Checkpoint 156-315 Exam Guide, Buy Best Checkpoint 156-315 Real Exam Questions And Answers Sale

CheckPoint, CheckPoint Certification Comments Off

Welcome to download the newest Flydumps 000-958 VCE dumps: http://www.flydumps.com/000-958.html

Checkpoint 156-315 exam sample questions enable you to with success control your job. When you take Checkpoint 156-315 Exam qualification, this is able to enable you to acquire information needed with success through the use of Riverbed technological know-how. This is an excellent Riverbed if you want to turned into a Cisco expert. It is known that hottest Checkpoint 156-315 Exam test analyze will be the hot test of Checkpoint 156-315 qualification. Have got in your own Checkpoint 156-315 exam sample questions delights to your profession. What precisely things, will be the best plus the right focus for the choice.

QUESTION 137
“Pass Any Exam. Any Time.” – www.actualtests.com 50 Checkpoint 156-315.75 Exam Which of the following commands shows full synchronization status?
A. cphaprob -a if
B. fw ctl iflist
C. fw hastat
D. fw ctl pstat

Correct Answer: D QUESTION 138
John is configuring a new R71 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.

What’s happening?
“Pass Any Exam. Any Time.” – www.actualtests.com 51 Checkpoint 156-315.75 Exam
A. Third Party Clustering is not available for R71 Security Gateways.
B. John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.
C. ClusterXL needs to be unselected to permit 3rd party clustering configuration.
D. John has an invalid ClusterXL license.

Correct Answer: C QUESTION 139
In ClusterXL, _______ is defined by default as a critical device.
A. fwd
B. fwm
C. assld
D. cpp

Correct Answer: A QUESTION 140
In ClusterXL, _______ is defined by default as a critical device.
A. fw.d
B. protect.exe
C. PROT_SRV.EXE
D. Filter

Correct Answer: D QUESTION 141
Refer to Exhibit below:
“Pass Any Exam. Any Time.” – www.actualtests.com 52 Checkpoint 156-315.75 Exam

Match the ClusterXL modes with their configurations.
A. A – 3, B – 2, C – 4, D – 1
B. A – 2, B – 3, C – 1, D – 4
C. A – 2, B – 3, C – 4, D – 1
D. A – 3, B – 2, C – 1, D – 4

Correct Answer: D QUESTION 142
When synchronizing clusters, which of the following statements is NOT true?
A. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.
B. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
C. Only cluster members running on the same OS platform can be synchronized.
D. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

Correct Answer: D QUESTION 143
When synchronizing clusters, which of the following statements is NOT true?
“Pass Any Exam. Any Time.” – www.actualtests.com 53 Checkpoint 156-315.75 Exam
A. User Authentication connections will be lost by the cluster.
B. An SMTP resource connection using CVP will be maintained by the cluster.
C. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
D. Only cluster members running on the same OS platform can be synchronized.

Correct Answer: B
QUESTION 144
When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?
A. It will try to take the policy from one of the other cluster members.
B. It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.
C. If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
D. It compares its local policy to the one on the Security Management Server.

Correct Answer: B
QUESTION 145
Organizations are sometimes faced with the need to locate cluster members in different geographic locations that are distant from each other. A typical example is replicated data centers whose location is widely separated for disaster recovery purposes. What are the restrictions of this solution?
A. There are no restrictions.
B. There is one restriction: The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).
C. There is one restriction: The synchronization network must guarantee no more than 100 ms latency.
D. There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.

Correct Answer: D
QUESTION 146
You are the MegaCorp Security Administrator. This company uses a firewall cluster, consisting of two cluster members. The cluster generally works well but one day you find that the cluster is behaving strangely. You assume that there is a connectivity problem with the cluster synchronization cluster link (cross-over cable). Which of the following commands is the best for testing the connectivity of the crossover cable?
A. telnet <IP address of the synchronization interface on the other cluster member>
B. ifconfig -a
C. ping <IP address of the synchronization interface on the other cluster member>
D. arping <IP address of the synchronization interface on the other cluster member>

Correct Answer: D
QUESTION 147
You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?
A. Connections cannot be established until cluster members are fully synchronized.
B. It is not possible to configure High Availability that is not synchronized.
C. Old connections are lost but can be reestablished.
D. Old connections are lost but are automatically recovered whenever the failed machine recovers.

