Download Free VCE Files: CCNA, A+ Certification, MCSE – Cert4sure Checkpoint,CheckPoint Certification CheckPoint 156-315 VCE Files, The Most Recommended CheckPoint 156-315 Dumps PDF Online Store

CheckPoint 156-315 VCE Files, The Most Recommended CheckPoint 156-315 Dumps PDF Online Store

Welcome to download the newest Pass4itsure c2180-374 VCE dumps: http://www.pass4itsure.com/C2180-374.html

Flydumps is the best place for preparing IT Certifications as we are providing latest and guaranteed questions for all certifications. We offer you the ultimate preparation resource of CheckPoint 156-315 exam question. Wondering what could be this effective? It is our training material which serves as a guide to achieving your dream as a certified professional.

QUESTION 98
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter

Correct Answer: B
QUESTION 99
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object Reinstall the Security Policy
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig
D. Change the cluster mode to Unicast on the cluster-member object
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address

Correct Answer: A
QUESTION 100
You have two Nokia Appliances: one IP530 and on IP380. Both appliances have IPSO 3.9 and VPN-1 Pro NGX installed in a distributed deployment. Can they be members of a gateway cluster?
A. No, because the Gateway versions must be the same on both security gateways.
B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version
C. No, because members of a security gateway cluster must be in installed as stand-alone deployments.
D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version or not.
E. No, because the appliances must be of the same model (Both should be IP530 or IP380).
Correct Answer: B
QUESTION 101
Which Security Server can perform authentication tasks, but CANNOT perform content security tasks?
A. Telnet
B. HTTP
C. rlogin
D. FTP
E. SMTP

Correct Answer: AC
QUESTION 102
Which operating system is NOT supported by VPN-1 SecureClient?
A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 8.0
E. MacOS X

Correct Answer: A
QUESTION 103
Problems sometimes occur when distributing IPSec packets to a few machines in a Load Sharing Multicast mode cluster, even though the machines have the same source and destination IP addresses. What is the best Load Sharing method for preventing this type of problem?
A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces (SPI)
B. Load Sharing based on SPIs only.
C. Load Sharing based on IP addresses only
D. Load Sharing based on SPIs and ports only
E. Load Sharing based on IP addresses and ports

Correct Answer: C
QUESTION 104
Your primary SmartCenter Server is installed on a SecrePlatform Pro machine, which is also a VPN-1 Pro Gateway. You want to implement Management High Availability (HA). You have a spare machine to configure as the secondary SmartCenter Server. How do you configure the new machine to be the standby SmartCenter Server, without making any changes to the existing primary SmartCenter Server? (changes can include uninstalling and reinstalling)
A. You cannot configure Mangement HA, when either the primary or secondary SmartCenter Server is running on a VPN-1 Pro Gateway.
B. The new machine cannot be installed as the Internal Certificate Authority on its own.
C. The secondary Server cannot be installed on a SecurePlatform Pro machine alone.
D. Install the secondary Server on a spare machine. Add the new machine to the same network as the primary Server.
Correct Answer: A
QUESTION 105
VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?
A. H.323
B. SIP
C. MEGACO
D. SCCP
E. MGCP
Correct Answer: C
QUESTION 106
Certkiller is a Security Administrator preparing to implement a VPN solution for her multi-site organization Certkiller .com. To comply with industry regulations, Mrs. Bill VPN solution must meet the following requirements:
*
Portability: standard

