Checkpoint 156-315 Vce Files, Helpful Checkpoint 156-315 Vce & PDF Sale

CheckPoint, CheckPoint Certification Comments Off

Welcome to download the newest Jumpexam 000-958 VCE dumps:

From now on, you can quickly and easily pass the Checkpoint 156-315 Certification exam by FLYDUMPS while retaining the how-to and know-how involved in learning the skills covered in the Checkpoint 156-315 practice exam. Passing Checkpoint 156-315 exam will clear the path to future Riverbed exam success and instantly enhance your career. FLYDUMPS Checkpoint 156-315 exam sample questions ensure your success in high score. FLYDUMPS has played a key role in shaping my career. Doing upgrade from unlimited access package towards the Checkpoint 156-315 practice exam was a good step.

How does a cluster member take over the VIP after a failover event?
A. Broadcast storm
B. iflist -renew
C. Ping the sync interface
D. Gratuitous ARP

Correct Answer: D QUESTION 111
Check Point Clustering protocol, works on:
A. UDP 500
B. UDP 8116
C. TCP 8116
D. TCP 19864

Correct Answer: B QUESTION 112
A customer is calling saying one cluster member’s status is Down. What will you check?
A. cphaprob list (verify what critical device is down)
B. fw ctl pstat (check sync)
C. fw ctl debug -m cluster + forward (forwarding layer debug)
D. tcpdump/snoop (CCP traffic)

Correct Answer: A QUESTION 113
Which of the following commands can be used to troubleshoot ClusterXL sync issues?
A. fw debug cxl connections > file_name
B. fw tab -s -t connections > file_name
C. fw tab -u connections > file_name
D. fw ctl -s -t connections > file_name

Correct Answer: B QUESTION 114
Which of the following commands shows full synchronization status?
A. fw hastat
B. cphaprob -i list
C. cphaprob -a if
D. fw ctl iflist

Correct Answer: B QUESTION 115
Which of the following commands shows full synchronization status?
A. cphaprob -a if
B. fw ctl iflist
C. fw hastat
D. fw ctl pstat

Correct Answer: D QUESTION 116
John is configuring a new R71 Gateway cluster but he can not configure the cluster as Third Party IP
Clustering because this option is not available in Gateway Cluster Properties.

What’s happening?
A. Third Party Clustering is not available for R71 Security Gateways.
B. John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.
C. ClusterXL needs to be unselected to permit 3rd party clustering configuration.
D. John has an invalid ClusterXL license.

Correct Answer: C QUESTION 117
In ClusterXL, _______ is defined by default as a critical device.
A. fwd
B. fwm
C. assld
D. cpp

Correct Answer: A QUESTION 118
In ClusterXL, _______ is defined by default as a critical device.
A. fw.d
B. protect.exe
D. Filter

Correct Answer: D
When synchronizing clusters, which of the following statements is NOT true?
A. User Authentication connections will be lost by the cluster.
B. An SMTP resource connection using CVP will be maintained by the cluster.
C. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
D. Only cluster members running on the same OS platform can be synchronized.

Correct Answer: B
When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?
A. It will try to take the policy from one of the other cluster members.
B. It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.
C. If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
D. It compares its local policy to the one on the Security Management Server.

Correct Answer: B
Organizations are sometimes faced with the need to locate cluster members in different geographic
locations that are distant from each other.
A typical example is replicated data centers whose location is widely separated for disaster recovery

What are the restrictions of this solution?

A. There are no restrictions.
B. There is one restriction: The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).
C. There is one restriction: The synchronization network must guarantee no more than 100 ms latency.
D. There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.

Correct Answer: D
You are the MegaCorp Security Administrator.
This company uses a firewall cluster, consisting of two cluster members.
The cluster generally works well but one day you find that the cluster is behaving strangely.
You assume that there is a connectivity problem with the cluster synchronization cluster link (cross-over

Which of the following commands is the best for testing the connectivity of the crossover cable?

