Day: June 17, 2016
Flydumps just published the newest Checkpoint 156-816 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Checkpoint 156-816 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Checkpoint 156-816 version VCE Player along with your VCE dumps.
QUESTION 47
Consider the following scenario: Your network configuration requires that you configure a single interface on the VSX Gateway to lead to multiple networks. A different Virtual System must protect each network sending traffic through the VSX Gateway. You configured a dedicated management interface on the VSX Gateway, along with 1 External Virtual Router and 4 Virtual Systems, one for each Customer. Which of the following hardware devices must be used to connect the different networks to the single shared interface?
A. Frame cache-redirection enabled switch
B. Content-intelligent switch
C. Jumbo frame-enabled switch
D. Router
E. VLAN-capable switch
Correct Answer: E
QUESTION 48
Which of the following VLAN membership types is considered explicit in its propagation?
A. Application-based
B. Protocol-based
C. Session-based
D. MAC address-based
Correct Answer: B
QUESTION 49
Which of the following VSX components maintain layer 3 connectivity?
A. Virtual System in Bridge mode
B. Internal Virtual Switch
C. External Virtual Switch
D. Virtual Router
E. VLAN interface
Correct Answer: D
QUESTION 50
A Virtual System in Bridge mode can:
A. Operate without IP addresses.
B. Participate in VPNs.
C. Segment an existing network.
D. Perform NAT.
E. Automatically include a spanning tree protocol for multi-switch environments.
Correct Answer: A
QUESTION 51
Consider the following scenario: A hub connects four hosts to a VLAN-Tagged port on a switch. The hosts have IP addresses ranging from 10.0.0.1 to 10.0.0.4. The switch adds a VLAN Tag of 400 to all communication passing through it. Once communication from the second host on the hub passes through the switch port on the way to its destination on the external network, how does the traffic appear in SmartView Tracker? Assume that traffic enters the Gateway on interface eth3.
A. eth3.2
B. eth3.400.2
C. eth3.400
D. eth3.2.400
E. eth3.402
Correct Answer: C
QUESTION 52
Which of the following is NOT a virtual device that can be defined on a VSX Gateway?
A. Warp interface
B. Physical Interface
C. Virtual System
D. Virtual Switch
E. Virtual Router
Correct Answer: B
QUESTION 53
When configuring the interfaces for Virtual Systems leading to a Virtual Switch, which of the following is required?
A. IP addresses on separate networks
B. IP addresses on the same network
C. Shared CMA management of the Virtual Systems
D. Unique subnet-mask settings
E. Different default Gateways
Correct Answer: B
QUESTION 54
When configuring a VLAN environment for your VSX Gateway, you must first define the interface as VLAN-capable. Where is this interface configured?
A. Topology tab of the External Virtual Router
B. System Interfaces Allocation tab of the VSX Gateway object
C. System Interfaces tab of the VSX Gateway object
D. Resources tab of the Virtual System object
E. Topology tab of the Virtual System object
Correct Answer: C
QUESTION 55
Bridged Virtual Systems in a cluster monitor which of the following protocols, to fail over a bridged system?
A. VTP
B. MPLS
C. BPDU
D. STP
E. OSPF
Correct Answer: C
QUESTION 56
Virtual Switches make packet-forwarding decisions based on which of the following?
A. Subnet mask
B. MAC address
C. Routing table
D. IP address
E. Traffic flow direction
Correct Answer: B
QUESTION 57
Which of the following virtual devices will NOT fail over, if its interface fails in a VSX High Availability configuration?
A. Virtual System in Bridge mode
B. External Virtual Router
C. Internal Virtual Router
D. Virtual System with VLAN interfaces
E. Management Virtual System interface
Correct Answer: A
QUESTION 58
When configuring Virtual Switch leading to the Internet, which of the following items is required when creating a Virtual Switch object?
