Checkpoint 156-315 Demo Download, Most Hottest Checkpoint 156-315 Exam Dumps Will Be More Popular

CheckPoint, CheckPoint Certification Comments Off

Welcome to download the newest Flydumps 642-427 VCE dumps: http://www.flydumps.com/642-427.html

FLYDUMPS will ensure you pass the Checkpoint 156-315 exam. The Checkpoint 156-315 exam sample questions give you possibility to work in any country of the world because they are acknowledged in all countries equally. This FLYDUMPS Checkpoint 156-315 exam sample questions helps not only to improve your knowledge and skills, but it also helps your career, gives a possibility for qualified usage of FLYDUMPS exam products under different conditions.

QUESTION 100
DShield is a Check Point feature used to block which of the following threats?
A. Cross Site Scripting
B. SQL injection
C. DDOS
D. Buffer overflows
E. Trojan horses
Correct Answer: C
QUESTION 101
If you check the box “Use Aggressive Mode”, in the IKE Properties dialog box:
A. The standard three-packet IKE Phase 1 exchange is replaced by a six-packet exchange.
B. The standard six-packet IKE Phase 2 exchange is replaced by a three-packet exchange.
C. The standard three-packet IKE Phase 2 exchange is replaced by a six-packet exchange.
D. The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange.
E. The standard six-packet IKE Phase 1 exchange is replaced by a twelve-packet exchange.
Correct Answer: D
QUESTION 102
How does ClusterXL Unicast mode handle new traffic?
A. The pivot machine receives and inspects all new packets, and synchronizes the connections with other
members.
B. Only the pivot machine receives all packets. It runs an algorithm to determine which member should process the packets.
C. All members receive all packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.
D. All cluster members process all packets, and members synchronize with each other.

Correct Answer: B
QUESTION 103
Stephanie wants to reduce the encryption overhead and improve performance for her mesh VPN Community. The Advanced VPN Properties screen below displays adjusted page settings:What can Stephanie do to achieve her goal?

A. Check the box “Use Perfect Forward Secrecy”.
B. Change the setting “Use Diffie-Hellman group” to “Group 5 (1536 bit)”.
C. Check the box “Use aggressive mode”.
D. Check the box “Support IP compression”.
E. Reduce the setting “Renegotiate IKE security associations every” to “720”.

Correct Answer: D QUESTION 104
How do you control the maximum mail messages in a spool directory?
A. In the Security Server window in Global Properties
B. In SmartDefense SMTP settings
C. In the smtp.conf file on the SmartCenter Server
D. In the gateway object’s SMTP settings in the Advanced window
E. In the SMTP resource object

Correct Answer: D
QUESTION 105
Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization’s three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
A. The related end-points domain specifies an address range.
B. VoIP Domain SIP objects cannot be placed in simple groups.
C. The installed VoIP gateways specify host objects.
D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
E. The VoIP Domain SIP object’s name contains restricted characters.

Correct Answer: B
QUESTION 106
You have a production implementation of Management High Availability, at version VPN-1 NG with Application Intelligence R55. You must upgrade your two SmartCenter Servers to VPN-1 NGX. What is the correct procedure?
A. 1. Synchronize the two SmartCenter Servers.
2.
Upgrade the secondary SmartCenter Server.

3.
Upgrade the primary SmartCenter Server.

4.
Configure both SmartCenter Server host objects version to VPN-1 NGX.

5.
Synchronize the Servers again.
B. 1. Synchronize the two SmartCenter Servers.
2.
Perform an advanced upgrade on the primary SmartCenter Server.

3.
Upgrade the secondary SmartCenter Server.

4.
Configure both SmartCenter Server host objects to version VPN-1 NGX.

5.
Synchronize the Servers again.
C. 1. Perform an advanced upgrade on the primary SmartCenter Server.
2.
Configure the primary SmartCenter Server host object to version VPN-1 NGX.

3.
Synchronize the primary with the secondary SmartCenter Server.

4.
Upgrade the secondary SmartCenter Server.

5.
Configure the secondary SmartCenter Server host object to version VPN-1 NGX.

6.
Synchronize the Servers again.
D. 1. Synchronize the two SmartCenter Servers.
2.
Perform an advanced upgrade on the primary SmartCenter Server.