*
Key management: Automatic, external PKI

*
Session keys: Changed at configured times during a connection’s lifetime

*
key length: No less than 128-bit

*
Data integrity: Secure against inversion and brute-force attacks
What is the most appropriate setting Jack should choose?
A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 ash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash
Correct Answer: D
QUESTION 107
Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?
A. FTP
B. SMTP
C. Telnet
D. HTTP
E. rlogin
Correct Answer: B Exam B
QUESTION 1
You work a network administrator for Certkiller .com. You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional connections are allowed in the Action properties. If traffic passing through the QoS Module matches both rules, which of the following is true?
A. Neither rule will be allocated more than 10% of available bandwidth.
B. The H.323 rule will consume no more than 2048 Kbps of available bandwidth.
C. 50% of available bandwidth will be allocated to the H.323 rule.
D. 50% of available bandwidth will be allocated to the Default Rule
E. Each H.323 connection will receive at least 512 Kbps of bandwidth.
Correct Answer: B
QUESTION 2
Certkiller .com has many VPN-1 Edge gateways at various branch offices, to allow VPN-1 SecureClient users to access Certkiller .com resources. For security reasons, Certkiller .com’s Secure policy requires all Internet traffic initiated behind the VPN-1 Edge gateways first be inspected by your headquarters’ VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To the Internet an other targets only
B. To the center and other satellites, through the center
C. To the center only
D. To the center, or through the center to other satellites, then to the Internet and other VPN targets
Correct Answer: D
QUESTION 3
You are preparing to configure your VoIP Domain Gatekeeper object. Which two other object should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed.
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed.
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed.
Correct Answer: C

QUESTION 4
Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?
A. Guarantees
B. Differentiated Services
C. Limits
D. Weighted Fair Queuing
E. Low Latency Queing
Correct Answer: D
QUESTION 5
Which operating system is NOT supported by VPN-1 SecureClient?
A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 8.0
E. MacOS X
Correct Answer: A
QUESTION 6
You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate.Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VNP-1 and FireWall-1
C. SecurePlatform NGX R60
D. SVN Founation
E. VPN-1 Pro/Express NGX R60
Correct Answer: C
QUESTION 7
Exhibit:

The exhibit displays the cphaprob state command output from a New Mode High Availability cluster member. Which machine has the highest priority?
A. 192.168.1.2, since its number is 2.
B. 192.168.1.1, because its number is 1.
C. This output does not indicate which machine has the highest priority.
D. 192.168.1.2, because its stats is active
Correct Answer: B QUESTION 8
Exhibit: Certkiller tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Certkiller sees the screen displayed in the exhibit. What is the problem?

A. Jack must enable directional_match(true) in the object_5_0.c file on SmartCenter server.
B. Jack must enable Advanced Routing on each Security Gateway
C. Jack must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Jack must enable a dynamic-routing protocol, such as OSPF, on the Gateways.
E. Jack must enable VPN Directional Match on the gateway object’s VPN tab.

Correct Answer: C
QUESTION 9
Where can a Security Administator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule.
Correct Answer: A
QUESTION 10
Certkiller is the Security Administrator for Certkiller .com. Certkiller .com FTP servers have old hardware and software. Certain FTP commands cause the FTP servers to malfunction. Upgrading the FTP Servers is not an option this time. Which of the following options will allow Certkiller to control which FTP commands pass through the Security Gateway protecting the FTP servers?
A. Global Properties->Security Server ->Security Server->Allowed FTP Commands
B. SmartDefense->Application Intelligence->FTP Security Server
C. Rule Base->Action Field->Properties
D. Web Intelligence->Application Layer->FTP Settings
E. FTP Service Object->Advanced->Blocked FTP Commands
Correct Answer: B
QUESTION 11
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
A. internal_clear>All-GwToGw
B. Communities>Communities
C. Internal_clear>External_Clear
D. Internal_clear>Communities
E. Internal_clear>All_communities
Correct Answer: E
QUESTION 12
You receive an alert indicating a suspicious FTP connection is trying to connect to one of your internal hosts. How do you block the connection in real time and verify the connection is successfully blocked?
A. Highlight the suspicious connection in SmartView Tracker>Active mode. Block the connection using Tools>Block Intruder menu. Use the active mode to confirm that the suspicious connection does not reappear.
B. Highlight the suspicious connection in SmartView Tracker>Log mode. Block the connection using Tools>Block Intruder menu. Use the Log mode to confirm that the suspicious connection does not reappear.
C. Highlight the suspicious connection in SmartView Tracker>Active mode. Block the connection using Tools>Block Intruder menu. Use the active mode to confirm that the suspicious connection is dropped.
D. Highlight the suspicious connection in SmartView Tracker>Log mode. Block the connection using Tools>Block Intruder menu. Use the Log mode to confirm that the suspicious connection is dropped.
Correct Answer: C
QUESTION 13
Exhibit: Certkiller is using a mesh VPN Community to create a site-to-site VPN. The VPN properties in this mesh Community is displayed in the exhibit. Which of the following statements are true?

