Category: Checkpoint
Flydumps ensures CheckPoint 156-706 study guide are the newest and valid enough to help you pass the test.Please visit Flydumps.com and get valid CheckPoint 156-706 PDF and VCE exam dumps with free new version.100% valid and success.
QUESTION 40 What is the name of the Service that can be used for transferring the recovery file to the network share instead of the logged on user?
A. Pointsec Service Start
B. Pointsec Transer Service
C. Pointsec Recovery Service
D. None of the Above
Correct Answer: A
QUESTION 41 When trying to remove Pointsec by force on an unencrypted machine, using “reco_img.exe”, how will you be able to access the Advanced options on the recovery media?
A. By using the ctrl + alt + delete functionality after reboot
B. By using the ctrl + F9 option during login
C. By using the F8 key when booting from recovery media
D. None of the above
Correct Answer: C
QUESTION 42 What are the options to harvest log for 3rd party tools
A. Use GET command with FTP Server script
B. Export logs from Pre Boot Environment
C. Use pslogexp.exe to export logs
D. Simply point your 3rd party tool to the Pointsec recovery path
Correct Answer: C
QUESTION 43 When your domain account password has to be changed you also want your pointsec password to be changed automatically. How can you acheive this?
A. By setting synchronize password with Windows
B. By setting synchronize password with Pointsec.
C. By using the synchronize option in Active Directory
D. None of the above
Correct Answer: A
QUESTION 44 If Single Sign On has been activated on a pointsec user where does Pointsec store the user credentials?
A. In the registry
B. In the secure local database
C. In the pointsec administration tool
D. Encrypted under %PROGRAM FILES%\Pointsec\Pointsec for PC\SSO
Correct Answer: D
QUESTION 45 If a client machine in need of a profile update has no path for update profiles set in the Pointsec Management Console. Is it possible to still update this client?
A. Yes, by placing the profile in the searchpath for its recovery files.
B. No, it is not possible to update this client
C. Yes by placing the profile in the system root directory
D. Yes, by placing the profile in %PROGRAM FILES%\Pointsec\Pointsec for PC\work
Correct Answer: D
QUESTION 46 If your machine is encrypted with Pointsec and you decide to share folders on your local hard drive. What will happen when other users try to access the shared folders over the network?
A. Nothing, they will be fully accessible
B. The users will need to provide a valid Pointsec username and password
C. Sharing is not possible is Pointsec is installed
D. The folders can only be accessed if the user also has Pointsec installed. Correct Answer: A
QUESTION 47
How can you uninstall Pointsec?
A. Add/Remove programs from control panel
B. Use the recovery file
C. Uninstallation profile
D. All of the above Correct Answer: D
QUESTION 48
What limitations should you be aware of before you install Pointsec?
A. Pointsec cannot be installed if the root directory is compressed?
B. Pointsec must be installed on the 1st bootable partition?
C. Pointsec cannot be installed to stripe/volume sets?
D. All of the above Correct Answer: D
QUESTION 49
To protect a Pointsec profile you need assign a…?
A. Dynamic Token
B. Fixed password
C. Fingerprint
D. None of the above Correct Answer: B
QUESTION 50
Which utility is used to register languages to an existing Pointsec for PC Client installation?
A. PSD.EXE
B. Pscontrol.exe
C. AddLanguage.exe
D. Addlang.cmd
Correct Answer: B
QUESTION 51 You need to uninstall/unencrypt Pointsec to image over a machine that has Pointsec already installed?
A. True
B. False Correct Answer: A
QUESTION 52
Pointsec for PC operates as a low level driver on machine’s hard drive.
A. True
B. False
Correct Answer: A
QUESTION 53 You need a network connection to change a user’s password using the default remote help application in Pointsec
A. True
B. False
Correct Answer: B
QUESTION 54 A one time login and remote password change response can be used multiple times to allow access to the machine
A. True
B. False Correct Answer: B
QUESTION 55 Any user with View Log privilege can view the central logs
A. True
B. False Correct Answer: A
QUESTION 56
Pointsec supports hibernation in Windows.