3.
Configure the primary SmartCenter Server host object to version VPN-1 NGX.

4.
Synchronize the two Servers again.

5.
Upgrade the secondary SmartCenter Server.

6.
Configure the secondary SmartCenter Server host object to version VPN-1 NGX.

7.
Synchronize the Servers again.
Correct Answer: B
QUESTION 107
You plan to migrate a VPN-1 NG with Application Intelligence (AI) R55 SmartCenter Server to VPN-1 NGX. You also plan to upgrade four VPN-1 Pro Gateways at remote offices, and one local VPN-1 Pro Gateway at your company’s headquarters. The SmartCenter Server configuration must be migrated. What is the correct procedure to migrate the configuration?
A. Upgrade the SmartCenter Server and the five remote Gateways via SmartUpdate, at the same time.
B. 1. Copy the $FWDIR\conf directory from the SmartCenter Server.
2.
Save directory contents to another directory.

3.
Uninstall the SmartCenter Server, and install a new SmartCenter Server.

4.
Move directory contents to $FWDIR\conf.

5.
Reinstall all gateways using NGX and install a policy.
C. 1. From the VPN-1 NGX CD in the SmartCenter Server, select “advance upgrade”.
2.
After importing the SmartCenter configuration into the new NGX SmartCenter, reboot.

3.
Upgrade all licenses and software on all five remote Gateways via SmartUpdate.
D. 1. Upgrade the five remote Gateways via SmartUpdate.
2. Upgrade the SmartCenter Server, using the VPN-1 NGX CD.
E. 1. Upgrade the SmartCenter Server, using the VPN-1 NGX CD.
2. Reinstall and update the licenses of the five remote Gateways.

Correct Answer: C
QUESTION 108
What is the command to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 SmartCenter Server to VPN-1 NGX using a CD?
A. cd patch add
B. fwm upgrade_tool
C. cppkg add
D. patch add
E. patch add cd

Correct Answer: E
QUESTION 109
Damon enables an SMTP resource for content protection. He notices that mail seems to slow down on occasion, sometimes being delivered late. Which of the following might improve throughput performance?
A. Configuring the SMTP resource to bypass the CVP resource
B. Increasing the Maximum number of mail messages in the Gateway’s spool directory
C. Configuring the Content Vector Protocol (CVP) resource to forward the mail to the internal SMTP server, without waiting for a response from the Security Gateway
D. Configuring the CVP resource to return the mail to the Gateway
E. Configuring the SMTP resource to only allow mail with Damon’s company’s domain name in the header

Correct Answer: C
QUESTION 110
VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. Which of the following services is provided by a CIFS resource?
A. Allow Unix file sharing.
B. Allow MS print shares
C. Logging Mapped Shares
D. Access Violation logging.
Correct Answer: C
QUESTION 111
You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from
for the new Gateway, and you must conform to the following requirements:

Operating-system vendor’s license agreement
Check Point’s license agreement
Minimum operating-system hardware specification

Minimum Gateway hardware specification
Gateway installed on a supported operating system (OS)

Which machine meets ALL of the following requirements?

A. Processor: 1.1 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows 2000 Workstation
B. Processor: 2.0 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows ME
C. Processor: 1.5 GHz RAM: 256 MB Hard disk: 20 GB OS: Red Hat Linux 8.0
D. Processor: 1.67 GHz RAM: 128 MB Hard disk: 5 GB OS: FreeBSD
E. Processor: 2.2 GHz RAM: 256 MB Hard disk: 20 GB OS: Windows 2000 Server