Correct Answer: C QUESTION 148
What command will allow you to disable sync on a cluster firewall member?
A. fw ctl syncstat stop
B. fw ctl setsync off
C. fw ctl setsync 0
D. fw ctl syncstat off

Correct Answer: B QUESTION 149
When using ClusterXL in Load Sharing, what is the default method?
A. IPs, Ports, SPIs
B. IPs
C. IPs, Ports
D. IPs, SPIs

Correct Answer: A QUESTION 150
If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?
A. The connections are dropped as Load Sharing does not support High Availability.
B. The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).
C. There is no state synchronization on Load Sharing, only on High Availability.
D. The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).

Correct Answer: D QUESTION 151
In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why?
“Pass Any Exam. Any Time.” – www.actualtests.com 56 Checkpoint 156-315.75 Exam
A. Sglondon_1, because it is up again, sglondon_2 took over during reboot
B. Sglondon_2 because I has highest IP
C. Sglondon_2 because it has highest priority
D. Sglondon_1 because it the first configured object with the lowest IP

Correct Answer: C QUESTION 152
What is a “sticky” connection?
A. A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
B. A Sticky Connection is a VPN connection that remains up until you manually bring it down.
C. A Sticky Connection is a connection that remains the same.
D. A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.

Correct Answer: A
QUESTION 153
Your network includes ClusterXL running Multicast mode on two members, as shown in this topology: Your network is expanding, and you need to add new interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for interface 10.10.10.0/24 is 10.10.10.3. What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.

3.
Update the topology in the cluster object for the cluster and both members.

4.
Install the Security Policy.
B. 1. Disable “Cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.

3.
RE. enable “Cluster membership” on the Gateway.

4.
Perform the same step on the other Gateway.

5.
Update the topology in the cluster object for the cluster and members.

6.
Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run cpstart on the member. Repeat the same steps on another member.

3.
Update the new topology in the cluster object for the cluster and members.

4.
Install the Security Policy.
D. 1. Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster and both members.

3.
Install the Security Policy.

Correct Answer: C
QUESTION 154
Match the Best Management High Availability synchronization-status descriptions for your Security Management Server (SMS):
A. A – 3, B – 1, C – 2, D – 4
B. A – 3, B – 1, C – 4, D – 2
C. A – 4, B – 3, C – 1, D – 2
D. A – 3, B – 2, C – 1, D – 4
Correct Answer: A
QUESTION 155
Review the R75 configuration.

“Pass Any Exam. Any Time.” – www.actualtests.com 58 Checkpoint 156-315.75 Exam Is it correct for Management High Availability?
A. No, the Security Management Servers must reside on the same network.
B. No, the Security Management Servers must be installed on the same operating system.
C. No, the Security Management Servers do not have the same number of NICs.
D. No, a R71 Security Management Server cannot run on Red Hat Linux 9.0.

Correct Answer: B QUESTION 156
Check Point New Mode HA is a(n) _________ solution.
A. primary-domain
B. hot-standby
C. acceleration
D. load-balancing

Correct Answer: B QUESTION 157
What is the behavior of ClusterXL in a High Availability environment?
A. The active member responds to the virtual address and is the only member that passes traffic.
B. The active member responds to the virtual address and, using sync network forwarding, both members pass traffic.
C. Both members respond to the virtual address but only the active member is able to pass traffic.
D. Both members respond to the virtual address and both members pass traffic.

Correct Answer: A QUESTION 158
“Pass Any Exam. Any Time.” – www.actualtests.com 59 Checkpoint 156-315.75 Exam Review the cphaprob state command output from one New Mode High Availability ClusterXL cluster member.

Which member will be active after member 192.168.1.2 fails over and is rebooted?
A. 192.168.1.2
B. Both members’ state will be in collision.
C. 192.168.1.1
D. Both members’ state will be active.

