Index

Welcome to download the newest Jumpexam 000-958 VCE dumps: http://www.jumpexam.com/000-958.html

From now on, you can quickly and easily pass the Checkpoint 156-315 Certification exam by FLYDUMPS while retaining the how-to and know-how involved in learning the skills covered in the Checkpoint 156-315 practice exam. Passing Checkpoint 156-315 exam will clear the path to future Riverbed exam success and instantly enhance your career. FLYDUMPS Checkpoint 156-315 exam sample questions ensure your success in high score. FLYDUMPS has played a key role in shaping my career. Doing upgrade from unlimited access package towards the Checkpoint 156-315 practice exam was a good step.

QUESTION 110
How does a cluster member take over the VIP after a failover event?
A. Broadcast storm
B. iflist -renew
C. Ping the sync interface
D. Gratuitous ARP

Correct Answer: D QUESTION 111
Check Point Clustering protocol, works on:
A. UDP 500
B. UDP 8116
C. TCP 8116
D. TCP 19864

Correct Answer: B QUESTION 112
A customer is calling saying one cluster member’s status is Down. What will you check?
A. cphaprob list (verify what critical device is down)
B. fw ctl pstat (check sync)
C. fw ctl debug -m cluster + forward (forwarding layer debug)
D. tcpdump/snoop (CCP traffic)

Correct Answer: A QUESTION 113
Which of the following commands can be used to troubleshoot ClusterXL sync issues?
A. fw debug cxl connections > file_name
B. fw tab -s -t connections > file_name
C. fw tab -u connections > file_name
D. fw ctl -s -t connections > file_name

Correct Answer: B QUESTION 114
Which of the following commands shows full synchronization status?
A. fw hastat
B. cphaprob -i list
C. cphaprob -a if
D. fw ctl iflist

Correct Answer: B QUESTION 115
Which of the following commands shows full synchronization status?
A. cphaprob -a if
B. fw ctl iflist
C. fw hastat
D. fw ctl pstat

Correct Answer: D QUESTION 116
John is configuring a new R71 Gateway cluster but he can not configure the cluster as Third Party IP
Clustering because this option is not available in Gateway Cluster Properties.

What’s happening?
A. Third Party Clustering is not available for R71 Security Gateways.
B. John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.
C. ClusterXL needs to be unselected to permit 3rd party clustering configuration.
D. John has an invalid ClusterXL license.

Correct Answer: C QUESTION 117
In ClusterXL, _______ is defined by default as a critical device.
A. fwd
B. fwm
C. assld
D. cpp

Correct Answer: A QUESTION 118
In ClusterXL, _______ is defined by default as a critical device.
A. fw.d
B. protect.exe
C. PROT_SRV.EXE
D. Filter

Correct Answer: D
QUESTION 119
When synchronizing clusters, which of the following statements is NOT true?
A. User Authentication connections will be lost by the cluster.
B. An SMTP resource connection using CVP will be maintained by the cluster.
C. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
D. Only cluster members running on the same OS platform can be synchronized.

Correct Answer: B
QUESTION 120
When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?
A. It will try to take the policy from one of the other cluster members.
B. It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.
C. If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
D. It compares its local policy to the one on the Security Management Server.

Correct Answer: B
QUESTION 121
Organizations are sometimes faced with the need to locate cluster members in different geographic
locations that are distant from each other.
A typical example is replicated data centers whose location is widely separated for disaster recovery
purposes.

What are the restrictions of this solution?

A. There are no restrictions.
B. There is one restriction: The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).
C. There is one restriction: The synchronization network must guarantee no more than 100 ms latency.
D. There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.

Correct Answer: D
QUESTION 122
You are the MegaCorp Security Administrator.
This company uses a firewall cluster, consisting of two cluster members.
The cluster generally works well but one day you find that the cluster is behaving strangely.
You assume that there is a connectivity problem with the cluster synchronization cluster link (cross-over
cable).

Which of the following commands is the best for testing the connectivity of the crossover cable?

A. telnet <IP address of the synchronization interface on the other cluster member>
B. ifconfig -a
C. ping <IP address of the synchronization interface on the other cluster member>
D. arping <IP address of the synchronization interface on the other cluster member>

Correct Answer: D
QUESTION 123
You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?
A. Connections cannot be established until cluster members are fully synchronized.
B. It is not possible to configure High Availability that is not synchronized.
C. Old connections are lost but can be reestablished.
D. Old connections are lost but are automatically recovered whenever the failed machine recovers.

Correct Answer: C
QUESTION 124
What command will allow you to disable sync on a cluster firewall member?
A. fw ctl syncstat stop
B. fw ctl setsync off
C. fw ctl setsync 0
D. fw ctl syncstat off

Correct Answer: B
QUESTION 125
When using ClusterXL in Load Sharing, what is the default method?
A. IPs, Ports, SPIs
B. IPs
C. IPs, Ports
D. IPs, SPIs

Correct Answer: A
QUESTION 126
If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?
A. The connections are dropped as Load Sharing does not support High Availability.
B. The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).
C. There is no state synchronization on Load Sharing, only on High Availability.
D. The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).
Correct Answer: D
QUESTION 127
What is a “sticky” connection?
A. A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
B. A Sticky Connection is a VPN connection that remains up until you manually bring it down.
C. A Sticky Connection is a connection that remains the same.
D. A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.

Correct Answer: A QUESTION 128
Review the R75 configuration.

Is it correct for Management High Availability?
A. No, the Security Management Servers must reside on the same network.
B. No, the Security Management Servers must be installed on the same operating system.
C. No, the Security Management Servers do not have the same number of NICs.
D. No, a R71 Security Management Server cannot run on Red Hat Linux 9.0.

Correct Answer: B
QUESTION 129
Check Point New Mode HA is a(n) _________ solution.
A. primary-domain
B. hot-standby
C. acceleration
D. load-balancing

Correct Answer: B
QUESTION 130
What is the behavior of ClusterXL in a High Availability environment?
A. The active member responds to the virtual address and is the only member that passes traffic.
B. The active member responds to the virtual address and, using sync network forwarding, both members pass traffic.
C. Both members respond to the virtual address but only the active member is able to pass traffic.
D. Both members respond to the virtual address and both members pass traffic.

Correct Answer: A
QUESTION 131
Review the cphaprobstate command output from a New Mode High Availability cluster member.

Which machine has the highest priority?
A. 192.168.1.2, because its state is active
B. 192.168.1.1, because its number is 1
C. 192.168.1.1, because it is <local>
D. This output does not indicate which machine has the highest priority.

Correct Answer: B QUESTION 132
By default Check Point High Availability components send updates about their state every:
A. 5 seconds.
B. 0.5 second.
C. 0.1 second.
D. 1 second.

Correct Answer: C QUESTION 133
You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R75. cphaprob stat shows:

Which of the following is not a possible cause of this?
A. You have a different number of cores defined for CoreXL between the two members
B. Member 1 has CoreXL disabled and member 2 does not
C. Member 1 is at a lower version than member 2
D. You have not run cpconfig on member 2 yet.

Correct Answer: D
QUESTION 134
In Management High Availability, what is an Active SMS?
A. Active Security Master Server
B. Active Smart Management Server
C. Active Security Management Server
D. Active Smart Master Server

Correct Answer: C QUESTION 135
For Management High Availability synchronization, what does the Advance status mean?
A. The peer SMS has not been synchronized properly.
B. The peer SMS is properly synchronized.
C. The active SMS and its peer have different installed policies and databases.
D. The peer SMS is more up-to-date.

Correct Answer: D QUESTION 136
Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration?
A. The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated.
B. Allows for faster seamless failover: from active-to-active instead of standby-to-active.
C. An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.
D. Creates a High Availability implementation between the Gateways installed on the Security Management Servers.

Correct Answer: C QUESTION 137
You want to verify that your Check Point cluster is working correctly. Which command line tool can you use?
A. cphastart -status
B. cphainfo -s
C. cphaprob state
D. cphaconf state

Correct Answer: C QUESTION 138
How can you view the virtual cluster interfaces of a Cluster XL environment?
A. cphaprob -ia if
B. cphaprob -a if
C. cphaprob -a list
D. cphaprob -ia list

Correct Answer: B QUESTION 139
When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?
A. All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.
B. All cluster members process all packets and members synchronize with each other.
C. All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.
D. Only one member at a time is active. The active cluster member processes all packets.

Correct Answer: C QUESTION 140
Which of the following does NOT happen when using Pivot Mode in ClusterXL?
A. The Security Gateway analyzes the packet and forwards it to the Pivot.
B. The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.
C. The Pivot’s Load Sharing decision function decides which cluster member should handle the packet.
D. The Pivot forwards the packet to the appropriate cluster member.

Correct Answer: A QUESTION 141
When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?
A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces
B. Load Sharing based on SPIs
C. Load Sharing based on ports, VTI, and IP addresses
D. Load Sharing based on IP addresses, ports, and security parameter indexes

Correct Answer: D QUESTION 142
To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:
A. set_ccp cpcluster broadcast
B. ccp broadcast
C. clusterconfig set_ccp broadcast
D. cphaconf set_ccp broadcast

Correct Answer: D QUESTION 143
When synchronizing clusters, which of the following statements is NOT true?
1). (local) 172.168.1.1 100$ active 2). 172.14*.1.2 0$ standby
A. Load Sharing (multicast mode)
B. HA (New mode).
C. 3rd party cluster
D. Load Sharing Unicast (Pivot) mode

Correct Answer: B QUESTION 144
Which of the listed load-balancing methods is NOT valid?
A. Random
B. Domain
C. They are all valid
D. Round Trip

Correct Answer: C QUESTION 145
Which method of load balancing describes “Round Robin”?
A. Assigns service requests to the next server in a series.
B. Assigns service requests to servers at random.
C. Measures the load on each server to determine which server has the most available resources.
D. Ensures that incoming requests are handled by the server with the fastest response time.

Correct Answer: A QUESTION 146
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully
installed.
No protocols or services have been unselected for selective sync.

Review the fw tab -tconnections -soutput from both members.
Is State Synchronization working properly between the two members?
A. Members A and B are not synchronized, because #VALS in the connections table are not close.
B. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table.
C. Members A and B are synchronized, because #SLINKS are identical in the connections table.
D. Members A and B are synchronized, because ID for both members is identical in the connections table.

Correct Answer: A QUESTION 147
You have two IP Appliances: one IP565 and one IP395.
Both appliances have IPSO 6.2 and R75 installed in a distributed deployment.

Can they be members of a Gateway Cluster?

A. No, because the Security Gateways must be installed in a stand-alone installation.
B. No, because IP does not have a cluster option.
C. Yes, as long as they have the same IPSO and Check Point versions.
D. No, because the appliances must be of the same model (both should be IP565 or IP395).

Correct Answer: C QUESTION 148
You want to upgrade a cluster with two members to VPN-1 NGX.
The SmartCenter Server and both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix.

What is the correct upgrade procedure?

1.
Change the version, in the General Properties of the gateway-cluster object.

2.
Upgrade the SmartCenter Server, and reboot after upgrade.

3.
Run cpstop on one member, while leaving the other member running. Upgrade one member at a time,

and reboot after upgrade.

4.
Reinstall the Security Policy.
A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4
E. 1, 2, 3, 4

Correct Answer: D QUESTION 149
Included in the client’s network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches.
Which of the following answers does NOT lead to a successful solution?
A. Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.
B. Configure static CAMs to allow multicast traffic on specific ports.
C. ClusterXL supports IGMP snooping by default. There is no need to configure anything.
D. Disable IGMP registration in switches that rely on IGMP packets

Correct Answer: C QUESTION 150
What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?
A. You did not activate synchronization within Global Properties.
B. You are using different time zones.
C. You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
D. If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.

Correct Answer: D QUESTION 151
What is the proper command for importing users into the R75 User Database?
A. fwm dbimport
B. fwm importusrs
C. fwm import
D. fwm importdb

Correct Answer: A QUESTION 152
In a R75 Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when:
1.
The Security Policy is installed.

2.
The Security Policy is saved.

3.
The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active.

4.
A scheduled event occurs.

5.
The user database is installed.
Select the BEST response for the synchronization trigger.

A. 1, 2, 4
B. 1, 2, 3, 4
C. 1, 2, 5
D. 1, 3, 4

Correct Answer: A
QUESTION 153
What is a requirement for setting up R75 Management High Availability?
A. All Security Management Servers must have the same number of NICs.
B. All Security Management Servers must have the same operating system.
C. State synchronization must be enabled on the secondary Security Management Server.
D. All Security Management Servers must reside in the same LAN.

Correct Answer: B
QUESTION 154
You are preparing computers for a new ClusterXL deployment.
For your cluster, you plan to use four machines with the following configurations:

Cluster Member 1: OS: SecurePlatform, NICs: QuadCard, memory: 1 GB, Security Gateway only, version:
R75
Cluster Member 2: OS: SecurePlatform, NICs: 4 Intel 3Com, memory: 1 GB, Security Gateway only,
version: R75
Cluster Member 3: OS: SecurePlatform, NICs: 4 other manufacturers, memory: 512 MB, Security Gateway
only, version: R75

Security Management Server: MS Windows 2003, NIC. Intel NIC (1), Security Gateway and primary
Security Management Server installed, version: R75

Are these machines correctly configured for a ClusterXL deployment?

