Checkpoint 156-315 PDF Exams, Latest Upload Checkpoint 156-315 Practice Questions With 100% Pass Rate

CheckPoint, CheckPoint Certification Comments Off

Attention Please: Professional new version Checkpoint 156-315 PDF and VCE dumps can now free download on Flydumps.com all are updated timely by our experts covering all new questions and questions.100 percent pass your Checkpoint 156-315 exam.

QUESTION 35
Check Point recommends that you back up systems running Check Point products.
Run your back ups during maintenance windows to limit disruptions to services, improve CPU usage, and
simplify time allotment.

Which back up method does Check Point recommend anytime outside a maintenance window?

A. backup
B. migrate export
C. backup_export
D. snapshot

Correct Answer: B QUESTION 36
The file snapshot generates is very large, and can only be restored to:
A. The device that created it, after it has been upgraded
B. Individual members of a cluster configuration
C. Windows Server class systems D. A device having exactly the same Operating System as the device that created the file

Correct Answer: D QUESTION 37
When restoring a Security Management Server from a backup file, the restore package can be retrieved from which source?
A. HTTP server, FTP server, or TFTP server
B. Disk, SCP server, or TFTP server
C. Local folder, TFTP server, or FTP server
D. Local folder, TFTP server, or Disk

Correct Answer: C QUESTION 38
When upgrading Check Point products in a distributed environment, in which order should you upgrade these components?
1.
GUI Client

2.
Security Management Server

3.
Security Gateway
A. 3, 2, 1
B. 1, 2, 3
C. 3, 1, 2
D. 2, 3, 1

Correct Answer: D QUESTION 39
When using migrate to upgrade a Secure Management Server, which of the following is included in the migration?
A. SmartEvent database
B. SmartReporter database
C. classes.C file
D. System interface configuration

Correct Answer: C QUESTION 40
Typically, when you upgrade the Security Management Server, you install and configure a fresh R75 installation on a new computer
and then migrate the database from the original machine.
When doing this, what is required of the two machines?
They must both have the same:
A. Products installed.
B. Interfaces configured.
C. State.
D. Patch level.

Correct Answer: A QUESTION 41
Typically, when you upgrade the Security Management Server, you install and configure a fresh R75 installation on a new computer and then migrate the database from the original machine.
What is the correct order of the steps below to successfully complete this procedure?
1) Export databases from source.
2) Connect target to network.
3) Prepare the source machine for export.
4) Import databases to target.
5) Install new version on target.
6) Test target deployment.

A. 6, 5, 3, 1, 4, 2
B. 3, 1, 5, 4, 2, 6
C. 5, 2, 6, 3, 1, 4
D. 3, 5, 1, 4, 6, 2

Correct Answer: D QUESTION 42
During a Security Management Server migrate export, the system:
A. Creates a backup file that includes the SmartEvent database.
B. Creates a backup file that includes the SmartReporter database.
C. Creates a backup archive for all the Check Point configuration settings.
D. Saves all system settings and Check Point product configuration settings to a file.

Correct Answer: C QUESTION 43
If no flags are defined during a back up on the Security Management Server, where does the system store the *.tgz file?
A. /var/opt/backups
B. /var/backups
C. /var/CPbackup/backups
D. /var/tmp/backups

Correct Answer: C QUESTION 44
Which is NOT a valid option when upgrading Cluster Deployments?
A. Full Connectivity Upgrade
B. Fast path Upgrade
C. Minimal Effort Upgrade
D. Zero Downtime

Correct Answer: B QUESTION 45
In a “zero downtime” scenario, which command do you run manually after all cluster members are upgraded?
A. cphaconf set_ccp broadcast
B. cphaconf set clear_subs
C. cphaconf set mc_relod
D. cphaconf set_ccp multicast

Correct Answer: D QUESTION 46
Which command provides cluster upgrade status?
A. cphaprob status
B. cphaprob ldstat
C. cphaprob fcustat
D. cphaprob tablestat

Correct Answer: C QUESTION 47
John is upgrading a cluster from NGX R65 to R75.
John knows that you can verify the upgrade process using the pre-upgrade verifier tool.
When John is running Pre-Upgrade Verification, he sees the warning message: ‘Incompatible pattern’.

What is happening?
A. R75 uses a new pattern matching engine. Incompatible patterns should be deleted before upgrade process to complete it successfully.
B. Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will be aborted.
C. Pre-Upgrade Verification tool only shows that message but it is only informational.
D. The actual configuration contains user defined patterns in IPS that are not supported in R75. If the patterns are not fixed after upgrade, they will not be used with R75 Security Gateways.