A. Subnet mask
B. VLAN Tag
C. IP address
D. Dedicated interface
E. Default Gateway
Correct Answer: D
QUESTION 59
At installation, the _________ is bound to all configured physical interfaces of a VSX Gateway, UNLESS the interfaces are specifically assigned to another component.
A. VSX Management Server
B. External Virtual Router
C. Synchronization Network
D. Management Virtual System
E. Internal Virtual Router
Correct Answer: D
QUESTION 60
When configuring a new Virtual System for your VSX Gateway configuration, what should you do first?
A. Create a new Customer and CMA, to be used as the Virtual System’s Management Server.
B. Open the Admin CMA SmartDashboard, and create a new CMA object to be used as the Virtual System’s Management Server.
C. Add a new Virtual System to the Main Customer, so that the Admin CMA can be used as the Management Server.
D. Open the Global SmartDashboard, and create a new Virtual System object.
E. Open the Admin CMA SmartDashboard, and create a new Virtual System object.
Correct Answer: A
QUESTION 61
A Virtual Router performs which of the following tasks?
A. Security Policy application for protected customer networks
B. Inter-Virtual System routing
C. Synchronization between VSX Gateways in a cluster
D. Network Address Translation for protected customer networks
E. Packet inspection for protected customer networks
Correct Answer: B
QUESTION 62
If you open the Policy Editor for a Virtual System in your VSX configuration and change the Global Properties settings to accept ICMP requests, which of the following occurs?
A. The settings for all Virtual Systems attached to the same Admin CMA are changed.
B. The settings for all Virtual Systems within a Customer are changed, regardless of CMA association.
C. No change takes place on any Policy. Global properties can only be configured in the Global Policy Editor.
D. The settings for all Virtual Systems on the MDS are updated to reflect the change.
E. The settings for all Virtual Systems managed by the same Customer CMA are changed.
Correct Answer: E
QUESTION 63
Which interface of the Management Virtual System (MVS) can be compared to the external interface of a traditional Security Gateway?
A. Warp interface leading from the MVS to the External Virtual Router
B. None; the External Virtual Router acts as the external interface to all Virtual Systems configured on the VSX Gateway.
C. Dedicated management interface, typically eth0
D. Synchronization interface
E. Virtual interface leading from the MVS to the External Virtual Router
Correct Answer: A
QUESTION 64
If a VSX Gateway is protecting multiple customer networks behind only one shared interface, the VSX Administrator must either configure __________ for source-based routing, or deploy a VLAN solution.
A. An Internal Virtual Router
B. Non-VLAN Interface Trunking
C. VSX Gateway High Availability
D. VSX Gateway Load Sharing
E. Multiple External Virtual Routers
Correct Answer: A
QUESTION 65
Which of the following is the only interface configured by running sysconfig, during the installation of a VSX Gateway in a single Gateway environment?
A. Synchronization interface
B. Dedicated Customer interface
C. Internal Virtual Router interface
D. Management interface
E. External interface
Correct Answer: D
QUESTION 66
The __________ forwards packets between interfaces of a Virtual System.
A. Internal Packet Routing Module
B. Context Identification Module
C. Virtual IP Stack
D. External Virtual Router
E. Virtual Switch
Correct Answer: C
QUESTION 67
The External Virtual Router is associated with a dedicated interface. It is considered to be which type of interface?
A. Warp
B. Synchronization
C. Virtual
D. Physical
E. Symbolic
Correct Answer: D
QUESTION 68
When installing the Security Policy of a Management Virtual System (MVS), what objects are available for Policy installation, other than the MVS?
A. All configured Virtual Routers
B. No other object is available for Policy installation.
C. All configured Virtual Systems
D. All configured Virtual Systems and the External Virtual Router
E. All configured Virtual Switches
Correct Answer: A
QUESTION 69
When configuring the VSX Gateway, it is important to reboot after running which of the following commands for the first time?
A. vsx sysconfig
B. fwconfig
C. cpconfig
D. cpconfig vsx
E. vsxconfig
Correct Answer: C
QUESTION 70
The __________ interface is configured in a VLAN environment, to allow multiple Virtual Systems to share a single physical interface on a VSX Gateway.
