Saturday, June 28, 2008

640-802 dumps, 350-001 testking and VCP-310

Your internal Web server in the DMZ has IP address 172.16.10.1/24. A particular
network from the Internet tries to access this Web server. You need to set up some
type of Network Address Translation (NAT), so that NAT occurs only from the
HTTP service, and only from the remote network as the source. The public IP
address for the Web server is 200.200.200.1. All properties in the NAT screen of
Global Properties are enabled. 350-001

Select the correct NAT rules, so NAT happens ONLY between "web_dallas" and
the remote network.

A. 1. Create another node object named "web_dallas_valid", and enter "200.200.200.1"
in the General Properties screen.
2. Create two manual NAT rules above the automatic Hide NAT rules for the
172.16.10.0 network.
640-802

3. Select "HTTP" in the Service column of both manual NAT rules.
4. Enter an ARP entry and route on the Security Gateway's OS.
B. 1. Enable NAT on the web_dallas object, select "static", and enter "200.200.200.1" in
the General Properties screen.
2. Specify "HTTP" in the automatic Static Address Translation rules.
3. Create incoming and outgoing rules for the web_dallas server, for the HTTP service
only.
C. 1. Enable NAT on the web_dallas object, select "hide", and enter "200.200.200.1" for
the Hide NAT IP address.
2. Specify "HTTP" in the Address Translation rules that are generated automatically.
3. Create incoming and outgoing rules for the web_dallas server, for the HTTP service
only.
D. 1. Create another node object named "web_dallas_valid", and enter "200.200.200.1"
in the General Properties screen. VCP-310
2. Create two manual NAT rules below the Automatic Hide NAT rules for network
172.16.10.0, in the Address Translation Rule Base.
3. Select "HTTP" in the Service column of both manual NAT rules.
4. Enter an ARP entry and route on the Security Gateway's OS.
Answer: A
Explanation: Note Automatic NAT has defined order for placing rules into the rule
base. The gateway installs Static NAT rules first, then Hide NAT rules. Within
Static and NAT rules, node objects are first,then address ranges, and finally
networks.

See configuring _check_point_NGX_VPN-1_Firewall-1-R page 235
Leading the way in IT testing and certification tools, www.certifyme.com
- 62 -
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)