Welcome to download the newest Examwind 300-101 dumps:
We’re certain you will pass your Checkpoint 156-315 exam after employing your SPHR exam sample questions, with Checkpoint 156-315 questions and answers from FLYDUMPS; you will be relax knowing you will be fully ready to defend myself against your Checkpoint 156-315 exam. FLYDUMPS Checkpoint 156-315 exam sample questions are regularly busted intended for updates, accurateness along with commencing content materials.
QUESTION 217
What are the 3 main components of the SmartEvent Software Blade?
1.
Correlation Unit
2.
Correlation Client
3.
Correlation Server
4.
Analyzer Server
5.
Analyzer Client
6.
Analyzer Unit
A. 1, 2, 3
B. 4, 5, 6
C. 1, 4, 5
D. 1, 3, 4
Correct Answer: C QUESTION 218
You are reviewing computer information collected in ClientInfo. You can NOT:
A. Enter new credential for accessing the computer information.
B. Save the information in the active tab to an .exe file.
C. Copy the contents of the selected cells.
D. Run Google.com search using the contents of the selected cell.
Correct Answer: B
QUESTION 219
What is the SmartEvent Analyzer’s function?
A. Assign severity levels to events.
B. Analyze log entries, looking for Event Policy patterns.
C. Display received threats and tune the Events Policy.
D. Generate a threat analysis report from the Analyzer database.
Correct Answer: A
QUESTION 220
What is the SmartEvent Client’s function?
A. Display received threats and tune the Events Policy.
B. Generate a threat analysis report from the Reporter database.
C. Invoke and define automatic reactions and add events to the database.
D. Assign severity levels to events.
Correct Answer: A
QUESTION 221
A tracked SmartEvent Candidate in a Candidate Pool becomes an Event.
What does NOT happen in the Analyzer Server?
A. SmartEvent provides the beginning and end time of the Event.
B. The Correlation Unit keeps adding matching logs to the Event.
C. The Event is kept open, but condenses many instances into one Event.
D. SmartEvent stops tracking logs related to the Candidate.
Correct Answer: D
QUESTION 222
What is the benefit to running SmartEvent in Learning Mode?
A. There is no SmartEvent Learning Mode
B. To run SmartEvent with preloaded sample data in a test environment
C. To run SmartEvent, with a step-by-step online configuration guide for training/setup purposes
D. To generate a report with system Event Policy modification suggestions
Correct Answer: D
QUESTION 223
For best performance in Event Correlation, you should use:
A. IP address ranges
B. Large groups
C. Nothing slows down Event Correlation
D. Many objects
Correct Answer: A
QUESTION 224
_______________ manages Standard Reports and allows the administrator to specify automatic uploads of reports to a central FTP server.
A. SmartDashboard Log Consolidator
B. SmartReporter
C. Security Management Server
D. SmartReporter Database
Correct Answer: B QUESTION 225
_____________ generates a SmartEvent Report from its SQL database.
A. SmartEvent Client
B. Security Management Server
C. SmartReporter
D. SmartDashboard Log Consolidator
Correct Answer: C QUESTION 226
Which SmartReporter report type is generated from the SmartView Monitor history file?
A. Custom
B. Express
C. Traditional
D. Standard
Correct Answer: B QUESTION 227
You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30
port scans have occurred within 60 seconds.
You also want to detect two port scans from a host within 10 seconds of each other.
How would you accomplish this?
A. Define the two port-scan detections as an exception.
B. Select the two port-scan detections as a new event.
C. Select the two port-scan detections as a sub-event.
D. You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.
Correct Answer: A QUESTION 228
When do modifications to the Event Policy take effect?
A. When saved on the Correlation Units, and pushed as a policy.
B. As soon as the Policy Tab window is closed.
C. When saved on the SmartEvent Client, and installed on the SmartEvent Server.
D. When saved on the SmartEvent Server and installed to the Correlation Units.
Correct Answer: D QUESTION 229
To clean the system of all events, you should delete the files in which folder(s)?