Correct Answer: C QUESTION 159
Review the cphaprob state command output from a New Mode High Availability cluster member.

Which machine has the highest priority?
A. 192.168.1.2, because its state is active
B. 192.168.1.1, because its number is 1
C. 192.168.1.1, because it is <local>
D. This output does not indicate which machine has the highest priority.

Correct Answer: B QUESTION 160
By default Check Point High Availability components send updates about their state every:
A. 5 seconds.
B. 0.5 second.
C. 0.1 second.
D. 1 second.

Correct Answer: C QUESTION 161
You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R75. cphaprob stat shows:

Which of the following is not a possible cause of this?
A. You have a different number of cores defined for CoreXL between the two members
B. Member 1 has CoreXL disabled and member 2 does not
C. Member 1 is at a lower version than member 2
D. You have not run cpconfig on member 2 yet.

Correct Answer: D QUESTION 162
“Pass Any Exam. Any Time.” – www.actualtests.com 61 Checkpoint 156-315.75 Exam In Management High Availability, what is an Active SMS?
A. Active Security Master Server
B. Active Smart Management Server
C. Active Security Management Server
D. Active Smart Master Server

Correct Answer: C QUESTION 163
For Management High Availability, if an Active SMS goes down, does the Standby SMS automatically take over?
A. Yes, if you set up ClusterXL
B. Yes, if you set up SecureXL
C. No, the transition should be initiated manually
D. Yes, if you set up VRRP

Correct Answer: C QUESTION 164
For Management High Availability synchronization, what does the Advance status mean?
A. The peer SMS has not been synchronized properly.
B. The peer SMS is properly synchronized.
C. The active SMS and its peer have different installed policies and databases.
D. The peer SMS is more up-to-date.

Correct Answer: D QUESTION 165
Which of the following would be a result of having more than one active Security Management
“Pass Any Exam. Any Time.” – www.actualtests.com 62 Checkpoint 156-315.75 Exam Server in a Management High Availability (HA) configuration?
A. The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated.
B. Allows for faster seamless failover: from active-to-active instead of standby-to-active.
C. An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.
D. Creates a High Availability implementation between the Gateways installed on the Security Management Servers.

Correct Answer: C QUESTION 166
You want to verify that your Check Point cluster is working correctly. Which command line tool can you use?
A. cphastart -status
B. cphainfo -s
C. cphaprob state
D. cphaconf state

Correct Answer: C QUESTION 167
How can you view the virtual cluster interfaces of a Cluster XL environment?
A. cphaprob -ia if
B. cphaprob -a if
C. cphaprob -a list
D. cphaprob -ia list

Correct Answer: B QUESTION 168
How can you view the critical devices on a cluster member in a Cluster XL environment?
A. cphaprob -ia list
B. cphaprob -a if
C. cphaprob -a list
D. cphaprob -ia if

Correct Answer: A QUESTION 169
When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?
A. All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.
B. All cluster members process all packets and members synchronize with each other.
C. All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.
D. Only one member at a time is active. The active cluster member processes all packets.

Correct Answer: C QUESTION 170
Which of the following does NOT happen when using Pivot Mode in ClusterXL?
A. The Security Gateway analyzes the packet and forwards it to the Pivot.
B. The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.
C. The Pivot’s Load Sharing decision function decides which cluster member should handle the packet.
D. The Pivot forwards the packet to the appropriate cluster member.

Correct Answer: A QUESTION 171
When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?
A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces
B. Load Sharing based on SPIs
C. Load Sharing based on ports, VTI, and IP addresses
D. Load Sharing based on IP addresses, ports, and security parameter indexes

Correct Answer: D QUESTION 172
By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members.
A. Broadcast
B. Unicast
C. Multicast
D. Shoutcast

Correct Answer: C QUESTION 173
To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:
A. set_ccp cpcluster broadcast
B. ccp broadcast
C. clusterconfig set_ccp broadcast
D. cphaconf set_ccp broadcast

Correct Answer: D QUESTION 174
What cluster mode is represented in this case? 1). (local) 172.168.1.1 100$ active 2). 172.14*.1.2 0$ standby
A. Load Sharing (multicast mode)
B. HA (New mode).
C. 3rd party cluster
D. Load Sharing Unicast (Pivot) mode

