Important Info: These new valid CheckPoint 156-915 exam questions were updated in recent days by CheckPoint 156-915 ,please visit our website to get the full version of new CheckPoint 156-915 exam dumps with free version of new VCE Player, you can pass the exam easily by training it!
QUESTION 87
Which feature in VPN-1 permits blocking specific IP addresses for a specified time period?
A. HTTP Methods
B. Local Interface Spoofing
C. Block Port Overflow
D. Suspicious Activity Monitoring
Correct Answer: D
QUESTION 88
Match the ClusterXL Modes with their configurations: Exhibit:
A. A2,B3,C1,D4
B. A2,B3,C4,D1
C. A3,B2,C4,D1
D. A3,B2,C1,D4
Correct Answer: D
QUESTION 89
By default Check Point High Availability components send updates about their state every:
A. 1 Second
B. 0.1 Second
C. 5 Seconds
D. 0.5 seconds
Correct Answer: B
QUESTION 90
Which operating system is not supported by SecureClient?
A. IPSO 3.9
B. MacOS X
C. Windows 2003 Professional
D. Windows XP SP2
Correct Answer: A
QUESTION 91
Which of the following is the most critical step in a SmartCenter Server NGX R65 backup strategy?
A. Move the *.tgz upgrade_export file to an offsite location via ftp
B. Perform a full system tape backup of both the SmartCenter and Security Gateway machines
C. Using the upgrade_import command, attempt to restore the SmartCenter server to a non-production system
D. Run the cpstop command prior to running the upgrade_export command
Correct Answer: C
QUESTION 92
What happens when you select File > Export from the SmartView Tracker Menu?
A. Logs in fw.log are exported to a file that can be opened by Microsoft Excel
B. Exported log entries are deleted from fw.log
C. Current logs are exported to a new *.log file
D. Exported log entries are still viewable in SmartView Tracker
Correct Answer: A QUESTION 93
Which of these components does NOT require a VPN-1 NGX R65 license?
A. SmartUpdate Upgrading/Patching
B. SmartCenter Server
C. Check Point Gateway
D. SmartConsole
Correct Answer: D QUESTION 94
How do you use SmartView Monitor to compile traffic statistics for your company’s Internet activity during production hours?
A. Use the “Traffic Counters” settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day
B. Configure Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway
C. Select the “Tunnels” view and generating a report on the statistics
Correct Answer: A QUESTION 95
Which Check Point product is used to create and save changes to a Log Consolidation Policy?
A. Eventia Reporter Server
B. SmartDashboard Log Consolidator
C. SmartCenter Server
D. Eventia Reporter Client
Correct Answer: B QUESTION 96
When configuring site-to-site VPN High Availability (HA) with MEP, which of the following is correct?
A. MEP Gateways must be managed by the same SmartCenter Server
B. If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the next connection
C. MEP Gateways cannot be geographically separated machines
D. The decision on which MEP Gateway to use is made on the MEP Gateway’s side of the tunnel
Correct Answer: B QUESTION 97
You have blocked an IP address via the Block intruder feature of Smartview Tracker. How can you see the addresses you have blocked?
A. In Smartview monitor, select Blocked Intruder option from the query tree view
B. Run fwm blocked_view
C. In Smartview monitor, select Suspicious activity rules from the tools menu and select the relevant security gateway from the list
D. In SmartView Tracker,Click the Active Tab, and the actively blocked connection display
Correct Answer: C
QUESTION 98
You are administering your company’s clientless VPN connections. How many Security Servers should you be running to support 750 active users?
A. 1
B. 7
C. 5
D. 3
Correct Answer: C
QUESTION 99
What is the most typical type of configuration for VPNs with several externally managed Gateways?
A. Star Community
B. Hybrid community
C. Mesh Community
D. Domain Community
Correct Answer: A
QUESTION 100
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. VTIs are only supported on SecurePlatform
B. VTI specific additional local and remote IP addresses are not configured
C. VTIs cannot be assigned a proxy interface
D. Local IP addresses are not configured, remote IP addresses are configured
Correct Answer: B
QUESTION 101
When configuring VPN High Availability (HA) with MEP, which of the following is correct?
A. If one gateway fails, the synchronized connection fails over to another Gateway and the connection continues
B. The decision on which MEP Security Gateway to use is made on the remote gateway’s side (non-MEP side)
C. MEP VPN Gateways cannot be geographically separated machines
D. MEP Gateways must be managed by the same SmartCenter Server
Correct Answer: B
QUESTION 102
___________ is a proprietary check point protocol. It is the basis of the functionality of Check Point ClusterXL inter-module communication.
