be used on your Gateway Security?
a) Publish a proxy ARP entry ISP’s router instead of the firewall to the valid IP address.
b) Place a static ARP entry on the ISP router to the valid IP address for the external address of the firewall.
c) Publish a proxy ARP entry on the internal Web server instead of the firewall to the valid IP address.
Q) After the Static Address Translation implementation to allow Internet traffic to an internal Web server on the DMZ, you notice that all NATed connections to that machine are interrupted by anti-spoofing protection. Which of the following is the most likely cause?
a) The global properties setting Translate destination on the client side is selected. But the DMZ interface topology is set to Internal – Net defined by IP and mask. Check the global properties setting Translate destination on the client side.
b) The global properties setting Translate destination on the client side is selected. But the external interface topology is set to Other +. Changing topology External.
c) The global properties setting Translate destination on the client side is selected. But the external interface topology is set to External. Changing the topology + to others.
Q) What NAT option applicable for automatic NAT NAT applies to the Manual as well?
a) Allow bidirectional NAT
b) ARP Automatic Configuration
c) Translate destination on the client side
Q) Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small 10.10.20.0/24 internal network behind the router. You want to configure the kernel to translate the source address only when 10.10.20.0 network attempts to access the Internet for HTTP, SMTP, and FTP. Which of the following configurations allow this network to access the Internet?
a) Configure three static NAT Manual rules for 10.10.20.0/24 network, one for each service.
b) Automatic Configuration static NAT on the network 10.10.20.0/24
c) Configure NAT rule a manual Hide to HTTP, FTP, SMTP and services for 10.10.20.0/24 network.