Index

Real CheckPoint 156-215 exam dumps revised by experts, they were updated with the change of the CheckPoint 156-215 ,covering all the whole aspects of CheckPoint 156-215 exam. Just have a training of Flydumps CheckPoint 156-215 exam questions to guarantee your 100% pass

QUESTION 87
Ellen is performing penetration tests against SmartDefense for her Web server farm. She needs to verify that the Web servers are secure against traffic hijacks. She has activated the Cross-Site Scripting property. What other settings would be appropriate? Ellen:
A. should also enable the Web intelligence > SQL injection setting.
B. must select the “Products > Web Server” box on each of the node objects.
C. should enable all settings in Web Intelligence.
D. needs to configure TCP defenses such as “Small PMTU” size.
E. needs to create resource objects for the web farm servers and configure rules for the web farm.

Correct Answer: B
QUESTION 88
William is a Security Administrator who has added address translation for his internal Web server to be accessible by external clients. Due to poor network design by his predecessor, William sets up manual NAT rules for this server, while his FTP server and SMTP server are both using automatic NAT rules. All traffic from his FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped because of anti-spoofing settings. What is causing this?
A. “Allow bi-directional NAT” is not checked in Global Properties.
B. “Translate destination on client side” is not checked in Global Properties under “Manual NAT Rules”.
C. “Translate destination on client side” is not checked in Global Properties > Automatic NAT Rules.
D. Routing is not configured correctly.
E. Manual NAT rules are not configured correctly.

Correct Answer: B
QUESTION 89
You are a security consultant for a hospital. You are asked to create some type of authentication rule on the NGX Security Gateway, to allow doctors to update patients’ records via HTTP from various workstations. Which authentication method should you use?
A. Client Authentication
B. LDAP Authentication
C. SecureID Authentication
D. TACAS Authentication
E. User Authentication

Correct Answer: E
QUESTION 90
Certkiller is the Security Administrator for an online bookstore. Customers connect to a variety of Web servers to place orders, change orders, and check status of their orders. Mrs. Bill checked every box in the Web Intelligence tab, and installed the Security Policy, She ran penetration test through the Security Gateway, to determine if the Web servers were protected from cross-site scripting attacks. The penetration test indicated the Web servers were still vulnerable. Which of the following might correct the problem?
A. The penetration software Certkiller is using is malfunctioning and is reporting a false-positive.
B. Certkiller must create resource objects, and use them in the rule allowing HTTP traffic to the Web servers.
C. Certkiller needs to check the “Products > Web Server” box on the host node objects representing his Web servers.
D. Certkiller needs to check the “Web Intelligence” box in the SmartDefense > HTTP Properties.
E. Certkiller needs to configure the Security Gateway protecting the Web servers as a Web server.
Correct Answer: C QUESTION 91
You create two Policy Packages for two NGX Security Gateways. For the first Policy Package, you select Security and Address Translation and QoS Policy. For the second Policy Package, you selected Security and Address Translation and Desktop Security Policy. In the first Policy Package, you enable host-based port scan from the SmartDefense tab. You save and install the policy to the relevant Gateway object. How is the port scan configured on the second Policy Package’s SmartDefense tab?
A. Host-based port scan is disabled by default.
B. Host-based port scan is enabled, because SmartDefense settings are global.
C. Host-based port scan is enabled but it is not highlighted.
D. There is no SmartDefense tab in the second Policy Package.
Correct Answer: B QUESTION 92
A digital signature:
A. Uniquely encodes the receiver of the key.
B. Provides a secure key exchange mechanism over the Internet.
C. Guarantees the authenticity and integrity of a message.
D. Automatically changes the shared keys.
E. Decrypts data to its original form.
Correct Answer: C QUESTION 93
You are setting up a Virtual Private Network, and must select an encryption scheme. Your data is extremely business sensitive and you want maximum security for your data communications. Which encryption scheme would you select?
A. Tunneling mode encryption
B. In-place encryption
C. Either one will work without compromising performance
Correct Answer: A QUESTION 94
You have just started a new job as the Security Administrator for Certkiller . Your boss has asked you to ensure that peer-to-peer file sharing is not allowed past the corporate Security Gateway. Where should you configure this?
A. SmartDashboard > SmartDefense
B. SmartDashboard > WebDefense
C. By editing the file $FWDIR/conf/application_intelligence.C
D. SmartDashboard > Policy > Global Properties > Malicious Activity Detection
E. SmartDashboard > Web Intelligence

Correct Answer: A

Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises, CheckPoint 156-215 helps you master the concepts and techniques that will enable you to succeed on the CheckPoint 156-215 exam the first time.

The 100% valid Flydumps latest CheckPoint 156-215 question answers ensure you 100% pass! And now we are offering the free new version along with the VCE format CheckPoint 156-215 practice test. Free download CheckPoint 156-215 more new PDF and VCE on Flydumps.com.

QUESTION 72
When restoring R71 using the upgrade_ import command, which of the following items is NOT restored?
A. Licenses
B. Global properties
C. SIC Certificates
D. Route tables

Correct Answer: D
QUESTION 73
Which operating systems are supported by a Check Point Security Gateway on an open server?
A. Check Point SecurePlatform and Microsoft Windows
B. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows
C. Check Point SecurePlatform, IPSO, Sun Solaris, Microsoft Windows
D. Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO

Correct Answer: A
QUESTION 74
Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service?
A. fw fwd routing
B. ipsofwd on admin
C. fw load routed
D. ipsofwd slowpath
Correct Answer: B QUESTION 75

ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:
A. DHCP Server configuration
B. GUI Clients
C. Time & Date
D. Export setup

Correct Answer: B QUESTION 76
Your company is running Security Management Server R71 on SecurePlatform, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?
A. Using SmartDashboard, under Users, select Add New Administrator
B. Using the Web console on SecurePlatform under Product configuration, select Administrators
C. Using SmartDashboard or cpconf ig
D. Using cpconftg on the Security Management Server, choose Administrators

Correct Answer: A QUESTION 77
The command fw fetch causes the:
A. Security Gateway to retrieve the user database information from the tables on the Security Management Server.
B. Security Gateway to retrieve the compiled policy and inspect code from the Security Management Server and install it to the kernel.
C. Security Management Server to retrieve the debug logs of the target Security Gateway.
D. Security Management Server to retrieve the IP addresses of the target Security Gateway.

Correct Answer: B QUESTION 78
Which of the following provides confidentiality services for data and messages in a Check Point VPN?
A. Cryptographic checksums
B. Digital signatures
C. Asymmetric Encryption
D. Symmetric Encryption

Correct Answer: D QUESTION 79
You wish to configure an IKE VPN between two R71 Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer’s Gateway. Which type of address translation should you use to ensure the two networks access each other through the VPN tunnel?
A. Hide NAT
B. Static NAT
C. Manual NAT
D. None

Correct Answer: D QUESTION 80
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
B. All is fine and can be used as is.
C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
D. The 2 algorithms do not have the same key length and so don’t work together. You will get the error “…. No proposal chosen….”

Correct Answer: C
QUESTION 81
For VPN routing to succeed, what must be configured?
A. VPN routing is not configured in the Rule Base or Community objects. Only the native-routing mechanism on each Gateway can direct the traffic via its VTI configured interfaces.
B. No rules need to be created; implied rules that cover inbound and outbound traffic on the central (HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections.
C. At least two rules in the Rule Base must be created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway.
D. A single rule in the Rule Base must cover all traffic on the central (HUB) Security Gateway for the VPN domain.

Correct Answer: D
QUESTION 82
If Henry wanted to configure Perfect Forward Secrecy for his VPN tunnel, in which phase would he be configuring this?
A. Aggressive Mode
B. Diffie-Hellman
C. Phase 2
D. Phase 1

Correct Answer: C
QUESTION 83
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties > NAT.) When you run fw monitor on the R71 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
A. i=inbound kernel, before the virtual machine
B. O=outbound kernel, after the virtual machine
C. o=outbound kernel, before the virtual machine
D. l=inbound kernel, after the virtual machine
Correct Answer: D

QUESTION 84
Which command allows verification of the Security Policy name and install date on a Security Gateway?
A. fw show policy
B. fw ctl pstat -policy
C. fw stat -I
D. fwver-p

Correct Answer: C QUESTION 85
When translation occurs using automatic Hide NAT, what also happens?
A. Nothing happens.
B. The source port is modified.
C. The destination port is modified.
D. The destination is modified.