A. telnet <IP address of the synchronization interface on the other cluster member>
B. ifconfig -a
C. ping <IP address of the synchronization interface on the other cluster member>
D. arping <IP address of the synchronization interface on the other cluster member>

Correct Answer: D
You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?
A. Connections cannot be established until cluster members are fully synchronized.
B. It is not possible to configure High Availability that is not synchronized.
C. Old connections are lost but can be reestablished.
D. Old connections are lost but are automatically recovered whenever the failed machine recovers.

Correct Answer: C
What command will allow you to disable sync on a cluster firewall member?
A. fw ctl syncstat stop
B. fw ctl setsync off
C. fw ctl setsync 0
D. fw ctl syncstat off

Correct Answer: B
When using ClusterXL in Load Sharing, what is the default method?
A. IPs, Ports, SPIs
B. IPs
C. IPs, Ports
D. IPs, SPIs

Correct Answer: A
If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?
A. The connections are dropped as Load Sharing does not support High Availability.
B. The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).
C. There is no state synchronization on Load Sharing, only on High Availability.
D. The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).
Correct Answer: D
What is a “sticky” connection?
A. A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
B. A Sticky Connection is a VPN connection that remains up until you manually bring it down.
C. A Sticky Connection is a connection that remains the same.
D. A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.

Correct Answer: A QUESTION 128
Review the R75 configuration.

Is it correct for Management High Availability?
A. No, the Security Management Servers must reside on the same network.
B. No, the Security Management Servers must be installed on the same operating system.
C. No, the Security Management Servers do not have the same number of NICs.
D. No, a R71 Security Management Server cannot run on Red Hat Linux 9.0.

Correct Answer: B
Check Point New Mode HA is a(n) _________ solution.
A. primary-domain
B. hot-standby
C. acceleration
D. load-balancing

Correct Answer: B
What is the behavior of ClusterXL in a High Availability environment?
A. The active member responds to the virtual address and is the only member that passes traffic.
B. The active member responds to the virtual address and, using sync network forwarding, both members pass traffic.
C. Both members respond to the virtual address but only the active member is able to pass traffic.
D. Both members respond to the virtual address and both members pass traffic.

Correct Answer: A
Review the cphaprobstate command output from a New Mode High Availability cluster member.

Which machine has the highest priority?
A., because its state is active
B., because its number is 1
C., because it is <local>
D. This output does not indicate which machine has the highest priority.

Correct Answer: B QUESTION 132
By default Check Point High Availability components send updates about their state every:
A. 5 seconds.
B. 0.5 second.
C. 0.1 second.
D. 1 second.

Correct Answer: C QUESTION 133
You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R75. cphaprob stat shows:

Which of the following is not a possible cause of this?
A. You have a different number of cores defined for CoreXL between the two members
B. Member 1 has CoreXL disabled and member 2 does not
C. Member 1 is at a lower version than member 2
D. You have not run cpconfig on member 2 yet.

Correct Answer: D
In Management High Availability, what is an Active SMS?
A. Active Security Master Server
B. Active Smart Management Server
C. Active Security Management Server
D. Active Smart Master Server

Correct Answer: C QUESTION 135
For Management High Availability synchronization, what does the Advance status mean?
A. The peer SMS has not been synchronized properly.
B. The peer SMS is properly synchronized.
C. The active SMS and its peer have different installed policies and databases.
D. The peer SMS is more up-to-date.

Correct Answer: D QUESTION 136
Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration?
A. The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated.
B. Allows for faster seamless failover: from active-to-active instead of standby-to-active.
C. An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.
D. Creates a High Availability implementation between the Gateways installed on the Security Management Servers.

Correct Answer: C QUESTION 137
You want to verify that your Check Point cluster is working correctly. Which command line tool can you use?
A. cphastart -status
B. cphainfo -s
C. cphaprob state
D. cphaconf state

Correct Answer: C QUESTION 138
How can you view the virtual cluster interfaces of a Cluster XL environment?
A. cphaprob -ia if
B. cphaprob -a if
C. cphaprob -a list
D. cphaprob -ia list

Correct Answer: B QUESTION 139
When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?
A. All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.
B. All cluster members process all packets and members synchronize with each other.
C. All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.
D. Only one member at a time is active. The active cluster member processes all packets.