A. No, the Security Gateway cannot be installed on the Security Management Pro Server.
B. No, Cluster Member 3 does not have the required memory.
C. Yes, these machines are configured correctly for a ClusterXL deployment.
D. No, the Security Management Server is not running the same operating system as the cluster members.
Correct Answer: C
QUESTION 155
You are establishing a ClusterXL environment, with the following topology:

VIP internal cluster IP = 172.16.10.3, VIP external cluster IP = 192.168.10.3
Cluster Member 1:4 NICs, 3 enable:hme0:192.168.10/24,hme1:10.10.10/24,qfe2:172.16.10/24
Cluster Member 2:5 NICs, 3 enable:hme0:192.168.10/24,hme1:10.10.10/24,qfe2:172.16.10/24

External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch.
The upstream router connects to the same VLAN switch.
Internal interfaces 172.16.10.1 and 172.16.10.2 connect to a hub.

10.10.10.0 is the synchronization network.
The Security Management Server is located on the internal network with IP 172.16.10.3.

What is the problem with this configuration?
A. Cluster members cannot use the VLAN switch. They must use hubs.
B. The Cluster interface names must be identical across all cluster members.
C. There is an IP address conflict.
D. The Security Management Server must be in the dedicated synchronization network, not the internal network.

Correct Answer: C QUESTION 156
What is the reason for the following error?

A. A third-party cluster solution is implemented.
B. Cluster membership is not enabled on the gateway.
C. Objects.C does not contain a cluster object.
D. Device Name contains non-ASCII characters.

Correct Answer: B
QUESTION 157
In which ClusterXL Load Sharing mode, does the pivot machine get chosen automatically by ClusterXL?
A. Hot Standby Load Sharing
B. Unicast Load Sharing
C. Multicast Load Sharing
D. CCP Load Sharing

Correct Answer: B
QUESTION 158
What configuration change must you make to change an existing ClusterXL cluster object from Multicast to Unicast mode?
A. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
B. Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
C. Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
D. Change the cluster mode to Unicast on each of the cluster-member objects.
Correct Answer: C QUESTION 159
In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3.
The internal interfaces on two members are 10.4.8.1 and 10.4.8.2.
Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies.
The following is the ARP table from the internal Windows host 10.4.8.108.
Review the exhibit and identify the member serving as the pivot machine.
A. 10.4.8.3
B. 10.4.8.2
C. The pivot machine cannot be determined by this test.
D. 10.4.8.1

Correct Answer: B QUESTION 160
Which of the following commands will stop acceleration on a Security Gateway running on SecurePlatform?
A. splat_accel off
B. perf_pack off
C. fw accel off
D. fwaccel off

Correct Answer: D

With the products Checkpoint 156-315 for training and preparation of testing you would not only significantly reduce your fees, but pass your Checkpoint 156-315 exam. We obtain our products from Authorities experts from test center.We give you the best path to successful completion of your exam to the real and original exam questions and answers for Checkpoint 156-315.

Jumpexam 000-958 dumps with PDF + Premium VCE + VCE Simulator: http://www.jumpexam.com/000-958.html

Welcome to download the newest Flydumps 000-958 VCE dumps: http://www.flydumps.com/000-958.html

Checkpoint 156-315 exam sample questions enable you to with success control your job. When you take Checkpoint 156-315 Exam qualification, this is able to enable you to acquire information needed with success through the use of Riverbed technological know-how. This is an excellent Riverbed if you want to turned into a Cisco expert. It is known that hottest Checkpoint 156-315 Exam test analyze will be the hot test of Checkpoint 156-315 qualification. Have got in your own Checkpoint 156-315 exam sample questions delights to your profession. What precisely things, will be the best plus the right focus for the choice.

QUESTION 137
“Pass Any Exam. Any Time.” – www.actualtests.com 50 Checkpoint 156-315.75 Exam Which of the following commands shows full synchronization status?
A. cphaprob -a if
B. fw ctl iflist
C. fw hastat
D. fw ctl pstat

Correct Answer: D QUESTION 138
John is configuring a new R71 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.

What’s happening?
“Pass Any Exam. Any Time.” – www.actualtests.com 51 Checkpoint 156-315.75 Exam
A. Third Party Clustering is not available for R71 Security Gateways.
B. John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.
C. ClusterXL needs to be unselected to permit 3rd party clustering configuration.
D. John has an invalid ClusterXL license.

Correct Answer: C QUESTION 139
In ClusterXL, _______ is defined by default as a critical device.
A. fwd
B. fwm
C. assld
D. cpp

Correct Answer: A QUESTION 140
In ClusterXL, _______ is defined by default as a critical device.
A. fw.d
B. protect.exe
C. PROT_SRV.EXE
D. Filter

Correct Answer: D QUESTION 141
Refer to Exhibit below:
“Pass Any Exam. Any Time.” – www.actualtests.com 52 Checkpoint 156-315.75 Exam

Match the ClusterXL modes with their configurations.
A. A – 3, B – 2, C – 4, D – 1
B. A – 2, B – 3, C – 1, D – 4
C. A – 2, B – 3, C – 4, D – 1
D. A – 3, B – 2, C – 1, D – 4

Correct Answer: D QUESTION 142
When synchronizing clusters, which of the following statements is NOT true?
A. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.
B. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
C. Only cluster members running on the same OS platform can be synchronized.
D. Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

Correct Answer: D QUESTION 143
When synchronizing clusters, which of the following statements is NOT true?
“Pass Any Exam. Any Time.” – www.actualtests.com 53 Checkpoint 156-315.75 Exam
A. User Authentication connections will be lost by the cluster.
B. An SMTP resource connection using CVP will be maintained by the cluster.
C. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
D. Only cluster members running on the same OS platform can be synchronized.

Correct Answer: B
QUESTION 144
When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?
A. It will try to take the policy from one of the other cluster members.
B. It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.
C. If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
D. It compares its local policy to the one on the Security Management Server.

Correct Answer: B
QUESTION 145
Organizations are sometimes faced with the need to locate cluster members in different geographic locations that are distant from each other. A typical example is replicated data centers whose location is widely separated for disaster recovery purposes. What are the restrictions of this solution?
A. There are no restrictions.
B. There is one restriction: The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).
C. There is one restriction: The synchronization network must guarantee no more than 100 ms latency.
D. There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.

Correct Answer: D
QUESTION 146
You are the MegaCorp Security Administrator. This company uses a firewall cluster, consisting of two cluster members. The cluster generally works well but one day you find that the cluster is behaving strangely. You assume that there is a connectivity problem with the cluster synchronization cluster link (cross-over cable). Which of the following commands is the best for testing the connectivity of the crossover cable?
A. telnet <IP address of the synchronization interface on the other cluster member>
B. ifconfig -a
C. ping <IP address of the synchronization interface on the other cluster member>
D. arping <IP address of the synchronization interface on the other cluster member>

Correct Answer: D
QUESTION 147
You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?
A. Connections cannot be established until cluster members are fully synchronized.
B. It is not possible to configure High Availability that is not synchronized.
C. Old connections are lost but can be reestablished.
D. Old connections are lost but are automatically recovered whenever the failed machine recovers.

Correct Answer: C QUESTION 148
What command will allow you to disable sync on a cluster firewall member?
A. fw ctl syncstat stop
B. fw ctl setsync off
C. fw ctl setsync 0
D. fw ctl syncstat off

Correct Answer: B QUESTION 149
When using ClusterXL in Load Sharing, what is the default method?
A. IPs, Ports, SPIs
B. IPs
C. IPs, Ports
D. IPs, SPIs

Correct Answer: A QUESTION 150
If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?
A. The connections are dropped as Load Sharing does not support High Availability.
B. The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).
C. There is no state synchronization on Load Sharing, only on High Availability.
D. The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).

Correct Answer: D QUESTION 151
In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why?
“Pass Any Exam. Any Time.” – www.actualtests.com 56 Checkpoint 156-315.75 Exam
A. Sglondon_1, because it is up again, sglondon_2 took over during reboot
B. Sglondon_2 because I has highest IP
C. Sglondon_2 because it has highest priority
D. Sglondon_1 because it the first configured object with the lowest IP

Correct Answer: C QUESTION 152
What is a “sticky” connection?
A. A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
B. A Sticky Connection is a VPN connection that remains up until you manually bring it down.
C. A Sticky Connection is a connection that remains the same.
D. A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.

Correct Answer: A
QUESTION 153
Your network includes ClusterXL running Multicast mode on two members, as shown in this topology: Your network is expanding, and you need to add new interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for interface 10.10.10.0/24 is 10.10.10.3. What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.

3.
Update the topology in the cluster object for the cluster and both members.

4.
Install the Security Policy.
B. 1. Disable “Cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.

3.
RE. enable “Cluster membership” on the Gateway.

4.
Perform the same step on the other Gateway.

5.
Update the topology in the cluster object for the cluster and members.

6.
Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run cpstart on the member. Repeat the same steps on another member.

3.
Update the new topology in the cluster object for the cluster and members.

4.
Install the Security Policy.
D. 1. Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster and both members.

3.
Install the Security Policy.

Correct Answer: C
QUESTION 154
Match the Best Management High Availability synchronization-status descriptions for your Security Management Server (SMS):
A. A – 3, B – 1, C – 2, D – 4
B. A – 3, B – 1, C – 4, D – 2
C. A – 4, B – 3, C – 1, D – 2
D. A – 3, B – 2, C – 1, D – 4
Correct Answer: A
QUESTION 155
Review the R75 configuration.

“Pass Any Exam. Any Time.” – www.actualtests.com 58 Checkpoint 156-315.75 Exam Is it correct for Management High Availability?
A. No, the Security Management Servers must reside on the same network.
B. No, the Security Management Servers must be installed on the same operating system.
C. No, the Security Management Servers do not have the same number of NICs.
D. No, a R71 Security Management Server cannot run on Red Hat Linux 9.0.

Correct Answer: B QUESTION 156
Check Point New Mode HA is a(n) _________ solution.
A. primary-domain
B. hot-standby
C. acceleration
D. load-balancing

Correct Answer: B QUESTION 157
What is the behavior of ClusterXL in a High Availability environment?
A. The active member responds to the virtual address and is the only member that passes traffic.
B. The active member responds to the virtual address and, using sync network forwarding, both members pass traffic.
C. Both members respond to the virtual address but only the active member is able to pass traffic.
D. Both members respond to the virtual address and both members pass traffic.

Correct Answer: A QUESTION 158
“Pass Any Exam. Any Time.” – www.actualtests.com 59 Checkpoint 156-315.75 Exam Review the cphaprob state command output from one New Mode High Availability ClusterXL cluster member.

Which member will be active after member 192.168.1.2 fails over and is rebooted?
A. 192.168.1.2
B. Both members’ state will be in collision.
C. 192.168.1.1
D. Both members’ state will be active.

Correct Answer: C QUESTION 159
Review the cphaprob state command output from a New Mode High Availability cluster member.

Which machine has the highest priority?
A. 192.168.1.2, because its state is active
B. 192.168.1.1, because its number is 1
C. 192.168.1.1, because it is <local>
D. This output does not indicate which machine has the highest priority.

Correct Answer: B QUESTION 160
By default Check Point High Availability components send updates about their state every:
A. 5 seconds.
B. 0.5 second.
C. 0.1 second.
D. 1 second.

Correct Answer: C QUESTION 161
You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R75. cphaprob stat shows:

Which of the following is not a possible cause of this?
A. You have a different number of cores defined for CoreXL between the two members
B. Member 1 has CoreXL disabled and member 2 does not
C. Member 1 is at a lower version than member 2
D. You have not run cpconfig on member 2 yet.

Correct Answer: D QUESTION 162
“Pass Any Exam. Any Time.” – www.actualtests.com 61 Checkpoint 156-315.75 Exam In Management High Availability, what is an Active SMS?
A. Active Security Master Server
B. Active Smart Management Server
C. Active Security Management Server
D. Active Smart Master Server

Correct Answer: C QUESTION 163
For Management High Availability, if an Active SMS goes down, does the Standby SMS automatically take over?
A. Yes, if you set up ClusterXL
B. Yes, if you set up SecureXL
C. No, the transition should be initiated manually
D. Yes, if you set up VRRP

Correct Answer: C QUESTION 164
For Management High Availability synchronization, what does the Advance status mean?
A. The peer SMS has not been synchronized properly.
B. The peer SMS is properly synchronized.
C. The active SMS and its peer have different installed policies and databases.
D. The peer SMS is more up-to-date.

Correct Answer: D QUESTION 165
Which of the following would be a result of having more than one active Security Management
“Pass Any Exam. Any Time.” – www.actualtests.com 62 Checkpoint 156-315.75 Exam Server in a Management High Availability (HA) configuration?
A. The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated.
B. Allows for faster seamless failover: from active-to-active instead of standby-to-active.
C. An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.
D. Creates a High Availability implementation between the Gateways installed on the Security Management Servers.