Correct Answer: B QUESTION 86
Which R71 feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. fwm dbexport/fwm dbimport
B. Policy Package management
C. upgrade_export/upgrade,,import
D. Database Revision Control

Correct Answer: B QUESTION 87
A Hide NAT rule has been created which includes a source address group often (10) networks and three
(3)
other group objects (containing 4, 5, and 6 host objects respectively). Assuming all addresses are non-repetitive, how many effective rules have you created?

A.
1

B.
25

C.
2

D.
13

Correct Answer: B QUESTION 88
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?
A. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
B. Anti-spoofing not configured on the interfaces on the Gateway object.
C. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
D. Secure Internal Communications (SIC) not configured for the object.

Correct Answer: A QUESTION 89
You have configured a remote site Gateway that supports your boss’s access from his home office using a DSL dialup connection. Everything worked fine yesterday, but today all connectivity is lost. Your initial investigation results in “nobody has touched anything”, which you can support by taking a look in SmartView Tracker Management. What is the problem and what can be done about it?
A. You cannot use NAT and a dialup connection.
B. The NAT configuration is not correct; you can only use private IP addresses in a static NAT setup.
C. A static NAT setup may not work with DSL, since the external IP may change. Hide NAT behind the Gateway is the preferred method here.
D. According to published limitations of Security Gateway R71, there’s a bug with NAT. A restart of the Gateway will help here.

Correct Answer: C QUESTION 90
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the_________.
A. source on client side
B. destination on server side
C. destination on client side
D. source on server side

Correct Answer: C QUESTION 91
A Stealth rule is used to:
A. Use the Security Gateway to hide the border router from internal attacks.
B. Cloak the type of Web server in use behind the Security Gateway.
C. Prevent communication to the Security Gateway itself.
D. Prevent tracking of hosts behind the Security Gateway.

Correct Answer: C QUESTION 92
SmartView Tracker logs the following Security Administrator activities, EXCEPT:
A. Administrator login and logout
B. Object creation, deletion, and editing
C. Tracking SLA compliance
D. Rule Base changes

Correct Answer: C QUESTION 93
Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?
A. This is not a SmartView Tracker feature.
B. Display Payload View
C. Display Capture Action
D. Network and Endpoint Tab

Correct Answer: A QUESTION 94
One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object you receive an error message. What is the problem?
A. There is no connection between the Security Management Server and the remote Gateway.Rules or routing may block the connection.
B. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.
C. The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
D. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.

Correct Answer: A

CheckPoint 156-215 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of CheckPoint 156-215. We provide our customers with the excellent 7×24 hours customer service.We have the most professional CheckPoint 156-215 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our CheckPoint 156-215 free pdf.

100% Valid And Newest–Do not worry about your Checkpoint 156-215 exam! Just try Flydumps the latest Checkpoint 156-215 exam dumps.The latest new version with all the official new added Checkpoint 156-215 questions and answers.High pass rate and money back

QUESTION 77
you have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credential. What must happen after authentication that allows the client to connect the Security Gateway’s VPN domain?
A. Active-X must be allowed on the cliect.
B. An office mode address must be obtained by the client.
C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
D. The SNX client application must be installed on the client.

Correct Answer: A
QUESTION 78
Centrak license management allows a Security Administrator to perform which of the following functions?
1) Check for expired licenses. 2) Sort licenses and view license properties 3) Attach both R71 Central and Local licenses to a remote module 4) Delete both R71 Local licenses and Central licenses from a remote module 5) Addor remove a license to or from the licenes repository 6) Attach and/or delete only R71 Central licenses to a remote module ( not local liceses)
A. 2.5&6
B. 2.3.4.&5
C. L2.5.&6
D. 1.2.3.4&5

Correct Answer: D
QUESTION 79
If you were NOT using IKE aggressive mode for your Ipsec tunnel, how many packets would you see for normal Phase 1 exchange?
A. 6
B. 2
C. 3
D. 9

Correct Answer: A
QUESTION 80
Your current checkpiont Enterprise consists of one Management Server and Four Gateway in four different locations with following versions. All devices are running secure platform. You are upgrading your enterprise to R71. Place the required tasks from the following list in the correct order for upgrading your enterprise to R71. 1)Upgrade all gateways to R71 2)Upgrade all gateways 3 and 4 to R65 3)Upgrade all gateways 2,3, and 4 to R65 4)Upgrade all gateway 4 to R65 5)Preform pre-upgrade verifier on Security management server 6)Preform pre-upgrade verifier on all Gateways 7)Perform License upgrade checker on Gateway 2 8) Perform License upgrade checker on Gateway 3 9) Perform License upgrade checker on Gateway 4 10)Perform License upgrade checker on Security Management Server 11)Perform License upgrade checker on all devices 12)Upgrade security management server to R70
A. 11, 5,12, 3, 1
B. 9, 4, 5, 12, 1
C. 5, 6, 12, 1
D. 11, 5, 12, 2, 1

Correct Answer: C
QUESTION 81
What are you required to do before running upgrade___ export?
A. Run cpconfig and set yourself up as a GUI client.
B. Run a cpstop on the Security Management Server
C. Run a cpstop on the Security Gateway.
D. Close all GUI clients

Correct Answer: BCD
QUESTION 82
How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Rule as the first explicit rule?
A. You can access the Revocation list by means of a browser usiing Url: <http: //IP-FW: 18264/ICA.crl> provideed the implied rules are activated default
B. The CRL is encrypted, so it is useless to attempt to access it.
C. You cannot access the CRL, since the Stealth Rule will drop the packets
D. You can only access the CRI via the Security Management Server as the internal CA is located on that server

Correct Answer: A
QUESTION 83
You need to determine if your company’s Web servers are accessed an excessive number of times from the same host. How would you configure this in the IPS tab?
A. Successive multiple connections
B. Successive alerts
C. Suddessive DoS attacks
D. HTTP protocol inspection
Correct Answer: A
QUESTION 84
What’s the difference between the SmartView Tracker Tool section in R71 and NGX R56?
A. Tools section in R71 is exactly the same as the tools section in R65
B. Using R71. You can choose a program to view captured packets.
C. Enable Warning Dialogs option is not available in R71
D. R71 adds a new option to send ICMP packets to the source/destination address of the log event

Correct Answer: B
QUESTION 85
A rule______is designed to log and drop all other communication that does not match another rule?
A. Stealh
B. Cleanup
C. Reject
D. Anti-Spoofing

Correct Answer: B
QUESTION 86
Which of these security policy changes optimize Security Gateway performance?
A. Use Automatic NAT rules instead of Manual NAT rules whenever possible
B. Putting the least-used rule at the top of the Rule Base
C. Using grouos within groups in the manual NAT Rule Base
D. Using domain object in rules when possible

Correct Answer: D
QUESTION 87
A third shift Security Administrator configured and installed a new Security Policy early this moring when you srrive he tells you that he has been Receiving complaints that Internet very slow. You suspect the security Gateway virtual memory might be the problem. Which smart console component would you use to verify this?
A. SmartView Tracker
B. SmartView Monitor
C. This information can only be viewed with fw ctl psat command from the CLI
D. Eventia Analyzer

Correct Answer: B
QUESTION 88
You installed security management server in a computer using SecurePlatform in the Mega corp home office. You use IP saddress 10.1.1.1. You also installed the security Gateway on a second secure platform computer, which you plan to ship to an other administrator at a mega corp Hub office. What is in the correct order for pushing SIC certificates to the Gateway before shipping it 1) Run cpconfig on the gateway , set secure internal communication, enter the activation key and reconfirm. 2) Initialize internal certificate authority (ICA) on the security Management server. 3) Confirm the gateway object with the host name and IP address for the remote site. 4) Click the communication button in the gateway object’s general screen ,enter the activation key, and click inltialize and ok. 5) Install the security policy.
A. 2, 3, 4, 5, 1
B. 1, 3, 2, 4, 5
C. 2, 3, 4, 1, 5
D. 2, 1, 3, 4, 5