A. HA OPCODE
B. CKPP
C. RDP
D. CCP
Correct Answer: D QUESTION 103
Which of the following command is a CLI command for VPN-1 NGX R65?
A. fw shutdown
B. fwprint
C. fw tab -u
D. fw merge
Correct Answer: C QUESTION 104
Match each of the following commands to their correct function. Each command only has one function
listed:
Exhibit:
A. C1>F2;C2>F1;C3>F6;C4>F4
B. C1>F4;C2>F6;C3>F3;C4>F2
C. C1>F2;C2>F4;C3>F1;C4>F5
D. C1>F6;C2>F4;C3>F2;C4>F5
Correct Answer: D
QUESTION 105
Which security servers can perform authentication tasks, but CANNOT perform content security tasks?
A. HTTP
B. FTP
C. RLOGIN
D. SMTP
Correct Answer: C
QUESTION 106
You are running the License_upgrade tool on you SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?
A. Perform the actual license-upgrade process
B. View the status of currently installed licenses
C. Simulate the license-upgrade process
D. View the licenses in the SmartUpdate License Repository
Correct Answer: D QUESTION 107
A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter security gateway. Which SmartConsole application should you use to check these objects and rules?
A. SmartView Statuus
B. SmartView Monitor
C. SmartView Tracker
D. SmartDashboard
Correct Answer: A QUESTION 108
Which is the BEST configuration option to protect internal users from malicious java code, without stripping Java Scripts?
A. Use the URI resource to strip ActiveX tags
B. Use the URI resource to strip applet tags
C. Use CVP in the URI resource to block Java code
D. Use the URI resource to block Java Code
Correct Answer: D QUESTION 109
You organization has many VPN-1 Edge Gateways at various branch offices, to allow users to access company resources. For security reasons, your organization’s security policy requires all internet traffic initiated behind the VPN-1 Edge Gateways first be inspected by your headquarters VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN community?
A. To the Internet and other targets only
B. To the center and other satellites, through the center
C. To the center or through the center to other satellites, then to the Internet and other VPN targets
D. To the center only
Correct Answer: C QUESTION 110
Users are not prompted for authentication when they access their web servers, even though you have created an HTTP rule via User Authentication. Why?
A. Another rule that accepts HTTP without authentication exists in the Rule Base
B. You have forgotten to place the User Authentication Rule before the Stealth Rule
C. Users must use the SecuRemote Client, to use the User Authentication Rule
D. You checked the “Cache password on desktop” option in Global Properties
Correct Answer: B QUESTION 111
Flydumps is now offering CheckPoint 156-915 dumps PDF and Test Engine with 100% passing guarantee. Buy CheckPoint 156-915 pdf and pass your exam easily. If you want real exam simulation then buy test engine and install on your pc for preparation. Download CheckPoint 156-915 CCIE Data Center questions answers study material and prepare for exam.
100% valid Checkpoint 156-816 brain dumps with more new added questions.By training the Checkpoint 156-816 questions, you will save a lot time in preparing the exam.Visit www.Flydumps.com to get the 100% pass ensure!
QUESTION 77
During MDS installation, you must configure at least one VSX Administrator. After creating the Administrator, you are prompted to perform which task?
A. Grant VSX-specific privileges to the Administrator
B. Assign the Administrator to manage a specific Virtual System
C. Add the Administrator to a group
D. Assign the Administrator to manage a specific interface on the VSX Gateway
E. Assign the Administrator to manage a specific CMA
Correct Answer: C
QUESTION 78
During the initial configuration of a VSX Gateway cluster, the VSX Administrator is prompted to specify each cluster member’s name, as shown below:Which of the following best describes this name?
A. IP address of the individual VSX Gateway in the cluster
B. Any name the VSX Administrator chooses to describe the cluster member
C. Customer for which this VSX Gateway cluster is configured
D. MAC address of the individual VSX Gateway in the cluster
E. Hostname of the individual VSX Gateway in the cluster
Correct Answer: B
QUESTION 79
The VSX Management Server uses which of the following channels to communicate with components of the VSX Gateway?
A. Provisioning and Network Configuration
B. Route Configuration
C. Gateway Inspection Verification
D. Status Verification
E. Policy Verification
Correct Answer: A
QUESTION 80
What is the maximum number of members that can be included in a VSX Gateway cluster?