Correct Answer: C QUESTION 166
You want to verify that your Check Point cluster is working correctly. Which command line tool can you use?
A. cphastart -status
B. cphainfo -s
C. cphaprob state
D. cphaconf state

Correct Answer: C QUESTION 167
How can you view the virtual cluster interfaces of a Cluster XL environment?
A. cphaprob -ia if
B. cphaprob -a if
C. cphaprob -a list
D. cphaprob -ia list

Correct Answer: B QUESTION 168
How can you view the critical devices on a cluster member in a Cluster XL environment?
A. cphaprob -ia list
B. cphaprob -a if
C. cphaprob -a list
D. cphaprob -ia if

Correct Answer: A QUESTION 169
When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?
A. All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.
B. All cluster members process all packets and members synchronize with each other.
C. All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.
D. Only one member at a time is active. The active cluster member processes all packets.

Correct Answer: C QUESTION 170
Which of the following does NOT happen when using Pivot Mode in ClusterXL?
A. The Security Gateway analyzes the packet and forwards it to the Pivot.
B. The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.
C. The Pivot’s Load Sharing decision function decides which cluster member should handle the packet.
D. The Pivot forwards the packet to the appropriate cluster member.

Correct Answer: A QUESTION 171
When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?
A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces
B. Load Sharing based on SPIs
C. Load Sharing based on ports, VTI, and IP addresses
D. Load Sharing based on IP addresses, ports, and security parameter indexes

Correct Answer: D QUESTION 172
By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members.
A. Broadcast
B. Unicast
C. Multicast
D. Shoutcast

Correct Answer: C QUESTION 173
To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:
A. set_ccp cpcluster broadcast
B. ccp broadcast
C. clusterconfig set_ccp broadcast
D. cphaconf set_ccp broadcast

Correct Answer: D QUESTION 174
What cluster mode is represented in this case? 1). (local) 172.168.1.1 100$ active 2). 172.14*.1.2 0$ standby
A. Load Sharing (multicast mode)
B. HA (New mode).
C. 3rd party cluster
D. Load Sharing Unicast (Pivot) mode

Correct Answer: B QUESTION 175
What cluster mode is represented in this case?
A. 3rd party cluster
B. Load Sharing (multicast mode)
C. Load Sharing Unicast (Pivot) mode
D. HA (New mode)

Correct Answer: B QUESTION 176
Which of the listed load-balancing methods is NOT valid?
A. Random
B. Domain
C. They are all valid
D. Round Trip

Correct Answer: C QUESTION 177
Which method of load balancing describes “Round Robin”?
A. Assigns service requests to the next server in a series.
B. Assigns service requests to servers at random.
C. Measures the load on each server to determine which server has the most available resources.
D. Ensures that incoming requests are handled by the server with the fastest response time.

Correct Answer: A QUESTION 178
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies.

Review the ARP table from the internal Windows host 10.4.8.108. According to the output, which member is the standby machine?
A. 10.4.8.3
B. The standby machine cannot be determined by this test.
C. 10.4.8.1
D. 10.4.8.2

Correct Answer: C QUESTION 179
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member’s IP address?
A. The active cluster member’s IP address cannot be determined by this ARP cache.
B. 10.4.8.3
C. 10.4.8.1
D. 10.4.8.2

Correct Answer: D
QUESTION 180
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for selective sync. Review the fw tab -t connections -s output from both members.

Is State Synchronization working properly between the two members?
A. Members A and B are not synchronized, because #VALS in the connections table are not close.
B. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table.
C. Members A and B are synchronized, because #SLINKS are identical in the connections table.
D. Members A and B are synchronized, because ID for both members is identical in the connections table.

Correct Answer: A QUESTION 181
You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R75 installed in a distributed deployment. Can they be members of a Gateway Cluster?
A. No, because the Security Gateways must be installed in a stand-alone installation.
B. No, because IP does not have a cluster option.
C. Yes, as long as they have the same IPSO and Check Point versions.
D. No, because the appliances must be of the same model (both should be IP565 or IP395).

Correct Answer: C QUESTION 182
You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure?
1.
Change the version, in the General Properties of the gateway-cluster object.

2.
Upgrade the SmartCenter Server, and reboot after upgrade.

3.
Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade.

4.
Reinstall the Security Policy.
A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4 E. 1, 2, 3, 4

Correct Answer: D QUESTION 183
Included in the client’s network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches. Which of the following answers does NOT lead to a successful solution?
A. Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.
B. Configure static CAMs to allow multicast traffic on specific ports.
C. ClusterXL supports IGMP snooping by default. There is no need to configure anything.
D. Disable IGMP registration in switches that rely on IGMP packets

Correct Answer: C QUESTION 184
The customer wishes to install a cluster. In his network, there is a switch which is incapable of forwarding multicast. Is it possible to install a cluster in this situation?
A. Yes, you can toggle on ClusterXL between broadcast and multicast by setting the multicast mode using the command cphaconf set_ccp multicast on　ff. The default setting is broadcast.

B. Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast.

C. No, the customer needs to replace the switch with a new switch, which supports multicast forwarding.

D. Yes, the ClusterXL changes automatically to the broadcast mode if the multicast is not forwarded.

Correct Answer: B QUESTION 185
“Pass Any Exam. Any Time.” – www.actualtests.com 70 Checkpoint 156-315.75 Exam What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?
A. You did not activate synchronization within Global Properties.
B. You are using different time zones.
C. You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
D. If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.

Correct Answer: D

Flydumps offers Checkpoint 156-315 exam,the most comprehensive training exam with full of wonderful concepts and learning skills. The training tools on the site Flydumps.com prepares you with the same questions and answers for Checkpoint 156-315 from the test center.You may have seen our products.Without hesitate to procure our products. Because it is the best choice for you and even for your career in the future. We promise you 100% pass guarantee.

Flydumps 000-958 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/000-958.html

Welcome to download the newest Flydumps 642-427 VCE dumps: http://www.flydumps.com/642-427.html

FLYDUMPS will ensure you pass the Checkpoint 156-315 exam. The Checkpoint 156-315 exam sample questions give you possibility to work in any country of the world because they are acknowledged in all countries equally. This FLYDUMPS Checkpoint 156-315 exam sample questions helps not only to improve your knowledge and skills, but it also helps your career, gives a possibility for qualified usage of FLYDUMPS exam products under different conditions.

QUESTION 100
DShield is a Check Point feature used to block which of the following threats?
A. Cross Site Scripting
B. SQL injection
C. DDOS
D. Buffer overflows
E. Trojan horses
Correct Answer: C
QUESTION 101
If you check the box “Use Aggressive Mode”, in the IKE Properties dialog box:
A. The standard three-packet IKE Phase 1 exchange is replaced by a six-packet exchange.
B. The standard six-packet IKE Phase 2 exchange is replaced by a three-packet exchange.
C. The standard three-packet IKE Phase 2 exchange is replaced by a six-packet exchange.
D. The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange.
E. The standard six-packet IKE Phase 1 exchange is replaced by a twelve-packet exchange.
Correct Answer: D
QUESTION 102
How does ClusterXL Unicast mode handle new traffic?
A. The pivot machine receives and inspects all new packets, and synchronizes the connections with other
members.
B. Only the pivot machine receives all packets. It runs an algorithm to determine which member should process the packets.
C. All members receive all packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.
D. All cluster members process all packets, and members synchronize with each other.

Correct Answer: B
QUESTION 103
Stephanie wants to reduce the encryption overhead and improve performance for her mesh VPN Community. The Advanced VPN Properties screen below displays adjusted page settings:What can Stephanie do to achieve her goal?

A. Check the box “Use Perfect Forward Secrecy”.
B. Change the setting “Use Diffie-Hellman group” to “Group 5 (1536 bit)”.
C. Check the box “Use aggressive mode”.
D. Check the box “Support IP compression”.
E. Reduce the setting “Renegotiate IKE security associations every” to “720”.

Correct Answer: D QUESTION 104
How do you control the maximum mail messages in a spool directory?
A. In the Security Server window in Global Properties
B. In SmartDefense SMTP settings
C. In the smtp.conf file on the SmartCenter Server
D. In the gateway object’s SMTP settings in the Advanced window
E. In the SMTP resource object

Correct Answer: D
QUESTION 105
Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization’s three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
A. The related end-points domain specifies an address range.
B. VoIP Domain SIP objects cannot be placed in simple groups.
C. The installed VoIP gateways specify host objects.
D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
E. The VoIP Domain SIP object’s name contains restricted characters.

Correct Answer: B
QUESTION 106
You have a production implementation of Management High Availability, at version VPN-1 NG with Application Intelligence R55. You must upgrade your two SmartCenter Servers to VPN-1 NGX. What is the correct procedure?
A. 1. Synchronize the two SmartCenter Servers.
2.
Upgrade the secondary SmartCenter Server.

3.
Upgrade the primary SmartCenter Server.

4.
Configure both SmartCenter Server host objects version to VPN-1 NGX.

5.
Synchronize the Servers again.
B. 1. Synchronize the two SmartCenter Servers.
2.
Perform an advanced upgrade on the primary SmartCenter Server.

3.
Upgrade the secondary SmartCenter Server.

4.
Configure both SmartCenter Server host objects to version VPN-1 NGX.

5.
Synchronize the Servers again.
C. 1. Perform an advanced upgrade on the primary SmartCenter Server.
2.
Configure the primary SmartCenter Server host object to version VPN-1 NGX.

3.
Synchronize the primary with the secondary SmartCenter Server.

4.
Upgrade the secondary SmartCenter Server.

5.
Configure the secondary SmartCenter Server host object to version VPN-1 NGX.

6.
Synchronize the Servers again.
D. 1. Synchronize the two SmartCenter Servers.
2.
Perform an advanced upgrade on the primary SmartCenter Server.

3.
Configure the primary SmartCenter Server host object to version VPN-1 NGX.

4.
Synchronize the two Servers again.

5.
Upgrade the secondary SmartCenter Server.

6.
Configure the secondary SmartCenter Server host object to version VPN-1 NGX.

7.
Synchronize the Servers again.
Correct Answer: B
QUESTION 107
You plan to migrate a VPN-1 NG with Application Intelligence (AI) R55 SmartCenter Server to VPN-1 NGX. You also plan to upgrade four VPN-1 Pro Gateways at remote offices, and one local VPN-1 Pro Gateway at your company’s headquarters. The SmartCenter Server configuration must be migrated. What is the correct procedure to migrate the configuration?
A. Upgrade the SmartCenter Server and the five remote Gateways via SmartUpdate, at the same time.
B. 1. Copy the $FWDIR\conf directory from the SmartCenter Server.
2.
Save directory contents to another directory.

3.
Uninstall the SmartCenter Server, and install a new SmartCenter Server.

4.
Move directory contents to $FWDIR\conf.

5.
Reinstall all gateways using NGX and install a policy.
C. 1. From the VPN-1 NGX CD in the SmartCenter Server, select “advance upgrade”.
2.
After importing the SmartCenter configuration into the new NGX SmartCenter, reboot.

3.
Upgrade all licenses and software on all five remote Gateways via SmartUpdate.
D. 1. Upgrade the five remote Gateways via SmartUpdate.
2. Upgrade the SmartCenter Server, using the VPN-1 NGX CD.
E. 1. Upgrade the SmartCenter Server, using the VPN-1 NGX CD.
2. Reinstall and update the licenses of the five remote Gateways.

Correct Answer: C
QUESTION 108
What is the command to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 SmartCenter Server to VPN-1 NGX using a CD?
A. cd patch add
B. fwm upgrade_tool
C. cppkg add
D. patch add
E. patch add cd

Correct Answer: E
QUESTION 109
Damon enables an SMTP resource for content protection. He notices that mail seems to slow down on occasion, sometimes being delivered late. Which of the following might improve throughput performance?
A. Configuring the SMTP resource to bypass the CVP resource
B. Increasing the Maximum number of mail messages in the Gateway’s spool directory
C. Configuring the Content Vector Protocol (CVP) resource to forward the mail to the internal SMTP server, without waiting for a response from the Security Gateway
D. Configuring the CVP resource to return the mail to the Gateway
E. Configuring the SMTP resource to only allow mail with Damon’s company’s domain name in the header

Correct Answer: C
QUESTION 110
VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. Which of the following services is provided by a CIFS resource?
A. Allow Unix file sharing.
B. Allow MS print shares
C. Logging Mapped Shares
D. Access Violation logging.
Correct Answer: C
QUESTION 111
You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from
for the new Gateway, and you must conform to the following requirements:

Operating-system vendor’s license agreement
Check Point’s license agreement
Minimum operating-system hardware specification

Minimum Gateway hardware specification
Gateway installed on a supported operating system (OS)

Which machine meets ALL of the following requirements?