Correct Answer: B
QUESTION 89
In smart dash Board, Translation destination on client side is checked in global properties. When network Address translation is used: A. It is necessary to add a static route to the gateway routing tables
B. The security gateway’s ARP file must be modified
C. It is necessary to add a static route to the gateway’s routing table
D. VLAN tagging cannot be defined for any hosts protected by the gateway

Correct Answer: B
QUESTION 90
If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:
A. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange
B. three-packet IKE Phase 2 exchange Is replaced by a two-packet exchange
C. six-packet IKE Phase 1 exchange Is replaced by a three-packet exchange
D. three-packet IKE Phase 1 exchange Is replaced by a six-packet exchange

Correct Answer: C
QUESTION 91
When check point translation method allows an administrator to use fewer ISP-assigned IP addresses then the number of internal hosts requiring internet connectivity?
A. Static Destination
B. Hide
C. Dynamic Destination
D. Static Source

Correct Answer: B
QUESTION 92
You are reviving the security administrator activity for a bank and comparing to the change log. How do you view Security Administrator activity?
A. SmartView Travker cannot display Security Administrantor activity: Instead, view the system logs on the Security Management Server’s Operating System
B. SmartView Tracker in Management Mode
C. SmartView Tracker in Active Mode
D. SmartView Tracker in Network Endpoint Mode
Correct Answer: D
QUESTION 93
What is the desired outcome when running the command op info 璦璷 cpinfo 璷ut?
A. Send output to a file called cpinfo. out in compressed format
B. Send output to a file called cpinfo. out in usable format for the CP Info View utility IOC.
C. Send output to a file called cpinfo. out without address resoloution.
D. Send output to a file called cpinfo. out and provide a screen print at the same time

Correct Answer: A
QUESTION 94
On of your licenses is set for IP address no longer in use. What happens to this license during the licenser-upgrade process?
A. It is upgraded with new available features but the IP remains the same
B. It remains untouched.
C. It is upgraded with the previous features using the new IP address D. It is dropped

Correct Answer: A QUESTION 95
Which smear view tracker selection would most effectively show who installed a security policy blocking all traffic from the corporate network?
A. Custom Filter
B. Network and Endpoint tab
C. Managemt Tab
D. Active tab

Correct Answer: C QUESTION 96
From the output below, where is the figerprint generated?

A. Security management server
B. SmartUpdate
C. SmartDashboard
D. SmartConsole

Correct Answer: A
QUESTION 97
What will happen when Reset is pressed and confirmed?

A. The gateway certificate will be revoked on the security management server only
B. SIC will be rest on the Gateway only
C. Tne Gateway certificate will be revoked on the security management server and SIC will be rest on the Gateway
D. The gateway certificate on the gateway only

Correct Answer: B
QUESTION 98
You intend to upgrade a Check Point Gateway from R65 to R71. Prior to upgrading, you want to backup the gateway should there be any problems with the upgrade of the following allows for the gateway configuration to be completely backup into a manageable size in the least amount oftime?
A. Backup
B. Snapshot
C. Upgrade_export
D. Database_revision

Correct Answer: B
QUESTION 99
Security Gateway R71 supports User Authentication for which of the following services? Select the response below that contains the most complete list of supported services.
A. FTP, HTTP, TELNET
B. FTP, TELNET
C. SMTP, FTP, HTTP, TELNET
D. SMTP, FTP, TELNET
Correct Answer: A
QUESTION 100
What information is found in the SmartView Tracker management log?
A. Rule Author
B. TCP hand shake average duration
C. TCp source port
D. Top used QOS rule

Correct Answer: A
QUESTION 101
Which service is it BOT possible to configure user authentication?
A. HTTPS
B. FTP
C. SSH
D. Telnet

Correct Answer: C
QUESTION 102
There are three options available for configuring a firewall policy on the Secure Client Mobile device. Which of the following is NOT an option?
A. Configured on endepoint client
B. No
C. Configured on Server
D. yes

Correct Answer: B
QUESTION 103
Which statement defines Public Key Infrastructure? Security is provide:
A. By authentication
B. By Certificate Authorities, digital certificates, and two-way symmetric-key encryption
C. By Certificate Authorities, digital certificates, and public key encryption.
D. Via both private and public keys, without the use of digital Certificats.

Correct Answer: D
QUESTION 104
You plan to migrate a Windows NG with Application Intelligence (Ai) R55 SmartCener server to R71. You also plan to upgrade four VPN-1 pro Gateways at remote offices and one local VPN-1 pro gateway at your company’s head quarter to R71. The management server configuration must be migrated. What is the correct procedure to migrate the configuration?
A. 1. Upgrade the remoter gateway via smart Update.
2. Upgrade the security management server, using the R71 CD
B. 1.From the R71 CD-ROM on the security management server, select Upgrade
2.
Reboot after installation and upgrade all licenses via Smart Update

3.
Reinstall all gateways using R70 and install a policy
C. 1.copy the $PWDIR\ conf directory from the security management server
2.
Save directory contents to another file server

3.
Uninstall the security management server, and install anstall anew security management server

4.
Move the saved directory contents to $ PWDIR\conf replacing the default installation files

5.
Reinstall all gateways using R71 and install a security policy
D. 1. From the R71 CD – ROM in the security management server, select export
2.
Install R70 on a new PC using the option installation using imported configuration

3.
Reboot after installation and update all licenses via smart Update

4.
Upgrade software on all five remote Gateway via Smart Upsate
Correct Answer: D
QUESTION 105
The security gateway is installed on Secure Platform R71. The default port for the web user is ______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443

Correct Answer: D
QUESTION 106
How are cached usernames and passwords cleared from the memory of a R71 Security Gateway?
A. By retrieving LDAP user information using the command fw fetchldap
B. By using the Clear User Cache button in Smart Dashboard
C. Usernames and password only clear from memory after they time out
D. By installing a Security Policy

Correct Answer: D
QUESTION 107
The TotallyCoolSecurity Company has a large security staff. Bob configured a new IPS Chicago_Profile for fw-chicago using Detect mode. After reviewing logs, Matt noticed that fw-chicago is not detecting any of the IPS protections that Bob had previously setup. Analyze the output below and determine how can correct the problem.

A. Matt should re-create the Chicago_Profile and select Activate protections manually Instead of per the IPS Policy
B. Matt should activate the Chicago_Profile as it is currently not activated
C. Matt should assign the fw-chicago Security Gateway to the Chicago_Profile
D. Matt should change the Chicago_Profile to use Protect mode because Detect mode will not work.

Correct Answer: C
QUESTION 108
SmartView Teacker R71 consists of three different nodes. They are
A. Log, Active, and Audit
B. Log, Active, and Management
C. Log, Track, and Management
D. Network & Endpoint, Active, and Management

Correct Answer: D QUESTION 109
In previous version, the full TCP three-way handshake was sent to the firewall kernel for inspection. How is this improved in current Flows/Secure XL?
A. Only the initial SYN packet is inspected The rest are handled by IPSO
B. Packets are offloaded to a third-party hardware card for near-line inspection
C. Packets are virtualized to a RAM drive-based FW VM
D. Resources are proactively assigned using predictive algorithmic techniques

Correct Answer: A QUESTION 110
Security Servers can perform authentication tasks, but CANNOT perform content security tasks?
A. RHV HTTPS
B. FTP
C. RLOGIN
D. HTTP

Correct Answer: C QUESTION 111
Which of the following actions do not place in IKE phase 1?
A. Each side generates a session key from its private key and peer’s public key
B. Peers agree on integrity method
C. Diffie-Hellman key is conbined with the key material to produce the symmetrical IPSec key.
D. Peers agree on encryption method

Correct Answer: D QUESTION 112

Free practice questions for Checkpoint 156-215 exam.These questions are aimed at giving you an idea of the type of questions you can expect on the actual exam.You will get an idea of the level of knowledge each topic goes into but because these are simple web pages you will not see the interactive and performance based questions – those are available in the Checkpoint 156-215.

100% valid Checkpoint 156-315 Flydumps with more new added questions.By training the Checkpoint 156-315 questions, you will save a lot time in preparing the exam.Visit www.Flydumps.com to get the 100% pass Checkpoint 156-315 ensure!

