Flydumps just published the newest Checkpoint 156-315 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Checkpoint 156-315 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Checkpoint 156-315 version VCE Player along with your VCE dumps.
While authorization for users managed by SmartDirectory is performed by the gateway, the authentication is mostly performed by the infrastructure in which of the following?
Correct Answer: B QUESTION 117
When troubleshooting user authentication, you may see the following entries in a debug of the user authentication process. In which order are these messages likely to appear?
A. make_au, au_auth, au_fetchuser, au_auth_auth, cpLdapCheck, cpLdapGetUser
B. cpLdapGetUser, au_fetchuser, cpLdapCheck, make_au, au_auth, au_auth_auth
C. make_au, au_auth, au_fetchuser, cpLdapGetUser, cpLdapCheck, au_auth_auth
D. au_fetchuser, make_au, au_auth, cpLdapGetUser, au_auth_auth, cpLdapCheck
Correct Answer: C QUESTION 118
Which of the following is NOT a ClusterXL mode?
Correct Answer: C QUESTION 119
In an R75 Cluster, some features such as VPN only function properly when:
A. All cluster members have the same policy
B. All cluster members have the same Hot Fix Accumulator pack installed
C. All cluster members’ clocks are synchronized
D. All cluster members have the same number of interfaces configured
Correct Answer: C QUESTION 120
In ClusterXL R75; when configuring a cluster synchronization network on a VLAN interface what is the supported configuration?
A. It is supported on VLAN tag 4095
B. It is supported on VLAN tag 4096
C. It is supported on the lowest VLAN tag of the VLAN interface
D. It is not supported on a VLAN tag
Correct Answer: C QUESTION 121
Which process is responsible for delta synchronization in ClusterXL?
A. fw kernel on the security gateway
B. fwd process on the security gateway
C. cpd process on the security gateway
D. Clustering process on the security gateway
Correct Answer: A QUESTION 122
Which process is responsible for full synchronization in ClusterXL?
A. fwd on the Security Gateway
B. fw kernel on the Security Gateway
C. Clustering on the Security Gateway
D. cpd on the Security Gateway
Correct Answer: A QUESTION 123
Which process is responsible for kernel table information sharing across all cluster members?
A. fwd daemon using an encrypted TCP connection
B. CPHA using an encrypted TCP connection
C. fw kernel using an encrypted TCP connection
D. cpd using an encrypted TCP connection
Correct Answer: A QUESTION 124
By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:
A. The user data base is installed.
B. The standby Security Management Server starts for the first time.
C. The Security Policy is installed.
D. The Security Policy is saved. Correct Answer: C
The ________ Check Point ClusterXL mode must synchronize the physical interface IP and MAC addresses on all clustered interfaces.
A. New Mode HA
B. Pivot Mode Load Sharing
C. Multicast Mode Load Sharing
D. Legacy Mode HA
Correct Answer: D QUESTION 126
__________ is a proprietary Check Point protocol. It is the basis for Check Point ClusterXL inter- module communication.
A. HA OPCODE
Correct Answer: D QUESTION 127
After you add new interfaces to a cluster, how can you check if the new interfaces and the associated virtual IP address are recognized by ClusterXL?
A. By running the command cphaprob state on both members
B. By running the command cpconfig on both members
C. By running the command cphaprob -I list on both members
D. By running the command cphaprob -a if on both members
Correct Answer: D
Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?
“Pass Any Exam. Any Time.” – www.actualtests.com 47 Checkpoint 156-315.75 Exam
A. Multi-connection support for VPN-1 cluster members
B. Support for all VPN deployments (except those with third-party VPN peers)
C. Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections
D. Support for Performance Pack acceleration
Correct Answer: C
Included in the customer’s network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He is not sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.
A. Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products.
B. ClusterXL always supports the Sticky Decision Function in the Load Sharing mode.
C. The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to enable the Sticky Decision Function in the SmartDashboard cluster object in the ClusterXL page, Advanced Load Sharing Configuration window.
D. The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to configure it with the clusterXL_SDF_enable command.
Correct Answer: A
A connection is said to be Sticky when:
A. The connection information sticks in the connection table even after the connection has ended.
B. A copy of each packet in the connection sticks in the connection table until a corresponding reply packet is received from the other side.
C. A connection is not terminated by either side by FIN or RST packet.
D. All the connection packets are handled, in either direction, by a single cluster member.
Correct Answer: D
How does a cluster member take over the VIP after a failover event?
A. Broadcast storm
B. iflist -renew
C. Ping the sync interface
D. Gratuitous ARP
Correct Answer: D
Check Point Clustering protocol, works on:
A. UDP 500
B. UDP 8116
C. TCP 8116
D. TCP 19864
Correct Answer: B QUESTION 133
A customer is calling saying one member’s status is Down. What will you check?
A. cphaprob list (verify what critical device is down)
B. fw ctl pstat (check sync)
C. fw ctl debug -m cluster + forward (forwarding layer debug)
D. tcpdump/snoop (CCP traffic)
Correct Answer: A QUESTION 134
A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence. I will recommend:
A. turning on SDF (Sticky Decision Function)
B. turning off SDF (Sticky Decision Function)
C. changing the load on each member
D. configuring flush and ack
Correct Answer: A QUESTION 135
Which of the following commands can be used to troubleshoot ClusterXL sync issues?
A. fw debug cxl connections > file_name
B. fw tab -s -t connections > file_name
C. fw tab -u connections > file_name
D. fw ctl -s -t connections > file_name
Correct Answer: B QUESTION 136
Which of the following commands shows full synchronization status?
A. fw hastat
B. cphaprob -i list
C. cphaprob -a if
D. fw ctl iflist
Correct Answer: B
CCNA Checkpoint 156-315 Certification Exam contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Checkpoint 156-315.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question Checkpoint 156-315 to the text and laying out a complete study plan for review.CCNA Checkpoint 156-315 also includes a wealth of hands-on practice exercises and a copy of the Checkpoint 156-315 network simulation software that allows you to practice your CCNA Checkpoint 156-315 hands-on skills in a virtual lab environment.The Checkpoint 156-315 supporting website keeps you fully informed of any exam changes.