A. True
B. False
Correct Answer: A
QUESTION 57 You can search for users and computers via the Pointsec Management Console
A. True
B. False
Correct Answer: B
QUESTION 58
When deleting a user using an update profile in Pointsec, you need to specify the volumes/
partitions to be affected.
A. True
B. False
Correct Answer: B
QUESTION 59 For an organization that has high personnel turnover, tokens should be used for administrative accounts to minimize the number of updates.
A. True
B. False Correct Answer: A
QUESTION 60 Pointsec supports two factor authentication
A. True
B. False Correct Answer: A
QUESTION 61
What are the minimum requirements for Device Protector Server to be installed?
A. 512MB+ Ram / 2GB+ Hard disk space for MSSQL database storage / Windows NT / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional
B. 1Gb Ram / 4GB+ Hard disk space for MYSQL database storage / Windows NT / MS Windows NT Service Pack 7a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 3+ / MS Windows XP Home / RedHat Linux Kernel version 6.14
C. 512MB+ Ram / 2GB+ Hard disk space for MYSQL database storage / Windows 3.1 / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional
D. 2Gb+ Ram / 2GB+ Hard disk space for MSSQL database storage / Windows NT / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional
Correct Answer: A
QUESTION 62
What are the minimum requirements for Device Protector Client to be installed.
A. 1Gb Ram / 2Gb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
B. 512mb Ram / 50mb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
C. 1Gb Ram / 2Gb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
D. 512mb Ram / 50mb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Home with Service Pack 1+
Correct Answer: C
QUESTION 63
What encryption algorithm and a what strength does Device Protector’s encryption use?
A. 128 AES
B. 3DES
C. Blowfish
D. 128 / 256 AES
Correct Answer: D
QUESTION 64 How can Device Protector stop any new programs from being installed and old programs from being uninstalled?
A. By setting Removable Media Manager to prevent any application uninstallations / installations.
B. By selecting .EXE and .MSI in Trusted File Types in Program Security Guard
C. By setting Device Manager to Deny All
D. All of the above
Correct Answer: A
QUESTION 65
What does Program Security Guard do?
A. Prevents the creation / modification / deletion of specified file types
B. Prevents Removable Media devices from entering the network
C. Prevents unauthorised applications from creating banned file types
D. Both A and C
Correct Answer: D
QUESTION 66
What does Removable Media Manager do?
A. Manages what media can be exported to Removable Media
B. Automatically formats and encrypts devices
C. Automatically scans and digitally signs devices
D. Creates a black / white list of what devices can be used on the network
Correct Answer: D
QUESTION 67
What does the Device Manager do?
A. Allows you to see a list of devices which are currently used within the network
B. Replaces the Windows. Device Manager to Add / Modify devices within Windows.
C. Digitally scans all devices which are entered into the network
D. Creates a black and white list of devices which are allowed to be used within the network
Correct Answer: A
QUESTION 68
What is the Removable Media Auditor?
A. It allows you to see what information has been copied to CD/DVD
B. It creates a complete audit history of all activity which occurs on removable media
C. It allows you to see what processes have opened which files
D. All of the above Correct Answer: D
QUESTION 69
How do you “throttle” logs?
A. By adjusting the speed at which they are sent to the server
B. By specifying the most urgent logs to be sent immediately
C. By adjusting how quickly the server receives the logs
D. All of the above
Correct Answer: D
QUESTION 70 How do you setup a Removable Media policy which does not allow users to be able to Authorise their own devices but can still use Removable Media?
A. By selecting Automatic Scan with the Option to Delete Files within Removable Media Manager
B. By selecting Automatic Scan within Removable Media Manager
C. By selecting No Removable Media Scan within Removable Media Manager
D. By selecting Wizard Mode within Removable Media Manager Correct Answer: D
QUESTION 71
What is “Limbo” mode?
A. An installation of the Device Protector client where no protection is enabled
B. An encrypted usb removable media device with no owner set
C. A configured Profile Template which has not been assigned to a group
D. A user who is picking up the Default Profile Correct Answer: D
QUESTION 72
Can Program Security Guard allow software downloads from an Intranet but not from the Internet?