Correct Answer: B QUESTION 175
What cluster mode is represented in this case?
A. 3rd party cluster
B. Load Sharing (multicast mode)
C. Load Sharing Unicast (Pivot) mode
D. HA (New mode)

Correct Answer: B QUESTION 176
Which of the listed load-balancing methods is NOT valid?
A. Random
B. Domain
C. They are all valid
D. Round Trip

Correct Answer: C QUESTION 177
Which method of load balancing describes “Round Robin”?
A. Assigns service requests to the next server in a series.
B. Assigns service requests to servers at random.
C. Measures the load on each server to determine which server has the most available resources.
D. Ensures that incoming requests are handled by the server with the fastest response time.

Correct Answer: A QUESTION 178
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies.

Review the ARP table from the internal Windows host 10.4.8.108. According to the output, which member is the standby machine?
A. 10.4.8.3
B. The standby machine cannot be determined by this test.
C. 10.4.8.1
D. 10.4.8.2

Correct Answer: C QUESTION 179
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member’s IP address?
A. The active cluster member’s IP address cannot be determined by this ARP cache.
B. 10.4.8.3
C. 10.4.8.1
D. 10.4.8.2

Correct Answer: D
QUESTION 180
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for selective sync. Review the fw tab -t connections -s output from both members.

Is State Synchronization working properly between the two members?
A. Members A and B are not synchronized, because #VALS in the connections table are not close.
B. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table.
C. Members A and B are synchronized, because #SLINKS are identical in the connections table.
D. Members A and B are synchronized, because ID for both members is identical in the connections table.

Correct Answer: A QUESTION 181
You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R75 installed in a distributed deployment. Can they be members of a Gateway Cluster?
A. No, because the Security Gateways must be installed in a stand-alone installation.
B. No, because IP does not have a cluster option.
C. Yes, as long as they have the same IPSO and Check Point versions.
D. No, because the appliances must be of the same model (both should be IP565 or IP395).

Correct Answer: C QUESTION 182
You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure?
1.
Change the version, in the General Properties of the gateway-cluster object.

2.
Upgrade the SmartCenter Server, and reboot after upgrade.

3.
Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade.

4.
Reinstall the Security Policy.
A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4 E. 1, 2, 3, 4

Correct Answer: D QUESTION 183
Included in the client’s network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches. Which of the following answers does NOT lead to a successful solution?
A. Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.
B. Configure static CAMs to allow multicast traffic on specific ports.
C. ClusterXL supports IGMP snooping by default. There is no need to configure anything.
D. Disable IGMP registration in switches that rely on IGMP packets

Correct Answer: C QUESTION 184
The customer wishes to install a cluster. In his network, there is a switch which is incapable of forwarding multicast. Is it possible to install a cluster in this situation?
A. Yes, you can toggle on ClusterXL between broadcast and multicast by setting the multicast mode using the command cphaconf set_ccp multicast on ff. The default setting is broadcast.

B. Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast.

C. No, the customer needs to replace the switch with a new switch, which supports multicast forwarding.

D. Yes, the ClusterXL changes automatically to the broadcast mode if the multicast is not forwarded.

Correct Answer: B QUESTION 185
“Pass Any Exam. Any Time.” – www.actualtests.com 70 Checkpoint 156-315.75 Exam What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?
A. You did not activate synchronization within Global Properties.
B. You are using different time zones.
C. You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
D. If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.

Correct Answer: D

Flydumps offers Checkpoint 156-315 exam,the most comprehensive training exam with full of wonderful concepts and learning skills. The training tools on the site Flydumps.com prepares you with the same questions and answers for Checkpoint 156-315 from the test center.You may have seen our products.Without hesitate to procure our products. Because it is the best choice for you and even for your career in the future. We promise you 100% pass guarantee.

Flydumps 000-958 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/000-958.html

Checkpoint 156-315 Exam Guide, Buy Best Checkpoint 156-315 Real Exam Questions And Answers Sale

Author

Back to Top