Vendor: Check Point Exam Code: 300-135 Exam Name: Check Point 300-135 dumps Certified Security Administrator Version: DemoDEMO

QUESTION 1 Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R77 installation benefits. Your plan must meet the following required and desired objectives: Required ObjectivE. The Security Policy repository must be backed up no less frequently than every 24 hours. Desired ObjectivE. The R77 components that enforce the 400-201 dumps Security Policies should be backed up at least once a week. Desired ObjectivE. Back up R77 logs at least once a week. Your disaster recovery plan is as follows: - Use the cron utility to run the command upgrade_export each night on the Security Management Servers. - Configure the organization's routine back up software to back up the files created by the command upgrade_export. - Configure the GAiA back up utility to back up the Security Gateways every Saturday night. - Use the cron utility to run the command upgrade_export each Saturday night on the log servers. - Configure an automatic, nightly logswitch. - Configure the organization's routine back up software dumps to back up the switched logs every night. Upon evaluation, your plan: A. Meets the required objective and only one desired objective. B. Meets the required objective but does not meet either desired objective. C. Does not meet the required objective. D. Meets the required objective and both desired objectives. Correct Answer: D

QUESTION 2 Which Check Point 200-125 address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity? A. Hide B. Static Destination C. Static Source D. Dynamic Destination Correct Answer: A

QUESTION 3 An internal host initiates a session to cisco 210-260 dumps the website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________. A. client side NAT B. source NAT C. destination NAT D. None of these Correct Answer: B

QUESTION 4 Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on: A. IP addresses. B. SIC is not NAT-tolerant. C. SIC names. D. MAC addresses. Correct Answer: C

QUESTION 5 You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so dumps that a host on the Internet can initiate an inbound connection to this host? A. No extra configuration is needed. B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface. C. The NAT IP address must be added to the external Gateway interface anti-spoofing group. D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface. Correct Answer: D

QUESTION 6 You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error: Unknown established connection How do you resolve this problem without causing other security issues? Choose the BEST answer. A. Increase the service-based session timeout of the default Telnet service to 24-hours. B. Ask the mainframe users to reconnect every time this 300-101 dumps error occurs. C. Increase the TCP session timeout under Global Properties > Stateful Inspection. D. Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe. Correct Answer: D

QUESTION 7 Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway's Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the 400-201 dumps following would work BEST for your purpose? A. Logging implied rules B. User-defined alert script C. SNMP trap D. SmartView Monitor Threshold Correct Answer: B

QUESTION 8 As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting: A. in the user object's Authentication screen. B. in the Gateway object's Authentication screen.C. in the Limit tab of the Client Authentication Action Properties screen. D. in the Global Properties Authentication screen. Correct Answer: C

QUESTION 9 All R77 Security Servers can perform authentication 210-250 dumps with the exception of one. Which of the Security Servers can NOT perform authentication? A. FTP B. SMTP C. HTTP D. RLOGIN Correct Answer: B

QUESTION 10 In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group. What happens when Eric tries to connect to a server on the Internet? A. None of these things will happen. B. Eric will be authenticated and get access to the requested server. C. Eric will be blocked because LDAP is not allowed in the Rule Base. D. Eric will be dropped by the Stealth Rule. Correct Answer: B

QUESTION 11 How many packets does the IKE exchange use for Phase 1 Main Mode? A. 12 B. 1 C. 3 D. 6Correct Answer: D

QUESTION 12 You have included the Cleanup Rule in your Rule Base. Where 210-255 dumps in the Rule Base should the Accept ICMP Requests implied rule have no effect? A. Last B. After Stealth Rule C. First D. Before Last Correct Answer: A

QUESTION 13 Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured? A. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install. B. A Rule Base can always be installed on any Check Point firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install. C. In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule. D. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base. Correct Answer: C

QUESTION 14 MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote 200-150 dumps Security Gateway. How do you apply the license? A. Using the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate. B. Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate. C. Using the remote Gateway's IP address, and applying the license locally with the command cplic put. D. Using each of the Gateways' IP addresses, and applying the licenses on the Security Management Server with the command cprlic put. Correct Answer: B

QUESTION 15 How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface? A. Change the gateway settings to allow Captive Portal access via an external interface. B. No action is necessary. This access is available by default. C. Change the Identity Awareness settings under Global 200-155 pdf Properties to allow Captive Portal access on all interfaces. D. Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an external interface. Correct Answer: A