A. 2
B. 10
C. 50
D. 8
E. 25
Correct Answer: D
QUESTION 81
If two VSX Gateways are deployed in a cluster with one interface defined with a Virtual Switch, how is each Virtual Switch instance defined?
A. Primary: Standby/Secondary: Active
B. Primary: Standby/Secondary: Standby
C. Primary: Active/Secondary: Standby
D. Primary: Active/Secondary: Active
Correct Answer: D
QUESTION 82
What is the term used to describe a port or interface that shares traffic from more than one VLAN?
A. Frame-Strata enabled
B. VLAN riding
C. Comprehensive layer-2 label support
D. VLAN trunking
E. Comprehensive VLAN Tag support
Correct Answer: D
QUESTION 83
The provisioning and network configuration channel does NOT:
A. Install a default Security Policy blocking all traffic.
B. Install Administrator defined Security Policies.
C. Create Virtual Systems and Virtual Routers on a Gateway.
D. Configure interface and routing information on the Gateway.
E. Create a SIC Certificate for new objects, and transfer the Certificate to an object on the VSX Gateway.
Correct Answer: B
QUESTION 84
In a VLAN Tag added to a frame header, the __________ is a 2 byte number that identifies a frame as tagged.
A. user_priority
B. VLAN Identifier
C. Tag Control Information
D. Tag Protocol Identifier
E. Canonical Format Indicator
Correct Answer: D
QUESTION 85
Which of the following VSX components maintain layer 3 connectivity?
A. Virtual System in Bridge mode
B. Internal Virtual Switch
C. External Virtual Switch
D. Virtual Router
E. VLAN interface
Correct Answer: D
QUESTION 86
When configuring a Virtual System interface leading to a Virtual Switch, the default Gateway must be: A. The IP address of the Virtual Switch.
B. The IP address of the Management Virtual System.
C. The IP address of a device outside the VSX Gateway.
D. Excluded. No default Gateway is used when passing traffic through a Virtual Switch.
E. Shared among all systems passing through the switch.
Correct Answer: C
QUESTION 87
Which interface of the Management Virtual System (MVS) can be compared to the external interface of a traditional Security Gateway?
A. Warp interface leading from the MVS to the External Virtual Router
B. None; the External Virtual Router acts as the external interface to all Virtual Systems configured on the VSX Gateway.
C. Dedicated management interface, typically eth0
D. Synchronization interface
E. Virtual interface leading from the MVS to the External Virtual Router
Correct Answer: A
QUESTION 88
When deploying a VSX Gateway managed by a SmartCenter Server, which of the following statements is TRUE?
A. VSX Administrators can configure different domains for each Virtual System.
B. Multiple Administrators can simultaneously connect to the same database, to manage multiple Customers.
C. All Customer objects, rules, and users are shared in a single database.
D. Each Virtual System has its own unique Certificate Authority.
E. VSX superuser Administrators can configure granular permissions for each Customer Administrator.
Correct Answer: C
QUESTION 89
A __________ is a virtual security device configured on a VSX Gateway, which operates as a complete routing and security domain, with firewall and VPN capabilities.
A. Virtual Switch
B. Context Identification Module
C. Virtual System Extension
D. Virtual System
E. External Virtual Router
Correct Answer: D
QUESTION 90
When configuring Virtual Systems with overlapping IP addressing, the Virtual Systems must:
A. Be included in a VPN.
B. Be on the same network.
C. Perform Network Address Translation.
D. Perform in Bridge mode.
E. Define VLAN Tags.
Correct Answer: C QUESTION 91
Consider the following scenario: Your network configuration requires that you configure a single interface on the VSX Gateway to lead to multiple networks. A different Virtual System must protect each network sending traffic through the VSX Gateway. You configured a dedicated management interface on the VSX Gateway, along with 1 External Virtual Router and 4 Virtual Systems, one for each Customer. Which of the following hardware devices must be used to connect the different networks to the single shared interface?
A. Frame cache-redirection enabled switch
B. Content-intelligent switch
C. Jumbo frame-enabled switch
D. Router
E. VLAN-capable switch
Correct Answer: E
QUESTION 92
When configuring the VSX Gateway, it is important to reboot after running which of the following commands for the first time?