A. Synchronization
B. Warp
C. Symbolic
D. Physical
E. Virtual
Correct Answer: E
QUESTION 71
Which of the following virtual devices will NOT fail over, if its interface fails in a VSX High Availability configuration?
A. Virtual Switch
B. Virtual System with VLAN interfaces
C. Management Virtual System interfaces
D. External Virtual Router
E. Virtual System with dedicated interfaces
Correct Answer: A
QUESTION 72
A Virtual System in Bridge mode is a Virtual System that implements:
A. Dynamic IP routing.
B. Native layer-2 communications.
C. VLAN Tagging.
D. IP routing.
E. Network Address Translation.
Correct Answer: B
QUESTION 73
When deploying a VSX Gateway managed by a Provider-1 MDS, how many Certificate Authorities will the deployment have?
A. Three; one for the SmartCenter Server, one shared by all Virtual Systems, and one shared by all Virtual Routers
B. One, shared by all components
C. One for each CMA in your configuration
D. One for each Virtual System and Virtual Router configured on the VSX Gateway
E. Two; one for the SmartCenter Server, and one shared by all Virtual Systems and Virtual Routers
Correct Answer: C
QUESTION 74
When configuring Virtual Switch leading to the Internet, which of the following items is required when creating a Virtual Switch object?
A. Subnet mask
B. VLAN Tag
C. IP address
D. Dedicated interface
E. Default Gateway
Correct Answer: D QUESTION 75
A Virtual Router performs which of the following tasks?
A. Packet forwarding without inspection
B. IP spoofing inspection for protected customer networks
C. Layer 2 packet forwarding
D. VLAN Tagging
E. Routing from Virtual Systems to the Internet
Correct Answer: E
The Cisco contains more than 400 practice questions for the Checkpoint 156-816 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Checkpoint 156-816 exams network simulation software.
Flydumps ensures CheckPoint 156-706 study guide are the newest and valid enough to help you pass the test.Please visit Flydumps.com and get valid CheckPoint 156-706 PDF and VCE exam dumps with free new version.100% valid and success.
QUESTION 40 What is the name of the Service that can be used for transferring the recovery file to the network share instead of the logged on user?
A. Pointsec Service Start
B. Pointsec Transer Service
C. Pointsec Recovery Service
D. None of the Above
Correct Answer: A
QUESTION 41 When trying to remove Pointsec by force on an unencrypted machine, using “reco_img.exe”, how will you be able to access the Advanced options on the recovery media?
A. By using the ctrl + alt + delete functionality after reboot
B. By using the ctrl + F9 option during login
C. By using the F8 key when booting from recovery media
D. None of the above
Correct Answer: C
QUESTION 42 What are the options to harvest log for 3rd party tools
A. Use GET command with FTP Server script
B. Export logs from Pre Boot Environment
C. Use pslogexp.exe to export logs
D. Simply point your 3rd party tool to the Pointsec recovery path
Correct Answer: C
QUESTION 43 When your domain account password has to be changed you also want your pointsec password to be changed automatically. How can you acheive this?
A. By setting synchronize password with Windows
B. By setting synchronize password with Pointsec.
C. By using the synchronize option in Active Directory
D. None of the above
Correct Answer: A
QUESTION 44 If Single Sign On has been activated on a pointsec user where does Pointsec store the user credentials?
A. In the registry
B. In the secure local database
C. In the pointsec administration tool
D. Encrypted under %PROGRAM FILES%\Pointsec\Pointsec for PC\SSO
Correct Answer: D
QUESTION 45 If a client machine in need of a profile update has no path for update profiles set in the Pointsec Management Console. Is it possible to still update this client?
A. Yes, by placing the profile in the searchpath for its recovery files.
B. No, it is not possible to update this client
C. Yes by placing the profile in the system root directory
D. Yes, by placing the profile in %PROGRAM FILES%\Pointsec\Pointsec for PC\work
Correct Answer: D
QUESTION 46 If your machine is encrypted with Pointsec and you decide to share folders on your local hard drive. What will happen when other users try to access the shared folders over the network?