A. Processor: 1.1 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows 2000 Workstation
B. Processor: 2.0 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows ME
C. Processor: 1.5 GHz RAM: 256 MB Hard disk: 20 GB OS: Red Hat Linux 8.0
D. Processor: 1.67 GHz RAM: 128 MB Hard disk: 5 GB OS: FreeBSD
E. Processor: 2.2 GHz RAM: 256 MB Hard disk: 20 GB OS: Windows 2000 Server

Correct Answer: E
QUESTION 112
In a Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when:
1.The Security Policy is installed.
2.The Security Policy is saved.
3.The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active.
4.A scheduled event occurs.
5.The user database is installed.
Select the BEST response for the synchronization sequence. Choose one.
A. 1,2,3
B. 1,2,3,4
C. 1,3,4
D. 1,2,5
E. 1,2,4
Correct Answer: E
QUESTION 113
You want to block corporate-internal-net and localnet from accessing Web sites containing inappropriate content. You are using WebTrends for URL filtering. You have disabled VPN-1 Control connections in the Global properties. Review the diagram and the Security Policies for GW_A and GW_B in the exhibit provided.
Corporate users and localnet users receive message “Web cannot be displayed”. In SmartView Tracker, you see the connections are dropped with message “content security is not reachable”. What is the problem, and how do you fix it?
A. The connection from GW_B to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_A’s Policy to allow source WebTrends Server, destination GW_B, service TCP port 18182, and action accept.
B. The connection from GW_B to the WebTrend server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with Source GW_B, destination WebTrends server, service TCP port 18182, and action accept.
C. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with source WebTrends server, destination GW_A, service TCP port 18182, and action accept.
D. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with source GW_A, destination: WebTrends server, service TCP port 18182, and action accept.
E. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_A’s Policy to allow source GW_A, destination WebTrends server, service TCP port 18182, and action accept.

Correct Answer: E
QUESTION 114
Which Security Servers can perform Content Security tasks, but CANNOT perform authentication tasks?
A. Telnet
B. FTP
C. SMTP
D. HTTP

Correct Answer: C
QUESTION 115
Your company has two headquarters, one in London, one in New York.
Each headquarters includes several branch offices. The branch offices ONLY need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. Which configuration meets the criteria? VPN Communities comprised of:
A. three mesh Communities: one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
B. three star Communities: first between New York headquarters and its branches, the second between London headquarters and its branches, the third between New York and London headquarters.
C. two mesh and one star Community; each mesh Community is set up for each site, with mesh Communities between their branches. The star Community has New York as the headquarters and London as its satellite.
D. two mesh Communities for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York is the satellite.

Correct Answer: B
QUESTION 116
Your current stand-alone VPN-1 NG with Application Intelligence (AI) R55 installation is running on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the VPN-1 Pro Gateway. An additional machine will serve as the SmartCenter Server. The new machine runs on a Windows Server 2003. You need to upgrade the NG with AI R55 SmartCenter Server configuration to VPN-1 NGX.
How do you upgrade to VPN-1 NGX?
A. Insert the NGX CD in the existing NG with AI R55 SecurePlatform machine, and answer yes to backup the configuration. Copy the backup file to the Windows Server 2003. Continue the upgrade process. Reboot after upgrade is finished. After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the sysconfig process. Reboot again. Use the NGX CD to install the primary SmartCenter on the Windows Server 2003. Import the backup file.
B. Run the backup command in the existing SecurePlatform machine, to create a backup file. Copy the file to the Windows Server 2003. Uninstall all Check Point products on SecurePlatform by running rpm CPsuite-R55 command. Reboot. Install new VPN-1 NGX on the existing SecurePlatform machine. Run sysconfig, select VPN-1 Pro Gateway, and reboot. Use VPN-1 NGX CD to install primary SmartCenter Server on the Windows Server 2003. Import the backup file.
C. Copy the $FWDIR\conf and $FWDIR\lib files from the existing SecurePlatform machine. Create a tar.gz file, and copy it to the Windows Server 2003. Use VPN-1 NGX CD on the existing SecurePlatform machine to do a new installation. Reboot. Run sysconfig and select VPN-1 Pro Gateway. Reboot. Use the NGX CD to install the primary SmartCenter Server on the Windows Server 2003. On the Windows Server 2003, run upgrade_import command to import $FWDIR\conf and $FWDIR\lib from the SecurePlatform machine.
D. Run backup command on the existing SecurePlatform machine to create a backup file. Copy the file to the Windows Server 2003. Uninstall the primary SmartCenter Server package from NG with AI R55 SecurePlatform using sysconfig. Reboot. Install the NGX primary SmartCenter Server and import the backup file. Open the NGX SmartUpdate, and select “upgrade all packages” on the NG with AI R55 Security Gateway.

Correct Answer: A
QUESTION 117
The following rule contains an FTP resource object in the Service field:
Source: local_net Destination: Any Service: FTP-resource object Action: Accept
How do you define the FTP Resource Properties > Match tab to prevent internal users from receiving corporate files from external FTP servers, while allowing users to send files?
A. Enable “Put” and “Get” methods.
B. Disable the “Put” method globally.
C. Enable the “Put” method only on the Match tab.
D. Enable the “Get” method on the Match tab.
E. Disable “Get” and “Put” methods on the Match tab.

Correct Answer: C
QUESTION 118
Jerry is concerned that a denial-of-service (DoS) attack may affect his VPN Communities. He decides to implement IKE DoS protection. Jerry needs to minimize the performance impact of implementing this new protection. Which of the following configurations is MOST appropriate for Jerry?
A. Set Support IKE DoS protection from identified source to “Puzzles”, and Support IKE DoS protection from unidentified source to “Stateless”.
B. Set Support IKE Dos Protection from identified source, and Support IKE DoS protection from unidentified source to “Puzzles”.
C. Set Support IKE DoS protection from identified source to “Stateless,” and Support IKE DoS protection from unidentified source to “Puzzles”.
D. Set “Support IKE DoS protection” from identified source, and “Support IKE DoS protection” from unidentified source to “Stateless”.
E. Set Support IKE DoS protection from identified source to “Stateless”, and Support IKE DoS protection from unidentified source to “None”.

Correct Answer: D
QUESTION 119
Regarding QoS guarantees and limits, which of the following statements is FALSE?
A. The guarantee of a sub-rule cannot be greater than the guarantee defined for the rule above it.
B. If a guarantee is defined in a sub-rule, a guarantee must be defined for the rule above it.
C. A rule guarantee must not be less than the sum defined in the guarantees’ sub-rules.
D. If both a rule and per-connection limit are defined for a rule, the per-connection limit must not be greater than the rule limit.
E. If both a limit and guarantee per rule are defined in a QoS rule, the limit must be smaller than the guarantee.

Correct Answer: E
QUESTION 120
You want to establish a VPN, using Certificates. Your VPN will exchange Certificates with an external partner. Which of the following activities should you do first?
A. Manually import your partner’s Access Control List.
B. Exchange a shared secret, before importing Certificates.
C. Create a new logical-server object, to represent your partner’s CA.
D. Manually import your partner’s Certificate Revocation List.
E. Exchange exported CA keys and use them to create a new server object, to represent your partner’s Certificate Authority (CA).

Correct Answer: E
QUESTION 121
You are configuring the VoIP Domain object for an H.323 environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use?
A. Transmission Router
B. Gatekeeper
C. Call Manager
D. Proxy
E. Call Agent
Correct Answer: B
QUESTION 122
You are preparing to configure your VoIP Domain Gatekeeper object.
Which two other objects should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed

Correct Answer: C
QUESTION 123
In a Load Sharing Unicast mode scenario, the internal-cluster IP address is
10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108: c:> arp According to the output, which member is the Pivot?
A. 10.4.8.108
B. 10.4.8.3
C. 10.4.8.2
D. 10.4.8.1

Correct Answer: C
QUESTION 124
Barak is a Security Administrator for an organization that has two sites using pre-shared secrets in its
VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in
Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways
are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to
switch from pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After
creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?

1.Disable “Pre-Shared Secret” on the London and Oslo gateway objects.
2.Add the Madrid gateway object into the Oslo and London’s mesh VPN Community.
3.Manually generate ICA Certificates for all three Security Gateways.
4.Configure “Traditional mode VPN configuration” in the Madrid gateway object’s VPN screen.
5.Reinstall the Security Policy on all three Security Gateways.

A. 1, 2, 5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1, 2,3,4

Correct Answer: A
QUESTION 125
Which Check Point QoS feature allows a Security Administrator to define special classes of service for delay-sensitive applications?
A. Weighted Fair Queuing
B. Limits
C. Differentiated Services
D. Low Latency Queuing
E. Guarantees

Correct Answer: D
QUESTION 126
A cluster contains two members, with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster’s IP address is 172.28.108.3, and the internal cluster’s IP address is 10.4.8.3. The synchronization interfaces are 192.168.1.1 and 192.168.1.2. The Security Administrator discovers State Synchronization is not working properly. cphaprob if command output displays as follows:What is causing the State Synchronization problem?
A. Another cluster is using 192.168.1.3 as one of the unprotected interfaces.
B. Interfaces 192.168.1.1 and 192.168.1.2 have defined 192.168.1.3 as a sub-interface.
C. The synchronization interface on the cluster member object’s Topology tab is enabled with “Cluster Interface”. Disable this interface.
D. The synchronization network has a cluster, with IP address 192.168.1.3 defined in the gateway-cluster object. Remove the 192.168.1.3 VIP interface from the cluster topology.

Correct Answer: D
QUESTION 127
Yoav is a Security Administrator preparing to implement a VPN solution for his multi-site organization. To comply with industry regulations, Yoav’s VPN solution must meet the following requirements:
Portability: Standard Key management: Automatic, external PKI Session keys: Changed at configured times during a connection’s lifetime Key length: No less than 128-bit Data integrity: Secure against inversion and brute-force attacks
What is the most appropriate setting Yoav should choose?
A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash

Correct Answer: D
QUESTION 128
What is the behavior of ClusterXL in a High Availability environment?
A. Both members respond to the virtual IP address, and both members pass traffic when using their physical addresses.
B. Both members respond to the virtual IP address, but only the active member is able to pass traffic.
C. The active member responds to the virtual IP address,nd both members pass traffic when using their physical addresses.
D. The active member responds to the virtual IP address,nd is the only member that passes traffic
E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses.

Correct Answer: D
QUESTION 129
You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40, and the Default Rule with a weight of 10. If the only traffic passing through your QoS Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?
A. 10%
B. 100%
C. 40%
D. 80%
E. 50%

Correct Answer: B
QUESTION 130
When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?
A. All cluster members process all packets, and members synchronize with each other.
B. All members receive all packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.
C. Only one member at a time is active. The active cluster member processes all packets.
D. All members receive all packets. An algorithm determines which member processes packets, and which member drops packets.

Correct Answer: D
QUESTION 131
The following configuration is for VPN-1 NGX:Is this configuration correct for Management High Availability (HA)?
A. No, the SmartCenter Servers must be installed on the same operating system.
B. No, a VPN-1 NGX SmartCenter Server cannot run on Red Hat Linux 7.3.
C. No, the SmartCenter Servers must reside on the same network.
D. No, A VPN-1 NGX SmartCenter Server can only be in a Management HA configuration, if the operating system is Solaris.
E. No, the SmartCenter Servers do not have the same number of NICs.

Correct Answer: A
QUESTION 132
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?
A. ICMP Port Unreachable
B. TCP keep alive
C. IKE Key Exchange
D. ICMP Destination Unreachable
E. UDP keep alive

Correct Answer: E
QUESTION 133
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access, after the next Phase 2 exchange occurs?
A. Phase 3 Key Revocation
B. Perfect Forward Secrecy
C. MD5 Hash Completion
D. SHA1 Hash Completion
E. DES Key Reset

Correct Answer: B
QUESTION 134
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?
A. Internal Gateway VPN Domain = internal_net; External VPN Domain = external net + external gateway object + internal_net.
B. Internal Gateway VPN Domain = internal_net. External Gateway VPN Domain = external_net + internal gateway object
C. Internal Gateway VPN Domain = internal_net; External Gateway VPN Domain = internal_net + external_net
D. Internal Gateway VPN Domain = internal_net. External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

Correct Answer: D
QUESTION 135
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair Queuing
E. guaranteed per VoIP rule

Correct Answer: A
QUESTION 136
Cody is notified by blacklist.org that his site has been reported as a spam relay, due to his SMTP Server being unprotected. Cody decides to implement an SMTP Security Server, to prevent the server from being a spam relay. Which of the following is the most efficient configuration method?
A. Configure the SMTP Security Server to perform MX resolving.
B. Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.
C. Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
D. Configure the SMTP Security Server to apply a generic “from” address to all outgoing mail.
E. Configure the SMTP Security Server to allow only mail to or from names, within Cody’s corporate domain.