A. $RTDIR/distrib and $RTDIR/events_db
B. $RTDIR/events_db
C. $FWDIR/distrib_db and $FWDIR/events
D. $FWDIR/distrib
Correct Answer: A QUESTION 230
What SmartConsole application allows you to change the Log Consolidation Policy?
A. SmartDashboard
B. SmartReporter
C. SmartUpdate
D. SmartEvent Server
Correct Answer: A QUESTION 231
Where is it necessary to configure historical records in SmartView Monitor to generate Express reports in SmartReporter?
A. In SmartView Monitor, under Global Properties > Log and Masters
B. In SmartReporter, under Express > Network Activity
C. In SmartDashboard, the SmartView Monitor page in the R75 Security Gateway object
D. In SmartReporter, under Standard > Custom
Correct Answer: C QUESTION 232
SmartReporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT:
A. Possible worm/malware activity.
B. Analyzing traffic patterns against public resources.
C. Analyzing access attempts via social-engineering.
D. Tracking attempted port scans.
Correct Answer: C QUESTION 233
If Jack was concerned about the number of log entries he would receive in the SmartReporter system, which policy would he need to modify?
A. Consolidation Policy
B. Log Consolidator Policy
C. Log Sequence Policy
D. Report Policy
Correct Answer: A QUESTION 234
Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed.
Which actions should be taken to achieve that?
(i)
Use same hard driver for database directory, log files and temporary directory
(ii)
Use Consolidation Rules
(iii) Limit logging to blocked traffic only
(iv)
Using Multiple Database Tables
A.
(i) and (ii)
B.
(ii) and (iv)
C.
(i), (ii) and (iv)
D.
(i), (iii) and (iv)
Correct Answer: B QUESTION 235
To help organize events, SmartReporter uses filtered queries.
Which of the following is NOT an SmartEvent event property you can query?
A. Event: Critical, Suspect, False Alarm
B. TimE. Last Hour, Last Day, Last Week
C. StatE. Open, Closed, False Alarm
D. TypE. Scans, Denial of Service, Unauthorized Entry
Correct Answer: A QUESTION 236
How could you compare the Fingerprint shown to the Fingerprint on the server?
A. Run cpconfig, select the Certificate’s Fingerprint option and view the fingerprint
B. Run cpconfig, select the GUI Clients option and view the fingerprint
C. Run cpconfig, select the Certificate Authority option and view the fingerprint
D. Run sysconfig, select the Server Fingerprint option and view the fingerprint
Correct Answer: A
QUESTION 237
Which file defines the fields for each object used in the file objects.C (color, num/string, default value…)?
A. $FWDIR/conf/classes.C
B. $FWDIR/conf/scheam.C
C. $FWDIR/conf/table.C
D. $FWDIR/conf/fields.C
Correct Answer: A QUESTION 238
Which of the following commands can be used to stop Management portal services?
A. fw stopportal
B. cpportalstop
C. cpstop / portal
D. smartportalstop
Correct Answer: D QUESTION 239
You use the snapshot feature to store your Connectra SSL VPN configuration. What do you expect to find?
A. Nothing; snapshot is not supported in Connectra SSL VPN.
B. The management configuration of the current product, on a management or stand-alone machine
C. A complete image of the local file system
D. Specified directories of the local file system.
Correct Answer: C QUESTION 240
When running DLP Wizard for the first time, which of the following is a mandatory configuration?
A. Mail Server
B. E-mail Domain in My Organization
C. DLP Portal URL
D. Active Directory
Correct Answer: B QUESTION 241
When using Connectra with Endpoint Security Policies, what option is not available when configuring DAT enforcement?
A. Maximum DAT file version
B. Maximum DAT file age
C. Minimum DAT file version
D. Oldest DAT file timestamp
Correct Answer: A QUESTION 242
Which of the following statements is FALSE about the DLP Software Blade and Active Directory (AD) or LDAP?
A. When a user authenticates in the DLP Portal to view all his unhandled incidents, the portal authenticates the user using only AD/LDAP.