A. Yes
B. No
C. Maybe Correct Answer: A
QUESTION 73
What is a “Process Executable Check” within Program Security Guard?
A. It checks to see whether the file being launched is a true executable
B. It allows executables to be launched
C. It switches on Program Security Guard
D. Both A and C Correct Answer: D
QUESTION 74 What are 3 processes which Device Protector exempts by Default
A. .BAT .CMD .MP3
B. .EXE .VBS .BAT
C. .JPG .DOC .XML
D. .GIF .DLL .CPL
E. .EXE .COM .SYS Correct Answer: E
QUESTION 75
What is a Computer Profile?
A. It is a profile which is sent via a computer
B. It is a profile which was created by a computer
C. It is a profile which is applied to a computer
D. It is a profile which configures what drivers are allowed to be installed Correct Answer: C
QUESTION 76
How do Offline Profiles work?
A. By applying a profile to a user when a connection to the Device Protector server cannot be made
B. By forcing users to go offline in the event of a security breach
C. Both A and B
D. None of the above Correct Answer: A
QUESTION 77
What do the “Users” and “Computers” nodes do within Device Protector?
A. Allows you to delete users and computers from the Active Directory
B. Shows which users and computers are awaiting to download a profile
C. Shows what users and computers do not have the client agent installed
D. Show what users and computers have been added to the Device Protector database Correct Answer: D
QUESTION 78
Can Device Protector work with a Novell Server?
A. Yes
B. No
C. Maybe
D. I don’t know
Correct Answer: A QUESTION 79 Is Active Directory / Edirectory required for Device Protector to work?
A. No, as Device Protector can work within Linux
B. No, only a copy of Windows. XP Home
C. Yes, Device Protector cannot be installed without an Active Directory / Edirectory being present
D. No, but you will only be able to apply profiles to the local machine
Correct Answer: D
QUESTION 80 What would happen to the Device Protector agent, if the connection to the Device Protector Server was lost / severed?
A. The machine reboots to restore a connection
B. The client agent would reset to apply the Cached or Offline Profile
C. The user is logged out while a connection to the server is established
D. Nothing happens and the user continues to work as normal using the Caches / Offline profile
Correct Answer: D
QUESTION 81 How many Global OU′s can you have in one webRH installation
A. One
B. Two
C. Three
D. Unlimited
Correct Answer: A
QUESTION 82 How many regional/local OU′s can you have in one webRH installation
A. One
B. Two
C. Three
D. Unlimited
Correct Answer: D
QUESTION 83
What extension does a webRH profile use?
A. .ipp
B. .pmt
C. .prt
D. .upp
Correct Answer: D
QUESTION 84
What is the maximum number of users or groups can be deployed with a webRH profile?
A. 1 user and 1 group
B. It is depending on how many OU′s you have
C. No more than 50
D. Unlimited
E. 6 users and 1 group Correct Answer: E
QUESTION 85
When logging into webRH, what authentication method can and must be used?
A. User name and password
B. User name and dynamic token
C. USB token
D. Smart card Correct Answer: B
QUESTION 86
When logged into webRH, what is the only task that a help-desk user can perform?
A. Create a .rec file
B. Create updates
C. Force uninstall
D. Provide Remote Help Correct Answer: D
QUESTION 87
Which application can you run to configure webRH settings post installation?
A. webRHconfig.exe
B. addtoken.exe
C. admin.exe
D. none of the above Correct Answer: A
QUESTION 88
When you install the webRH server, how many administrator accounts do you have to create?
A. None
B. One
C. Two
D. Ten Correct Answer: C
QUESTION 89
How many times can a response be used when created with the proper challenge?
A. Four
B. Three
C. Two
D. One
Correct Answer: D
QUESTION 90 If a helpdesk user is logged in to webRH and you decide to remove his account, when will the user be notified?