A. If Jack changes the settings, “Perform key exchange encryption with” from “3DES” to “DES”, she will enhance the VPN Community’s security and reduce encryption overhead.
B. Mrs Bill must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES.
C. If Certkiller changes the setting “Perform IPSec data encryption with” from “AES-128” to “3DES”, Jack will increase the encryption overhead.
D. Her VPN Community will perform IKE Phase 1 key-exchange encryption, using the longest key VPN-1 NGX supports.
Correct Answer: C
QUESTION 14
Exhibit: You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the configurations displayed in the exhibit. Are these machines correctly configured for a ClusterXL deployment?

A. Yes, these machines are configured correctly for a ClusterXL deployment.
B. No, QuadCards are not supported with ClusterXL.
C. No, all machines in a cluster must be running on the same OS.
D. No, al cluster must have an even number of machines.
E. No, ClusterXL is not supported on Red Hat Linux.
Correct Answer: C
QUESTION 15
You want only RAS signals to pass through H.323 Gatekeeper and other H.323 protocols, passing directly between end points. Which routing mode in the VoIP Domain Gatekeeper do you select?
A. Direct
B. Direct and Call Setup
C. Call Setup
D. Call Setup and Call Control
Correct Answer: A
QUESTION 16
Certkiller is concerned that a denial-of-service (DoS) attack may affect her VPN Communities. She decides to implement IKE DoS protection. Jack needs to minimize the performance impact of implementing this new protectdion. Which of the following configurations is MOST appropriate for Mrs. Bill?
A. Set Support IKE DoS protection from identified source to “Puzzles”, and Support IKE DoS protection from unidentified source to “Stateless”
B. Set Support IKE DoS protection from identified source, and Support IKE DoS protection from unidentified soruce to “Puzzles”
C. Set Support IKE DoS protection from identified source to “Stateless”, and Support IKE DoS protection from unidentified source to “Puzzles”.
D. Set Support IKE DoS protection from identified source, and “Support IKE DoS protection” from unidentified source to “Stateless”.
E. Set Support IKE DoS protection from identified source to “Stateless”, and Support IKE DoS protection from unidentified source to “None”.
Correct Answer: D
QUESTION 17
You have a production implementation of Management High Availability, at Version VPN-1 NG with application Intelligence R55. You must upgrade two SmartCenter Servers to VPN-1. What is the correct procedure?
A. 1. Synchronize the two SmartCenter Servers
2.
Upgrade the secondary SmartCenter Server.

3.
Upgrade the primary SmartCenter Server.

4.
Configure both SmartCenter Server host objects version to VPN-1 NGX

5.
Synchronize the Servers again.
B. 1. Synchronize the two SmartCenter Servers 2. Perform an advanced upgrade the primary SmartCenter Server.
3.
Upgrade the secondary SmartCenter Server.

4.
Configure both SmartCenter Server host objects to version VPN-1 NGX.

5.
Synchronize the Servers again
C. 1. Perform an advanced upgrade on the primary SmartCenter Server.
2.
Configure the primary SmartCenter Server host object to version VPN.1 NGX.

3.
Synchronize the primary with the secondary SmartCenter Server.

4.
Upgrade the secondary SmartCenter Server.

5.
Configure the secondary SmartCenter Server host object to version VPN-1 NGX.

6.
Synchronize the Servers again.
D. 1. Synchronize the two SmartCenter Servers.
2.
Perform an advanced upgrade on the primary SmartCenter Server.