Correct Answer: E
QUESTION 112
In a Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when:
1.The Security Policy is installed.
2.The Security Policy is saved.
3.The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active.
4.A scheduled event occurs.
5.The user database is installed.
Select the BEST response for the synchronization sequence. Choose one.
A. 1,2,3
B. 1,2,3,4
C. 1,3,4
D. 1,2,5
E. 1,2,4
Correct Answer: E
QUESTION 113
You want to block corporate-internal-net and localnet from accessing Web sites containing inappropriate content. You are using WebTrends for URL filtering. You have disabled VPN-1 Control connections in the Global properties. Review the diagram and the Security Policies for GW_A and GW_B in the exhibit provided.
Corporate users and localnet users receive message “Web cannot be displayed”. In SmartView Tracker, you see the connections are dropped with message “content security is not reachable”. What is the problem, and how do you fix it?
A. The connection from GW_B to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_A’s Policy to allow source WebTrends Server, destination GW_B, service TCP port 18182, and action accept.
B. The connection from GW_B to the WebTrend server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with Source GW_B, destination WebTrends server, service TCP port 18182, and action accept.
C. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with source WebTrends server, destination GW_A, service TCP port 18182, and action accept.
D. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with source GW_A, destination: WebTrends server, service TCP port 18182, and action accept.
E. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_A’s Policy to allow source GW_A, destination WebTrends server, service TCP port 18182, and action accept.

Correct Answer: E
QUESTION 114
Which Security Servers can perform Content Security tasks, but CANNOT perform authentication tasks?
A. Telnet
B. FTP
C. SMTP
D. HTTP

Correct Answer: C
QUESTION 115
Your company has two headquarters, one in London, one in New York.
Each headquarters includes several branch offices. The branch offices ONLY need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. Which configuration meets the criteria? VPN Communities comprised of:
A. three mesh Communities: one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
B. three star Communities: first between New York headquarters and its branches, the second between London headquarters and its branches, the third between New York and London headquarters.
C. two mesh and one star Community; each mesh Community is set up for each site, with mesh Communities between their branches. The star Community has New York as the headquarters and London as its satellite.
D. two mesh Communities for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York is the satellite.

Correct Answer: B
QUESTION 116
Your current stand-alone VPN-1 NG with Application Intelligence (AI) R55 installation is running on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the VPN-1 Pro Gateway. An additional machine will serve as the SmartCenter Server. The new machine runs on a Windows Server 2003. You need to upgrade the NG with AI R55 SmartCenter Server configuration to VPN-1 NGX.
How do you upgrade to VPN-1 NGX?
A. Insert the NGX CD in the existing NG with AI R55 SecurePlatform machine, and answer yes to backup the configuration. Copy the backup file to the Windows Server 2003. Continue the upgrade process. Reboot after upgrade is finished. After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the sysconfig process. Reboot again. Use the NGX CD to install the primary SmartCenter on the Windows Server 2003. Import the backup file.
B. Run the backup command in the existing SecurePlatform machine, to create a backup file. Copy the file to the Windows Server 2003. Uninstall all Check Point products on SecurePlatform by running rpm CPsuite-R55 command. Reboot. Install new VPN-1 NGX on the existing SecurePlatform machine. Run sysconfig, select VPN-1 Pro Gateway, and reboot. Use VPN-1 NGX CD to install primary SmartCenter Server on the Windows Server 2003. Import the backup file.
C. Copy the $FWDIR\conf and $FWDIR\lib files from the existing SecurePlatform machine. Create a tar.gz file, and copy it to the Windows Server 2003. Use VPN-1 NGX CD on the existing SecurePlatform machine to do a new installation. Reboot. Run sysconfig and select VPN-1 Pro Gateway. Reboot. Use the NGX CD to install the primary SmartCenter Server on the Windows Server 2003. On the Windows Server 2003, run upgrade_import command to import $FWDIR\conf and $FWDIR\lib from the SecurePlatform machine.
D. Run backup command on the existing SecurePlatform machine to create a backup file. Copy the file to the Windows Server 2003. Uninstall the primary SmartCenter Server package from NG with AI R55 SecurePlatform using sysconfig. Reboot. Install the NGX primary SmartCenter Server and import the backup file. Open the NGX SmartUpdate, and select “upgrade all packages” on the NG with AI R55 Security Gateway.

Correct Answer: A
QUESTION 117
The following rule contains an FTP resource object in the Service field:
Source: local_net Destination: Any Service: FTP-resource object Action: Accept
How do you define the FTP Resource Properties > Match tab to prevent internal users from receiving corporate files from external FTP servers, while allowing users to send files?
A. Enable “Put” and “Get” methods.
B. Disable the “Put” method globally.
C. Enable the “Put” method only on the Match tab.
D. Enable the “Get” method on the Match tab.
E. Disable “Get” and “Put” methods on the Match tab.