Correct Answer: E
QUESTION 137
From the following output of cphaprob state, which ClusterXL mode is this?
A. Load Balancing Mode
B. Multicast mode
C. Unicast mode
D. New mode
E. Legacy mode

Correct Answer: C
QUESTION 138
Which type of service should a Security Administrator use in a Rule Base to control access to specific shared partitions on target machines?
A. Telnet
B. CIFS
C. HTTP
D. FTP
E. URI

Correct Answer: B
QUESTION 139
After you add new interfaces to this cluster, how can you check if the new interfaces and associated virtual IP address are recognized by ClusterXL?
A. By running the cphaprob state command on both members
B. By running the cphaprob -a if command on both members
C. By running the cphaprob -I list command on both members
D. By running the fw ctl iflist command on both members
E. By running the cpconfig command on both members

Correct Answer: B
QUESTION 140
When you add a resource service to a rule, which ONE of the following actions occur?
A. VPN-1 SecureClient users attempting to connect to the object defined in the Destination column of the rule will receive a new Desktop Policy from the resource.
B. All packets that match the resource in the rule will be dropped.
C. All packets matching the resource service rule are analyzed or authenticated, based on the resource properties.
D. Users attempting to connect to the destination of the rule will be required to authenticate.
E. All packets matching that rule are either encrypted or decrypted by the defined resource.

Correct Answer: C
QUESTION 141
What is a requirement for setting up Management High Availability?
A. All SmartCenter Servers must reside in the same Local Area Network (LAN).
B. All SmartCenter Servers must have the same amount of memory.
C. You can only have one Secondary SmartCenter Server.
D. All SmartCenter Servers must have the BIOS release.
E. All SmartCenter Servers must have the same operating system.

Correct Answer: E
QUESTION 142
Your network traffic requires preferential treatment by other routers on the network, in addition to the QoS Module, which Check Point QoS feature should you use?
A. Guarantees
B. Limits
C. Differentiated Services
D. Weighted Fair Queuing
E. Low Latency Queuing
Correct Answer: C
QUESTION 143
The following rule contains an FTP resource object in the Service field:
Source: local_net Destination: Any Service: FTP-resource object Action: Accept
How do you define the FTP Resource Properties > Match tab to prevent internal users from sending corporate files to external FTP servers, while allowing users to retrieve files?
A. Enable the “Get” method on the match tab.
B. Disable “Get” and “Put” methods on the Match tab.
C. Enable the “Put” and “Get” methods.
D. Enable the “Put” method only on the match tab.
E. Disable the “Put” method globally.

Correct Answer: A
QUESTION 144
You plan to install a VPN-1 Pro Gateway for VPN-1 NGX at your company’s headquarters. You have a single Sun SPARC Solaris 9 machine for VPN-1 Pro enterprise implementation. You need this machine to inspect traffic and keep configuration files. Which Check Point software package do you install?
A. VPN-1 Pro Gateway and primary SmartCenter Server
B. Policy Server and primary SmartCenter Server
C. ClusterXL and SmartCenter Server
D. VPN-1 Pro Gateway
E. SmartCenter Server

Correct Answer: A
QUESTION 145
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?
A. No QOS rule exists to match the rejected traffic.
B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections.
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.
E. The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself.

Correct Answer: B
QUESTION 146
You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from
for the new Gateway, and you must conform to the following requirements:

Operating-system vendor’s license agreement
Check Point’s license agreement
Minimum operating-system hardware specification

Minimum Gateway hardware specification
Gateway installed on a supported operating system (OS)

Which machine meets ALL of the following requirements?

A. Processor: 1.1 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows 2000 Workstation
B. Processor: 2.0 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows ME
C. Processor: 1.5 GHz RAM: 256 MB Hard disk: 20 GB OS: Red Hat Linux 8.0
D. Processor: 1.67 GHz
RAM: 128 MB
Hard disk: 5 GB
OS: FreeBSD

E. Processor: 2.2 GHz RAM: 256 MB Hard disk: 20 GB OS: Windows 2000 Server

Correct Answer: E
QUESTION 147
From the following output of cphaprob state, which ClusterXL mode is this?
A. Load Balancing Mode
B. Multicast mode
C. Unicast mode
D. New mode
E. Legacy mode
Correct Answer: C

Flydumps.com is the absolute way to pass your Checkpoint 156-315 exam within no time. An authentic and comprehensive Checkpoint 156-315 exam solution is available at Flydumps.com. With our exclusive online Checkpoint 156-315 dump you will pass Checkpoint 156-315 exam easily.Flydumps.com guarantees 100% success rate.

Flydumps 642-427 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/642-427.html

At present, there are a number of Cisco 700-602 available online for every IT professional. Flydumps Cisco 700-602 exam sample questions prepare you for success with the kind of questions you could expect in the real Cisco 700-602 Recertification. These real Cisco 700-602 questions and answers are a great tool for you to have a go with how well you are prepared before your final attempt at the Cisco 700-602 certification exam. Flydumps has been seen that students are feeling quite at home in presence of Cisco 840-423 questions as they provide them a chance to take a sigh of relief and they need not to spend hours in their studies for the Cisco 700-602. A great number of candidates for Exam have already been benefited themselves with the amazing Cisco 700-602 exam sample questions.

QUESTION 1
Which three options are three characteristics of Cisco UCS Invicta interfaces and bonds? (Choose three.)
A. Bond 0 is used for management.
B. A bond can blend both Ethernet and Fibre Channel interfaces.
C. 10 Gigabit Ethernet interfaces can be independent or aggregated into a bond.
D. iSCSI interfaces can be aggregated into bond 0.
E. Bonds that are created for iSCSI can have only one VLAN.
F. Administrators can change the MTU setting on bonds that are created for iSCSI.
Correct Answer: ACF Explanation
Explanation/Reference:
Explanation: Ethernet interfaces can either be stand-alone of part of a bond; the user-defined settings is the MTU.
QUESTION 2
Which three options are three functions of a Cisco UCS Invicta scaling system router? (Choose three.)
A. Host connectivity
B. Power fail data protection
C. Error correction
D. Mirror protection
E. RAID
F. Replication
Correct Answer: ADF Explanation
Explanation/Reference:
Explanation: The UCS Invicta scaling system router is the component that provides communications with the network and includes the features described above.
QUESTION 3
Which option is the definition of “parity” in a RAID environment?
A. An error correction technique that improves fault tolerance
B. A technique to ensure that read/write operations on one drive are mirrored to another drive
C. A technique to ensure that read/write operations are balanced across two or more drives
D. A technique to ensure that either one of two drives can service a request
Correct Answer: A Explanation
Explanation/Reference:
Reference: http://en.wikipedia.org/wiki/RAID (concept)
QUESTION 4
Which three options are three connectivity and management differences between Cisco UCS Invicta and PCIe flash memory? (Choose three.)
A. Cisco UCS Invicta supports AGP connections.
B. Connectivity between PCIe flash memory cards is supported through USB cables.
C. PCIe flash memory supports Fibre Channel and iSCSI protocols.
D. Cisco UCS Director can manage Cisco UCS Invicta.
E. Cisco UCS Invicta involves external connections to host servers, but PCIe flash memory is embedded inside a host server.
F. Cisco UCS Invicta is managed centrally, but PCIe flash memory is managed individually.
Correct Answer: DEF Explanation
Explanation/Reference:
Explanation: PCIFlash memory resides at each particular server and managment is a host by host task; UCS Invicta, in contrast, is a unified storage platform that is external to the servers and can be managed using UCS director, while effectively serving different hosts in the environment.
QUESTION 5
Which three descriptions of the Cisco UCS Invicta scaling system router are true? (Choose three.)
A. Connects to scaling system nodes using AGP cables
B. Provides node management
C. Manages connectivity between hosts and scaling system nodes
D. Supports FCIP, iSCSI, and Fibre Channel
E. Configured using CiscoWorks
F. Supports combination of acceleration and data reduction nodes
Correct Answer: BCF Explanation
Explanation/Reference:
Explanation: Scaling System router provides hosts connectivity, node management and it does support iSCSI and FibreChannel but not FcoE which makes option D incorrect. You could order, however, a combination of acceleration and standard reduction nodes. Reference: http://www.cisco.com/c/en/us/ products/collateral/servers-unified-computing/ucs- invicta-series-solid-state-system/datasheet-c78-730753.html
QUESTION 6
Which three workloads are ideal to accelerate using Cisco UCS Invicta? (Choose three.)
A. Mobile applications
B. Database loads
C. Transitioning from disk-based to in-memory databases
D. Storage media for backup and recovery operations
E. Virtual desktops
F. Batch processing
Correct Answer: BEF Explanation
Explanation/Reference:
Explanation: Because of the criticality of Database loads, the high I/O operations demand of VDI and the necessary to comply with allotted batch processing windows, these three workloads will specially benefit of the acceleration provided by UCS Invicta. Reference: http://www.cisco.com/c/dam/en/us/products/ collateral/servers-unified- computing/wp_invicta_aap.pdf (page 8)
QUESTION 7
Which three options are three benefits of faster applications based on Cisco sales experiences? (Choose three.)
A. Run more virtual servers on a single physical host
B. Consolidate high-performance computing nodes
C. Consolidate databases
D. Consolidate servers
E. Consolidate virtual machines
F. Combine big data applications alongside relational databases
Correct Answer: BEF Explanation
Explanation/Reference:
QUESTION 8
Which option is the definition of the “RAID penalty”?
A. The limitation that RAID can only be enabled for one storage shelf per cluster
B. The increase in the purchase price for a product when RAID is utilized
C. The extra wait time required for all operations required by the RAID level
D. The fact that RAID requires a dedicated cache to properly function
Correct Answer: C Explanation
Explanation/Reference:
Explanation: When planning for storage operations, RAID penalty is a measure to calculate carefully as it implies the waiting time for parity info to be written. Reference: http://theithollow.com/2012/03/ understanding-raid-penalty/
QUESTION 9
Which protection mechanism is used by the Cisco UCS Invicta appliance to protect data writes if a power outage occurs?
A. The UPS option is available to prevent loss of power to the device.
B. The LSI RAID card protects data in the event of power loss.
C. The QLogic HBA card protects data in the event of power loss.
D. The NVRAM card protects data in the event of power loss.
Correct Answer: D Explanation
Explanation/Reference:
Explanation: The NVRAM card is the actual ring buffer which protects data to be written in the case of power outages.
QUESTION 10
Which three statements about solid state drives are true? (Choose three.)
A. Solid state drives typically exceed the capacity of hard disk drives.
B. Solid state drives typically deliver about 1,000 times less latency than hard disk drives.
C. Solid state drives typically deliver 5-10 times less latency than hard disk drives.
D. Cisco best practices dictate that random and sequential workloads should not be mixed on the same solid state drive because poor performance results.
E. Solid state drives typically deliver about 100 times the IOPS performance of hard disk drives.
F. Solid state drives do not suffer from mechanical seek time latency.
Correct Answer: CEF Explanation
Explanation/Reference:
QUESTION 11
Which aspect of Cisco UCS Director offers task automation for Cisco UCS Invicta configuration?
A. Customized workflows using the API
B. Customized workflows using Python scripts
C. Customized workflows using Pearl scripts
D. Customized workflows using macros
E. Customized workflows using JSON scripts
Correct Answer: D Explanation
Explanation/Reference:
Explanation: UCS Director provides Macros allowing you to customize workflows. Reference: http:// www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs- director/administration-guide/4-0/ ucs_director_admin_guide/using_macros.html
QUESTION 12
Which statement about the scaling system router is true?
A. SSR has no management or host facing interfaces, no ring buffer, and no LSI RAID card.
B. SSR has no management interface but does have host facing interfaces, no ring buffer, and no LSI RAID card.
C. SSR has management and host facing interfaces, a ring buffer, and no LSI RAID card.
D. SSR has management and host facing interfaces, ring buffer, and LSI RAID card.
E. SSR has management and host facing interfaces, no ring buffer, and no LSI RAID card.
Correct Answer: E Explanation
Explanation/Reference:
Explanation: SSR deals with management and networking functions of the Scaling system; the other options referred to above are storage-specific, thus carried by the Scaling Node.
QUESTION 13
Which four options are four key messages for Cisco UCS Invicta solutions? (Choose four.)
A. Cisco UCS Invicta eliminates the need for Fibre Channel connectivity.
B. Cisco UCS Invicta replaces all other PCIe-based flash storage.
C. Performance and deduplication storage nodes can be deployed in the same scaling system.
D. Cisco UCS Invicta provides symmetrical write performance (writes perform about as fast as reads).
E. Cisco UCS Invicta scaling system provides a unique architectural advantage over other all flash arrays.
F. Cisco UCS Invicta provides scale-up performance up to 30 storage nodes.
G. PCIe flash form factor provides Cisco UCS Invicta with the lowest latency possible.
H. Cisco UCS Invicta concurrently provides scale-up and scale-out architectures.
Correct Answer: CDEH Explanation
Explanation/Reference:
Explanation: The architecture of Cisc Invicta allows both scale up and scale out options, providin flexibility to customize the type of storage nodes based on the needs and allowing need equal- performance for both read and write operations.
QUESTION 14
Which three options are characteristics of the Cisco UCS Invicta asynchronous replication feature? (Choose three.)
A. A LUN can be asynchronously replicated to a NFS share.
B. It provides for file-level replication based on a snapshot of a point in time.
C. It is an optional licensed feature on Cisco UCS Invicta systems.
D. It is available only on Cisco UCS Invicta scaling systems.
E. It provides for block-level replication based on a snapshot of a point in time.
F. It can be enabled at any time without disruption.
Correct Answer: CEF Explanation
Explanation/Reference:
Explanation: Asynchrounous replication happens either from LUN to LUN or NFS to NFS; it’s an optional feature that can be loaded at any time without disruption.
QUESTION 15
Which option is the name of a Linux command-line I/O tool that is meant to be used for benchmark and stress/hardware verification?
A. Bash
B. fio
C. X11
D. lometer
E. Remedy