A. Nothing, they will be fully accessible
B. The users will need to provide a valid Pointsec username and password
C. Sharing is not possible is Pointsec is installed
D. The folders can only be accessed if the user also has Pointsec installed. Correct Answer: A
QUESTION 47
How can you uninstall Pointsec?
A. Add/Remove programs from control panel
B. Use the recovery file
C. Uninstallation profile
D. All of the above Correct Answer: D
QUESTION 48
What limitations should you be aware of before you install Pointsec?
A. Pointsec cannot be installed if the root directory is compressed?
B. Pointsec must be installed on the 1st bootable partition?
C. Pointsec cannot be installed to stripe/volume sets?
D. All of the above Correct Answer: D
QUESTION 49
To protect a Pointsec profile you need assign a…?
A. Dynamic Token
B. Fixed password
C. Fingerprint
D. None of the above Correct Answer: B
QUESTION 50
Which utility is used to register languages to an existing Pointsec for PC Client installation?
A. PSD.EXE
B. Pscontrol.exe
C. AddLanguage.exe
D. Addlang.cmd
Correct Answer: B
QUESTION 51 You need to uninstall/unencrypt Pointsec to image over a machine that has Pointsec already installed?
A. True
B. False Correct Answer: A
QUESTION 52
Pointsec for PC operates as a low level driver on machine’s hard drive.
A. True
B. False
Correct Answer: A
QUESTION 53 You need a network connection to change a user’s password using the default remote help application in Pointsec
A. True
B. False
Correct Answer: B
QUESTION 54 A one time login and remote password change response can be used multiple times to allow access to the machine
A. True
B. False Correct Answer: B
QUESTION 55 Any user with View Log privilege can view the central logs
A. True
B. False Correct Answer: A
QUESTION 56
Pointsec supports hibernation in Windows.
A. True
B. False
Correct Answer: A
QUESTION 57 You can search for users and computers via the Pointsec Management Console
A. True
B. False
Correct Answer: B
QUESTION 58
When deleting a user using an update profile in Pointsec, you need to specify the volumes/
partitions to be affected.
A. True
B. False
Correct Answer: B
QUESTION 59 For an organization that has high personnel turnover, tokens should be used for administrative accounts to minimize the number of updates.
A. True
B. False Correct Answer: A
QUESTION 60 Pointsec supports two factor authentication
A. True
B. False Correct Answer: A
QUESTION 61
What are the minimum requirements for Device Protector Server to be installed?
A. 512MB+ Ram / 2GB+ Hard disk space for MSSQL database storage / Windows NT / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional
B. 1Gb Ram / 4GB+ Hard disk space for MYSQL database storage / Windows NT / MS Windows NT Service Pack 7a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 3+ / MS Windows XP Home / RedHat Linux Kernel version 6.14
C. 512MB+ Ram / 2GB+ Hard disk space for MYSQL database storage / Windows 3.1 / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional
D. 2Gb+ Ram / 2GB+ Hard disk space for MSSQL database storage / Windows NT / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional
Correct Answer: A
QUESTION 62
What are the minimum requirements for Device Protector Client to be installed.
A. 1Gb Ram / 2Gb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
B. 512mb Ram / 50mb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
C. 1Gb Ram / 2Gb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
D. 512mb Ram / 50mb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Home with Service Pack 1+
Correct Answer: C
QUESTION 63
What encryption algorithm and a what strength does Device Protector’s encryption use?
A. 128 AES
B. 3DES
C. Blowfish
D. 128 / 256 AES
Correct Answer: D
QUESTION 64 How can Device Protector stop any new programs from being installed and old programs from being uninstalled?