Correct Answer: D QUESTION 48
Which command would you use to save the routing information before upgrading a SecurePlatform Gateway?
A. cp /etc/sysconfig/network.C [location]
B. netstat 璻n > [filename].txt

C. ifconfig > [filename].txt

D. ipconfig 璦 > [filename].txt

Correct Answer: A QUESTION 49
Which command would you use to save the routing information before upgrading a Windows Gateway?
A. ipconfig 璦 > [filename].txt

B. ifconfig > [filename].txt

C. cp /etc/sysconfig/network.C [location]

D. netstat 璻n > [filename].txt

Correct Answer: D QUESTION 50
When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster members have the same products installed.
Which command should you run?
A. fw fcu
B. cphaprob fcustat C. cpconfig
D. fw ctl conn -a

Correct Answer: B QUESTION 51
A Minimal Effort Upgrade of a cluster:
A. Is only supported in major releases (R70 to R71, R71 to R75).
B. Is not a valid upgrade method in R75.
C. Treats each individual cluster member as an individual gateway.
D. Upgrades all cluster members except one at the same time.

Correct Answer: C QUESTION 52
A Zero Downtime Upgrade of a cluster:
A. Upgrades all cluster members except one at the same time.
B. Is only supported in major releases (R70 to R71, R71 to R75).
C. Treats each individual cluster member as an individual gateway.
D. Is not a valid upgrade method in R75.

Correct Answer: A QUESTION 53
A Full Connectivity Upgrade of a cluster:
A. Treats each individual cluster member as an individual gateway.
B. Upgrades all cluster members except one at the same time.
C. Is only supported in minor version upgrades (R70 to R71, R71 to R75).
D. Is not a valid upgrade method in R75.

Correct Answer: C QUESTION 54
A Fast Path Upgrade of a cluster:
A. Upgrades all cluster members except one at the same time.
B. Treats each individual cluster member as an individual gateway.
C. Is not a valid upgrade method in R75.
D. Is only supported in major releases (R70 to R71, R71 to R75).

Correct Answer: C QUESTION 55
How does Check Point recommend that you secure the sync interface between gateways?
A. Configure the sync network to operate within the DMZ.
B. Secure each sync interface in a cluster with Endpoint.
C. Use a dedicated sync network.
D. Encrypt all sync traffic between cluster members.

Correct Answer: C QUESTION 56
How would you set the debug buffer size to 1024?
A. Run fw ctl set buf 1024
B. Run fw ctl kdebug 1024
C. Run fw ctl debug -buf 1024
D. Run fw ctl set int print_cons 1024

Correct Answer: C QUESTION 57
Steve is troubleshooting a connection problem with an internal application.
If he knows the source IP address is 192.168.4.125, how could he filter this traffic?

A. Run fw monitor -e “accept dsrc=192.168.4.125;”
B. Run fw monitor -e “accept dst=192.168.4.125;”
C. Run fw monitor -e “accept ip=192.168.4.125;”
D. Run fw monitor -e “accept src=192.168.4.125;”

Correct Answer: D QUESTION 58
Check Point support has asked Tony for a firewall capture of accepted packets.
What would be the correct syntax to create a capture file to a filename called monitor.out?

A. Run fw monitor -e “accept;” -f monitor.out
B. Run fw monitor -e “accept;” -c monitor.out
C. Run fw monitor -e “accept;” -o monitor.out
D. Run fw monitor -e “accept;” -m monitor.out

Correct Answer: C QUESTION 59
What is NOT a valid LDAP use in Check Point SmartDirectory?
A. Retrieve gateway CRL’s
B. External users management
C. Enforce user access to internal resources
D. Provide user authentication information for the Security Management Server

Correct Answer: C QUESTION 60
Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.
A. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
B. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.

Correct Answer: C QUESTION 61
The User Directory Software Blade is used to integrate which of the following with a R75 Security Gateway?
A. LDAP server
B. RADIUS server
C. Account Management Client server
D. UserAuthority server

Correct Answer: A QUESTION 62
Your users are defined in a Windows 2008 Active Directory server. You must add LDAP users to a Client Authentication rule.
Which kind of user group do you need in the Client Authentication rule in R75?
A. LDAP group
B. External-user group
C. A group with a generic user
D. All Users

Correct Answer: A QUESTION 63
Which of the following commands do you run on the AD server to identify the DN name before configuring LDAP integration with the Security Gateway?
A. query ldap -name administrator
B. dsquery user -name administrator
C. ldapquery -name administrator
D. cpquery -name administrator

Correct Answer: B QUESTION 64
In SmartDirectory, what is each LDAP server called?
A. Account Server
B. Account Unit
C. LDAP Server
D. LDAP Unit

Correct Answer: B QUESTION 65
What is the default port number for standard TCP connections with the LDAP server?
A. 398
B. 636
C. 389
D. 363

Correct Answer: C QUESTION 66
What is the default port number for Secure Sockets Layer connections with the LDAP Server?
A. 363
B. 389
C. 398
D. 636

Correct Answer: D QUESTION 67
When defining an Organizational Unit, which of the following are NOT valid object categories?
A. Domains
B. Resources
C. Users
D. Services

Correct Answer: A QUESTION 68
When defining SmartDirectory for High Availability (HA), which of the following should you do?
A. Replicate the same information on multiple Active Directory servers.
B. Configure Secure Internal Communications with each server and fetch branches from each.
C. Configure a SmartDirectory Cluster object.
D. Configure the SmartDirectory as a single object using the LDAP cluster IP. Actual HA functionality is configured on the servers.

