Checkpoint 156-315 Certification, Best Quality Checkpoint 156-315 Exam Questions And Answers Online

CheckPoint, CheckPoint Certification Comments Off

Checkpoint 156-315 exam sample questions are available from FLYDUMPS has been hand crafted by our team of practicing Checkpoint 156-315 exam. We at FLYDUMPS provides comprehensive Checkpoint 156-315 exam sample questions for your prompt success. Our Checkpoint 156-315 exam sample questions are prepared by industry Experts who bring the latest Study Materials. If you think that you can face the unique challenges in your career, challenges that other Checkpoint 156-315 FLYDUMPS professionals have already beaten, then you should get rapidshare download test preparation help for the exam from practice test.

QUESTION 161
How do new connections get established through a Security Gateway with SecureXL enabled?
A. New connections are always inspected by the firewall and if they are accepted, the subsequent packets of the same connection will be passed through SecureXL
B. The new connection will be first inspected by SecureXL and if it does not match the drop table of SecureXL, then it will be passed to the firewall module for a rule match.
C. New connection packets never reach the SecureXL module.
D. If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match.

Correct Answer: D QUESTION 162
Which of the following commands can be used to bind a NIC to a single processor when using a Performance Pack on SecurePlatform?

A. sim affinity
B. splat proc
C. set proc
D. fw fat path nic

Correct Answer: A
QUESTION 163
Your customer asks you about the Performance Pack.
You explain to him that a Performance Pack is a software acceleration product which improves the
performance of the Security Gateway.
You may enable or disable this acceleration by either:

1) The command cpconfig
2) The command fwaccel on|off

What is the difference between these two commands?

A. Both commands function identically.
B. The fwaccel command determines the default setting. The command cpconfig can dynamically change the setting, but after the reboot it reverts to the default setting.
C. The command cpconfig works on the Security Platform only. The command fwaccel can be used on all platforms.
D. The cpconfig command enables acceleration. The command fwaccel can dynamically change the setting, but after the reboot it reverts to the default setting.

Correct Answer: D
QUESTION 164
Your customer complains of the weak performance of his systems. He has heard that Connection Templates accelerate traffic.
How do you explain to the customer about template restrictions and how to verify that they are enabled?
A. To enhance connection-establishment acceleration, a mechanism attempts to “group together” all connections that match a particular service and whose sole discriminating element is the source port. To test if connection templates are enabled, use the command fwaccel stat.
B. To enhance connection-establishment acceleration, a mechanism attempts to “group together” all connections that match a particular service and whose sole discriminating element is the destination port. To test if connection templates are enabled, use the command fwacel templates.
C. To enhance connection-establishment acceleration, a mechanism attempts to “group together” all connections that match a particular service and whose sole discriminating element is the destination port. To test if connection templates are enabled, use the command fw ctl templates.
D. To enhance connection-establishment acceleration, a mechanism attempts to “group together” all connections that match a particular service and whose sole discriminating element is the source port. To test if connection templates are enabled, use the command fw ctl templates.

Correct Answer: A
QUESTION 165
Frank is concerned with performance and wants to configure the affinities settings. His gateway does not have the Performance Pack running.
What would Frank need to perform in order configure those settings?
A. Edit $FWDIR/conf/fwaffinity.conf and change the settings.
B. Edit affinity.conf and change the settings.
C. Run fw affinity and change the settings.
D. Run sim affinity and change the settings.

Correct Answer: A QUESTION 166
You are concerned that the processor for your firewall running NGX R71 SecurePlatform may be overloaded.
What file would you view to determine the speed of your processor(s)?
A. cat /etc/cpuinfo
B. cat /proc/cpuinfo
C. cat /var/opt/CPsuite-R71/fw1/conf/cpuinfo
D. cat /etc/sysconfig/cpuinfo

Correct Answer: B QUESTION 167
In CoreXL, what process is responsible for processing incoming traffic from the network interfaces, securely accelerating authorized packets, and distributing non-accelerated packets among kernel instances?
A. NAD (Network Accelerator Daemon)
B. SND (Secure Network Distributor)
C. SSD (Secure System Distributor)
D. SNP (System Networking Process)

Correct Answer: B QUESTION 168
Due to some recent performance issues, you are asked to add additional processors to your firewall. If you already have CoreXL enabled, how are you able to increase Kernel instances?
A. Once CoreXL is installed you cannot enable additional Kernel instances without reinstalling R75.
B. In SmartUpdate, right-click on Firewall Object and choose Add Kernel Instances.
C. Use cpconfig to reconfigure CoreXL.
D. Kernel instances are automatically added after process installed and no additional configuration is needed.