A. config
B. cpconfig vsx
C. fwconfig
D. vsx sysconfig
E. sysconfig
Correct Answer: E
QUESTION 93
Bridged Virtual Systems in a cluster monitor which of the following protocols, to fail over a bridged system?
A. VTP
B. MPLS
C. BPDU
D. STP
E. OSPF
Correct Answer: C
QUESTION 94
You need to provide a security layer for an existing core network. You need an inspection module that operates at layer 2, is completely transparent, and does not impact the existing IP structure or different control protocols in use. Which of the following virtual devices will perform the kind of inspection you need?
A. External Virtual Router
B. Virtual Switch
C. Virtual System in Bridge mode
D. Virtual System
E. Internal Virtual Router
Correct Answer: C
QUESTION 95
Which of the following statements is true concerning the default Security Policy of the External Virtual Router?
A. The External Virtual Router performs exactly like an External Virtual Switch.
B. All traffic emanating from networks protected by the VSX Gateway is dropped. All other traffic is accepted.
C. All traffic passing through the External Virtual Router is allowed by default, without inspection by the External Virtual Router’s Security Policy.
D. All traffic bound for the management network is dropped.
E. Virtual Routers do not enforce a Security Policy.
Correct Answer: C
QUESTION 96
Which of the following commands should you run to stop a VSX Gateway cluster?
A. vsxhastop
B. vsx cpstop
C. cpstop
D. cphastop
E. vsxstop
Correct Answer: C
QUESTION 97
Which of the following elements is NOT maintained separately by each Virtual System on a VSX Gateway?
A. Configuration parameters
B. Management database
C. Logging parameters
D. Security Policies
E. State tables
Correct Answer: B
QUESTION 98
When configuring a Warp Link, what is the IP address that appears in the topology properties of the External Virtual Router?
A. 255.255.255.255
B. Either the IP address designated as the main IP for the Virtual System to which the link connects, or its Static Network Address Translation IP address
C. Always the IP address designated as the main IP, for the Virtual System to which the link connects
D. Same as the IP address of the External Virtual Router
E. 0.0.0.0
Correct Answer: E
QUESTION 99
If a VSX Gateway is protecting multiple customer networks behind only one shared interface, the VSX Administrator must either configure __________ for source-based routing, or deploy a VLAN solution.
A. An Internal Virtual Router
B. Non-VLAN Interface Trunking
C. VSX Gateway High Availability
D. VSX Gateway Load Sharing
E. Multiple External Virtual Routers
Correct Answer: A
QUESTION 100
Consider the following scenario: A hub connects four hosts to a VLAN-Tagged port on a switch. The hosts have IP addresses ranging from 10.0.0.1 to 10.0.0.4. The switch adds a VLAN Tag of 400 to all communication passing through it. Once communication from the second host on the hub passes through the switch port on the way to its destination on the external network, how does the traffic appear in SmartView Tracker? Assume that traffic enters the Gateway on interface eth3.
A. eth3.2
B. eth3.400.2
C. eth3.400
D. eth3.2.400
E. eth3.402
Correct Answer: C
QUESTION 101
When configuring a VLAN environment for your VSX Gateway, you must associate each VLAN with an interface and an IP address. Where is each VLAN setting configured?
A. System Interfaces tab of the VSX Gateway object
B. Add/Edit Interface screen, accessed from the Topology tab of the Virtual Router object
C. System Interfaces Allocation tab of the VSX Gateway object
D. Add/Edit Interface screen, accessed from the Topology tab of the Virtual System object
E. VLAN Configuration tab of the VSX Gateway object
Correct Answer: D
QUESTION 102
When deploying a VSX Gateway managed by a SmartCenter Server, how many Certificate Authorities will the deployment have?
A. One for each Virtual System and Virtual Router configured on the VSX Gateway
B. One, shared by all components
C. Two; one for the SmartCenter Server, and one shared by all Virtual Systems and Virtual Routers
D. One for each Virtual System configured on the VSX Gateway
E. Three; one for the SmartCenter Server, one shared by all Virtual Systems, and one shared by the Virtual Routers
Correct Answer: B
QUESTION 103
Which of the following MDS types allows you to create and manage a VSX Gateway?
A. MDS Manager station
B. MDS Container station
C. MDS VSX Integrator
D. MDS MLM
E. MDS SmartCenter for VSX
Correct Answer: B
QUESTION 104
Which of the following objects allows you to configure resource settings, to limit the number of concurrent connections?