A. Immediately, since he will be thrown off the system when his account is removed
B. When his session times out and he tries to re-authenticate
C. When he reboots his machine
D. Never, it is not possible to remove accounts from webRH
Correct Answer: B
CCNA Exam Certification Guide is a best-of-breed CheckPoint 156-706 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and CheckPoint 156-706 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.CheckPoint 156-706 Material is presented in a concise manner,focusing on increasing your understanding and retention of exam topics.
The 100% valid latest Checkpoint 156-815 question answers ensure you 100% pass! And now we are offering the free Checkpoint 156-815 new version along with the VCE format Checkpoint 156-815 practice test. Free download more new Checkpoint 156-815 PDF and VCE on Flydumps.com.
QUESTION 59
You work as an administrator at Certkiller .com. You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional are allowed in the Action properties. If traffic passing
through the QoS Module matches both rules, which of the following statement is true?
A. Neither rule will be allocated more than 10% of available bandwidth
B. The H.323 rulel will consume no more than 2048 Kbps of available bandwidth
C. 50% of available bandwidth will be allocated to the H.323 rule
D. 50% 01 available bandwidth will be allocated to the Default Rule
E. Each H.323 connection will receive at least 512 Kbps of bandwidth
Correct Answer: B
QUESTION 60
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security-Gateway from SmartDashboard
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the actrvation key Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC)
C. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of SmartCenter Server>-.
D. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of security Gateway>-.
E. Re-install the Security Gateway
Correct Answer: B
QUESTION 61
One of your remove Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive error message “unknown”. What is the problem?
A. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate
B. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX
C. The Internal Certfcate Authorty for the SmartCenter object has been removed from objects_5_0 c
D. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection
Correct Answer: E
QUESTION 62
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
QUESTION 63
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the
external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?
A. Internal Gateway VPN Domain = Internal_net External VPN Domain = external net + external gateway object + internal_net.
B. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = external_net + internal gateway object
C. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal_net + external_net
D. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net
Correct Answer: D
QUESTION 64
Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee
Correct Answer: A
QUESTION 65
Certkiller is the Security Administrator for Certkiller .com’s large geographically distributed network. The internet connection at one of her remote sites failed during the weekend, and the Security Gateway logged locally for over 48 hours. Certkiller is concerned that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application should Certkiller use, to view the percent of free hard-disk space on the remote Security Gateway?
A. SmartView Status
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartLSM
Correct Answer: D
QUESTION 66
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and view hidden rules Select the rule, right-click, and select Disable
B. Uninstall the Security Policy, and then disable the rule
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rule (s)”
Correct Answer: E
QUESTION 67
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queue using Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair queuing
E. guaranteed per VolP rule
Correct Answer: A
QUESTION 68
As a Security Administrator, you must configure anti-spoofing on Security Gateway interfaces, to protect your Internal networks. What is the correct anti-spoofing setting on interface ETH1 in this network diagram?
NOTE In the DMZ, mail server 192.168.16.10 is statically translated to the object “mail_valid”, with IP address 210.210.210.3. The FTP server 192.168.16.15 is statically translated to the object “flp_valid”, with IP address 210.210.210.5
A. A group object that includes the 10.10.0.0/16 and 192.168.16.0/24 networks, and mail_valid and ftp_valid host objects
B. A group object that includes the 10.10.20.0/24 and 10.10.10.0/24networks
C. A group object that includes the 10.10.0.0/16 network object, mail_valid host,and ftp_valid host object
D. A group object that includes the 192.168.16.0/24 and 10.10 0.0/16 networks
E. A group object that includes the 10.10.10.0/24 and 192.168.16.0/24networks
Correct Answer: B
QUESTION 69
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results Required Result #1: Do not purchase new hardware Required Result #2: Use configuration changes that do not reduce security Desired Result #1: Reduce the number of explicit rules in the Rule Base Desired Result #2: Reduce the volume of logs Desired Result #3: Improve the Gateway’s performance Proposed Solution: Mary recommends the following changes to the Gateway’s configuration:
1.
Replace all domain objects with network and group objects.
2.
Stop logging Domain Name over UDP (queries)
3.
Use Global Properties, instead of explicit rules, to control ICMP. VRRP, and RIP. Does Mary’s proposed solution meet the required and desired result s?