A. By setting Removable Media Manager to prevent any application uninstallations / installations.
B. By selecting .EXE and .MSI in Trusted File Types in Program Security Guard
C. By setting Device Manager to Deny All
D. All of the above
Correct Answer: A
QUESTION 65
What does Program Security Guard do?
A. Prevents the creation / modification / deletion of specified file types
B. Prevents Removable Media devices from entering the network
C. Prevents unauthorised applications from creating banned file types
D. Both A and C
Correct Answer: D
QUESTION 66
What does Removable Media Manager do?
A. Manages what media can be exported to Removable Media
B. Automatically formats and encrypts devices
C. Automatically scans and digitally signs devices
D. Creates a black / white list of what devices can be used on the network
Correct Answer: D
QUESTION 67
What does the Device Manager do?
A. Allows you to see a list of devices which are currently used within the network
B. Replaces the Windows. Device Manager to Add / Modify devices within Windows.
C. Digitally scans all devices which are entered into the network
D. Creates a black and white list of devices which are allowed to be used within the network
Correct Answer: A
QUESTION 68
What is the Removable Media Auditor?
A. It allows you to see what information has been copied to CD/DVD
B. It creates a complete audit history of all activity which occurs on removable media
C. It allows you to see what processes have opened which files
D. All of the above Correct Answer: D
QUESTION 69
How do you “throttle” logs?
A. By adjusting the speed at which they are sent to the server
B. By specifying the most urgent logs to be sent immediately
C. By adjusting how quickly the server receives the logs
D. All of the above
Correct Answer: D
QUESTION 70 How do you setup a Removable Media policy which does not allow users to be able to Authorise their own devices but can still use Removable Media?
A. By selecting Automatic Scan with the Option to Delete Files within Removable Media Manager
B. By selecting Automatic Scan within Removable Media Manager
C. By selecting No Removable Media Scan within Removable Media Manager
D. By selecting Wizard Mode within Removable Media Manager Correct Answer: D
QUESTION 71
What is “Limbo” mode?
A. An installation of the Device Protector client where no protection is enabled
B. An encrypted usb removable media device with no owner set
C. A configured Profile Template which has not been assigned to a group
D. A user who is picking up the Default Profile Correct Answer: D
QUESTION 72
Can Program Security Guard allow software downloads from an Intranet but not from the Internet?
A. Yes
B. No
C. Maybe Correct Answer: A
QUESTION 73
What is a “Process Executable Check” within Program Security Guard?
A. It checks to see whether the file being launched is a true executable
B. It allows executables to be launched
C. It switches on Program Security Guard
D. Both A and C Correct Answer: D
QUESTION 74 What are 3 processes which Device Protector exempts by Default
A. .BAT .CMD .MP3
B. .EXE .VBS .BAT
C. .JPG .DOC .XML
D. .GIF .DLL .CPL
E. .EXE .COM .SYS Correct Answer: E
QUESTION 75
What is a Computer Profile?
A. It is a profile which is sent via a computer
B. It is a profile which was created by a computer
C. It is a profile which is applied to a computer
D. It is a profile which configures what drivers are allowed to be installed Correct Answer: C
QUESTION 76
How do Offline Profiles work?
A. By applying a profile to a user when a connection to the Device Protector server cannot be made
B. By forcing users to go offline in the event of a security breach
C. Both A and B
D. None of the above Correct Answer: A
QUESTION 77
What do the “Users” and “Computers” nodes do within Device Protector?
A. Allows you to delete users and computers from the Active Directory
B. Shows which users and computers are awaiting to download a profile
C. Shows what users and computers do not have the client agent installed
D. Show what users and computers have been added to the Device Protector database Correct Answer: D
QUESTION 78
Can Device Protector work with a Novell Server?
A. Yes
B. No
C. Maybe
D. I don’t know
Correct Answer: A QUESTION 79 Is Active Directory / Edirectory required for Device Protector to work?
A. No, as Device Protector can work within Linux
B. No, only a copy of Windows. XP Home
C. Yes, Device Protector cannot be installed without an Active Directory / Edirectory being present
D. No, but you will only be able to apply profiles to the local machine
Correct Answer: D
QUESTION 80 What would happen to the Device Protector agent, if the connection to the Device Protector Server was lost / severed?