QUESTION 88
When an Endpoint user is able to authenticate but receives a message from the client that it is unable to enforce the desktop policy, what is the most likely scenario?
A. The user’s rights prevent access to the protected network.
B. A Desktop Policy is not configured.
C. The gateway could not locate the user in SmartDirectory and is allowing the connection with limitations based on a generic profile.
D. The user is attempting to connect with the wrong Endpoint client.

Correct Answer: D QUESTION 89
When using a template to define a SmartDirectory, where should the user’s password be defined? In the:
A. Template object
B. VPN Community object
C. User object
D. LDAP object

Correct Answer: C QUESTION 90
When configuring an LDAP Group object, which option should you select if you do NOT want the gateway to reference the groups defined on the LDAP server for authentication purposes?
A. OU Accept and select appropriate domain
B. Only Sub Tree
C. Only Group in Branch
D. Group Agnostic

Correct Answer: B QUESTION 91
When configuring an LDAP Group object, which option should you select if you want the gateway to reference the groups defined on the LDAP server for authentication purposes?
A. Only Group in Branch
B. Only Sub Tree
C. OU Auth and select Group Name
D. All Account-Unit’s Users

Correct Answer: A QUESTION 92
The process that performs the authentication for SmartDashboard is:
A. fwm
B. vpnd
C. cvpnd

D. cpd Correct Answer: A QUESTION 93
The process that performs the authentication for Remote Access is:
A. cpd
B. vpnd
C. fwm
D. cvpnd

Correct Answer: B QUESTION 94
The process that performs the authentication for SSL VPN Users is:
A. cvpnd
B. cpd
C. fwm
D. vpnd

Correct Answer: A QUESTION 95
The process that performs the authentication for legacy session authentication is:
A. cvpnd
B. fwm
C. vpnd
D. fwssd

Correct Answer: D QUESTION 96
While authorization for users managed by SmartDirectory is performed by the gateway, the authentication is mostly performed by the infrastructure in which of the following?
A. ldapd
B. cpauth
C. cpShared
D. ldapauth

Correct Answer: B QUESTION 97
When troubleshooting user authentication, you may see the following entries in a debug of the user authentication process.
In which order are these messages likely to appear?
A. make_au, au_auth, au_fetchuser, au_auth_auth, cpLdapCheck, cpLdapGetUser
B. cpLdapGetUser, au_fetchuser, cpLdapCheck, make_au, au_auth, au_auth_auth
C. make_au, au_auth, au_fetchuser, cpLdapGetUser, cpLdapCheck, au_auth_auth
D. au_fetchuser, make_au, au_auth, cpLdapGetUser, au_auth_auth, cpLdapCheck

Correct Answer: C QUESTION 98
Which of the following is NOT a ClusterXL mode?
A. Multicast
B. Legacy
C. Broadcast
D. New

Correct Answer: C
QUESTION 99
In an R75 Cluster, some features such as VPN only function properly when:
A. All cluster members have the same policy
B. All cluster members have the same Hot Fix Accumulator pack installed
C. All cluster members’ clocks are synchronized
D. All cluster members have the same number of interfaces configured

Correct Answer: C
QUESTION 100
In ClusterXL R75; when configuring a cluster synchronization network on a VLAN interface what is the supported configuration?
A. It is supported on VLAN tag 4095
B. It is supported on VLAN tag 4096
C. It is supported on the lowest VLAN tag of the VLAN interface
D. It is not supported on a VLAN tag

Correct Answer: C
QUESTION 101
Which process is responsible for delta synchronization in ClusterXL?
A. fw kernel on the security gateway
B. fwd process on the security gateway
C. cpd process on the security gateway
D. Clustering process on the security gateway
Correct Answer: A
QUESTION 102
Which process is responsible for full synchronization in ClusterXL?
A. fwd on the Security Gateway
B. fw kernel on the Security Gateway
C. Clustering on the Security Gateway
D. cpd on the Security Gateway
Correct Answer: A
QUESTION 103
Which process is responsible for kernel table information sharing across all cluster members?
A. fwd daemon using an encrypted TCP connection
B. CPHA using an encrypted TCP connection
C. fw kernel using an encrypted TCP connection
D. cpd using an encrypted TCP connection
Correct Answer: A QUESTION 104
By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:
A. The user data base is installed.
B. The standby Security Management Server starts for the first time.
C. The Security Policy is installed.
D. The Security Policy is saved.

Correct Answer: C QUESTION 105
The ________ Check Point ClusterXL mode must synchronize the physical interface IP and MAC addresses on all clustered interfaces.
A. New Mode HA
B. Pivot Mode Load Sharing
C. Multicast Mode Load Sharing
D. Legacy Mode HA

Correct Answer: D QUESTION 106
__________ is a proprietary Check Point protocol.
It is the basis for Check Point ClusterXL inter- module communication.

A. HA OPCODE
B. RDP
C. CKPP
D. CCP

Correct Answer: D QUESTION 107
After you add new interfaces to a cluster, how can you check if the new interfaces and the associated virtual IP address are recognized by ClusterXL?

A. By running the command cphaprob state on both members
B. By running the command cpconfig on both members
C. By running the command cphaprob -I list on both members
D. By running the command cphaprob -a if on both members

Correct Answer: D
QUESTION 108
Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?
A. Multi-connection support for VPN-1 cluster members
B. Support for all VPN deployments (except those with third-party VPN peers)
C. Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections
D. Support for Performance Pack acceleration

Correct Answer: C
QUESTION 109
A connection is said to be Sticky when:
A. The connection information sticks in the connection table even after the connection has ended.
B. A copy of each packet in the connection sticks in the connection table until a corresponding reply packet is received from the other side.
C. A connection is not terminated by either side by FIN or RST packet.
D. All the connection packets are handled, in either direction, by a single cluster member.
Correct Answer: D
QUESTION 110
How does a cluster member take over the VIP after a failover event?
A. Broadcast storm
B. iflist -renew
C. Ping the sync interface
D. Gratuitous ARP

Correct Answer: D

Checkpoint 156-315 Exam Certification Guide is part of a recommended study program from Checkpoint 156-315 that includes simulation and hands-on training from authorized Checkpoint 156-315 Learning Partners and self-study products from Checkpoint 156-315.Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Checkpoint 156-315 Learning Partners worldwide

Flydumps just published the newest Checkpoint 156-315 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Checkpoint 156-315 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Checkpoint 156-315 version VCE Player along with your VCE dumps.

QUESTION 116
While authorization for users managed by SmartDirectory is performed by the gateway, the authentication is mostly performed by the infrastructure in which of the following?
A. ldapd
B. cpauth
C. cpShared
D. ldapauth

Correct Answer: B QUESTION 117
When troubleshooting user authentication, you may see the following entries in a debug of the user authentication process. In which order are these messages likely to appear?
A. make_au, au_auth, au_fetchuser, au_auth_auth, cpLdapCheck, cpLdapGetUser
B. cpLdapGetUser, au_fetchuser, cpLdapCheck, make_au, au_auth, au_auth_auth
C. make_au, au_auth, au_fetchuser, cpLdapGetUser, cpLdapCheck, au_auth_auth
D. au_fetchuser, make_au, au_auth, cpLdapGetUser, au_auth_auth, cpLdapCheck

Correct Answer: C QUESTION 118
Which of the following is NOT a ClusterXL mode?
A. Multicast
B. Legacy
C. Broadcast
D. New

Correct Answer: C QUESTION 119
In an R75 Cluster, some features such as VPN only function properly when:
A. All cluster members have the same policy
B. All cluster members have the same Hot Fix Accumulator pack installed
C. All cluster members’ clocks are synchronized
D. All cluster members have the same number of interfaces configured

Correct Answer: C QUESTION 120
In ClusterXL R75; when configuring a cluster synchronization network on a VLAN interface what is the supported configuration?
A. It is supported on VLAN tag 4095
B. It is supported on VLAN tag 4096
C. It is supported on the lowest VLAN tag of the VLAN interface
D. It is not supported on a VLAN tag

Correct Answer: C QUESTION 121
Which process is responsible for delta synchronization in ClusterXL?
A. fw kernel on the security gateway
B. fwd process on the security gateway
C. cpd process on the security gateway
D. Clustering process on the security gateway

Correct Answer: A QUESTION 122
Which process is responsible for full synchronization in ClusterXL?
A. fwd on the Security Gateway
B. fw kernel on the Security Gateway
C. Clustering on the Security Gateway
D. cpd on the Security Gateway

Correct Answer: A QUESTION 123
Which process is responsible for kernel table information sharing across all cluster members?
A. fwd daemon using an encrypted TCP connection
B. CPHA using an encrypted TCP connection
C. fw kernel using an encrypted TCP connection
D. cpd using an encrypted TCP connection

Correct Answer: A QUESTION 124
By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:
A. The user data base is installed.
B. The standby Security Management Server starts for the first time.
C. The Security Policy is installed.
D. The Security Policy is saved. Correct Answer: C
QUESTION 125
The ________ Check Point ClusterXL mode must synchronize the physical interface IP and MAC addresses on all clustered interfaces.
A. New Mode HA
B. Pivot Mode Load Sharing
C. Multicast Mode Load Sharing
D. Legacy Mode HA

Correct Answer: D QUESTION 126
__________ is a proprietary Check Point protocol. It is the basis for Check Point ClusterXL inter- module communication.
A. HA OPCODE
B. RDP
C. CKPP
D. CCP

Correct Answer: D QUESTION 127
After you add new interfaces to a cluster, how can you check if the new interfaces and the associated virtual IP address are recognized by ClusterXL?