A. The solution meets the required results, and two of the desired results
B. The solution does not meet the required results
C. The solution meets all required results, and none of the desired results
D. The solution meets all required and desired results
E. The solution meets the required results, and one of the desired results
Correct Answer: A
QUESTION 70
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter
Correct Answer: B
QUESTION 71
Jacob is using a mesh VPN Community to create a site-to-site VPN. The VPN properties in this mesh Community display in this graphic Exbibit: Which of the following statements isTRUE?
A. If Jacob changes the setting,”Perform key exchange encryption with” from “3DES” to “DES”, he will enhance the VPN Community’s security and reduce encryption overhead
B. Jacob’s VPN Community will perform IKE Phase 1 key-exchanqe encryption, usinq the lonqest key VPN-1 NGX supports
C. Jacob must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES
D. If Jacob changes the setting “Perform IPsec data encryption With” from “AES-128” to “3DES”, he will increase the encryption overhead
Correct Answer: D
QUESTION 72
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for “selective sync”. The following is the fwtab -t connections – s output from both members: Is State Synchronization working properly between the two members?
A. Members A and B are synchronized, because ID for both members is identical in the connections table
B. The connections-table output is incomplete. You must run the cphaprob state command, to determine if members A and B are synchronized
C. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table
D. Members A and B are synchronized, because #SLlNKS are identical in the connections table
E. Members A and B are not synchronized, because #VALS in the connections table are not close
Correct Answer: E
QUESTION 73
Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?
A. Guarantees
B. Low Latency Oueuing
C. Differentiated Services
D. Weighted FairOueueing
E. Limits
Correct Answer: C
QUESTION 74
Your network includes ClusterXL running Multicast mode on two members, as shown in this topology
Your network is expanding, and you need to add new interfaces 10.10.10.1/24 on Member A, and
10.10.10.2/24 on Member B. The virtual lP address for interface 10.10.10.0/24 is 10.10.10.3.What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.
3.
Update the technology in the cluster object for the cluster and both members.
4.
Install the Security Policy.
B. 1. Disable “Cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.
3.
Reenable “Cluster membership” on the Gateway.
4.
Perform the same step on the other Gateway.
5.
Update the topology in the cluster object for the cluster and members.
6.
Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run spstart on the member. Repeat the same steps on another member.
3.
Update the new topology in the cluster object for the cluster and members.
4.
Install the Security Policy.
D. 1, Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster on both membes.
3.
Install the Security Policy.
Correct Answer: C
QUESTION 75
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object Reinstall the Security Policy
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig
D. Change the cluster mode to Unicast on the cluster-member object
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address
Correct Answer: A
QUESTION 76
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway
Correct Answer: B
QUESTION 77
You have locked yourself out of SmartDashboard With the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartDashboard. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server
B. Run fw unlocklocal on the SmartCenter Server
C. Run fw unloadlocal on the Security Gateway
D. Delete the $fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway
Correct Answer: C
QUESTION 78
By default, a standby SmartCenter Server is automatically synchronized by an active SmartCenter Server, when:
A. The Security Policy is installed
B. The Security Policy is saved
C. The user database is installed
D. The Security Administrator logs in to the standby SmartCenter Server, for the first time
E. The standby SmartCenter Server starts for the first time
Correct Answer: A
QUESTION 79
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule
Correct Answer: A
QUESTION 80
Your VPN Community includes three Security Gateways. Each Gateway has its own intemal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, Without stopping the VPN. What is the correct order of steps?
A. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
B. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface
C. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
D. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface
Correct Answer: B
QUESTION 81
Barak is a security administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that few office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the internal Certificate Authority(ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?
A. 1,2,5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1,2,3,4
Correct Answer: C
QUESTION 82
Certkiller is recently hired as the Security Administrator for Certkiller .com. Jack Bill’s manager has asked
her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Certkiller
must propose a plan based on the following required and desired results:
Required Result #1: Do not purchase new hardware. Required Result #2: Use configuration changes the
do not reduce security. Desired Result #1: Reduce the number of explicit rules in the Rule Base.