F. GNOME
Correct Answer: B Explanation
Explanation/Reference:
Explanation: FIO is this command line tool native to Windows and actually comes pre-packaged with
Fedora 8.
Reference: https://developer.rackspace.com/blog/welcome-to-performance-cloud-servers-have- some-
benchmarks/

QUESTION 16
Which two options are performance differences between Cisco UCS Invicta and PCIe flash memory? (Choose two.)
A. Cisco UCS Invicta consumes much less power than PCIe flash memory.
B. Cisco UCS Invicta provides much better benefit at scale for system boot storms.
C. Cisco UCS Invicta provides much better reduction in system boot time.
D. Cisco UCS Invicta provides significantly better I/O latency.
E. Cisco UCS Invicta provides significantly more I/O acceleration.
Correct Answer: BC Explanation
Explanation/Reference:
Explanation: Those are the performance differences, in the other subjects stated above, both technologies are very similar.
QUESTION 17
Which interface types are supported in the PCIe slots of the scaling system router?
A. No user configurable interface cards are supported.
B. 10 GE and 16 GB Fibre Channel.
C. 10 GE and 8 GB Fibre Channel.
D. 1 GE and 8 GB Fibre Channel.
E. 1 GE and 16 GB Fibre Channel.
Correct Answer: C Explanation
Explanation/Reference:
Reference: http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs- invicta-series-solid-state-system/datasheet-c78-730753.html (See table 2)
QUESTION 18
Which interface types are supported in the PCIe slots of the scaling system node?
A. User-configurable interface cards are not supported.
B. 11 GE and 16 GB Fibre Channel.
C. 11 GE and 8 GB Fibre Channel.
D. 2 GE and 8 GB Fibre Channel.
E. 2 GE and 16 GB Fibre Channel.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: Remember it’s the SSR which needs connectivity to the switching backplane.
QUESTION 19
Which three options are three characteristics of Cisco UCS Invicta volume groups? (Choose three.)
A. If high availability is required, mirroring should be enabled on any volume groups that span multiple storage nodes.
B. A volume group is presented to the system as one large storage unit.
C. A volume group cannot span multiple storage nodes.
D. Vertical RAID 6 protects volume groups that span multiple storage nodes.
E. LUNs are assigned to volume groups.
F. RAID 1 and RAID 6 are the two options for volume group configuration.
Correct Answer: ABE Explanation
Explanation/Reference:
Explanation: A LUN is a storage logical unit, presented to the system as a storage unit; in the case of UCS invicta, you can enable mirroring for high availability; LUNs should be mapped to Volumes.
QUESTION 20
Which two characteristics are common to OLTP transactions? (Choose two.)
A. Bulk loads of large data files
B. Long-running queries against large data sets
C. Small, interactive transactions
D. After-hours batch processing
E. A requirement for subsecond response times
Correct Answer: BE Explanation
Explanation/Reference:
Explanation: Typically, On-Line transactions are small interactions where customers look for fast execution.
QUESTION 21
Which option is the approach used by the Solid State Systems Group in its labs?
Cisco 700-602 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section. Cisco 700-602 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 700-602 review questions help you assess your knowledge and reinforce key concepts. HP HP3-X09 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.

Skip all the worthless Cisco 650-082 study guide, but choose Flydumps HP HP5-H07D exam sample questions for passing Admission Test HP HP2-H27 exam. Cisco 650-082 exam sample questions are written by high rated top IT experts to the ultimate level of technical accuracy. Flydumps Cisco 650-082 practice test appoint only certified experts, trainers and competent authors for text development of Cisco 650-082  Exam. Among the most popular certification exams, we can also rate Cisco 650-082 test as the target of many IT professionals. We are the only one site can offer demo for almost all products. From Cisco 650-082 Questions demo, you can find that Flydumps Cisco 650-082 Questions would be your best guide for preparing your Cisco 650-082 test.

QUESTION 1
What Cisco ASR 5000 services are needed for communication between a Serving Gateway and Packet Data Network Gateway?
A. EGTP and GTPU
B. GTPU and PGW
C. SGW and GTPU
D. EGTP and SGW

Correct Answer: B QUESTION 2
Which option helps to define activities that are needed to successfully deploy and operate Cisco technologies?
A. Smart Services
B. Cisco lifecycle Services
C. TAC
D. Cisco Technical Services

Correct Answer: B QUESTION 3
Which card has the resources to run multiple services?
A. system management card
B. switch processor I/O card
C. packet service card
D. redundant crossbar card

Correct Answer: C QUESTION 4
Which of these statements about the Web element Manager is true?
A. Clients can connect only by using the internet explorer or Safari Web browser.
B. The application provides FCAPS.
C. Fault management implements an easy-to-use point-and-click GUI to provide configuration for one or more systems.
D. Supported accounting management operation system allow user to examine and perform real time statistical analysis.

Correct Answer: C QUESTION 5
Which controller task is used to facilitate IP routing across and within contexts?
A. Session controller
B. Drive controller
C. VPN controller
D. Resource management controller

Correct Answer: A QUESTION 6
On the Cisco ASR 5000, which three features ensure to help high availability? (Choose three) A. Terminated tasks have to be manually restarted.
B. Virtual memory protects software tasks.
C. Online software upgrades are not supported.
D. No session recovery for common services
E. No single point of failure
F. Inter-chassis redundancy

Correct Answer: BEF
QUESTION 7
What are two functions of the SGSN operator policy? (Choose two.)
A. limited APN configuration
B. assigning of privileges to system operators
C. extended QoS control
D. setting of the number of system context
E. handling of only one type of call
F. disabling of feature sets per IMSI range

Correct Answer: BF
QUESTION 8
What is the unique differentiator that sets Cisco SGSN apart from competitors?
A. combines 2G, 3G, and 4G SGSN into the same platform
B. seamless interoperability with GGSN
C. P2P detection and control
D. cost-effective evolution to 2G

Correct Answer: A
QUESTION 9
Which of the following statements are true regarding loopback interfaces?
A. They create relationship between certain elements of the system.
B. They associate a specific logical interface (configured within a particular context) to a physical port.
C. They associate a service to an IP address that is assigned to a logical interface.
D. They are not associated with any physical port.
Correct Answer: D
QUESTION 10
Which key components of CDMA solution make it different from UMTS?
A. SGSN and GGSN
B. PDSN and the Home Agent
C. 1xRTT base station and GGSN
D. EPC anchor point and PDSN
Correct Answer: B
QUESTION 11
Which two of the following are characteristics of high availability task? (Choose two)
A. It is responsible for strong configuration data for the applications that run on the system.
B. It is found on the management module only.
C. It runs only on the active SMC.
D. It provides the system with the ability to set, retrieve, and be notified of system configuration parameters.
E. It triggers an event to the RCT subsystem to take corrective action.
F. It is responsible for maintaining the operational state of tasks in the system
G. It is responsible for executing a recovery action for any failure that occurs in the system.

Correct Answer: EG
QUESTION 12
Which statement about message routing and addressing methods is true?
A. There are three ways to address a message.
B. The SGSN does not know the subscriber IMSI.
C. Message can be addressed in two ways: by IMSI and by GTT.
D. All configuration areas are required, especially if the routing is based purely on DPC+SSN

Correct Answer: C
QUESTION 13
LTE was introduced in which 3GPP release?
A. 7
B. 6
C. 8
D. 9

Correct Answer: C
QUESTION 14
What type of Cisco ASR 5000 service is needed for communication between a Cisco MME and serving gateway?
A. PGW
B. eGTP
C. SGW
D. GTPU
Correct Answer: A
QUESTION 15
How many VLAN tags may contain each physical port on an Ethernet 1000 line card?
A. Up to 2000
B. Up to 1820
C. Up to 124
D. Up to 1024

Correct Answer: D
QUESTION 16
MITG can help customers reduce signaling costs by 30% because it combines two common technologies. Which two technologies are combined to achieve this result?
A. SGW and PGW
B. MME and ePDG
C. MME and SGSN
D. SGSN and SGW

Correct Answer: C
QUESTION 17
What type of cards fir into the front of Cisco ASR 5000 chassis?
A. Application cards and linear cards
B. Line cards and application cards
C. Fan cards and line cards
D. Application cards and management cards

Correct Answer: D
QUESTION 18
Which two capabilities are the parts of MME solution? (Choose two)
A. Content filtering
B. 1:n redundancy
C. Intelligent paging
D. Extensive QoS functionality
E. Rich VPN features

Correct Answer: BC
QUESTION 19
Which card in the back of Cisco ASR 5000 provides connectivity for local and remote management and for CO alarming?
A. Redundant crossbar card
B. Packet service card
C. Switch processor I/O card
D. Line card

Correct Answer: C
QUESTION 20
In what two ways to subscribe-aware stateful firewalls compliment internet firewalls? (Choose two)
A. Resolve the stateless issue with internet firewalls
B. Enables user-specific event correlation
C. Provides QoS support on a per-subscriber or per-group basis
D. Provides granular support per-subscriber or per-group firewall rules
E. Enables user-specific throttling
Correct Answer: BD
QUESTION 21
Which of these is an operator privilege?
A. Generate reports
B. Edit user accounts
C. Delete user accounts
D. Assign reports
Correct Answer: A

The Cisco contains more than 400 practice questions for the Cisco 650-082 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Cisco 650-082  exams network simulation software.

Welcome to download the newest Flydumps 642-832 VCE dumps: http://www.flydumps.com/642-832.html

Moreover, the Cisco 350-018 exam sample questions are worked out by I.T. experts who enable you to Cisco 350-018 practice test questions in order to achieve your goal. FLYDUMPS provide high quality Cisco 350-018 Certified Solutions Associate. It is the best and the latest Cisco 350-018 exam questions. Furthermore, we are constantly updating FLYDUMPS Cisco 350-018 Exam. These Cisco 350-018 test updates are supplied free of charge to Killtest customers. After you purchase FLYDUMPS Cisco 350-018 exam sample questions, you can enjoy one year free update.

QUESTION 21
Which command sets the key-length for the IPv6 SeND protocol?
A. ipv6 nd inspection
B. ipv6 nd ra-interval
C. ipv6 nd prefix
D. ipv6 nd secured
E. ipv6 nd ns-interval

Correct Answer: D
QUESTION 22
Which statement is valid regarding SGACL?
A. SGACL mapping and policies can only be manually configured.
B. Dynamically downloaded SGACL does not override manually configured conflicting policies.
C. SGACL is access-list bound with a range of SGTs and DGTs.
D. SGACL is not a role-based access list.

Correct Answer: C
QUESTION 23
Which statement about ACS rule-based policies is true?
A. The permissions for rule-based policies are defined in authentication profile.
B. Permission for rule-bases polices are associated with user group.
C. Rule-based polices can apply different permission to the same user under different condition
D. TACACS+ is one of the attributes included in the authorization profile

Correct Answer: B
QUESTION 24
What technology can secure DNS information in IP networks?
A. a combination of DNS and SSL/TLS
B. a combination of DNS and IPSec
C. DNS encryption
D. DNSSEC

Correct Answer: D
QUESTION 25
For which router configuration is the attack-drop.sdf file recommended?
A. Routers with less than 128 MB of memory.
B. Routers with less than 64 MB of memory.
C. Routers with at least 128 MB of memory.
D. Routers with at least 192 MB of memory.
E. Routers with at least 256 MB of memory.

Correct Answer: A
QUESTION 26
Which two statements about attacks against IPV4 and IPv6 network are true? (Choose two)
A. Man-in-the-middle attacks are more common against IPv4 and IPv6
B. The multicast DHCPv6 replies on IPv6 network are easier to protect from attacks
C. Rogue devices provide more risk to IPv4 networks than IPv6 networks
D. It is easier to scan an IPv4 network than an IPv6 networks.
E. Data can be captured in transit across both network types.
F. Attacks performed at the application layer can compromise both types
Correct Answer: AF
QUESTION 27
What is an example of a stream cipher?
A. RC4
B. DES
C. Blowfish
D. RC6
Correct Answer: A
QUESTION 28
Which two of the following pieces of information are communicated by the ASA in version 8.4 or later when the Stateful Failover is enabled? (Choose two.)
A. DHCP server address leases.
B. dynamic routing tables
C. power status
D. NAT translation table
E. user authentication
Correct Answer: BD
QUESTION 29
Refer to the exhibit.

What sequence of command would generate the given output?