A. By running the command cphaprob state on both members
B. By running the command cpconfig on both members
C. By running the command cphaprob -I list on both members
D. By running the command cphaprob -a if on both members

Correct Answer: D
QUESTION 128
Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?
“Pass Any Exam. Any Time.” – www.actualtests.com 47 Checkpoint 156-315.75 Exam
A. Multi-connection support for VPN-1 cluster members
B. Support for all VPN deployments (except those with third-party VPN peers)
C. Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections
D. Support for Performance Pack acceleration

Correct Answer: C
QUESTION 129
Included in the customer’s network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He is not sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.
A. Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products.
B. ClusterXL always supports the Sticky Decision Function in the Load Sharing mode.
C. The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to enable the Sticky Decision Function in the SmartDashboard cluster object in the ClusterXL page, Advanced Load Sharing Configuration window.
D. The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to configure it with the clusterXL_SDF_enable command.

Correct Answer: A
QUESTION 130
A connection is said to be Sticky when:
A. The connection information sticks in the connection table even after the connection has ended.
B. A copy of each packet in the connection sticks in the connection table until a corresponding reply packet is received from the other side.
C. A connection is not terminated by either side by FIN or RST packet.
D. All the connection packets are handled, in either direction, by a single cluster member.
Correct Answer: D
QUESTION 131
How does a cluster member take over the VIP after a failover event?
A. Broadcast storm
B. iflist -renew
C. Ping the sync interface
D. Gratuitous ARP
Correct Answer: D
QUESTION 132
Check Point Clustering protocol, works on:
A. UDP 500
B. UDP 8116
C. TCP 8116
D. TCP 19864
Correct Answer: B QUESTION 133
A customer is calling saying one member’s status is Down. What will you check?
A. cphaprob list (verify what critical device is down)
B. fw ctl pstat (check sync)
C. fw ctl debug -m cluster + forward (forwarding layer debug)
D. tcpdump/snoop (CCP traffic)

Correct Answer: A QUESTION 134
A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence. I will recommend:
A. turning on SDF (Sticky Decision Function)
B. turning off SDF (Sticky Decision Function)
C. changing the load on each member
D. configuring flush and ack

Correct Answer: A QUESTION 135
Which of the following commands can be used to troubleshoot ClusterXL sync issues?
A. fw debug cxl connections > file_name
B. fw tab -s -t connections > file_name
C. fw tab -u connections > file_name
D. fw ctl -s -t connections > file_name

Correct Answer: B QUESTION 136
Which of the following commands shows full synchronization status?
A. fw hastat
B. cphaprob -i list
C. cphaprob -a if
D. fw ctl iflist

Correct Answer: B

CCNA Checkpoint 156-315 Certification Exam contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Checkpoint 156-315.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question Checkpoint 156-315 to the text and laying out a complete study plan for review.CCNA Checkpoint 156-315 also includes a wealth of hands-on practice exercises and a copy of the Checkpoint 156-315 network simulation software that allows you to practice your CCNA Checkpoint 156-315 hands-on skills in a virtual lab environment.The Checkpoint 156-315 supporting website keeps you fully informed of any exam changes.

Flydumps ensures Checkpoint 156-315 study guide are the newest and valid enough to help you pass the test.Please visit Flydumps.com and get valid Checkpoint 156-315 PDF and VCE exam dumps with free new version.100% valid and success.

QUESTION 87
Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?
A. FTP
B. SMTP
C. Telnet
D. HTTP
E. rlogin
Correct Answer: B
QUESTION 88
Which OPSEC server is used to prevent users from accessing certain Web sites?
A. LEA
B. URI
C. UFP
D. AMON
E. CVP

Correct Answer: C
QUESTION 89
You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade?
A. Only VPN-1 Pro Security Gateway
B. Both the operating system (OS) and all Check Point products
C. All products, except the Policy Server
D. Only the patch utility is upgraded using this command
E. Only the OS

Correct Answer: B
QUESTION 90
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four
machines with the following configurations:

Cluster Member 1: OS: SecurePlatform, NICs: QuadCard, memory: 256 MB, Security Gateway version:
VPN-1 NGX
Cluster Member 2: OS: SecurePlatform, NICs: four Intel 3Com, memory: 512 MB, Security Gateway
version: VPN-1 NGX Cluster Member 3: OS: SecurePlatform, NICs: four other manufacturers, memory:
128 MB, Security Gateway version: VPN-1 NGX SmartCenter Pro Server: MS Windows Server 2003, NIC:
Intel NIC (one), Security Gateway and primary SmartCenter Server installed version: VPN-1 NGX

Are these machines correctly configured for a ClusterXL deployment?

A. No, the SmartCenter Pro Server is not using the same operating system as the cluster members.
B. Yes, these machines are configured correctly for a ClusterXL deployment.
C. No, Cluster Member 3 does not have the required memory.
D. No, the SmartCenter Pro Server has only one NIC.

Correct Answer: B
QUESTION 91
You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional connections are allowed in the Action properties. If traffic passing through the QoS Module matches both rules, which of the following statements is true?
A. Neither rule will be allocated more than 10% of available bandwidth.
B. The H.323 rule will consume no more than 2048 Kbps of available bandwidth.
C. 50% of available bandwidth will be allocated to the H.323 rule.
D. 50% of available bandwidth will be allocated to the Default Rule.
E. Each H.323 connection will receive at least 512 Kbps of bandwidth.

Correct Answer: B
QUESTION 92
Wayne configures an HTTP Security Server to work with the content vectoring protocol to screen forbidden sites. He has created a URI resource object using CVP with the following settings:
Use CVP Allow CVP server to modify content Return data after content is approved
He adds two rules to his Rule Base: one to inspect HTTP traffic going to known forbidden sites, the other to allow all other HTTP traffic.
Wayne sees HTTP traffic going to those problematic sites is not prohibited.
What could cause this behavior?
A. The Security Server Rule is after the general HTTP Accept Rule.
B. The Security Server is not communicating with the CVP server.
C. The Security Server is not configured correctly.
D. The Security Server is communicating with the CVP server, but no restriction is defined in the CVP server.

Correct Answer: A
QUESTION 93
You have an internal FTP server, and you allow uploading, but not downloading. Assume Network Address Translation (NAT) is set up correctly and you want to add an inbound rule with: Source: Any Destination: FTP server Service: an FTP resource object.
How do you configure the FTP resource object and the action column in the rule to achieve this goal?
A. Disable “Get” and “Put” methods in the FTP Resource Properties and use them in the rule, with action accept.
B. Enable both “Put” and “Get” methods in the FTP Resource Properties and use them in the rule, with action drop.
C. Enable only the “Get” method in the FTP Resource Properties and use this method in the rule, with action accept.
D. Enable only the “Put” method in the FTP Resource Properties and use this method in the rule, with action drop.
E. Enable only “Put” method in the FTP Resource Properties and use this method in the rule, with action accept.

Correct Answer: E
QUESTION 94
Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen.
What is the problem?

A. Steve must enable directional_match(true) in the objects_5_0.C file on SmartCenter Server.
B. Steve must enable Advanced Routing on each Security Gateway.
C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Steve must enable a dynamic-routing protocol, such as OSPF, on the Gateways.
E. Steve must enable VPN Directional Match on the gateway object’s VPN tab.