Correct Answer: C QUESTION 169
Which of the following platforms does NOT support SecureXL?
A. Power-1 Appliance
B. IP Appliance
C. UTM-1 Appliance
D. UNIX

Correct Answer: D
QUESTION 170
Which of the following is NOT supported by CoreXL?
A. SmartView Tracker
B. Route-based VPN
C. IPS
D. IPV4

Correct Answer: B
QUESTION 171
Which of the following is NOT accelerated by SecureXL?
A. Telnet
B. FTP
C. SSH
D. HTTPS

Correct Answer: B
QUESTION 172
To verify SecureXL statistics you would use the command ________?
A. fwaccel stats
B. fw ctl pstat
C. fwaccel top
D. cphaprob stat
Correct Answer: A
QUESTION 173
How can you disable SecureXL via the command line (it does not need to survive a reboot)?
A. cphaprob off
B. fw ctl accel off
C. securexl off
D. fwaccel off
Correct Answer: D
QUESTION 174
Which of these is a type of acceleration in SecureXL?
A. FTP
B. connection rate
C. GRE
D. QoS

Correct Answer: B QUESTION 175
How can you verify that SecureXL is running?
A. cpstat os
B. fw ver
C. fwaccel stat
D. securexl stat

Correct Answer: C QUESTION 176
Which of the following services will cause SecureXL templates to be disabled?
A. TELNET
B. FTP
C. HTTPS
D. LDAP

Correct Answer: B QUESTION 177
How do you enable SecureXL (command line) on SecurePlatform?
A. fw securexl on
B. fw accel on
C. fwaccel on
D. fwsecurexl on

Correct Answer: C QUESTION 178
The following graphic illustrates which command being issued on SecurePlatform?

A. fwaccel stats
B. fw accel stats
C. fw securexl stats
D. fwsecurexl stats

Correct Answer: A QUESTION 179
After Travis added new processing cores on his server, CoreXL did not use them.
What would be the most plausible reason why? Travis did not:
A. edit the Gateway Properties and increase the kernel instances.
B. run cpconfig to increase the number of CPU cores.
C. edit the Gateway Properties and increase the number of CPU cores.
D. run cpconfig to increase the kernel instances.

Correct Answer: D QUESTION 180
A SmartProvisioning Gateway could be a member of which VPN communities?
(i)
Center In Star Topology

(ii)
Satellite in Star Topology
(iii) Carter in Remote Access Community
(iv)
Meshed Community

A.
(ii) and (iii)

B.
All

C.
(i), (ii) and (iii)

D.
(ii) only

Correct Answer: A QUESTION 181
What process manages the dynamic routing protocols (OSPF, RIP, etc.) on SecurePlatform Pro?
A. gated
B. There’s no separate process, but the Linux default router can take care of that.
C. routerd
D. arouted

Correct Answer: A QUESTION 182
What is the command to enter the router shell?
A. gated
B. routerd
C. clirouter
D. router

Correct Answer: D QUESTION 183
Which statement is TRUE for route-based VPN’s?
A. Route-based VPN’s replace domain-based VPN’s.
B. Route-based VPN’s are a form of partial overlap VPN Domain.
C. Dynamic-routing protocols are not required.
D. IP Pool NAT must be configured on each Gateway.

Correct Answer: C
QUESTION 184
If both domain-based and route-based VPN’s are configured, which will take precedence?
A. Must be chosen/configured manually by the Administrator in the Policy > Global Properties
B. Must be chosen/configured manually by the Administrator in the VPN community object
C. Domain-based
D. Route-based

Correct Answer: C
QUESTION 185
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. They are only supported on the IPSO Operating System.
B. VTIs cannot be assigned a proxy interface.
C. VTIs can only be physical, not loopback.
D. Local IP addresses are not configured, remote IP addresses are configured.