B. Check Point UserCheck client authentication is based on AD.
C. For SMTP traffic, each recipient e-mail address is translated using AD/LDAP to a user name and group that is checked vs. the destination column of the DLP rule base.
D. For SMTP traffic, the sender e-mail address is translated using AD/LDAP to a user name and group
that is checked vs. the source column of the DLP rule base. Correct Answer: A QUESTION 243
You are running R71 and using the new IPS Software Blade.
To maintain the highest level of security, you are doing IPS updates regularly.
What kind of problems can be caused by the automatic updates?
A. None; updates will not add any new security checks causing problematic behaviour on the systems.
B. None, all new updates will be implemented in Detect only mode to avoid unwanted traffic interruptions. They have to be activated manually later.
C. None, all the checks will be activated from the beginning, but will only detect attacks and not disturb any non-malicious traffic in the network.
D. All checks will be activated from the beginning and might cause unwanted traffic outage due to false positives of the new checks and non-RFC compliant self-written applications.
Correct Answer: B QUESTION 244
Which of the following deployment scenarios CANNOT be managed by Check Point QoS?
A. Two lines connected to a single router, and the router is connected directly to the Gateway
B. Two lines connected to separate routers, and each router is connected to separate interfaces on the Gateway
C. One LAN line and one DMZ line connected to separate Gateway interfaces
D. Two lines connected directly to the Gateway through a hub
Correct Answer: A QUESTION 245
Which technology is responsible for assembling packet streams and passing ordered data to the protocol parsers in IPS?
A. Pattern Matcher
B. Content Management Infrastructure
C. Accelerated INSPECT
D. Packet Streaming Layer
Correct Answer: D QUESTION 246
You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the
Default Rule with a weight of 10.
The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps.
The per-connection guarantee is for four connections, and no additional connections are allowed in the
Action properties.
If traffic is passing through the QoS Module matches both rules, which of the following statements is
TRUE?
A. Each H.323 connection will receive at least 512 Kbps of bandwidth.
B. The H.323 rule will consume no more than 2048 Kbps of available bandwidth.
C. 50% of available bandwidth will be allocated to the Default Rule.
D. Neither rule will be allocated more than 10% of available bandwidth. Correct Answer: B
QUESTION 247
How is SmartWorkflow enabled?
A. In SmartView Monitor, click on SmartWorkflow / Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.
B. In SmartView Tracker, click on SmartWorkflow / Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode Once a mode is selected, the wizard finishes.
C. In SmartDashboard, click on SmartWorkflow / Enable SmartWorkflow The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.
D. In SmartEvent, click on SmartWorkflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.
Correct Answer: C
QUESTION 248
What could the following regular expression be used for in a DLP rule?
\$(*, .
Select the best answer
A. As a Data Type to prevent programmers from leaking code outside the company
B. As a compound data type representation.
C. As a Data Type to prevent employees from sending an email that contains a complete price-list of nine products.
D. As a Data Type to prevent the Finance Department from leaking salary information to employees
Correct Answer: D
QUESTION 249
Exhibit: UserA is able to create a SmartLSM Security Cluster Profile , you must select the correct justification.
A. False. The user must have at least Read permissions for the SmartLSM Gateways Database
B. True Only Object Database Read/Write permissions are required to create SmartLSM Profiles
C. False The user must have Read/Write permissions for the SmartLSM Gateways Database.
D. Not enough information to determine. You must know the user’s Provisioning permissions to determine whether they are able to create a SmartLSM Security Cluster Profile
Correct Answer: D
QUESTION 250
Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?
A. Guarantees
B. Weighted Fair Queuing
C. Low Latency Queuing
D. Differentiated Services
Correct Answer: B
QUESTION 251
Laura notices the Microsoft Visual Basic Bits Protection is set to inactive.
She wants to set the Microsoft Visual Basic Kill Bits Protection and all other Low Performance Impact
Protections to Prevent.
She asks her manager for approval and stated she can turn theses on.
