Category: 156-215.1

Exam 156-215.1: Check Point Certified Security Administrator NGX

Jack must meet the following required and desired objectives:

Jack’s project is to define the backup and restore section of his organization’s disaster recovery plan for his organization’s distributed NGX installation. Jack must meet the following required and desired objectives:
Required Objective: The security policy repository must be backed up no less frequently than every 24 hours.
Desired Objective: The NGX components that enforce the Security Policies should be backed up no less frequently than once a week.
Desired Objective: Back up NGX logs no less frequently than once a week. Administrators should be able to view backed up logs in SmartView Tracker.
Jack’s disaster recovery plan is as follows:
Use the cron utility to run the upgrade_export command each night on the SmartCenter Servers.
Configure the organization’s routine backup software to back up the files created by the upgrade_export command.
Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night.
Use the cron utility to run the upgrade_export command each Saturday night on the Log Servers.
Configure an automatic, nightly logexport. Configure the organization’s routine backup software to back up the exported logs every night.
Jack’s plan:

Select the correct NAT rules, so NAT happens ONLY between “web_dallas” and the remote network.

Your internal Web server in the DMZ has IP address 172.16.10.1/24. A particular network from the Internet tries to access this Web server. You need to set up some type of Network Address Translation (NAT), so that NAT occurs only for the HTTP service, and only from the remote network as the source. The public IP address for the Web server is 200.200.200.1. All properties in the NAT screen of Global Properties are enabled.
Select the correct NAT rules, so NAT happens ONLY between "web_dallas" and the remote network.

What is the correct anti-spoofing setting on interface ETH1 in this network diagram?

As a Security Administrator, you must configure anti-spoofing on Security Gateway interfaces, to protect your internal networks. exhibit What is the correct anti-spoofing setting on interface ETH1 in this network diagram?
NOTE: In the DMZ, mail server 192.168.16.10 is statically translated to the object "mail_valid", with IP address 210.210.210.3. The FTP server 192.168.16.15 is statically translated to the object "ftp_valid", with IP address 210.210.210.5.

How do you achieve this requirement?

Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assume you enable all the settings in the NAT page of Global Properties.
exhibit How do you achieve this requirement?


Page 1 of 1412345...10...Last »