Desired Result #2: Reduce the volume of logs.
Desired Result #3: Improve the Gateway’s performance.
Proposed solution:
*
Replace all domain objects with network and group objects.
*
Check “Log implied rules” and “Accept ICMP requests” in Global Properties.
*
Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP. Does Certkiller’s proposed solution meet the required and desired results?
A.
The solution meets all required and desired results.
B.
The solution meets all required, and one of the desired results.
C.
The solution meets all required, and two of the desired results.
D.
The solution meets all required, and none of the desired results.
E.
The solution does not meet the required results.
Correct Answer: E
QUESTION 83
After installing VPN-1 Pro NGX R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?
A. The NIC is faulty. Replace it and reinstall
B. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the WebUI
C. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA)
D. Make sure the driver for your particular NIC is available and reinstall. You will be prompted for the driver
Correct Answer: B
QUESTION 84
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?
A. IKE Key Exchange
B. TCP keep alive
C. ICMP Port Unreachable
D. UDP keep alive
Correct Answer: D QUESTION 85
Which SmartConsole component can administrators use to track remote administrative activities?
A. Eventia Reporter
B. SmartView Monitor
C. SmartView Tracker
D. The WebUI
Correct Answer: D QUESTION 86
We provide Checkpoint 156-815 help and information on a wide range of issues. Checkpoint 156-815 is professional and confidential and your issues will be replied within 12 hous. Checkpoint 156-815 free to send us any questions and we always try our best to keeping our Customers Satisfied.
Exam A
QUESTION 1
You have two Nokia Appliances one IP530 and one IP380. Both Appliances have IPSO 39 and VPN-1 Pro NGX installed in a distributed deployment Can they be members of a gateway cluster?
A. No, because the Gateway versions must not be the same on both security gateways
B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version
C. No, because members of a security gateway cluster must be installed as stand-alone deployments
D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version or not
E. No, because the appliances must be of the same model (Both should be IP530orIP380.)
Correct Answer: B
QUESTION 2
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
A. Internal_clear>- All_GwToGw
B. Communities >- Communities
C. Internal_clear>- External_Clear
D. Internal_clear>- Communitis
E. Internal_clear>-All_communitis
Correct Answer: E
QUESTION 3
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit.
After being authenticated by the Security Gateway when a user starts an HTTP connection to a Web site
the user tries to FTP to another site using the command line. What happens to the user?
The….
A. FTP session is dropprd by the implicit Cleanup Rule.
B. User is prompted from the FTP site only, and does not need to enter username nad password for the Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.
Correct Answer: B
QUESTION 4
After being authenticated by the Security Gateway, When a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:
A. FTP session is dropped by the implicit Cleanup Rule
B. user is prompted from that FTP site on~, and does not need to enter username and password for Client Authentication
C. FTP connection is dropped by rule2
D. FTP data connection is dropped, after the user is authenticated successfully
E. User is prompted for authentication by the Security Gateway aqain
Correct Answer: B
QUESTION 5
You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlalform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VPN-1 and FireWall-1
C. SecurePlalform NGX R60
D. SVN Foundation
E. VPN-1 ProfExpress NGX R60
Correct Answer: C
QUESTION 6
What is the command to see the licenses of the Security Gateway Certkiller from your SmartCenter Server?
A. print Certkiller
B. fw licprint Certkiller
C. fw tab -t fwlic Certkiller
D. cplic print Certkiller
E. fw lic print Certkiller
Correct Answer: D
QUESTION 7
You set up a mesh VPN Community, so your internal network can access your partners network, and vice versa . Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All traffic among your internal and partner networks is sent in clear text. How do you configure VPN Community?
A. Disable ‘accept all encrypted traffic’, and put FTP and http in the Excluded services in the Community object Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field
B. Disable “accept all encrypted traffic” in the Community, and add FTP and http services to the Security Policy, with that Community object in the VPN field
C. Enable “accept all encrypted traffic”, but put FTP and http in the Excluded services in the Community. Add a rule in the Security Policy with services FTP and http, and the Community object in theVPN field
D. Put FTP and http in the Excluded services in the Community object Then add a rule in the Security Policy to allow any as the service, with the Community object in the VPN field
Correct Answer: B
QUESTION 8
Ophelia is the security Administrator for a shipping company. Her company uses a custom application to update the distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateways Rule Base includes a rule to accept this traffic. Ophelia needs to be notified, via atext message to her cellular phone, whenever traffic is accepted on this rule. Which of the following options is MOST appropriate for Ophelia’s requirement?