Correct Answer: C
QUESTION 30
Which two statements about ASA transparent mode are true? (Choose two.)
A. It drops ARP traffic unless it is permitted.
B. It does not support NAT.
C. It requires the inside and outside interface to be in different subnets.
D. It can pass IPv6 traffic.
E. It cannot pass multicast traffic.
F. It supports ARP inspection.

Correct Answer: BF
QUESTION 31
Which three statements about Cisco Secure Desktop are true? (Choose three)
A. It is interpretable with Clientless SSL VPN, AnyConnect, and the IPSec VPN client.
B. Its supports shared network folder
C. It validate PKI certificates
D. It supports multiple prelogin checks, including IP address, certificate and OS
E. It supports unlimited CSD locations.
F. It can be pre-installed to reduce download time.

Correct Answer: BCE
QUESTION 32
Of which IPS application is Event Action Rule a component?
A. NotificationApp
B. InterfaceApp
C. SensorApp
D. SensorDefinition
E. MainApp
F. AuthenticationApp
Correct Answer: C
QUESTION 33
What are three protocols that support Layer 7 class maps and policy maps for zone-based firewalls? (Choose three)
A. MIME
B. ICQ
C. POP3
D. IMAP
E. RDP
F. IKE

Correct Answer: BCD QUESTION 34
Attacks can originate from multicast receivers. Any receiver that sends an IGMP or MLD report typically creates state on which router?
A. customer
B. first-hop
C. source
D. RP Correct Answer: B QUESTION 35
What are two advantages of SNMPv3 over SNMPv2c? (Choose two.)
A. integrity, to ensure that data has not been tampered with in transit
B. no source authentication mechanism for faster response time
C. Packet replay protection mechanism removed for efficiency
D. GetBulkRequest capability, to retrieve large amounts of data in a single request
E. confidentiality via encryption of packets, to prevent man-in-the-middle attacks Correct Answer: AE QUESTION 36
Refer to the exhibit.

Which option is the reason for the failure of the DMVPN session between R1 and R2?
A. incorrect tunnel source interface on R1
B. IPsec phase-1 policy mismatch
C. tunnel mode mismatch
D. IPsec phase-2 policy mismatch
E. IPsec phase-1 configuration missing peer address on R2

Correct Answer: B
QUESTION 37
Which two statements about TrustSec are true? (Choose two)
A. It can simplify the management and configuration of security policies
B. It can simplify the ASA management and configuration
C. It can simplify SG-ACL provisioning to network router and switches
D. It can apply access-control policies throughout the network
E. It is a part of Cisco commerce work space

Correct Answer: CD
QUESTION 38
Refer to the exhibit.
CCNA Exam Certification Guide is a best-of-breed Cisco 350-018 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author shares preparation hints and Cisco 350-018 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge. Cisco 350-018 Material is presented in a concise manner,focusing on increasing your understanding and retention of exam topics.

Flydumps 642-832 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/642-832.html

FLYDUMPS provide Cisco 648-375 exam sample questions with the real exam questions and answers for practicing your Cisco 648-375 certification exam. What the FLYDUMPS instructors care about is whether you pass the Cisco 642-999 exam after purchasing our product. Buy the Cisco 648-375 exam sample questions today and be on the way to Cisco 648-375 certification. Taking Cisco 648-375 exam sample questions is a quick and efficient way to prepare the Cisco  Certification exam. It’s our duty and honor to offer all the customers best Cisco 648-375 service. If you have any problems about Cisco 648-375 test or FLYDUMPS Cisco 648-375 product, please contact us. FLYDUMPS Cisco 648-375 exam sample questions are to help the customers get the Cisco certification and make them satisfied.

QUESTION 1
Which three statements accurately describe the evolution of the workplace and the importance of the network? (Choose three.)
A. Mobility causes location borders to shift.
B. Cloud services cause end-user locations to shift.
C. Cloud services cause application borders to shift.
D. IT consumerization causes location borders to shift.
E. IT consumerization causes device borders to shift.

Correct Answer: ACE
QUESTION 2
Which two questions should you ask when assessing an organization’s security needs? (Choose two.)
A. Are you exploring new cloud business models?
B. Are you enforcing the same security policies consistently across your organization?
C. Are you using the latest hardware and software versions for your security devices?
D. Are you using single-vendor security equipment?
E. What are the operating hours of your security response team?

Correct Answer: AB
QUESTION 3
The Cisco SecureX Architecture is built on which three foundational principles? (Choose three.)
A. context-aware policy
B. virtual office management
C. network management
D. content access control
E. context-aware security enforcement
F. network and global intelligence

Correct Answer: AEF
QUESTION 4
Which two of the following statements correctly describe architecture and design? (Choose two.)
A. The architecture shows building blocks and abstract capabilities of a system and the relationships between the individual components.
B. The design shows concrete products, expected performance, and scalability options of a solution.
C. The design is the basis for creating the architecture.
D. The architecture includes a description of the best possible solution.
Correct Answer: AB
QUESTION 5
Which three are main drivers for changing operations? (Choose three.)
A. change of market trends
B. change of competition
C. change of application software version
D. change of relative strengths
E. migration of the enterprise network to IPv6
F. migration to Cisco single-vendor networking solution

Correct Answer: ABD
QUESTION 6
Which three best describe the Cisco Borderless Network Architecture? (Choose three.)
A. Infrastructure and network services are the basis for user services.
B. A Cisco Borderless Network is based on a common network infrastructure.
C. Routers and switches provide transport services and operate at Layer 2 and Layer 3 of the Cisco Borderless Network Architecture.
D. A Cisco Borderless Network Architecture provides borderless network services.
E. User services are not part of the Cisco Borderless Network Architecture.

Correct Answer: ABD
QUESTION 7
What are the two business benefits of a BYOD solution? (Choose two.)
A. reduced OpEx
B. less IT effort to support and secure different devices
C. less IT effort to support and secure different operating systems
D. reduced network complexity
E. increased productivity using own devices

Correct Answer: AE
QUESTION 8
Which two statements accurately describe the evolution of the workplace and the importance of the network? (Choose two.)
A. Mobility causes location borders to shift.
B. Cloud services cause end-user locations to shift.
C. Cloud services cause application borders to shift.
D. IT consumerization causes location borders to shift.
E. Mobility causes devices to become centralized.

Correct Answer: AC
QUESTION 9
Which two questions should you ask a customer, that best help you when assessing an organization’s security needs? (Choose two.)
A. Are you exploring new cloud and BYOD business models?
B. Do you have any Cisco Nexus 7000 deployed in your network?
C. Are you using single-vendor security equipment?
D. Are you enforcing the same security policies consistently across your organization’s network?
E. What are the operating hours of your security response team?

Correct Answer: AD
QUESTION 10
Which two examples best describe the challenges that customers face in networks of today? (Choose two.)
A. How can we effectively support extensive collaboration requirements, including video?
B. How do we control energy consumption of devices that are owned by employees?
C. Which type of firewall should we deploy?
D. Do we need to invest in the BYOD solution?
E. How can we disable users from using their own devices?

Correct Answer: AD
QUESTION 11
What are two driving factors for new security challenges? (Choose two.)
A. increasing number of security patches distributed by operating system vendors
B. increasing number of outdated encryption algorithms
C. increasing number of attacks from inside the network
D. increasing number of employee-owned devices accessing the corporate network
E. adoption of virtualization and cloud services

Correct Answer: DE
QUESTION 12
The Cisco SecureX Architecture is built on which two foundational principles? (Choose two.)
A. context-aware policy
B. virtual office management
C. network management
D. service provider policy
E. context-aware security enforcement

Correct Answer: AE
QUESTION 13
Which statement correctly describes the importance and role of business processes?
A. Business processes are built on company operations.
B. Operations and, consequently, business processes define the company strategy.
C. Changes in company strategy cause changes in business processes and, consequently, in operations.
D. Tasks in business processes require interaction of various users using the same type of device.
Correct Answer: C
QUESTION 14
Which two statements correctly describe architecture and design? (Choose two.)
A. The architecture shows building blocks and abstract capabilities of a system and the relationships between the individual components.
B. The design is the basis for creating the architecture.
C. The architecture includes a description of the best possible solution.
D. The design shows concrete products, expected performance, and scalability options of a solution.
Correct Answer: AD
QUESTION 15
Which two definitions best describe the Cisco Borderless Network Architecture? (Choose two.)
A. Infrastructure and network services are the basis for user services.
B. A Cisco Borderless Network is based on a common network infrastructure.
C. Routers and switches provide transport services and operate at Layer 4 of the Cisco Borderless Network Architecture.
D. A Cisco Borderless Network Architecture provides cloud services.

All most all IT professionals are familiar with the Cisco 648-375 exam and dream to have that top most demanding certification. This is the top level certification from CISCO that is accepted universally. You can get your desired career which you dreamed with passing Cisco 648-375 test and getting the certificate.

Welcome to download the newest Flydumps 642-832 VCE dumps: http://www.flydumps.com/642-832.html

By FLYDUMPS purchasing Cisco 648 244 exam sample questions, you will have all that is necessary for completing the Cisco 648 244 with all practice questions that are always up to date. All the FLYDUMPS Cisco 648 244 practice questions and answers are related to the real Cisco 648 244.If you use FLYDUMPS Cisco 648 244 exam sample questions, you can experience an actual Cisco 648 244 exam. Cisco 648 244 training covers over 100% of the Cisco 648 244 questions and answers that may be appeared in your Cisco 648 244 test.

Question No : 1
Which two server series support Cisco Unified Communications on Cisco Unified Computing Systems? (Choose two.)
A. Cisco B-Series
B. Cisco C-Series
C. Cisco MCS Series
D. Cisco R-Series
E. Cisco Unified Communications Series
Answer: A,B
Explanation:
Question No : 2
Which two processor types or processor families are supported for Cisco Unified Communications on the Cisco Unified Computing System or specifications-based servers? (Choose two.)
A. AMD FX-8100
B. AMD Option E5
C. Intel Xeon 5600
D. Intel Xeon 6500
E. Intel Xeon E7
Answer: C,E
Explanation:
Question No : 3
What is the maximum hard disk capacity that a Cisco UCS C210 M2 server supports?

A. 1.2 TB
B. 2.4 TB
C. 8 TB
D. 12 TB E. 16 TB
Answer: E
Explanation:
Question No : 4
Which one best describes a unified port?
A. Ethernet port
B. Fibre Channel port
C. host bus adapter port
D. converged port
Answer: D
Explanation:
Question No : 5
What is the maximum amount of RAM that any Cisco C-Series server model can support?
A. 192 GB
B. 384 GB
C. 768 GB

D. 1 TB
E. 2 TB
Answer: D
Explanation:
Question No : 6 A. 20

B. 32
C. 40
D. 48
E. 96
Answer: D
Explanation:
Question No : 7
Which one is covered by a Tested Reference Configuration server?
A. configuration of SAN and NAS devices
B. configuration settings for BIOS
C. DAS and RAID options
D. patch recommendation
Answer: C
Explanation:
Question No : 8
Which two server types support a hybrid storage deployment? (Choose two.)
A. Cisco UCS C200 M2
B. Cisco UCS C210 M2
C. Cisco UCS C260 M2
D. Cisco UCS B200 M2
E. Cisco UCS B230 M2
F. Cisco UCS B440 M2
Answer: B,D
Explanation: Question No : 9
Which two entries define a valid storage option for the Cisco UCS C210 M2 TRC 1 server? (Choose two.)
A. DAS (2 disks RAID 0) for VMware
B. DAS (2 disks RAID 1) for VMware
C. DAS (4 disks RAID 5) for VMware
D. DAS (8 disks RAID 5) for Cisco Unified Communications applications
E. DAS (10 disks RAID 5) for Cisco Unified Communications applications
Answer: B,D
Explanation:
Question No : 10
Which two statements are true about Cisco Unified Communications Manager Business Edition? (Choose two.)
A. Cisco Unified Communications Manager Business Edition 3000 is installed on a UCS server.
B. Cisco Unified Communications Manager Business Edition 5000 replaces the previous Cisco Unified Communications Manager Business Edition.
C. Cisco Unified Communications Manager Business Edition 5000 can be virtualized.
D. Cisco UCS C200 M2 for Cisco Unified Communications Manager Business Edition uses DAS with 4 disks and RAID 10.
E. Cisco Unified Communications Manager Business Edition 6000 supports up to 50 locations.
Answer: D,E
Explanation:
Question No : 11

A. 12 GB
B. 14 GB
C. 16 GB
D. 30 GB
Answer: B
Explanation:
Question No : 12
When deploying a Cisco Unified Communications solution with a maximum of 2500 users, there is an OVA file with a limited storage footprint for Cisco Unified Communications Manager that is available. Which two parameters define this storage OVA template? (Choose two.)
A. 55-GB vDisk
B. 80-GB vDisk
C. 2 * 60-GB vDisk
D. 3-GB vRAM
E. 4-GB vRAM
F. 6-GB vRAM
Answer: A,D
Explanation:
Question No : 13
Which two server vendors can be selected when specification-based servers should be used? (Choose two.)
A. AMD
B. Dell

C. IBM
D. Intel

E. HP
Answer: C,E Explanation:
Question No : 14
What is the required minimum core speed for specification-based servers with Intel Xeon 5600 CPUs?
A. 2.13 GHz
B. 2.40 GHz
C. 2.53 GHz
D. 2.66 GHz
Answer: C
Explanation:
Question No : 15
What is the minimum speed of a Fibre Channel adapter when using specification-based servers?
A. 1 Gb/s
B. 2 Gb/s
C. 4 Gb/s
D. 8 Gb/s
E. 16 Gb/s
Answer: B
Explanation:
Question No : 16
Which two statements would lead you to use a mixed Cisco Unified Communications Manager cluster with physical and virtual machines instead of a fully virtualized deployment? (Choose two.)
A. when migrating from a physical to a virtual deployment
B. when inter virtual machine traffic should be switched with Cisco Nexus 1000V Series Switches
C. when using MOH audio live-stream devices
D. when you want to use direct-attached Fibre Channel SAN devices
E. when you need remote access to the BIOS setup
Answer: A,C
Explanation:
Question No : 17
Why should you use the Cisco Unified Communications Sizing Tool in addition to your design solution that you did manually?
A. this is not necessary if the DocWiki guidelines for virtualized Cisco Unified Communications are followed
B. to distribute and place the virtual machines automatically in the optimized way
C. to calculate CPU and memory utilization
D. to select the optimized OVA template for the deployment
Answer: C
Explanation:
Question No : 18
When designing a Cisco Unified Communications Manager cluster, how many MOH Unicast streams are supported per server when streaming is colocated?