Correct Answer: C
QUESTION 118
Jerry is concerned that a denial-of-service (DoS) attack may affect his VPN Communities. He decides to implement IKE DoS protection. Jerry needs to minimize the performance impact of implementing this new protection. Which of the following configurations is MOST appropriate for Jerry?
A. Set Support IKE DoS protection from identified source to “Puzzles”, and Support IKE DoS protection from unidentified source to “Stateless”.
B. Set Support IKE Dos Protection from identified source, and Support IKE DoS protection from unidentified source to “Puzzles”.
C. Set Support IKE DoS protection from identified source to “Stateless,” and Support IKE DoS protection from unidentified source to “Puzzles”.
D. Set “Support IKE DoS protection” from identified source, and “Support IKE DoS protection” from unidentified source to “Stateless”.
E. Set Support IKE DoS protection from identified source to “Stateless”, and Support IKE DoS protection from unidentified source to “None”.

Correct Answer: D
QUESTION 119
Regarding QoS guarantees and limits, which of the following statements is FALSE?
A. The guarantee of a sub-rule cannot be greater than the guarantee defined for the rule above it.
B. If a guarantee is defined in a sub-rule, a guarantee must be defined for the rule above it.
C. A rule guarantee must not be less than the sum defined in the guarantees’ sub-rules.
D. If both a rule and per-connection limit are defined for a rule, the per-connection limit must not be greater than the rule limit.
E. If both a limit and guarantee per rule are defined in a QoS rule, the limit must be smaller than the guarantee.

Correct Answer: E
QUESTION 120
You want to establish a VPN, using Certificates. Your VPN will exchange Certificates with an external partner. Which of the following activities should you do first?
A. Manually import your partner’s Access Control List.
B. Exchange a shared secret, before importing Certificates.
C. Create a new logical-server object, to represent your partner’s CA.
D. Manually import your partner’s Certificate Revocation List.
E. Exchange exported CA keys and use them to create a new server object, to represent your partner’s Certificate Authority (CA).

Correct Answer: E
QUESTION 121
You are configuring the VoIP Domain object for an H.323 environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use?
A. Transmission Router
B. Gatekeeper
C. Call Manager
D. Proxy
E. Call Agent
Correct Answer: B
QUESTION 122
You are preparing to configure your VoIP Domain Gatekeeper object.
Which two other objects should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed

Correct Answer: C
QUESTION 123
In a Load Sharing Unicast mode scenario, the internal-cluster IP address is
10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108: c:> arp According to the output, which member is the Pivot?
A. 10.4.8.108
B. 10.4.8.3
C. 10.4.8.2
D. 10.4.8.1

Correct Answer: C
QUESTION 124
Barak is a Security Administrator for an organization that has two sites using pre-shared secrets in its
VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in
Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways
are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to
switch from pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After
creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?

1.Disable “Pre-Shared Secret” on the London and Oslo gateway objects.
2.Add the Madrid gateway object into the Oslo and London’s mesh VPN Community.
3.Manually generate ICA Certificates for all three Security Gateways.
4.Configure “Traditional mode VPN configuration” in the Madrid gateway object’s VPN screen.
5.Reinstall the Security Policy on all three Security Gateways.

A. 1, 2, 5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1, 2,3,4

Correct Answer: A
QUESTION 125
Which Check Point QoS feature allows a Security Administrator to define special classes of service for delay-sensitive applications?
A. Weighted Fair Queuing
B. Limits
C. Differentiated Services
D. Low Latency Queuing
E. Guarantees

Correct Answer: D
QUESTION 126
A cluster contains two members, with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster’s IP address is 172.28.108.3, and the internal cluster’s IP address is 10.4.8.3. The synchronization interfaces are 192.168.1.1 and 192.168.1.2. The Security Administrator discovers State Synchronization is not working properly. cphaprob if command output displays as follows:What is causing the State Synchronization problem?
A. Another cluster is using 192.168.1.3 as one of the unprotected interfaces.
B. Interfaces 192.168.1.1 and 192.168.1.2 have defined 192.168.1.3 as a sub-interface.
C. The synchronization interface on the cluster member object’s Topology tab is enabled with “Cluster Interface”. Disable this interface.
D. The synchronization network has a cluster, with IP address 192.168.1.3 defined in the gateway-cluster object. Remove the 192.168.1.3 VIP interface from the cluster topology.