But he wants Laura to make sure no high Performance Impacted Protections are turned on while changing
this setting.
Using the out below, how would Laura change the Default_Protection on Performance Impact Protections classified as low from inactive to prevent until meeting her other criteria?
A. Go to Profiles / Default_Protection and uncheck Do not activate protections with performance impact to medium or above
B. Go to Profiles / Default_Protection and select Do not activate protections with performance impact to low or above
C. Go to Profiles / Default_Protection and select Do not activate protections with performance impact to medium or above
D. Go to Profiles / Default_Protection and uncheck Do not activate protections with performance impact to high or above
Correct Answer: C
QUESTION 252
Refer to the to the network topology below.
You have IPS software Blades active on security Gateways sglondon, sgla, and sgny, but still experience attacks on the Web server in the New York DMZ.
How is this possible?
A. All of these options are possible.
B. Attacker may have used a touch of evasion techniques like using escape sequences instead of clear text commands. It is also possible that there are entry points not shown in the network layout, like rouge access points.
C. Since other Gateways do not have IPS activated, attacks may originate from their networks without any noticing
D. An IPS may combine different technologies, but is dependent on regular signature updates and well-turned automatically algorithms. Even if this is accomplished, no technology can offer protection.
Correct Answer: A
QUESTION 253
How is change approved for implementation in SmartWorkflow?
A. The change is submitted for approval and is automatically installed by the approver once Approve is clicked
B. The change is submitted for approval and is automatically installed by the original submitter the next time he logs in after approval of the 3nge
C. The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change.
D. The change is submitted for approval and is manually installed by the approver once Approve is clicked
Correct Answer: C
QUESTION 254
Provisioning Profiles can NOT be applied to:
A. UTM-1 EDGE Appliances
B. UTM-1 Appliances
C. IP Appliances
D. Power-1 Appliances
Correct Answer: C QUESTION 255
One profile in SmartProvisioning can update:
A. Potentially hundreds and thousands of gateways.
B. Only Clustered Gateways.
C. Specific gateways.
D. Profiles are not used for updating, just reporting.
Correct Answer: A QUESTION 256
Check Point recommends deploying SSL VPN:
A. In parallel to the firewall
B. In a DMZ
C. In front of the firewall with a LAN connection
D. On the Primary cluster member
Correct Answer: C QUESTION 257
What are the SmartProvisioning Provisioning Profile indicators?
A. OK, Needs Attention, Uninitialized, Unknown
B. OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown
C. OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date
D. OK, In Use. Out of date, not used
Correct Answer: B QUESTION 258
SmartWorkflow has been enabled with the following configuration:
If a security administrator opens a new session and after making changes to policy, submits the session for approval will be displayed as:
A. Approved
B. In progress
C. Not Approved
D. Awaiting Approval
Correct Answer: B QUESTION 259
In Company XYZ, the DLP Administrator defined a new Keywords Data Type that contains a list of secret
project names; i.e., Ayalon, Yarkon, Yarden.
The threshold is set to At least 2 keywords or phrases.
Based on this information, which of the following scenarios will be a match to the Rule Base?
A. A PDF file that contains the following text Yarkon1 can be the code name for the new product. Yardens list of protected sites
B. An MS Excel file that contains the following text Mort resources for Yarkon project.. Are you certain this is about Yarden?
C. A word file that contains the following text will match:
Ayalon
ayalon
AYALON
D. A password protected MS Excel file that contains the following text Ayalon Yarkon Yarden
Correct Answer: B
QUESTION 260
Which Name Resolution protocols are supported in SSL VPN?
A. DNS, hosts, Imhosts, WINS
B. DNS, hosts, Imhosts
C. DNS, hosts, WINS
D. DNS, hosts
Correct Answer: D QUESTION 261
Which Check Point QoS feature marks the ToS byte in the IP header?
A. Differentiated Services
B. Guarantees
C. Weighted Fair Queuing
D. Low Latency Queuing
Correct Answer: A QUESTION 262
How does ClusterXL Unicast mode handle new traffic?