Correct Answer: A
QUESTION 186
Which of the following is TRUE concerning un-numbered VPN Tunnel Interfaces (VTIs)?
A. VTIs must be assigned a proxy interface.
B. VTIs can only be physical, not loopback.
C. VTIs are only supported on SecurePlatform.
D. Local IP addresses are not configured, remote IP addresses are configured.
Correct Answer: A
QUESTION 187
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. Local IP addresses are not configured, remote IP addresses are configured
B. VTI specific additional local and remote IP addresses are not configured
C. VTIs are only supported on SecurePlatform
D. VTIs cannot be assigned a proxy interface
Correct Answer: B
QUESTION 188
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
A. VTIs can use an already existing physical-interface IP address
B. VTIs cannot share IP addresses
C. VTIs are supported on SecurePlatform Pro
D. VTIs are assigned only local addresses, not remote addresses
Correct Answer: C QUESTION 189
When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered?
1.
Each member must have uniqie source IP address

2.
Every interface on each member reqiures a unique IP address

3.
All VTIs going to the same remote peer must have the same name

4.
Cluster IP addresses are required
A. 1, 3, and 4
B. 2 and 3
C. 1, 2, and 4
D. 1, 2, 3 and 4

Correct Answer: D QUESTION 190
How do you verify a VPN Tunnel Interface (VTI) is configured properly?
A. vpn shell display <VTI name> detailed
B. vpn shell show <VTI name> detailed
C. vpn shell show interface detailed <VTI name>
D. vpn shell display interface detailed <VTI name>

Correct Answer: C QUESTION 191
What is used to validate a digital certificate?
A. S/MIME
B. CRL
C. IPsec
D. PKCS

Correct Answer: B QUESTION 192
You want to establish a VPN, using certificates.
Your VPN will exchange certificates with an external partner.

Which of the following activities should you do first?

A. Manually import your partner’s Access Control List.
B. Manually import your partner’s Certificate Revocation List.
C. Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).
D. Create a new logical-server object to represent your partner’s CA.

Correct Answer: C QUESTION 193
You want VPN traffic to match packets from internal interfaces.
You also want the traffic to exit the Security Gateway bound for all site-to-site VPN Communities, including
Remote Access Communities.

How should you configure the VPN match rule?

A. Communities > Communities
B. internal_clear > All_GwToGw
C. internal_clear > All_communities
D. Internal_clear > External_Clear

Correct Answer: C QUESTION 194
Which of the following statements is FALSE regarding OSPF configuration on SecurePlatform Pro?
A. router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all Gateways.
B. router ospf 1 creates the Router ID for the Security Gateway and should be different for all Gateways.
C. router ospf 1 creates an OSPF routing instance and this process ID should be different for each Security Gateway.
D. router ospf 1 creates an OSPF routing instance and this process ID should be the same on all Gateways.

Correct Answer: D QUESTION 195
If you need strong protection for the encryption of user data, what option would be the BEST choice?
A. When you need strong encryption, IPsec is not the best choice. SSL VPN’s are a better choice.
B. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.
C. Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.
D. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.

Correct Answer: D QUESTION 196
Your organization maintains several IKE VPN’s.
Executives in your organization want to know which mechanism Security Gateway R75 uses to guarantee
the authenticity and integrity of messages.

Which technology should you explain to the executives?

A. Digital signatures
B. Certificate Revocation Lists
C. Key-exchange protocols
D. Application Intelligence

Correct Answer: A QUESTION 197
There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:
A. Probe links for availability.
B. Use links based on Day/Time.
C. Assign links to specific VPN communities.
D. Use links based on authentication method. Correct Answer: A
QUESTION 198
There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:
A. Assign links to use Dynamic DNS.
B. Use links based on authentication method.
C. Use links based on Day/Time.
D. Use Load Sharing to distribute VPN traffic.

Correct Answer: D QUESTION 199
There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:
A. Assign links to specific VPN communities.
B. Assign links to use Dynamic DNS.
C. Use links based on services.
D. Prohibit Dynamic DNS.

Correct Answer: C QUESTION 200
What type of object may be explicitly defined as a MEP (Multiple Entry Point) VPN?
A. Mesh VPN Community
B. Any VPN Community
C. Remote Access VPN Community
D. Star VPN Community

Correct Answer: D QUESTION 201
MEP (Multiple Entry Point) VPN’s use the Proprietary Probing Protocol to send special UDP RDP packets to port ____ to discover if an IP is accessible.
A. 259
B. 256
C. 264
D. 201

Correct Answer: A QUESTION 202
Which of the following statements is TRUE concerning MEP (Multiple Entry Point) VPN’s?
A. State synchronization between Secruity Gateways is required.
B. MEP VPN’s are not restricted to the location of the gateways.
C. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first connection fail.
D. MEP Security Gateways cannot be managed by separate Management Servers.

Correct Answer: B QUESTION 203
Which of the following statements is TRUE concerning MEP (Multiple Entry Point) VPN’s?
A. The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first
connection fail.
B. MEP Security Gateways can be managed by separate Management Servers.
C. MEP VPN’s are restricted to the location of the gateways.
D. State synchronization between Secruity Gateways is required.

