|Checkpoint 156-910.70 : Check Point Certified Security Administrator R70 Upgrade||384 Questions & Answers||Updated: Mar 07,17|
Immediate access to the Checkpoint 156-910.70 Exam and 1800+ other exam PDFs.
This is the BEST deal at only $149.00 for unlimited access. Pass FAST with actual answers to actual questions - We Guarantee You Pass!
Both of our Exams Packages come with all of our Checkpoint Exams including all ActualTests 156-910.70 tests. Find the same core area Checkpoint questions with professionally verified answers, and PASS YOUR EXAM.
Option 1: 156-910.70 exam and 1,800+ Other Exams
OR - Upgrade the Unlimited Access Package to include our Exam Engine. Know more than just the answers, understand the solutions! There is an Exam Engine for each of the 1,800 tests, including Checkpoint 156-910.70. Why Upgrade?
Option 2: 156-910.70 exam, 1,800+ Other Exams PLUS Exam Engine
ActualTests 156-910.70 Exam Engine Features
Customize your Check Point Certified Security Administrator R70 Upgrade certification experience.
Checkpoint 156-910.70 Exam Tips
Which logical server type hides the address of the real servers from the clients?
A. HTTP redirect
B. Other (correct)
C. NAT redirect
D. HTTP NAT
neither A,C or D are valid types of servers used to hide addresses by clients. You can hide the real address of a server by using NAT (either Static or Dynamic), but there is no a 'NAT redirect' server.
When AMC initializes if there is a red X against the LDAP server (account server) what does this mean?
A. It means that the account server is not functioning.
B. It means that the account server is read only.
C. It means that the account server has not been created in the AMC. (correct)
D. It means that the account server is not accepting commands from this AMC.
according to Checkpoint NG online documentation, this could happen when we have not the account created for the LDAP server in the AMC. This red X, is a clear indicator that your configuration is not complete. See 'Troubleshooting AMC' at the online Checkpoint NG documentation.
Before configuring a new user, group or organizational unit in an LDAP server which of the following should be done?
A. Disable schema checking and restart the LDAP server and AMC. (correct)
B. Enable schema checking and restart the LDAP server and AMC.
C. Disable schema checking but do not restart the LDAP server and AMC.
D. Enable schema checking but do not restart the LDAP server and AMC.
in LDAP implementations, its always better to disable the schema checking of the directory before adding objects to it. This is because the object creating can provide some 'refresh' problems in the directory as a whole. For this reason, its better to disable the checking of the schema. Once you are done with the creation of the objects, you should restart the LDAP server and the AMC to make the new objects effective, and make the 'refresh' process in a correct fashion.
What version of VPN1/FW1 introduced Secure Client?
C. 4.1 (correct)
This is true, the first version of Secure Client was provided with VPN1/FW1 4.1. If you search the checkpoint web site about Secure Client, you will see that you can't get a version earlier than the one that was provided with VPN1/FW1 4.1. You can also see that earlier compatibility is only provided for 4.1 version.
Which encryption method(s) are supported by SecuRemote client pre-version 4.0?
B. FWZ (correct)
Since FWZ or 'Firewall 1Encryption' is the proprietary Checkpoint encryption scheme, it was the first to be supported by SecuRemote. In checkpoint NG, you can use FWZ with the FWZ1 (Checkpoint proprietary symmetric encryption algorithm, It uses a 40 bits key length) and DES encryption algorithms, and, as a Authentication algorithm, it can use MD5.
See Page 7.10 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
When you first connect to a certificate authority you get a warning message because the transaction to get the CA public key cannot be authenticated. What should you do?
A. Your CA has been spoofed take appropriate action.
B. Reject the key and try again, it will probably be OK next time.
C. This is normal, you may want to verify the key over the phone. (correct)
D. Reconfigure your firewall to correct the error.
This is an absolutely normal behavior, since you are connecting for the first time to the certification authority it will display this kind of warning message, so you may want to verify the keys over another alternative communication method, this could be the phone, a FAX or something else. This warning message will not appear again the next time you connect to the certification authority.
Which of the following protocols open back connections on another port to that which the initial connection is made as part of the normal progression of the connection? (Choose all that apply)
A. FTP (correct)
B. RSH (correct)
A clear case of this behavior is the FTP protocol, because it uses 2 ports in parallel, it uses port 21 for the connection control on port TCP 21 and it use port TCP 20 for the actual data transfer. With FTP we begin the connection in port 20 TCP and with the progression of it, the port 20 TCP is also open as a back connection. This behavior is also true with the RSH protocol, obviously using other ports than FTP.
With telnet and SMTP, we only use 2 ports for the whole protocol functionality at all times. They are port 23 TCP for telnet and port 25 TCP for SMTP.
What parameters are available on the SYNDefender screen of global properties to tune SYNDefender operation? (Choose all that apply)
A. Maximum retries
B. Maximum sessions (correct)
C. Time out (correct)
D. Block source
This are the 2 configurable options in the global properties relating to SynDefender. 'Timeout for SYN attack identification' specified how long VPN1/FW1 NG waits for an acknowledge from the client, before terminating the connection. 'Maximum protected sessions' specifies the maximum number of protected sessions from one connection. The maximum sessions allowed are the number of pending sessions VPN1/FW1 NG allows outside the network.
See Page 6.12 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
Which of the following is NOT true about a SEP VPN?
A. All gateways must be on the same platform.
B. All gateways must be running the same software version.
C. All gateways must have the same hardware configuration. (correct)
D. The management server cannot be on the same host as a gateway.
'Single Entry point' VPN's enable your enterprise to deploy a solution that protects critical elements of the network. Before you go about configuring SEP VPN solutions, you need to make sure that gateway clusters are enabled on the management server, remember that this will be a cluster. There is a limitation for the creation of SEP VPN's, it's the Hardware configuration, it must be the same. See page 488 of Syngress Book 'Checkpoint NG Next Generation Security Administration'.
All Major Credit CardsWe accept Visa, Mastercard, Electron and American Express. You can also pay us via PayPal.
SSL Secure Transactions