A. The machine reboots to restore a connection
B. The client agent would reset to apply the Cached or Offline Profile
C. The user is logged out while a connection to the server is established
D. Nothing happens and the user continues to work as normal using the Caches / Offline profile
Correct Answer: D
QUESTION 81 How many Global OU′s can you have in one webRH installation
A. One
B. Two
C. Three
D. Unlimited
Correct Answer: A
QUESTION 82 How many regional/local OU′s can you have in one webRH installation
A. One
B. Two
C. Three
D. Unlimited
Correct Answer: D
QUESTION 83
What extension does a webRH profile use?
A. .ipp
B. .pmt
C. .prt
D. .upp
Correct Answer: D
QUESTION 84
What is the maximum number of users or groups can be deployed with a webRH profile?
A. 1 user and 1 group
B. It is depending on how many OU′s you have
C. No more than 50
D. Unlimited
E. 6 users and 1 group Correct Answer: E
QUESTION 85
When logging into webRH, what authentication method can and must be used?
A. User name and password
B. User name and dynamic token
C. USB token
D. Smart card Correct Answer: B
QUESTION 86
When logged into webRH, what is the only task that a help-desk user can perform?
A. Create a .rec file
B. Create updates
C. Force uninstall
D. Provide Remote Help Correct Answer: D
QUESTION 87
Which application can you run to configure webRH settings post installation?
A. webRHconfig.exe
B. addtoken.exe
C. admin.exe
D. none of the above Correct Answer: A
QUESTION 88
When you install the webRH server, how many administrator accounts do you have to create?
A. None
B. One
C. Two
D. Ten Correct Answer: C
QUESTION 89
How many times can a response be used when created with the proper challenge?
A. Four
B. Three
C. Two
D. One
Correct Answer: D
QUESTION 90 If a helpdesk user is logged in to webRH and you decide to remove his account, when will the user be notified?
A. Immediately, since he will be thrown off the system when his account is removed
B. When his session times out and he tries to re-authenticate
C. When he reboots his machine
D. Never, it is not possible to remove accounts from webRH
Correct Answer: B
CCNA Exam Certification Guide is a best-of-breed CheckPoint 156-706 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and CheckPoint 156-706 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.CheckPoint 156-706 Material is presented in a concise manner,focusing on increasing your understanding and retention of exam topics.
The 100% valid latest Checkpoint 156-815 question answers ensure you 100% pass! And now we are offering the free Checkpoint 156-815 new version along with the VCE format Checkpoint 156-815 practice test. Free download more new Checkpoint 156-815 PDF and VCE on Flydumps.com.
QUESTION 59
You work as an administrator at Certkiller .com. You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional are allowed in the Action properties. If traffic passing
through the QoS Module matches both rules, which of the following statement is true?
A. Neither rule will be allocated more than 10% of available bandwidth
B. The H.323 rulel will consume no more than 2048 Kbps of available bandwidth
C. 50% of available bandwidth will be allocated to the H.323 rule
D. 50% 01 available bandwidth will be allocated to the Default Rule
E. Each H.323 connection will receive at least 512 Kbps of bandwidth
Correct Answer: B
QUESTION 60
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security-Gateway from SmartDashboard
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the actrvation key Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC)
C. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of SmartCenter Server>-.
D. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of security Gateway>-.
E. Re-install the Security Gateway
Correct Answer: B
QUESTION 61
One of your remove Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive error message “unknown”. What is the problem?
A. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate
B. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX
C. The Internal Certfcate Authorty for the SmartCenter object has been removed from objects_5_0 c
D. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection
Correct Answer: E
QUESTION 62
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
QUESTION 63
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the
external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?
A. Internal Gateway VPN Domain = Internal_net External VPN Domain = external net + external gateway object + internal_net.
B. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = external_net + internal gateway object
C. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal_net + external_net
D. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net
Correct Answer: D
QUESTION 64
Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee
Correct Answer: A
QUESTION 65
Certkiller is the Security Administrator for Certkiller .com’s large geographically distributed network. The internet connection at one of her remote sites failed during the weekend, and the Security Gateway logged locally for over 48 hours. Certkiller is concerned that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application should Certkiller use, to view the percent of free hard-disk space on the remote Security Gateway?
A. SmartView Status
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartLSM
Correct Answer: D
QUESTION 66
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and view hidden rules Select the rule, right-click, and select Disable
B. Uninstall the Security Policy, and then disable the rule
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rule (s)”
Correct Answer: E
QUESTION 67
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queue using Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair queuing
E. guaranteed per VolP rule
Correct Answer: A
QUESTION 68
As a Security Administrator, you must configure anti-spoofing on Security Gateway interfaces, to protect your Internal networks. What is the correct anti-spoofing setting on interface ETH1 in this network diagram?
NOTE In the DMZ, mail server 192.168.16.10 is statically translated to the object “mail_valid”, with IP address 210.210.210.3. The FTP server 192.168.16.15 is statically translated to the object “flp_valid”, with IP address 210.210.210.5
A. A group object that includes the 10.10.0.0/16 and 192.168.16.0/24 networks, and mail_valid and ftp_valid host objects
B. A group object that includes the 10.10.20.0/24 and 10.10.10.0/24networks
C. A group object that includes the 10.10.0.0/16 network object, mail_valid host,and ftp_valid host object
D. A group object that includes the 192.168.16.0/24 and 10.10 0.0/16 networks
E. A group object that includes the 10.10.10.0/24 and 192.168.16.0/24networks
Correct Answer: B
QUESTION 69
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results Required Result #1: Do not purchase new hardware Required Result #2: Use configuration changes that do not reduce security Desired Result #1: Reduce the number of explicit rules in the Rule Base Desired Result #2: Reduce the volume of logs Desired Result #3: Improve the Gateway’s performance Proposed Solution: Mary recommends the following changes to the Gateway’s configuration:
1.
Replace all domain objects with network and group objects.
2.
Stop logging Domain Name over UDP (queries)
3.
Use Global Properties, instead of explicit rules, to control ICMP. VRRP, and RIP. Does Mary’s proposed solution meet the required and desired result s?
A. The solution meets the required results, and two of the desired results
B. The solution does not meet the required results
C. The solution meets all required results, and none of the desired results
D. The solution meets all required and desired results
E. The solution meets the required results, and one of the desired results
Correct Answer: A
QUESTION 70
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter
Correct Answer: B
QUESTION 71
Jacob is using a mesh VPN Community to create a site-to-site VPN. The VPN properties in this mesh Community display in this graphic Exbibit: Which of the following statements isTRUE?
A. If Jacob changes the setting,”Perform key exchange encryption with” from “3DES” to “DES”, he will enhance the VPN Community’s security and reduce encryption overhead
B. Jacob’s VPN Community will perform IKE Phase 1 key-exchanqe encryption, usinq the lonqest key VPN-1 NGX supports
C. Jacob must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES
D. If Jacob changes the setting “Perform IPsec data encryption With” from “AES-128” to “3DES”, he will increase the encryption overhead
Correct Answer: D
QUESTION 72
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for “selective sync”. The following is the fwtab -t connections – s output from both members: Is State Synchronization working properly between the two members?
A. Members A and B are synchronized, because ID for both members is identical in the connections table
B. The connections-table output is incomplete. You must run the cphaprob state command, to determine if members A and B are synchronized
C. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table
D. Members A and B are synchronized, because #SLlNKS are identical in the connections table
E. Members A and B are not synchronized, because #VALS in the connections table are not close
Correct Answer: E
QUESTION 73
Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?