Correct Answer: C
QUESTION 95
How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_A to end point Net_B, through an NGX Security Gateway?
A. Net_A/Net_B/VoIP_any/accept
B. Net_A/Net_B/sip and sip_any/accept
C. Net_A/Net_B/VoIP/accept
D. Net_A/Net_B/sip_any/accept

Correct Answer: D
QUESTION 96
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule
Correct Answer: A
QUESTION 97
How can you completely tear down a specific VPN tunnel in an intranet IKE VPN deployment?
A. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.
B. Run the command vpn tu on the SmartCenter Server, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.
C. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for a given peer (GW)”.
D. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for a given user (Client)”.
E. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for ALL peers and users”.

Correct Answer: C
QUESTION 98
Which operating system is NOT supported by VPN-1 SecureClient?
A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 8.0
E. MacOS X

Correct Answer: A
QUESTION 99
VPN-1 NGX supports VoIP traffic in all of the following environments, except which environment?
A. H.509-b
B. SIP
C. MGCP
D. H.323
E. SCCP

Correct Answer: A

This volume is part of the Exam Certification Guide Series from Checkpoint 156-315. Checkpoint 156-315 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Checkpoint 156-315 Certification candidates identify weaknesses,concentrate their study efforts,and enhance their confidence as Checkpoint 156-315 exam day nears.

Flydumps is the best place for preparing IT Certifications as we are providing latest and guaranteed questions for all certifications. We offer you the ultimate preparation resource of Cisco 350-018 exam question. Wondering what could be this effective? It is our training material which serves as a guide to achieving your dream as a certified professional.

Exam A QUESTION 1
Which MAC address control command enables usage monitoring for a CAM table on a switch?
A. mac-address-table synchronize
B. mac-address-table limit
C. mac-address-table secure
D. mac-address-table notification threshold
E. mac-address-table learning Correct Answer: D QUESTION 2
Refer to the exhibit.

Against which type of attack does the given configuration protect?
A. pharming
B. a botnet attack
C. phishing
D. DNS hijacking
E. DNS cache poisoning

Correct Answer: B
QUESTION 3
Which statement about the DH group is true?
A. It provides data confidentiality.
B. It does not provide data authentication.
C. It is negotiated in IPsec phase 2.
D. It establishes a shared key over a secured medium.

Correct Answer: B
QUESTION 4
Which two statements about NEAT are true? (Choose two.)
A. NEAT supports standard ACLs on the switch port.
B. NEAT is not supported on an EtherChannel port.
C. NEAT should be deployed only with autoconfiguration.
D. NEAT uses CISP (Client Information Signaling Protocol) to propagate client IP address.
E. NEAT is supported on an EtherChannel port.

Correct Answer: BC
QUESTION 5
Refer to the exhibit.

Which two statements correctly describe the debug output?
A. The remote VPN address is 180.10.10.1
B. The message is observed on the NHS
C. The message is observed on the NHC.
D. The remote routable address 91.91.91.1.
E. The local non-routable address is 20.10.10.3.
F. The NHRP hold time is 3 hours.

Correct Answer: AC
QUESTION 6
What two statements about the PCoIP protocol are true? (Choose two.)
A. It uses a variety of codecs to support different operating systems.
B. It supports both lossy and lossless compression.
C. It is a TCP-based protocol
D. It is available in both software and hardware.
E. It is a client-rendered, multi-codec protocol.

Correct Answer: BD
QUESTION 7
Which two values you must configure on the Cisco ASA firewall to support FQDN ACL? (Choose two.)
A. a DNS server
B. an FQDN object
C. a policy map
D. a class map
E. a service object
F. a service policy
Correct Answer: AB
QUESTION 8
Refer to the exhibit.

Which two statements about this debug output are true? (Choose two.)
A. The request is from NHC to NHS.
B. The request is from NHS to NNC.
C. 192.168.10.2 is the remote NBMA address.
D. 192.168.10.1 is the local VPN address.
E. 69.1.1.2 is the local non-routable address.
F. This debug output represents a failed NHRP request.

Correct Answer: AD
QUESTION 9
Which three parameters does the HTTP inspection engine use to inspect the traffic on Cisco IOS firewall? (Choose three.)
A. source address
B. application
C. transfer encoding type
D. minimum header length
E. request method
F. destination address

Correct Answer: BCE
QUESTION 10
Refer to the exhibit.

Which configuration prevents R2 from becoming a PIM neighbor with R1?
A. access-list 10 permit 192.168.1.2 0.0.0.0 ! Interface gi0/0 ip pim neighbor-filter 10
B. access-list 10 deny 192.168.1.2 0.0.0.0 ! Interface gi0/0 ip pim neighbor-filter 1
C. access-list 10 deny 192.168.1.2 0.0.0.0 ! Interface gi0/0 ip pim neighbor-filter 10
D. access-list 10 deny 192.168.1.2 0.0.0.0 ! Interface gi0/0 ip igmp access-group 10

Correct Answer: C
QUESTION 11
What is an RFC 2827 recommendation for protecting your network against DoS attacks with IP address spoofing?
A. Advertise only assigned global IP addresses to the internet
B. Use ingress traffic filtering to limit traffic from a downstream network to known advertised prefixes.
C. Use the TLS protocol to secure the network against eavesdropping
D. Brower-based applications should be filtered on the source to protect your network from know advertised prefix

Correct Answer: B
QUESTION 12
Which statement about the Cisco ASA operation running versions 8.3 is true?
A. The interface and global access lists both can be applied in the input or output direction.
B. NAT control is enabled by default.
C. The interface access list is matched first before the global access lists.
D. The static CLI command is used to configure static NAT translation rules.

Correct Answer: C
QUESTION 13
What are two features that can stop man-in-the-middle attacks? (Choose two.)
A. DCHP snooping
B. ARP snooping
C. dynamic MAC ACLs
D. destination MAC ACLs
E. ARP sniffing on specific ports
Correct Answer: AB
QUESTION 14
Which two statements about DNSSEC are true? (Choose two)
A. It support data confidentiality for DNS client
B. It can protect bulk data as is it transmitted between DNS servers.
C. It supports data integrity for DNS clients.
D. It supports spilt-horizon DNS to prevent attackers from enumerating the names in a zone
E. It can protect all types of data published in the DNS

Correct Answer: CE
QUESTION 15
Refer to the exhibit.

After setting the replay window size on your Cisco router, you received the given system message. What is the reason for the message?
A. The replay window size is set too low for the number of packets received.
B. The IPSec anti-replay feature is enabled, but the window size feature is disabled.
C. The IPSec anti-replay feature is disabled.
D. The replay window size is set too high for the number of packets received.

Correct Answer: A
QUESTION 16
What feature enables extended secure access from non-secure physical location?
A. 802.1x port-based authentication
B. Strom control
C. Port security
D. CBAC
E. NEAT

Correct Answer: E
QUESTION 17
What is the unit of measurement of the average rate of a token bucket?
A. kilobytes per second
B. bytes per second
C. kilobits per second
D. bits per second

Correct Answer: D
QUESTION 18
When attempting to use basic HTTP authentication to authenticate a client, which type of HTTP message should the server use?
A. HTTP 302 with an Authenticate header
B. HTTP 401 with a WWW-Authenticate header
C. HTTP 407
D. HTTP 200 with a WWW-Authenticate header

Correct Answer: B
QUESTION 19
Which two statements about DNSSEC are true? (Choose two)
A. It support data confidentiality for DNS client
B. It can protect bulk data as is it transmitted between DNS servers.
C. It supports data integrity for DNS clients.
D. It supports spilt-horizon DNS to prevent attackers from enumerating the names in a zone
E. It can protect all types of data published in the DNS
Correct Answer: CE
QUESTION 20
Which three fields are part of the AH header? (Choose three.)
A. Destination Address
B. Source Address
C. Protocol ID
D. Next Header
E. Packet ICV
F. SPI identifying SA
G. Application Port
Correct Answer: DEF

Flydumps.com Cisco 350-018 exam practice questions and answers are ideal for the aspiring candidates to grab exceptional grades in Microsoft exams. The Cisco 350-018 question answers are developed using the latest updated course content and all the answers are verified to ensure phenomenal preparation for the actual exam.