A. User-defined alert script
B. Logging implied rules
C. SmartViewMonitor
D. Pop-up API
E. SNMP trap
Correct Answer: A QUESTION 9
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?
A. No QoS rule exists to match the rejected traffic
B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers
E. The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself
Correct Answer: B
QUESTION 10
Choose the BEST sequence for configuring user management on Smart Dash board, for use with an LDAP server
A. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit
B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties
C. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object
E. Configure a server object for the LDAP Account Unit, and create an LDAP resource object
Correct Answer: A
Exam A
QUESTION 1
Which of the following can function as a Management Server for a VSX Gateway?
A. Check Point Integrity
B. SiteManager-1 NGX: Multi-Domain Server
C. Security Management Portal
D. VPN-1/FireWall-1 Small Office
E. Provider-1 NGX: Multi-Domain Server
Correct Answer: E
QUESTION 2
You are configuring source-based routing in a VSX Gateway deployment with both External and Internal Virtual Routers. Which of the following functions cannot be configured for the Virtual Systems?
A. Virtual System clustering
B. Anti-spoofing measures
C. Network Address Translation
D. Remote access VPNs
E. Intranet VPNs
Correct Answer: B
QUESTION 3
During MDS installation, you must configure at least one VSX Administrator. After creating the Administrator, you are prompted to perform which task?
A. Grant VSX-specific privileges to the Administrator
B. Assign the Administrator to manage a specific Virtual System
C. Add the Administrator to a group
D. Assign the Administrator to manage a specific interface on the VSX Gateway
E. Assign the Administrator to manage a specific CMA
Correct Answer: C
QUESTION 4
In a VSX Gateway cluster, which of the following objects are available by default as installation targets for the Management Virtual System?
A. Individual Management Virtual Systems (MVS) for each cluster member
B. MVS cluster object
C. Individual External Virtual Routers for each cluster member
D. Virtual Switch cluster object
E. Individual Virtual Switch Members
Correct Answer: B
QUESTION 5
Which of the following MDS types allows you to create and manage a VSX Gateway?
A. MDS CLM
B. MDS Manager station
C. MDS VSX Integrator
D. MDS MLM
E. MDS Manager + Container station
Correct Answer: E
QUESTION 6
What are the two levels of VSX Gateway clustering?
A. INSPECT and database level
B. Database and VSX Gateway levels
C. Virtual device and database levels
D. INSPECT and configuration levels
E. Virtual device and VSX Gateway levels
Correct Answer: E
QUESTION 7
When deploying a VSX Gateway managed by a SmartCenter Server, which of the following statements is TRUE?
A. VSX Administrators can configure different domains for each Virtual System.
B. Multiple Administrators can simultaneously connect to the same database, to manage multiple Customers.
C. All Customer objects, rules, and users are shared in a single database.
D. Each Virtual System has its own unique Certificate Authority.
E. VSX superuser Administrators can configure granular permissions for each Customer Administrator.
Correct Answer: C
QUESTION 8
What is the difference between Single-Context and Multi-Context processes?
A. Single-Context processes are implemented in standard firewall deployments, while only Multi-Context processes are implemented in VSX Gateway deployments.
B. Single-Context processes are shared between VSX Gateways in an HA configuration, while Multi-Context processes are shared between VSX Gateways in a Load Sharing environment.
C. Single-Context processes are ones in which all Virtual Systems share, while Multi-Context processes are unique to each Virtual System.
D. Single-Context processes are implemented in a single VSX Gateway environment, while Multi-Context processes are only implemented in VSX Gateway High Availability (HA).
E. Single-Context processes are unique to each Virtual System on a Gateway, while Multi-Context processes are ones in which all Virtual Systems share.