3.
Configure the primary SmartCenter Server host object to version VPN-1 NGX.

4.
Synchronize the two servers again.

5.
Upgrade the secondary SmartCenter Server.

6.
Configure the secondary SmartCenter Server host object to version VPN-1 NGX.

7.
Synchronize the Servers again.
Correct Answer: A
QUESTION 18
In a distributed VPN-1 Pro NGX environment, where is the Internal Certificate Authority (ICA) installed?
A. On the Security Gateway
B. Certificate Manager Server
C. On the Policy Server
D. On the Smart View Monitor
E. On the primary SmartCenter Server
Correct Answer: E
QUESTION 19
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access, after the next Phase 2 exchange occurs?
A. Phase 3 Key Revocation
B. Perfect Forward Secrecy
C. MD5 Hash Completion
D. SH1 Hash Completion
E. DES Key Reset
Correct Answer: B
QUESTION 20
You set up a mesh VPN community, so your internal networks can access your partner’s network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All other traffic among your internal and partner networks is sent in clear text. How do you configure the VPN community?
A. Disable “accept all encrypted traffic”, and put FTP and HTTP in the Excluded services in the Community object. Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field.
B. Disable “accept all encrypted traffic” in the Community, and add FTP and HTTP services to the Security Policy, with that Community object in the VPN field.
C. Enable “accept all encrypted traffic”, but put FTP and HTTP in the Excluded services in the Community. Add a rule in the Security Policy, with services FTP and http, and the Community object in the VPN field.
D. Put FTP and HTTP in the Excluded services in the Community object. Then add a rule in the Security Policy to allow Any as the service with the Community object in the VPN field.
Correct Answer: B
QUESTION 21
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
B. Restart Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
C. Run cpstop and cpstart, to re-enable High Availability on both projects. Select Pivot mode in cpconfig.
D. Change the cluster mode to Unicast on the cluster-member object.
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address.
Correct Answer: A
QUESTION 22
Certkiller is notified by blacklist.org that her site has been reported as a spam relay, due to her SMTP server being unprotected. Mrs. Bill decides to implement an SMTP Security Server, to prevent the server from being a spam relay. Which of the following is the most efficient configuration method?
A. Configure the SMTP Security Server to perform MX resolving.
B. Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.
C. Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
D. Configure the SMTP Security Server to apply a generic “from” address to all outgoing mail.
E. Configure the SMTP Security Server to allow only mail to or from names, within Jack’s corporate domain.
Correct Answer: E
QUESTION 23
You have an internal FTP server, and you allow downloading, but not uploading.
Assume Network Address Translation is set up correctly, and you want to add an inbound rule with:

Source: Any
Destination: FTP Server
Service: an FTP resource object.

How do you configure the FTP resource object and the action column in the rule to achieve this goal?
A. Enable only the “Get” method in the FTP Resource Properties, and use this method in the rule, with action accept.
B. Enable only the “Get” method in the FTP Resource Properties, and use it in the rule, with action drop.
C. Enable both “Put” and “Get” methods in the FTP Resource Properties and use them in the rule, with action drop.
D. Disable “Get” and “Put” methods in the FTP Resource Properties and use it in the rule, with action accept.
E. Enable only the “Put” method in the FTP Resource Properties and use it in the rule, with action accept.
Correct Answer: A
QUESTION 24
If you check the box “Use Aggressive Mode”, in the IKE properties dialog box:
A. The standard three-packet IKE Phase 1 exchange is replaced by a six-packet exchange.
B. The standard six-packet IKE Phase 2 exchange is replaced by a three-packet exchange.
C. The standard three-packet IKE Phase 2 exchange is replaced by a six-packet exchange.
D. The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange.
E. The standard six-packet IKE Phase 1 exchange is replaced by a twleve-packet exchange.
Correct Answer: D
QUESTION 25
Which of the following commands shows full synchronization status?
A. cphaprob -i list
B. chpastop
C. fw ctl pstat
D. cphaprob -a if
E. fw hastat
Correct Answer: C
QUESTION 26
Which VPN community object is used to configure VPN routing within the SmartDashboard?
A. star
B. mesh
C. Remote access
D. Map
Correct Answer: A
QUESTION 27
The following rule contains an FTP resource object in the Service field:
Source: local_net Destination: Any Service: FTP-resource object Action: Accept
How do you define the FTP Resource Properties>Match tab to prevent internal users from sending corporate files to external FTP servers, while allowing users to retrieve files?
A. Enable the “Get” method on the match tab.
B. Disable “Get” and “Put” methods on the Match tab.
C. Enable the “Put” and “Get” methods.
D. Enable the “Put” method only on the match tab.
E. Disable the “Put” method globally.
Correct Answer: A