A. 48
B. 128
C. 250
D. 256
E. 500
Answer: E
Explanation: Question No : 19
When designing a virtualized Cisco Unity Connection deployment, which two statements are true? (Choose two.)
A. configure CPU affinity for Cisco Unity Connection
B. reserve an unused core per Cisco Unity Connection virtual machine
C. reserve an unused core per host server
D. iLBC codec selection reduces the number of ports by 75 percent
E. a Cisco Unity Connection cluster supports up to 40,000 users
Answer: C,D
Explanation:
Question No : 20
How many coresident applications can be hosted on a Cisco UCS C200 M2 server when using Cisco Unified Communications Manager Business Edition 6000?

A. 3
B. 4
C. 5
D. 6
E. 8
Answer: B
Explanation:
Question No : 21

A. 2 * 146 GB
B. 2 * 200 GB
C. 2 * 256 GB
D. 2 * 300 GB
E. 2 * 450 GB
F. 2 * 500 GB
Answer: D,F
Explanation:
Question No : 22
How many Cisco Unified Communications Manager users can be processed by a Cisco UCS C210 M2 server compared to a Cisco MCS 7845-I3 server?
A. single
B. double
C. triple
D. quadruple
E. quintuple
F. sextuple
G. octuple
Answer: D
Explanation:
Question No : 23
Which application can be colocated on the same server as the virtualized Cisco Unified Communications applications?
A. DHCP server
B. DNS server
C. Cisco Nexus 1000V Series Switches
D. VMware vCenter
E. Cisco SocialMiner
Answer: E
Explanation:
Question No : 24
How many DIMM slots does the Intel Xeon 5600 processor architecture offer per socket?

A. 3
B. 6
C. 9
D. 12
E. 18
Answer: C
Explanation:
Question No : 25
How many Cisco Media Communications Servers does a deployment require to reach a return on investment when deploying Cisco B-Series servers instead of Cisco Media Communications Servers in a newly installed data center?
A. 2
B. 5
C. 10

D. 15
E. 20
Answer: E
Explanation:
Which two make up the default username and password to access the Cisco Integrated
Management Controller for the first time? (Choose two.)
A. admin
B. administrator
C. root
D. password
E. none (empty)
F. Cisco123
Answer: A,D
Explanation:
Question No : 27
What is the disk efficiency factor when using RAID 10?

A. 1/2
B. 1/n
C. 1/(n/2)
D. 1-1/n
Answer: B
Explanation:
Question No : 28
Which of the following is not a general server status indicator?
A. Good
B. Fault
C. Severed Fault
D. Test in Progress
Answer: D
Explanation:

Cisco 648 244 tests containing questions that cover all sides of tested subjects that help our members to be prepared and keep high level of professionalism. The main purpose of Cisco 648 244 exam is to provide high quality test that can secure and verify knowledge, give overview of question types and complexity that can be represented on real exam certification.

Flydumps 642-832 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/642-832.html

Cisco 648-232 test is definitely the new movement among the IT authorities. The sheer number of prospects chasing the following official certifications is usually great and recruiters are likely to use credentialed authorities. Begin money making your Cisco 648-232 exam assessment at this point could really mean substantial positive aspects before i write again. Just after being successful while in the Cisco 648-232 exam sample questions you’re eligible as a Riverbed. You will receive the highest quality and support with FLYDUMPS customer service that will fulfill all of your IT certification needs. Purchase our Cisco 648-232 exam sample questions, simply put, FLYDUMPS is your key to opening up new doors for a brighter future.

QUESTION 1
Which two platforms are the first to be combined to make up the WebEx Meetings shared SaaS platform?
A. Cisco TelePresence Callway and WebEx Connect
B. Connect and WebEx
C. Quad and Cisco TelePresence Callway
D. WebEx Quad

Correct Answer: B
QUESTION 2
What is the maximum capacity of participants for a Cisco WebEx Meeting Center and Training Center meeting?
A. 250
B. 300
C. 400
D. 500

Correct Answer: D
QUESTION 3
Your primary site becomes unavailable. Which one of these features enables you to automatically and transparently move all collaboration activity to the backup site, ensuring a seamless user experience?
A. medianet
B. GSB
C. WebEx One-Click
D. GDM

Correct Answer: B
QUESTION 4
With regard to conference node redundancy, if a region requires 2400 G.711 ports, then how many nodes should it include?
A. Two nodes, each with a capacity of 1200 G.711 ports
B. Three nodes, each with a capacity of 1200 G.711 ports
C. One node with a capacity of 2400 G.711 ports
D. One node with a capacity of 1200 G.711 ports

Correct Answer: B
QUESTION 5
Which two of these factors should be considered when determining the size of a conference system? (Choose two.)
A. future growth
B. service levels
C. location of participants
D. CapEx
E. node capacity
Correct Answer: AB
QUESTION 6
Which feature in Cisco WebEx Meeting Center allows you to collaboratively brainstorm ideas and take notes?
A. integrated audio and VoIP
B. whiteboard
C. Network-Based Recording
D. WebEx One-Click

Correct Answer: B
QUESTION 7
Which three host capabilities are available on WebEx for iPad? (Choose three.)
A. schedule, start, or cancel a meeting
B. invite attendees
C. pass presenter control
D. stream media from a PC
E. chat privately with attendees
F. run WebEx in the background

Correct Answer: ABC
QUESTION 8
Which new WebEx feature allows for the main video to switch automatically to the present speaker, using voice activation?
A. Cisco TelePresence
B. Cisco ActivePresence
C. multipoint video
D. WebEx One-Click

Correct Answer: B
QUESTION 9
One of the challenges of online training is measuring class effectiveness. Which two tools does Cisco WebEx Training Center use to measure this? (Choose two.)
A. visual attention indicator
B. polling
C. self-check quizzes
D. application sharing

Correct Answer: AB
QUESTION 10
You are late for a meeting and you missed the first half of the conversation. Which feature allows you to never miss the contents of a meeting?
A. Cisco ActivePresence
B. Network-Based Recording
C. hands-on labs
D. breakout sessions
Correct Answer: B
QUESTION 11
What does the global attentiveness meter monitor?
A. if the attendee has the correct audio equipment
B. whether or not attendees are using external applications during the event
C. pre- and post-event reporting
D. event success

Correct Answer: B
QUESTION 12
Which two of these statements best describe the benefits of the immersive customer service experiences that are offered by WebEx Support Center? (Choose two.)
A. Customer service representatives can provide more personalized service.
B. Customers can interact with the customer service representative from a mobile device.
C. Customer service representatives can increase the time spent with customers.
D. Customers can instantly view information that the customer service representative is sharing.

Correct Answer: AD
QUESTION 13
What is the number one customer complaint surveyed by technical support organizations?
A. cost of service
B. time that it takes to resolve issue
C. lack of resolution
D. time that it takes to reach a service representative

Correct Answer: B
QUESTION 14
What are the three ways that the WebEx Support Center improves key performance metrics for a business? (Choose three.)
A. increases first-call resolution percentage
B. lengthens average call handling time
C. drives in-person sales
D. shortens average wait time
E. improves customer satisfaction rating
F. increases time to resolution
Correct Answer: ADE
QUESTION 15
What is the difference between HQ and HD video?
A. HQ video is 360p, while HD video is 720p or higher.
B. The terms are interchangeable.
C. HQ video is 720p, while HD video is 1080p or higher.
D. HQ video is 360p, while HD video is 1080p or higher.
Correct Answer: A
QUESTION 16
Which statement is true about active speaker?
A. Active speaker switching is automatic with third-party audio only.
B. Active speaker does not work for a site without integrated audio.
C. Active speaker switching is automatic with Cisco WebEx audio, third-party audio, and Cisco Unified

Flydumps Free Cisco 648-232 exam dumps are audited by our certified subject matter experts and published authors for development. Flydumps Cisco 648-232 exam dumps are one of the highest quality Cisco 648-232 Q&As in the world.It covers nearly 96% real questions and answers, including the entire testing scope. Flydumps guarantees you pass Cisco 648-232 exam at first attempt.

Welcome to download the newest Flydumps 300-207 VCE dumps: http://www.flydumps.com/300-207.html

Together with FLYDUMPS Cisco 700-270 exam sample questions, you may successfully pass quality inside initially look at. You’ll be able to get a hold of free of charge Cisco 700-270 certification books demo through yourself from web site immediately. Cisco 700-270 exam sample questions queries excellent and usablity individuals perform review prior to deciding to buy the idea. Cisco 700-270 exam sample questions is among the greatest qualification by CIW thus your competitors are actually difficult. FLYDUMPS gives you respond to. Growing Cisco 700-270 Other Certification review is difficult.Cisco 700-270 Other Certification good results are only able to become guaranteed by using proper training.

QUESTION 1
Which FirePOWER services capability supports seamless processing after an adaptive security appliance stateful failover event?
A. midsession pickup
B. TCP intercept
C. SFR stateful failover
D. FireSIGHT central policy distribution
Correct Answer: A QUESTION 2
What is the minimum Cisco ASA software version that is required to support FirePOWER services?
A. 9.1.2
B. 8.6
C. 9.2.2
D. 9.4
Correct Answer: C QUESTION 3
Which recommendation should be made to increase scalability, performance, and resiliency?
A. Create a Cisco ASA failover pair.
B. Upgrade the current Cisco ASA
C. Upgrade from the FirePOWER software module to the hardware module
D. Deploy Cisco ASA clustering.

Correct Answer: D QUESTION 4
Which application is required to support adding user information from Microsoft Active Directory to FirePOWER events?
A. Cisco ASA Identity Firewall
B. Microsoft Active Directory Agent
C. Cisco Directory Agent
D. Sourcefire User Agent

Correct Answer: D QUESTION 5
With which hardware option must Cisco ASA models below the 5585-X be sold to support FirePOWER services?
A. SSP module
B. FireSIGHT Management Center
C. SSD
D. FirePOWER services bundle
Correct Answer: A QUESTION 6
Which enhancement is added to URL filtering that is performed by the FirePOWER services module?
A. categories
B. reputation scores
C. regular expressions
D. IP address filters

Correct Answer: B
QUESTION 7
Which three options are important when positioning a next-generation firewall solution? (Choose three.)
A. performance
B. resistance to evasion
C. current install base
D. interoperability
E. stability
F. nonproprietary

Correct Answer: ABE
QUESTION 8
How is traffic forwarded from the Cisco ASA to the FirePOWER services module for analysis?
A. The SFR is transparent and automatically sees all traffic.
B. A service policy redirects traffic from the Cisco ASA packet-processing path to the SFR
C. The SFR has a dedicated data interface
D. The SFR is a standalone appliance that is inserted inline in the data path

Correct Answer: B
QUESTION 9
NGIPS rulesets are configured using which management application?
A. FireSIGHT Management Center
B. Cisco IDM
C. Cisco IME
D. Cisco ASDM
Correct Answer: A
QUESTION 10
In a stateful firewall application, inspection occurs at which layer of the OSI model?
A. 7
B. 3
C. 4
D. 2
Correct Answer: A
QUESTION 11
A customer wants to block instant-messaging traffic within Facebook Chat for its employees. Which feature licensing option provides this capability’?
A. default FirePOWER services
B. IPS
C. URL

Flydumps ensures that the first time you take the exam will be able to pass the exam to obtain the exam certification. Because Cisco 700-270 provide to you the highest quality analog Cisco 700-270 Exam will take you into the exam step by step. Flydumps guarantee that Latest Cisco 700-270 exam help you to pass the exam successfully.

Flydumps 300-207 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/300-207.html