A. All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.
B. The pivot machine receives and inspects all new packets then synchronizes the connections with other members
C. The pivot machine receives all the packets and runs an algorithm to determine which member should process the packets
D. All cluster members’ process all packets and members synchronize with each other. The pivot is responsible for the master sync catalog
Correct Answer: C QUESTION 263
Which of the following explains Role Segregation?
A. Administrators have different abilities than managers within SmartWorkflow.
B. Different tasks within SmartDashboard are divided according to firewall administrator permissions.
C. Changes made by an administrator in a SmartWorkflow session must have managerial approval prior to commitment.
D. SmartWorkflow can be configured so that managers can only view their assigned sessions
Correct Answer: C QUESTION 264
Which of the following actions is most likely to improve the performance of Check Point QoS?
A. Put the most frequently used rules at the bottom of the QoS Rule Base.
B. Define Check Point QoS only on the external interfaces of the QoS Module.
C. Turn per rule limits into per connection limits
D. Turn per rule guarantees into per connection guarantees.
Correct Answer: B
QUESTION 265
Where is the encryption domain for a SmartLSM Security Gateway configured in R71?
A. Inside the SmartLSM Security Gateway object in the SmartDashboard GUI
B. Inside the SmartLSM Security Gateway profile in the SmartProvisioning GUI
C. Inside the SmartLSM Security Gateway object in the SmartProvisioning GUI
D. Inside the SmartLSM Security Gateway profile in the SmartDashboard GUI
Correct Answer: B
QUESTION 266
John is the MultiCorp Security Administrator.
If he suggests a change in the firewall configuration, he must submit his proposal to David, a security
manager.
One day David is out of the office and john submits his proposal to peter.
Surprisingly, Peter is not able to approve the proposal because the system does not permit him to do so?
Both David and Peter have accounts as administrators in the Security Management server and both have the Read/Write ALL permission.
What is the reason for this difference?
A. There were some Hardware/Software issues at Security Management server on the first day.
B. Peter was no logged on to system for a longer time
C. The attribute Manage Administrator was not assigned to Peter
D. The specific SmartWorkflow read/Write permission were assigned to David only.
Correct Answer: C QUESTION 267
What is NOT true about Management Portal?
A. Choosing Accept control connections in Implied Rules includes Management Portal access
B. Management Portal requires a license
C. Default Port for Management Portal access is 4433
D. Management Portal could be reconfigured for using HTTP instead of HTTPS
Correct Answer: A QUESTION 268
Management Portal should be installed on:
(i)
Management Server
(ii)
Security Gateway
(iii)
Dedicated Server
A.
All are possible solutions
B.
(ii) only
C.
(iii) only
D.
(i) or (ii) only
Correct Answer: D QUESTION 269
What port is used for Administrator access for your SSL VPN?
B. 4433
C. 4434
D. 443
Correct Answer: B
QUESTION 270
What is the command to upgrade a SecurePlatform NG with Application Intelligence (Al) R55 SmartCenter Server to VPN-1 NGX using a CD?
A. cd patch add
B. fwm upgrade_tool
C. cppkg add
D. patch add
E. patch add cd
Correct Answer: E
FLYDUMPS Checkpoint 156-315 exam sample questions that we can provide are based on the extensive research and real-world experiences from our online trainers, with so many years of IT and certification experience. flydumps Checkpoint 156-315 exam sample questions covers all the practice test objectives to pass Checkpoint 156-315 exam. It includes Checkpoint 156-315 study guide, Checkpoint 156-315 test questions, as well as PDF and Interactive Testing Engine. The Checkpoint 156-315 exam sample questions as well as our other Citrix Checkpoint 156-315 exam training are not only priced to be easy on your budget – but each one is also backed with our guarantee. flydumps guarantees that after using our Citrix certification Checkpoint 156-315 exam sample questions, you will be prepared to take and pass your Citrix Checkpoint 156-315 exam. So do not neglect the so good chance, FLYDUMPS will help you get Citrix certification.