A. Internal Virtual Router
B. Virtual Systems
C. Virtual Switch
D. External Virtual Router
E. VSX Gateway
Correct Answer: B
QUESTION 105
Where within the frame header is the VLAN Tag inserted?
A. Before Destination information
B. After Type/Length information
C. Before Source information
D. Before Type/Length information
E. Either before Type/Length information or after, depending on the Canonical Format Indicator setting
Correct Answer: D
QUESTION 106
Which two segments make up a VLAN Tag, following the standard IEEE format?
A. Tag Protocol Identifier and VLAN Identifier
B. Tag Protocol Identifier and Traffic Control Information
C. Canonical Format Indicator and Traffic Control Information
D. Traffic Control Information and VLAN Identifier
E. Canonical Format Indicator and Tag Protocol Identifier
Correct Answer: B
QUESTION 107
Which of the following VSX Gateway configurations is valid?
A. A shared NIC assigned to different Virtual Systems, with the same IP addresses on different VLANs
B. A shared NIC assigned to different Virtual Systems, with different IP addresses on the same VLAN
C. A shared NIC assigned to different Virtual Systems, with the same IP addresses on the same VLAN
D. Multiple NICs assigned the same IP addresses, for each Virtual System in the configuration, but with different VLAN Tags
E. Multiple NICs assigned to different Virtual Systems in Bridge Mode, performing Hide NAT
Correct Answer: A
QUESTION 108
A VSX cluster configuration is built from which three components?
A. Management Network, Internal Communications Network, Virtual IP Addresses
B. Synchronization Network, Internal Communications Network, Virtual IP Addresses
C. Management Network, Internal Virtual Network, Virtual IP Addresses
D. Synchronization Network, Internal Network, External Network
E. Synchronization Network, Virtual Network, External Network
Correct Answer: B
QUESTION 109
Which of the following is a type of VLAN membership?
A. Time-based
B. Application-based
C. Port-based
D. Session-based
E. Protocol-based
Correct Answer: E
QUESTION 110
A Warp Link is a virtual point-to-point connection between a:
A. Virtual Router and Virtual System.
B. Virtual Router and Virtual Switch.
C. Virtual System and the management interface.
D. Virtual Router and a physical interface.
E. Virtual System and another Virtual System.
Correct Answer: A
With the products Checkpoint 156-816 for training and preparation of testing you would not only significantly reduce your fees, but pass your exam. We obtain our products from Authorities experts from test center.We give you the best path to successful completion of your exam to the real and original exam questions and answers for Checkpoint 156-816.
New VCE and PDF– If you want to pass CheckPoint 156-706 exam successfully,do not miss to test Cisco latest CheckPoint 156-706 brain dumps.All CheckPoint 156-706 the new questions and answers were timely added, visit Flydumps.com to free download VCE player and PDF files.
QUESTION 90 If a helpdesk user is logged in to webRH and you decide to remove his account, when will the user be notified?
A. Immediately, since he will be thrown off the system when his account is removed
B. When his session times out and he tries to re-authenticate
C. When he reboots his machine
D. Never, it is not possible to remove accounts from webRH
Correct Answer: B
QUESTION 91 What are the names of the Pointsec processes and services that run on a workstation after Pointsec has been installed?
A. Pointsec.exe, psadmin.exe and decrypt.exe
B. Prot_srv.exe, p95tray.exe and pstartsr.exe
C. Pssogina.exe, pointsec.exe and p95tray.exe
D. Decrypt.exe, protect.exe and pssogina.exe, pagents.exe
Correct Answer: B
QUESTION 92
How many authorized users must log in to uninstall Pointsec for PC?
A. One
B. Two
C. Three
D. Four
Correct Answer: B
QUESTION 93
What does Removable Media Manager do?
A. Manages what media can be exported to Removable Media
B. Automatically formats and encrypts devices
C. Automatically scans and digitally signs devices
D. Creates a black / white list of what devices can be used on the network
Correct Answer: D
QUESTION 94
Which application can you run to configure webRH settings post installation?
A. webRHconfig.exe
B. addtoken.exe
C. admin.exe
D. none of the above
Correct Answer: A
Flydumps.com is the absolute way to pass your CheckPoint 156-706 exam within no time. An authentic and comprehensive CheckPoint 156-706 exam solution is available at Flydumps.com. With our exclusive online CheckPoint 156-706 braindump you will pass CheckPoint 156-706 exam easily.Flydumps.com guarantees 100% success rate.