Correct Answer: C QUESTION 140
Which of the following does NOT happen when using Pivot Mode in ClusterXL?
A. The Security Gateway analyzes the packet and forwards it to the Pivot.
B. The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.
C. The Pivot’s Load Sharing decision function decides which cluster member should handle the packet.
D. The Pivot forwards the packet to the appropriate cluster member.

Correct Answer: A QUESTION 141
When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?
A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces
B. Load Sharing based on SPIs
C. Load Sharing based on ports, VTI, and IP addresses
D. Load Sharing based on IP addresses, ports, and security parameter indexes

Correct Answer: D QUESTION 142
To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:
A. set_ccp cpcluster broadcast
B. ccp broadcast
C. clusterconfig set_ccp broadcast
D. cphaconf set_ccp broadcast

Correct Answer: D QUESTION 143
When synchronizing clusters, which of the following statements is NOT true?
1). (local) 100$ active 2). 172.14*.1.2 0$ standby
A. Load Sharing (multicast mode)
B. HA (New mode).
C. 3rd party cluster
D. Load Sharing Unicast (Pivot) mode

Correct Answer: B QUESTION 144
Which of the listed load-balancing methods is NOT valid?
A. Random
B. Domain
C. They are all valid
D. Round Trip

Correct Answer: C QUESTION 145
Which method of load balancing describes “Round Robin”?
A. Assigns service requests to the next server in a series.
B. Assigns service requests to servers at random.
C. Measures the load on each server to determine which server has the most available resources.
D. Ensures that incoming requests are handled by the server with the fastest response time.

Correct Answer: A QUESTION 146
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully
No protocols or services have been unselected for selective sync.

Review the fw tab -tconnections -soutput from both members.
Is State Synchronization working properly between the two members?
A. Members A and B are not synchronized, because #VALS in the connections table are not close.
B. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table.
C. Members A and B are synchronized, because #SLINKS are identical in the connections table.
D. Members A and B are synchronized, because ID for both members is identical in the connections table.

Correct Answer: A QUESTION 147
You have two IP Appliances: one IP565 and one IP395.
Both appliances have IPSO 6.2 and R75 installed in a distributed deployment.

Can they be members of a Gateway Cluster?

A. No, because the Security Gateways must be installed in a stand-alone installation.
B. No, because IP does not have a cluster option.
C. Yes, as long as they have the same IPSO and Check Point versions.
D. No, because the appliances must be of the same model (both should be IP565 or IP395).

Correct Answer: C QUESTION 148
You want to upgrade a cluster with two members to VPN-1 NGX.
The SmartCenter Server and both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix.

What is the correct upgrade procedure?

Change the version, in the General Properties of the gateway-cluster object.

Upgrade the SmartCenter Server, and reboot after upgrade.

Run cpstop on one member, while leaving the other member running. Upgrade one member at a time,

and reboot after upgrade.

Reinstall the Security Policy.
A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4
E. 1, 2, 3, 4

Correct Answer: D QUESTION 149
Included in the client’s network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches.
Which of the following answers does NOT lead to a successful solution?
A. Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.
B. Configure static CAMs to allow multicast traffic on specific ports.
C. ClusterXL supports IGMP snooping by default. There is no need to configure anything.
D. Disable IGMP registration in switches that rely on IGMP packets

Correct Answer: C QUESTION 150
What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?
A. You did not activate synchronization within Global Properties.
B. You are using different time zones.
C. You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
D. If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.

Correct Answer: D QUESTION 151
What is the proper command for importing users into the R75 User Database?
A. fwm dbimport
B. fwm importusrs
C. fwm import
D. fwm importdb

Correct Answer: A QUESTION 152
In a R75 Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when:
The Security Policy is installed.

The Security Policy is saved.

The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active.

A scheduled event occurs.