Flydumps guarantee your Cisco 642-885 exam success with our Exam Resources. Cisco 642-885 are the latest and developed by experience’s IT certification Professionals working in today’s prospering companies and data centers.All our Cisco 642-272 brain dumps including Cisco 642-885 exam questions which guarantee you can 100% success Cisco 642-885 exam in your first try exam.

QUESTION 66
With PIM-SM operations, which four pieces of information are maintained in the multicast routing table for each (*,G) or (S,G) entry? (Choose four.)
A. RPF Neighbor
B. RP Set
C. Incoming Interface
D. OIL
E. DF priority
F. PIM SM state flags

Correct Answer: ACDF Section: (none) Explanation Explanation/Reference:
Explanation:
QUESTION 67
What is one of the configuration errors within an AS that can stop a Cisco IOS-XR router from announcing certain prefixes to its EBGP peers?
A. Some prefixes were mistagged with the no-export BGP community
B. Some prefixes were set with an MED of 0
C. The outbound BGP route policy only has set actions defined without any pass actions defined
D. The inbound BGP route policy only has set actions defined without any pass actions defined

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 68
Refer to the Cisco IOS-XR configuration exhibit.

The Cisco IOS-XR router is unable to establish any PIM neighbor relationships. What is wrong with the configuration?
A. The configuration is missing: interface gi0/0/0/0 ip pim sparse-mode interface gi0/0/0/1 ip pim sparse-mode interface loopback0 ip pim sparse-mode
B. The configuration is missing: multicast-routing address-family ipv4 interface gi0/0/0/0 enable interface gi0/0/0/1 enable
C. The auto-rp scoping configurations should be set to 1 not 16
D. The RP address has not been configured using the rp-address router PIM configuration command
E. PIM defaults to dense mode operations only, so PIM sparse mode must be enabled using the pim sparse-mode router PIM configuration command

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 69
On Cisco IOS-XR, which BGP configuration group allows you to define address-family independent commands and address-family dependent commands for each address family?
A. neighbor-group
B. session-group
C. af-group
D. peer-group

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 70
DRAG DROP

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: Manually configured tunnel – 6RD , GRE Automatic Tunnel – 6 to 4 , IPV6-in-IPV4
QUESTION 71
DRAG DROP

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation

Explanation: Any Source Multicast – Uses RP’s as the root of the shared tree for a multicast group,ONly (S,G) state is build between the source and the recevier, Spport SPT Switchover Source Specific Multicast – Uses (*,G) joins as well as (S,G) Joins , Requires IGMPV3 Support, Hosts learn the multicast source address via out-of-banf mechanism
QUESTION 72
DRAG DROP A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: The amount of time for the penalty to decrease to one-half of its current value – 60 Suppress a route when its penalty exceeds this value – 2400 If a flapping route penalty decreases and falls below this value , the route is unsuppressed – 600 The maximum time a route can be suppressed – 240
QUESTION 73
On the PE5 router, which statement Is correct regarding the learned BGP prefixes?
A. The 209.165.201.0/27 prefix is received from the 10.0.1.1 IBGP peer which is a route reflector
B. The 172.16.66.0/24 prefix BGP next-hop points to the route reflector
C. All prefixes learned on PE5 has the default local prefernce value
D. The 209.165.202.128/27 prefix is originated by the 10.0.1.1 IBGP peer

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: #show ip bgp– check i tag for PE5
QUESTION 74

Which two statements regarding the BGP peerlngs are correct? (Choose two)
A. On PE5,the incoming prefixes received from the 192.168.105.51 EBGP peer is limited to a maximum of 10 prefixes
B. On PE5, the “rplin” inbound route policy is applied to the 192.168.105.51 EBGP peer
C. On PE5, the “pass” outbound route policy is applied to the 192.168.105.51 EBGP peer
D. PE5 has one EBGP peer (CE5) and two IBGP peers (P1 and PE6)
E. PE5 has received a total of 60 prefixes from its neighbors

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Explanation: #show ip bgp
QUESTION 75
Which three statements regarding the BGP operations are correct? (Choose three)
A. PE5 will set the local preferences 200 on all the prefixes sent to CE5
B. PE5 will set the local preference to 200 on all the prefixes learned from CE5
C. CE5 has received 5 prefixes from the PE5 EBGP peer D. CE5 has the BGP scan interval set to 30 seconds
E. CE5 is announcing the 192.168.55.0/24 prefix via EBGP to the PE5 EBGP peer
F. The AS-Path to reach the 209.165.202.128/27 prefix from CE5 is: 64500 64497 64498

Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
Explanation: #sh ip bgp | be Network #sh ip bgp #show ip bgp neighbors
QUESTION 76

Which three statements regarding the BGP operations are correct? (Choose three)
A. PE5 is the route reflector with P1 and PE6 as its client
B. PE5 is using the IS-IS route to reach the BGP next-hop for the 172.16.66.0/24 prefix
C. PE5 has BGP route dampening enabled
D. The BGP session between PE5 and P1 is established using the loopback interface and next- hop-self
E. The BGP session between PE5 and CE5 is established using the loopback interface

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 77
Which router Is configured as the RPforthe 234.1.1.1 multicast group and which Is the multicast source that is currently sending traffic to the 234.1.1.1 multicast group? (Choose two.)
A. CE5
B. PE5
C. PE6
D. 10.5.10.1
E. 10.5.1.1
F. 192.168.156.60

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Explanation: #show ip mroute234.1.1.1 #show ip route
QUESTION 78

Which three statements are correct regarding the various multicast groups? (Choose three.)
A. Currently there is no source sending traffic to the 224.1.1.1 multicast group
B. PE5 has a Null OILforthe (*,224.0.1.40) entry
C. PE5 has a Null OILforthe (*,224.1.1.1) entry
D. CE5 has joined the 224.0.1.40 multicast group
E. CE5 has a Null OILforthe (*,224.1.1.1) entry

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
Explanation: #show ip mroute
QUESTION 79
On the PE, which two statements are correct regarding the(192.168.156.60,224.1.1.1) entry? (Choose two,)
A. The RPF neighbor points towards the RP
B. The RPF neighbor is reachable overthe Gi0/0/0/1 interface
C. The OIL contains the GiO/0/0/0 interface
D. The IIL is Null

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: #show ip mroute
QUESTION 80

Which two statements are correct regarding the multicast operations on the router that is the RP? (Choose two.)
A. It is using IGMPv3
B. The IGMP query interval is set to 125 seconds
C. It is using the IPv4 unicast routing table to perform the RPF checks
D. Static multicast routes are configured on the RP

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
Explanation: #show ip mroute #show ip pim interface #show ip igmp group #show ip pim neighbor

Each Answers in Cisco 642-885 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.com.

Flydumps.com guarantee your Cisco 642-873 exam success with our Exam Resources.Our Cisco 642-873 Flydumps.com are the latest and developed by experience’s IT certification Professionals working in today’s prospering companies and data centers.All our Cisco 642-873 Flydumps.com  including Cisco 642-873 exam questions which guarantee you can 100% success Cisco 642-873 exam in your first try exam

QUESTION 48
What method does the Cisco MDS 9000 Series use to support trunking?
A. ISL
B. IVR
C. VoQ
D. VSANs
E. Enhanced ISL

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Drop A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 50
In which NAS operating mode are ACL filtering and bandwidth throttling only provided during posture assessment?
A. Layer 2
B. Layer 3
C. in-band
D. out-of-band
E. edge
F. central

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which two statements about Layer 3 access designs are correct? (Choose two.)
A. IP address space is difficult to manage.
B. Broadcast and fault domains are increased.
C. Convergence time is fractionally slower than STP.
D. Limits on clustering and NIC teaming are removed.
E. Fast uplink convergence is supported for failover and fallback.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 52
What is the purpose of IGMP in a multicast implementation?
A. it is not used in multicast
B. it determines the virtual address group for a multicast destination
C. it dynamically registers individual hosts in a multicast group on a specific LAN
D. it is used on WAN connections to determine the maximum bandwidth of a connection
E. it determines whether Bidirectional PIM or PIM sparse mode will be used for a multicast flow

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Which two characteristics are most typical of a SAN? (Choose two.)
A. NICs are used for network connectivity.
B. Servers request specific blocks of data.
C. Storage devices are directly connected to servers.
D. A fabric is used as the hardware for connecting servers to storage devices.
E. The TCO is higher because of the cost of director class storage switches.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which of these is least important when determining how many users a NAS can support?
A. bandwidth
B. number of plug-ins per scan
C. total number of network devices
D. number of checks in each posture assessment

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which of these is true of IP addressing with regard to VPN termination?
A. addressing designs need to allow for summarization
B. termination devices need routable addresses inside the VPN
C. IGP routing protocols will update their routing tables over an IPsec VPN
D. designs should not include overlapping address spaces between sites, since NAT is not supported

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 56
When is a first-hop redundancy protocol needed in the distribution layer?
A. when HSRP is not supported by the design
B. when multiple vendor devices need to be supported
C. when preempt tuning of the default gateway is needed
D. when a robust method of backing up the default gateway is needed
E. when the design implements Layer 2 between the access switch and the distribution switch
F. when the design implements Layer 3 between the access switch and the distribution switch

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Refer to the exhibit. Which two characteristics are true of a firewall running in routed mode? (Choose two.)