Correct Answer: B QUESTION 204
Which of the following statements is TRUE concerning MEP VPN’s?
A. MEP Security Gateways cannot be managed by separate Management Servers.
B. MEP VPN’s are restricted to the location of the gateways.
C. The VPN Client selects which Security Gateway takes over, should the first connection fail.
D. State synchronization betweened Secruity Gateways is required.

Correct Answer: C QUESTION 205
You need to publish SecurePlatform routes using the ospf routing protocol.
What is the correct command structure, once entering the route command, to implement ospf successfully?
A. Run cpconfig utility to enable ospf routing
B. ip route ospf ospf network1 ospf network2
C. Enable Configure terminal Router ospf [id] Network [network] [wildmask] area [id]
D. Use DBedit utility to either the objects_5_0.c file

Correct Answer: C QUESTION 206
At what router prompt would you save your OSPF configuration?
A. localhost.localdomain(config)#
B. localhost.localdomain(config-if)#
C. localhost.localdomain#
D. localhost.localdomain(config-router-ospf)#

Correct Answer: C QUESTION 207
What is the router command to save your OSPF configuration?
A. save memory
B. write config
C. save
D. write mem

Correct Answer: D QUESTION 208
What is the command to show OSPF adjacencies?
A. show ospf interface
B. show ospf summary-address
C. show running-config
D. show ip ospf neighbor

Correct Answer: D QUESTION 209
Which of the following operating systems support numbered VTI’s?
A. SecurePlatform Pro
B. Solaris
C. IPSO 4.0 +
D. Windows Server 2008

Correct Answer: A QUESTION 210
You have installed SecurePlatform R75 as Security Gateway operating system. As company requirements changed, you need the VTI features of R75.
What should you do?
A. Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokia appliances.
B. In SmartDashboard click on the OS drop down menu and choose SecurePlatform Pro. You have to reboot the Security Gateway in order for the change to take effect.
C. Type pro enable on your Security Gateway and reboot it.
D. You have to re-install your Security Gateway with SecurePlatform Pro R75, as SecurePlatform R75 does not support VTIs.

Correct Answer: C QUESTION 211
Which operating system(s) support(s) unnumbered VPN Tunnel Interfaces (VTIs) for route-based VPN’s?
A. Solaris 9 and higher
B. IPSO 3.9 and higher
C. Red Hat Linux
D. SecurePlatform for NGX and higher

Correct Answer: B QUESTION 212
Which of the following commands would you run to remove site-to-site IKE and IPSec Keys?
A. vpn tu
B. ikeoff
C. vpn export_p12
D. vpn accel off

Correct Answer: A QUESTION 213
What is the most common cause for a Quick mode packet 1 failing with the error “No Proposal Chosen” error?
A. The OS and patch level of one gateway does not match the other.
B. The previously established Permanent Tunnel has failed.
C. There is a network connectivity issue.
D. The encryption strength and hash settings of one peer does not match the other.

Correct Answer: D QUESTION 214
Which component receives events and assigns severity levels to the events; invokes any defined automatic reactions, and adds the events to the Events Data Base?
A. SmartEvent Analysis DataServer
B. SmartEvent Client
C. SmartEvent Correlation Unit
D. SmartEvent Server

Correct Answer: D QUESTION 215
The SmartEvent Correlation Unit:
A. adds events to the events database.
B. assigns a severity level to an event.
C. analyzes each IPS log entry as it enters the Log server.
D. displays the received events.

Correct Answer: C QUESTION 216
The SmartEvent Client:
A. analyzes each IPS log entry as it enters the Log server.
B. displays the received events.
C. adds events to the events database.
D. assigns a severity level to an event.

Correct Answer: B

FLYDUMPS Checkpoint 156-315 exam sample questions give you confidence in the process of preparing Checkpoint 156-315 Certification. If your budget for Checkpoint 156-315 Foundation is limited, you need the complete value package. Do not rely on free Checkpoint 156-315 study guides or expensive PRF online Classes. Demand the best FLYDUMPS Checkpoint 156-315 exam sample questions. This is more than a Checkpoint 156-315 Foundation, this is a compilation of the actual questions and answers from the Checkpoint 156-315 Certification IT Technician test. Where our competitor’s products provide a basic Checkpoint 156-315 exam sample questions to prepare you for what may appear on the exam and prepare you for surprises, the FLYDUMPS Checkpoint 156-315 exam sample questions are complete, comprehensive and guarantees to prepare you for your Checkpoint 156-315 exam.

Author

Back to Top