Correct Answer: D
QUESTION 127
Yoav is a Security Administrator preparing to implement a VPN solution for his multi-site organization. To comply with industry regulations, Yoav’s VPN solution must meet the following requirements:
Portability: Standard Key management: Automatic, external PKI Session keys: Changed at configured times during a connection’s lifetime Key length: No less than 128-bit Data integrity: Secure against inversion and brute-force attacks
What is the most appropriate setting Yoav should choose?
A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash

Correct Answer: D
QUESTION 128
What is the behavior of ClusterXL in a High Availability environment?
A. Both members respond to the virtual IP address, and both members pass traffic when using their physical addresses.
B. Both members respond to the virtual IP address, but only the active member is able to pass traffic.
C. The active member responds to the virtual IP address,nd both members pass traffic when using their physical addresses.
D. The active member responds to the virtual IP address,nd is the only member that passes traffic
E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses.

Correct Answer: D
QUESTION 129
You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40, and the Default Rule with a weight of 10. If the only traffic passing through your QoS Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?
A. 10%
B. 100%
C. 40%
D. 80%
E. 50%

Correct Answer: B
QUESTION 130
When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?
A. All cluster members process all packets, and members synchronize with each other.
B. All members receive all packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.
C. Only one member at a time is active. The active cluster member processes all packets.
D. All members receive all packets. An algorithm determines which member processes packets, and which member drops packets.

Correct Answer: D
QUESTION 131
The following configuration is for VPN-1 NGX:Is this configuration correct for Management High Availability (HA)?
A. No, the SmartCenter Servers must be installed on the same operating system.
B. No, a VPN-1 NGX SmartCenter Server cannot run on Red Hat Linux 7.3.
C. No, the SmartCenter Servers must reside on the same network.
D. No, A VPN-1 NGX SmartCenter Server can only be in a Management HA configuration, if the operating system is Solaris.
E. No, the SmartCenter Servers do not have the same number of NICs.

Correct Answer: A
QUESTION 132
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?
A. ICMP Port Unreachable
B. TCP keep alive
C. IKE Key Exchange
D. ICMP Destination Unreachable
E. UDP keep alive

Correct Answer: E
QUESTION 133
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access, after the next Phase 2 exchange occurs?
A. Phase 3 Key Revocation
B. Perfect Forward Secrecy
C. MD5 Hash Completion
D. SHA1 Hash Completion
E. DES Key Reset

Correct Answer: B
QUESTION 134
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?
A. Internal Gateway VPN Domain = internal_net; External VPN Domain = external net + external gateway object + internal_net.
B. Internal Gateway VPN Domain = internal_net. External Gateway VPN Domain = external_net + internal gateway object
C. Internal Gateway VPN Domain = internal_net; External Gateway VPN Domain = internal_net + external_net
D. Internal Gateway VPN Domain = internal_net. External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

Correct Answer: D
QUESTION 135
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair Queuing
E. guaranteed per VoIP rule

Correct Answer: A
QUESTION 136
Cody is notified by blacklist.org that his site has been reported as a spam relay, due to his SMTP Server being unprotected. Cody decides to implement an SMTP Security Server, to prevent the server from being a spam relay. Which of the following is the most efficient configuration method?
A. Configure the SMTP Security Server to perform MX resolving.
B. Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.
C. Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
D. Configure the SMTP Security Server to apply a generic “from” address to all outgoing mail.
E. Configure the SMTP Security Server to allow only mail to or from names, within Cody’s corporate domain.

