ATTENTION: Get your CheckPoint 156-315 certification easily with,Flydumps latest CheckPoint 156-315 exam dumps. All the up-to-date questions and answers were added to the new version.Go to the site Flydumps.com to get more CheckPoint 156-315 exam
information.
QUESTION 61
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. Guaranteed per connection
D. Weighted Fair Queuing
E. Guaranteed per VoIP rule
Correct Answer: A
QUESTION 62
Certkiller is a Security Administrator preparing to implement a VPN solution for her multi-site organization
Certkiller.com. To comply with industry regulations,
Mrs. Bill VPN solution must meet the following requirements:
*
Portability: standard
*
Key management: Automatic, external PKI
*
Session keys: Changed at configured times during a connection’s lifetime
*
key length: No less than 128-bit
*
Data integrity: Secure against inversion and brute-force attacks
What is the most appropriate setting Jack should choose?
A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 ash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash
Correct Answer: D
QUESTION 63
Your current VPN-1 NG Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies. How do you request a new license for this VPN-1 NGX upgrade?
A. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP addres. Request a new local license for the NGX VPN-1 Pro Gateway.
B. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP addres. Request a new central license for the NGX VPN-1 Pro Gateway.
C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
D. Request a VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway, licenses for the existing SmartCenter Server IP address.
Correct Answer: C
QUESTION 64
Certkiller is a Security Administrator for Certkiller.com. Certkiller.com has two sites using pre-shared secrets in its VPN. The two sites are Boston and New York. Jack has just been informed that a new office is opening in Houston, and she must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the New York Security Gateway. Mrs. Bill decides to switch from a pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Houston gateway object with the proper VPN domain, what are Certkiller’s remaining steps?
1.
Disable “Pre-shared Secret” on the Boston and New York gateway objects.
2.
Add the Houston gateway object into the New York and Boston’s mesh VPN Community.
3.
Manually generate ICA Certificates for all three Security Gateways.
4.
Configure “Traditional mode VPN configuration” in the Houston gateway object’s VPN screen.
5.
Reinstall the Security Policy on all three Security Gateways
A. 1-2-5
B. 1-3-4-5
C. 1-2-3-5
D. 1-2-4-5
E. 1-2-3-4
Correct Answer: C QUESTION 65
Which component functions as the Internal Cerrificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway
Correct Answer: B
QUESTION 66
Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?
A. FTP
B. SMTP
C. Telnet
D. HTTP
E. rlogin
Correct Answer: B
QUESTION 67
Certkiller.com has two headquarters, one in Los Angeles and one in Mumbai. Each headquarter includes several branch offices. The branch office only need to communicate with the headquarter in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN communities among the branch offices and their headquarters, and between the two headquarters? VNP communities comprised of:
A. Two star and one mesh community; each start Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between Mumbai and Los Angeles headquarters.
B. Three mesh Communities: one for Los Angeles and its branches, one for Mumbai headquarters and its branches, and one for Los Angeles and Mumbai headquarters.
C. Two mesh Communities, one for each headquarters; and one start Community, in which Los Angeles is the center of the Community and Mumbai is the satellite.
D. Two mesh Communities, one for each headquarters; and one start Community, in which Mumbai is the center of the Community and Los Angeles is the satellite.
Correct Answer: A
QUESTION 68
Certkiller wants to protect internal users from malicious Java code, but Jack does not want to strop Java
scripts.
Which is the best configuration option?
A. Use the URI resource to block Java code
B. Use CVP in the URI resource to block Java code
C. Use the URI resource to strop ActiveX tags
D. Use the URI resource to strop applet tags
E. Use the URI resource to strop script tags
Correct Answer: A
QUESTION 69
You want to block corporate-internal-net and localnet from accessing Web sites containing inappropriate content. You are using WebTrends for URL filtering. You have disabled VPN-1 Control connections in the Global properties. Review the diagram and the Security Policies for Certkiller 1 and Certkiller 2 in the exhibit provided. Corporate users and localnet users receive message “Web cannot be displayed”. In SmartView Tracker, you see the connections are dropped with the message “content security is not reachable”. What is the problem, and how do you fix it?
A. The connection from Certkiller 2 to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in Certkiller 1’s Policy to allow source WebTrendsServer, destination Certkiller 2, service TCP port 18182, and action accept.
B. The connection from Certkiller 2 to the WebTrends server is not allowed in the Policy. Fix: Add a rule in Certkiller 2’s Policy with Source Certkiller 2, destination WebTrends server, service TCP port 18182, and action accept.
C. The connection from Certkiller 1 to the internal WebTrends server is not allowed in the Policy Fix: Add a rule in Certkiller 2’s Policy with source WebTrendsServer, destination Certkiller 1, service TCP port 18182, and action accept.
D. The connection from Certkiller 1 to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in Certkiller 2’s Policy with source Certkiller 1, destination WebTrends server, service TCP port 18182, and action accept.
E. The connection from Certkiller 1 to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in Certkiller 1’s Policy to allow source Certkiller 1, destination WebTrends server, service TCP port 18182, and action accept.
Correct Answer:
QUESTION 70
Which service type does NOT invoke a Security Server?
A. HTTP
B. FTP
C. Telnet
D. CIFS
E. SMTP
Correct Answer: D
QUESTION 71
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit.
After being authenticated by the Security Gateway when a user starts an HTTP connection to a Web site the user tries to FTP to another site using the command line. What happens to the user? The….
A. FTP session is dropprd by the implicit Cleanup Rule.
B. User is prompted from the FTP site only, and does not need to enter username and password for the Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.
Correct Answer: B
QUESTION 72
What is the command to see the licenses of the Security Gateway Certkiller from your SmartCenter Server?
A. print Certkiller
B. fw licprint Certkiller
C. fw tab -t fwlic Certkiller
D. cplic print Certkiller
E. fw lic print Certkiller
Correct Answer: D
QUESTION 73
Ophelia is the security Administrator for a shipping company. Her company uses a custom application to update the distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateways Rule Base includes a rule to accept this traffic. Ophelia needs to be notified, via atext message to her cellular phone, whenever traffic is accepted on this rule. Which of the following options is MOST appropriate for Ophelia’s requirement?
A. User-defined alert script
B. Logging implied rules
C. SmartViewMonitor
D. Pop-up API
E. SNMP trap
Correct Answer: A
QUESTION 74
Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server:
A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application.
B. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
E. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
Correct Answer: A
QUESTION 75
Which of the following is the final step in an NGXbackup?
A. Test restoration in a non-production environment, using the upgradeimport command
B. Move the *.tgz file to another location
C. Run the upgradeexport command
D. Copy the conf directory to another location
E. Run the cpstop command
Correct Answer: B
Preparing CheckPoint 156-315 exam is not difficult now.You can prepare from CheckPoint 156-315 Certification or Microsoft 70-576 dumps.Here we have mentioned some sample questions.You can use our CheckPoint 156-315 study material notes for test preparation. Latest CheckPoint 156-815 study material available.