A. FWSM routes traffic between the VLANs.
B. FWSM switches traffic between the VLANs.
C. Routed mode is often called bump-in-the-wire mode.
D. Routed mode firewall deployments are used most often in current designs.
E. Traffic switched between VLANs is subject to state tracking and other firewall configurable options.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which of these practices should you follow when designing a Layer 3 routing protocol?
A. Never peer on transit links.
B. Build squares for deterministic convergence.
C. Build inverted U designs for deterministic convergence.
D. Summarize routes at the distribution to the core to limit EIGRP queries or OSPF LSA propagation.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 59
What is the recommended radius of a cell for a voice-ready wireless network?
A. 6 dBm
B. 7 dBm
C. 19 dBm
D. 5 dBm

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which three implementation modes may be used to deploy SLB? (Choose three.)
A. Router mode
B. One-arm mode
C. Three-arm mode
D. Bridge mode inline
E. Bridge mode passive
F. Combo Bridge router mode

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 61
In a base e-Commerce module design, which routing statement is correct?
A. Routing is mostly static.
B. Hardcoded IP addresses are used to support failover.
C. Inbound servers use the CSM or ACE as the default gateway.
D. VLANs between the access layer switches are used for FHRP protocols.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Refer to the exhibit. Which two statements about the topologies shown are correct? (Choose two.)

A. Design 1 is a looped triangle design.
B. Design 2 is a looped triangle design.
C. Design 2 achieves quick convergence using RSTP.
D. Both designs support stateful services at the aggregation layer.
E. Design 2 is the most widely deployed in enterprise data centers.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 63
What is the term for a logical SAN which provides isolation among devices physically connected to the same fabric?
A. ISL
B. IVR
C. VoQ
D. VSANs
E. Enhanced ISL

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 64
Which technology allows centralized storage services to be shared across different VSANs?
A. IVR
B. FSPF
C. FICON
D. SANTap

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which two statements are correct regarding Flex Links? (Choose two.)
A. An interface can belong to multiple Flex Links.
B. Flex Links operate only over single pairs of links.
C. Flex Link pairs must be of the same interface type.
D. Flex Links automatically disable STP so no BPDUs are propagated.
E. Failover from active to standby on Flex Links takes less than a second.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:

Flydumps.com practice test training resources are versatile and highly compatible with Microsoft exam formats. We provide up to date resources and comprehensive coverage on Cisco 642-873 exam dumps help you to advance your skills.

100% Valid And Pass With latest Cisco 642-541 exam dumps, you will never fail your Cisco 642-541 exam. All the questions and answers are updated and added to the new version timely by our experts.Also now Cisco 642-541 is offering free Cisco 642-541 exam VCE player and PDF files for free on their website.

QUESTION 51
What will cause wireless voice devices to perform poorly?

A. average signal strength that is greater than -67 dBi
B. cell overlap of 15 to 20 percent
C. uneven wireless coverage
D. absence of coverage holes

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 52 After the site installation is complete, you should verify the mobility of the VoWLAN device while walking the site on an active phone call. Which Cisco WLC or Cisco WCS command is most beneficial in determining roaming efficiency?

A. show {802.11a | 802.11b} |2roam statistics <AP mac>
B. show client roam-history <client-mac>
C. show client tsm 802.11a/b/g <client-mac> <AP mac>
D. show client detail <client-mac>
E. show client ap-roam-history <client-mac>

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 53 According to the following statement, can you tell me which term is described? It is the air return for an air conditioned system. In most buildings, the area above a drop ceiling or under a raised floor is used as the air return (source of air) for the air conditioning. Those drop ceiling and raised floors are also where wire is often installed. If wire and cable is installed in a drop ceiling or raised floor, it is out of sight. If that cable were burning, it would give off toxic fumes. These would be fed to the rest of the building by the air conditioner. As a result, people could be injured even though they are a long way from the fire.
A. DAS area
B. plenum area
C. extended area
D. RF special area

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 54
What are two objectives of a pre-site survey walkthrough? (Choose two)

A. Identify potential problem areas
B. Define intended coverage areas
C. Access compliance with local building codes
D. Determine the final location of APs and antennas
E. Identify sources of RF signal attenuation and RF interference

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 55 In an outdoor bridge link, what is calculated by using this formula: transmitter power + antenna gain – insertion OR cable loss?
A. Fresnel zone
B. SNR
C. SLR
D. PoE
E. EIRP

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 56 Which antenna generally has the narrowest first Fresnel zone in both the horizontal and vertical planes?
A. omnidirectional
B. patch
C. Yagi
D. sector
E. parabolic dish

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:

QUESTION 57
How is attenuation measured?

A. Fresnel units
B. decibels
C. EIRP
D. milliamperes
E. ohms

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 58
Which statement about active and passive surveys is incorrect?

A. Active mode does not require the client to be specifically confgured
B. Passive mode can survey more than one access point at a time
C. Active mode yields signal-quality information such as packet retries and lost packets
D. Active mode requires more time to survey but yields more information results than passive mode does

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 59 Which three device types are identified by Cisco Spectrum Expert Wi-Fi finding an Avg Pulse Duration parameter?
A. Bluetooth
B. frequency hopping
C. microwave oven
D. 802.11b client card
E. 802.11b access point

Correct Answer: ABC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 60
Which two methods can be used to prevent or reduce RFI from colocated directional antennas?
(Choose two)

A. Alternate polarization between colocated antennas
B. Cross-polarize antennas between endpoints
C. Install an RF-shielded box around the antennas
D. Increase the distance between the antennas

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 61
Which three colors are used in the Cisco WCS v5.2 Voice Readiness Tool? (Choose three)

A. green
B. blue
C. yellow
D. red
E. purple
F. white

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
Traffic lights!
QUESTION 62
Which format can NOT be imported into Cisco WCS Planning Tool?

A. TIFF
B. DXF
C. PNG D. DWG

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 63 In which three frequency bands does the Cisco Spectrum Expert Wi-Fi tool perform spectrum analysis? (Choose three)
A. ISM 2.4 GHz
B. ISM 900 MHz
C. ISM 5 GHz
D. public safety 4.9 GHz
E. GSM 1.9 GHz

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 64 After the site installation is complete, you should verify the mobility of the VoWLAN device while walking the site on an active phone call. Which Cisco WLC or Cisco WCS command is most beneficial in determining roaming efficiency?
A. show {802.11a | 802.11b} |2roam statistics <AP mac>
B. show client roam-history <client-mac>
C. show client tsm 802.11a/b/g <client-mac> <AP mac>
D. show client detail <client-mac>
E. show client ap-roam-history <client-mac>

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 65
Which statement about active and passive surveys is incorrect?

A. Active mode does not require the client to be specifically confgured
B. Passive mode can survey more than one access point at a time
C. Active mode yields signal-quality information such as packet retries and lost packets
D. Active mode requires more time to survey but yields more information results than passive mode does

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

All most all IT professionals are familiar with the Cisco 642-541 exam and dream to have that top most demanding certification. This is the top level certification from CISCO that is accepted universally. You can get your desired career which you dreamed with passing Cisco 642-541 test and getting the certificate.