Correct Answer: E
QUESTION 137
From the following output of cphaprob state, which ClusterXL mode is this?
A. Load Balancing Mode
B. Multicast mode
C. Unicast mode
D. New mode
E. Legacy mode

Correct Answer: C
QUESTION 138
Which type of service should a Security Administrator use in a Rule Base to control access to specific shared partitions on target machines?
A. Telnet
B. CIFS
C. HTTP
D. FTP
E. URI

Correct Answer: B
QUESTION 139
After you add new interfaces to this cluster, how can you check if the new interfaces and associated virtual IP address are recognized by ClusterXL?
A. By running the cphaprob state command on both members
B. By running the cphaprob -a if command on both members
C. By running the cphaprob -I list command on both members
D. By running the fw ctl iflist command on both members
E. By running the cpconfig command on both members

Correct Answer: B
QUESTION 140
When you add a resource service to a rule, which ONE of the following actions occur?
A. VPN-1 SecureClient users attempting to connect to the object defined in the Destination column of the rule will receive a new Desktop Policy from the resource.
B. All packets that match the resource in the rule will be dropped.
C. All packets matching the resource service rule are analyzed or authenticated, based on the resource properties.
D. Users attempting to connect to the destination of the rule will be required to authenticate.
E. All packets matching that rule are either encrypted or decrypted by the defined resource.

Correct Answer: C
QUESTION 141
What is a requirement for setting up Management High Availability?
A. All SmartCenter Servers must reside in the same Local Area Network (LAN).
B. All SmartCenter Servers must have the same amount of memory.
C. You can only have one Secondary SmartCenter Server.
D. All SmartCenter Servers must have the BIOS release.
E. All SmartCenter Servers must have the same operating system.

Correct Answer: E
QUESTION 142
Your network traffic requires preferential treatment by other routers on the network, in addition to the QoS Module, which Check Point QoS feature should you use?
A. Guarantees
B. Limits
C. Differentiated Services
D. Weighted Fair Queuing
E. Low Latency Queuing
Correct Answer: C
QUESTION 143
The following rule contains an FTP resource object in the Service field:
Source: local_net Destination: Any Service: FTP-resource object Action: Accept
How do you define the FTP Resource Properties > Match tab to prevent internal users from sending corporate files to external FTP servers, while allowing users to retrieve files?
A. Enable the “Get” method on the match tab.
B. Disable “Get” and “Put” methods on the Match tab.
C. Enable the “Put” and “Get” methods.
D. Enable the “Put” method only on the match tab.
E. Disable the “Put” method globally.

Correct Answer: A
QUESTION 144
You plan to install a VPN-1 Pro Gateway for VPN-1 NGX at your company’s headquarters. You have a single Sun SPARC Solaris 9 machine for VPN-1 Pro enterprise implementation. You need this machine to inspect traffic and keep configuration files. Which Check Point software package do you install?
A. VPN-1 Pro Gateway and primary SmartCenter Server
B. Policy Server and primary SmartCenter Server
C. ClusterXL and SmartCenter Server
D. VPN-1 Pro Gateway
E. SmartCenter Server

Correct Answer: A
QUESTION 145
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?
A. No QOS rule exists to match the rejected traffic.
B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections.
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.
E. The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself.

Correct Answer: B
QUESTION 146
You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from
for the new Gateway, and you must conform to the following requirements:

Operating-system vendor’s license agreement
Check Point’s license agreement
Minimum operating-system hardware specification

Minimum Gateway hardware specification
Gateway installed on a supported operating system (OS)

Which machine meets ALL of the following requirements?

A. Processor: 1.1 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows 2000 Workstation
B. Processor: 2.0 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows ME
C. Processor: 1.5 GHz RAM: 256 MB Hard disk: 20 GB OS: Red Hat Linux 8.0
D. Processor: 1.67 GHz
RAM: 128 MB
Hard disk: 5 GB
OS: FreeBSD

E. Processor: 2.2 GHz RAM: 256 MB Hard disk: 20 GB OS: Windows 2000 Server

Correct Answer: E
QUESTION 147
From the following output of cphaprob state, which ClusterXL mode is this?
A. Load Balancing Mode
B. Multicast mode
C. Unicast mode
D. New mode
E. Legacy mode
Correct Answer: C

Flydumps.com is the absolute way to pass your Checkpoint 156-315 exam within no time. An authentic and comprehensive Checkpoint 156-315 exam solution is available at Flydumps.com. With our exclusive online Checkpoint 156-315 dump you will pass Checkpoint 156-315 exam easily.Flydumps.com guarantees 100% success rate.

Flydumps 642-427 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/642-427.html

Checkpoint 156-315 Demo Download, Most Hottest Checkpoint 156-315 Exam Dumps Will Be More Popular

Author

Back to Top