Correct Answer: E
QUESTION 9
A Warp Link is a virtual point-to-point connection between a:
A. Virtual Router and Virtual System.
B. Virtual Router and Virtual Switch.
C. Virtual System and the management interface.
D. Virtual Router and a physical interface.
E. Virtual System and another Virtual System.
Correct Answer: A
QUESTION 10
Which of the following statements is true concerning the default Security Policy of the External Virtual Router?
A. The External Virtual Router automatically performs Hide NAT behind its external interface for all Virtual Systems connected to it.
B. The default Policy of the External Virtual Router denies all traffic going to or coming from it.
C. The default policy of the External Virtual Router cannot be changed.
D. All traffic coming from networks protected by a VSX Gateway is accepted. All other traffic is dropped.
E. The External Virtual Router always enforces the same Policy as the Management Virtual System.
Correct Answer: B
Exam A
QUESTION 1
VSX clusters are defined at two levels:
A. VSX cluster and physical device
B. VSX cluster and virtual device
C. VSX Gateway and physical device
D. VSX cluster and VSX Gateway
E. VSX Gateway and Virtual device
Correct Answer: E
QUESTION 2
What is the term used to describe a port or interface that shares traffic from more than one VLAN?
A. VLAN riding
B. VLAN trunking
C. Frame-Strata enabled
D. Comprehensive Layer-2 label support
E. Comprehensive VLAN Tag support
Correct Answer: B
QUESTION 3
TRUE or FALSE. A Virtual System in Bridge Mode can enforce anti-spoofing definitions.
A. False, anti-spoofing can’t be configured for Virtual systems in Bridge Mode
B. True, as long as the Virtual System has more than two interfaces defined
C. True, anti-spoofing must be manually defined in bridge mode
D. True, as long as Network Address Translation is performed
E. True, anti-spoofing measures are defined automatically is Bridge mode
Correct Answer: C
QUESTION 4
The ____________ interface is configured in a VLAN environment, to allow multiple Virtual systems to share a single physical interface on a VSX Gateway.
A. Synchronization
B. Warp
C. Symbolic
D. Virtual
E. Physical
Correct Answer: D
QUESTION 5
At installation, the __________ is bound to all configured physical interfaces of a VSX Gateway, UNLESS the interfaces are specifically assigned to another component.
A. VSX Management Server
B. Synchronization Network
C. Internal Virtual Router
D. External Virtual Router
E. Management Virtual System
Correct Answer: E
QUESTION 6
The provisioning and network configuration channel does NOT:
A. Create Virtual Systems and Virtual Routers on a Gateway
B. Install Administrator defined Security Policies
C. Install a default Security Policy blocking all traffic
D. Create a SCI Certificate for new objects and transfer the Certificate to an object on the VSX Gateway
E. Configure interface and routing information on the Gateway
Correct Answer: B
QUESTION 7
Which of the following is a type of VLAN membership?
A. Port-based
B. Time-based
C. Session-based
D. Protocol-based
E. Application-based
Correct Answer: D
QUESTION 8
Which of the following is NOT a type of physical interface seen in a VSX Gateway?
A. Dedicated management
B. Synchronization
C. External
D. Internal
E. Warp
Correct Answer: E
QUESTION 9
A Virtual System in Bridge Mode is a Virtual System that implements:
A. Dynamic IP Routing
B. Network Address Translation
C. IP Routing
D. Native Layer-2 Communications
E. VLAN Tagging
Correct Answer: D
QUESTION 10
Which of the following virtual devices will NOT fail over, if its interface fails in a VSX High Availability configuration?
A. Management Virtual System Interfaces
B. External Virtual Router
C. Virtual Switch
D. Virtual System with VLAN Interfaces
E. Virtual System with dedicated interfaces
Correct Answer: C QUESTION 11
The _____________ interface is configured in a VLAN environment, to allow multiple Virtual Systems to share a single physical interface on a VSX Gateway.
A. Synchronization
B. Symbolic
C. Warp
D. Physical
E. Virtual
Correct Answer: E