The user database is installed.
Select the BEST response for the synchronization trigger.

A. 1, 2, 4
B. 1, 2, 3, 4
C. 1, 2, 5
D. 1, 3, 4

Correct Answer: A
What is a requirement for setting up R75 Management High Availability?
A. All Security Management Servers must have the same number of NICs.
B. All Security Management Servers must have the same operating system.
C. State synchronization must be enabled on the secondary Security Management Server.
D. All Security Management Servers must reside in the same LAN.

Correct Answer: B
You are preparing computers for a new ClusterXL deployment.
For your cluster, you plan to use four machines with the following configurations:

Cluster Member 1: OS: SecurePlatform, NICs: QuadCard, memory: 1 GB, Security Gateway only, version:
Cluster Member 2: OS: SecurePlatform, NICs: 4 Intel 3Com, memory: 1 GB, Security Gateway only,
version: R75
Cluster Member 3: OS: SecurePlatform, NICs: 4 other manufacturers, memory: 512 MB, Security Gateway
only, version: R75

Security Management Server: MS Windows 2003, NIC. Intel NIC (1), Security Gateway and primary
Security Management Server installed, version: R75

Are these machines correctly configured for a ClusterXL deployment?

A. No, the Security Gateway cannot be installed on the Security Management Pro Server.
B. No, Cluster Member 3 does not have the required memory.
C. Yes, these machines are configured correctly for a ClusterXL deployment.
D. No, the Security Management Server is not running the same operating system as the cluster members.
Correct Answer: C
You are establishing a ClusterXL environment, with the following topology:

VIP internal cluster IP =, VIP external cluster IP =
Cluster Member 1:4 NICs, 3 enable:hme0:192.168.10/24,hme1:10.10.10/24,qfe2:172.16.10/24
Cluster Member 2:5 NICs, 3 enable:hme0:192.168.10/24,hme1:10.10.10/24,qfe2:172.16.10/24

External interfaces and connect to a VLAN switch.
The upstream router connects to the same VLAN switch.
Internal interfaces and connect to a hub. is the synchronization network.
The Security Management Server is located on the internal network with IP

What is the problem with this configuration?
A. Cluster members cannot use the VLAN switch. They must use hubs.
B. The Cluster interface names must be identical across all cluster members.
C. There is an IP address conflict.
D. The Security Management Server must be in the dedicated synchronization network, not the internal network.

Correct Answer: C QUESTION 156
What is the reason for the following error?

A. A third-party cluster solution is implemented.
B. Cluster membership is not enabled on the gateway.
C. Objects.C does not contain a cluster object.
D. Device Name contains non-ASCII characters.

Correct Answer: B
In which ClusterXL Load Sharing mode, does the pivot machine get chosen automatically by ClusterXL?
A. Hot Standby Load Sharing
B. Unicast Load Sharing
C. Multicast Load Sharing
D. CCP Load Sharing

Correct Answer: B
What configuration change must you make to change an existing ClusterXL cluster object from Multicast to Unicast mode?
A. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
B. Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
C. Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
D. Change the cluster mode to Unicast on each of the cluster-member objects.
Correct Answer: C QUESTION 159
In Load Sharing Unicast mode, the internal cluster IP address is
The internal interfaces on two members are and
Internal host Pings, and receives replies.
The following is the ARP table from the internal Windows host
Review the exhibit and identify the member serving as the pivot machine.
C. The pivot machine cannot be determined by this test.

Correct Answer: B QUESTION 160
Which of the following commands will stop acceleration on a Security Gateway running on SecurePlatform?
A. splat_accel off
B. perf_pack off
C. fw accel off
D. fwaccel off

Correct Answer: D

With the products Checkpoint 156-315 for training and preparation of testing you would not only significantly reduce your fees, but pass your Checkpoint 156-315 exam. We obtain our products from Authorities experts from test center.We give you the best path to successful completion of your exam to the real and original exam questions and answers for Checkpoint 156-315.

Jumpexam 000-958 dumps with PDF + Premium VCE + VCE Simulator:


Back to Top