A. Guarantees
B. Low Latency Oueuing
C. Differentiated Services
D. Weighted FairOueueing
E. Limits
Correct Answer: C
QUESTION 74
Your network includes ClusterXL running Multicast mode on two members, as shown in this topology
Your network is expanding, and you need to add new interfaces 10.10.10.1/24 on Member A, and
10.10.10.2/24 on Member B. The virtual lP address for interface 10.10.10.0/24 is 10.10.10.3.What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.
3.
Update the technology in the cluster object for the cluster and both members.
4.
Install the Security Policy.
B. 1. Disable “Cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.
3.
Reenable “Cluster membership” on the Gateway.
4.
Perform the same step on the other Gateway.
5.
Update the topology in the cluster object for the cluster and members.
6.
Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run spstart on the member. Repeat the same steps on another member.
3.
Update the new topology in the cluster object for the cluster and members.
4.
Install the Security Policy.
D. 1, Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster on both membes.
3.
Install the Security Policy.
Correct Answer: C
QUESTION 75
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object Reinstall the Security Policy
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig
D. Change the cluster mode to Unicast on the cluster-member object
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address
Correct Answer: A
QUESTION 76
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway
Correct Answer: B
QUESTION 77
You have locked yourself out of SmartDashboard With the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartDashboard. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server
B. Run fw unlocklocal on the SmartCenter Server
C. Run fw unloadlocal on the Security Gateway
D. Delete the $fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway
Correct Answer: C
QUESTION 78
By default, a standby SmartCenter Server is automatically synchronized by an active SmartCenter Server, when:
A. The Security Policy is installed
B. The Security Policy is saved
C. The user database is installed
D. The Security Administrator logs in to the standby SmartCenter Server, for the first time
E. The standby SmartCenter Server starts for the first time
Correct Answer: A
QUESTION 79
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule
Correct Answer: A
QUESTION 80
Your VPN Community includes three Security Gateways. Each Gateway has its own intemal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, Without stopping the VPN. What is the correct order of steps?
A. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
B. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface
C. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
D. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface
Correct Answer: B
QUESTION 81
Barak is a security administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that few office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the internal Certificate Authority(ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?
A. 1,2,5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1,2,3,4
Correct Answer: C
QUESTION 82
Certkiller is recently hired as the Security Administrator for Certkiller .com. Jack Bill’s manager has asked
her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Certkiller
must propose a plan based on the following required and desired results:
Required Result #1: Do not purchase new hardware. Required Result #2: Use configuration changes the
do not reduce security. Desired Result #1: Reduce the number of explicit rules in the Rule Base.
Desired Result #2: Reduce the volume of logs.
Desired Result #3: Improve the Gateway’s performance.
Proposed solution:
*
Replace all domain objects with network and group objects.
*
Check “Log implied rules” and “Accept ICMP requests” in Global Properties.
*
Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP. Does Certkiller’s proposed solution meet the required and desired results?
A.
The solution meets all required and desired results.
B.
The solution meets all required, and one of the desired results.
C.
The solution meets all required, and two of the desired results.
D.
The solution meets all required, and none of the desired results.
E.
The solution does not meet the required results.
Correct Answer: E
QUESTION 83
After installing VPN-1 Pro NGX R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?
A. The NIC is faulty. Replace it and reinstall
B. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the WebUI
C. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA)
D. Make sure the driver for your particular NIC is available and reinstall. You will be prompted for the driver
Correct Answer: B
QUESTION 84
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?
A. IKE Key Exchange
B. TCP keep alive
C. ICMP Port Unreachable
D. UDP keep alive
Correct Answer: D QUESTION 85
Which SmartConsole component can administrators use to track remote administrative activities?
A. Eventia Reporter
B. SmartView Monitor
C. SmartView Tracker
D. The WebUI
Correct Answer: D QUESTION 86
We provide Checkpoint 156-815 help and information on a wide range of issues. Checkpoint 156-815 is professional and confidential and your issues will be replied within 12 hous. Checkpoint 156-815 free to send us any questions and we always try our best to keeping our Customers Satisfied.