Correct Answer: A QUESTION 69
The set of rules that governs the types of objects in the directory and their associated attributes is called thE.
A. LDAP Policy
B. Schema
C. Access Control List
D. SmartDatabase

Correct Answer: B QUESTION 70
When using SmartDashboard to manage existing users in SmartDirectory, when are the changes applied?
A. Instantaneously
B. At policy installation
C. Never, you cannot manage users through SmartDashboard
D. At database synchronization

Correct Answer: A QUESTION 71
Where multiple SmartDirectory servers exist in an organization, a query from one of the clients for user information is made to the servers based on a priority.
By what category can this priority be defined?
A. Gateway or Domain
B. Location or Account Unit
C. Location or Domain
D. Gateway or Account Unit

Correct Answer: D QUESTION 72
Each entry in SmartDirectory has a unique _______________ ?
A. Distinguished Name
B. Organizational Unit
C. Port Number Association
D. Schema

Correct Answer: A QUESTION 73
With the User Directory Software Blade, you can create R75 user definitions on a(n) _________ Server.
A. SecureID
B. LDAP
C. NT Domain
D. Radius

Correct Answer: B QUESTION 74
Which describes the function of the account unit?
A. An Account Unit is the Check Point account that SmartDirectory uses to access an (LDAP) server
B. An Account Unit is a system account on the Check Point gateway that SmartDirectory uses to access an (LDAP) server
C. An Account Unit is the administration account on the LDAP server that SmartDirectory uses to access to (LDAP) server
D. An Account Unit is the interface which allows interaction between the Security Management server and Security Gateways, and the SmartDirectory (LDAP) server.

Correct Answer: D QUESTION 75
An organization may be distributed across several SmartDirectory (LDAP) servers.
What provision do you make to enable a Gateway to use all available resources? Each SmartDirectory (LDAP) server must be:
A. a member in the LDAP group.
B. a member in a group that is associated with one Account Unit.
C. represented by a separate Account Unit.
D. represented by a separate Account Unit that is a member in the LDAP group.

Correct Answer: C QUESTION 76
Which is NOT a method through which Identity Awareness receives its identities?
A. GPO
B. Captive Portal
C. AD Query
D. Identity Agent Correct Answer: A
QUESTION 77
When using Captive Portal to send unidentified users to a Web portal for authentication, which of the following is NOT a recommended use for this method?
A. Identity-based enforcement for non-AD users (non-Windows and guest users)
B. For deployment of Identity Agents
C. Basic identity enforcement in the internal network
D. Leveraging identity in Internet application control

Correct Answer: C QUESTION 78
Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). Which of the following is NOT a recommended use for this method?
A. When accuracy in detecting identity is crucial
B. Identity based enforcement for non-AD users (non-Windows and guest users)
C. Protecting highly sensitive servers
D. Leveraging identity for Data Center protection

Correct Answer: B QUESTION 79
Which of the following access options would you NOT use when configuring Captive Portal?
A. Through the Firewall policy
B. From the Internet
C. Through all interfaces
D. Through internal interfaces

Correct Answer: B QUESTION 80
Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?
A. vpnd
B. cvpnd
C. fwm
D. fwd

Correct Answer: A QUESTION 81
Remote clients are using SSL VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?
A. vpnd
B. cvpnd
C. fwm
D. fwd

Correct Answer: B QUESTION 82
Which of the following is NOT a LDAP server option in SmartDirectory?
A. Novell_DS
B. Netscape_DS
C. OPSEC_DS
D. Standard_DS

Correct Answer: D
QUESTION 83
An Account Unit is the interface between the __________ and the __________.
A. Users, Domain
B. Gateway, Resources
C. System, Database
D. Clients, Server

Correct Answer: D
QUESTION 84
Which of the following is a valid Active Directory designation for user John Doe in the Sales department of AcmeCorp.com?
A. Cn=john_doe,ou=Sales,ou=acmecorp,dc=com
B. Cn=john_doe,ou=Sales,ou=acme,ou=corp,dc=com
C. Cn=john_doe,dc=Sales,dc=acmecorp,dc=com
D. Cn=john_doe,ou=Sales,dc=acmecorp,dc=com

Correct Answer: D
QUESTION 85
Which utility or command is useful for debugging by capturing packet information, including verifying LDAP authentication?
A. fw monitor
B. ping
C. um_core enable
D. fw debug fwm
Correct Answer: A

The Checkpoint 156-315 training is a vital way of becoming the best.This Checkpoint 156-315 certification has helped the candidates to enhance their capabilities by providing a great learning platform to them so that they can polish their skills.

Author

Back to Top