QUESTION 28
What is the consequence of clearing the “Log VoIP Connection” box in the Global Properties?
A. Dropped VoIP traffic is logged, but accepted VoIP traffic is not logged.
B. VoIP protocol-specific log fields are not included in SmartView Tracker entries.
C. The log field setting in rules for VoIP protocols are ignored.
D. IP addresses are used, instead of object names, in log entries that reference VoIP Domain objects.
E. The SmartCenter Server stops importing logs from VoIP servers.
Correct Answer: B QUESTION 29
Exhibit:

The exhibit is a cphaprob state command output from a ClusterXL New mode high Availability member. When a member 192.168.1.2 fails over and restarts, which member will become active?
A. 192.168.1.2
B. 192.168.1.1
C. Both members’ state will be standby.
D. Both members’ state will be active.

Correct Answer: B
QUESTION 30
Which of the following actions is most likely to improve the performance of Check Point QoS?
A. Turn “per rule guarantees” into “peer connection guarantees”.
B. Install Check Point QoS only on the external interfaces of the QoS Module.
C. Put the most frequently used rules at the bottom of the QoS Rule Base.
D. Turn “per rule limits” into “per connection limits”
E. Define weights in the Default Rule in multiples of 10.
Correct Answer: B
QUESTION 31
How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_A to end point Net_B, through an NGX Security Gateway?
A. Net_A/Net_B/sip/accept
B. Net_A/Net_B/sip and sip_any/accept
C. Net_A/Net_B/VoIP_any/accept
D. Net_A/Net_B/VoIP /accept
Correct Answer: A
QUESTION 32
You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/FireWall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure?
1.
Change the version, in the General Properties of the gateway-cluster object.

2.
Upgrade the SmartCenter Server, and reboot after upgrade

3.
Runt cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade.

4.
Reinstall the Security Policy
A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4
E. 1, 2, 3, 4
Correct Answer: D
QUESTION 33
How can you completely tear down a specific VPN tunnel in an intranet IKE VPN deployment?
A. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.
B. Run the command vpn tu on the SmartCenter Server, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.
C. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for a given peer (GW)”.
D. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for a given user (Client)”.
E. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for ALL peers and users”.
Correct Answer: A
QUESTION 34
You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from for the new Gateway, and you must conform to the following requirements:
*
Operating-System vendor’s license agreements

*
Check Point’s license agreement

*
Minimum operating-system hardware specification

*
Minimum Gateway hardware specification

*
Gateway installed on a supported operating system (OS)
Which machine meets ALL of the requirements?
A. Processor 1.1 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows 2000 Workstation
B. Processor 2.0 GHz RAM: 512 MB Hard disk: 10 GB OS: Windows ME
C. Processor 1.5 GHz RAM: 256 MB Hard disk: 20 GB OS: Red Hat Linux 8.0
D. Processor 1.67 GHz RAM: 128 MB Hard disk: 5 GB OS: FreeBSD
E. Processor 2.2 GHz RAM: 256 MB Hard disk: 20 GB OS: Windows 2000 Server
Correct Answer: E
QUESTION 35
You are configuring the VoIP Domain object for an H.323 environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use?
A. Transmission Router
B. Gatekeeper
C. Call Manager
D. Proxy
E. Call Agent
Correct Answer: B
QUESTION 36
Certkiller has configured a Common Internet File System (CIFS) resource to allow access to the public partition of Certkiller .com’s file server, on \\Certkiller 13\logigame\files\public. Mrs. Bill receives reports that users are unable to access the shared partition, unless they use the file server’s IP address. Which of the following is a possible cause?
A. Mapped shares do not allow administrative locks.
B. The CIFS resource is not configured to use Windows name resolution.
C. Access violations are not logged.
D. Remote registry access is blocked.
E. Null CIFS sessions are blocked.
Correct Answer: B
QUESTION 37
Certkiller is creating rules and objects to control VoIP traffic in her organization ( Certkiller .com), through a VPN-1 NGX Security Gateway. Mrs. Bill creates VoIP Domain SIP objects to represent each of Certkiller .com’s three SIP gateways. Jack then creates a simple group to contain the VoIP Domain SIP objects. When Jack attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
A. The related end-points domain specifies an address range.
B. VoIP Domain SIP objects cannot be placed in simple groups.
C. The installed VoIP gateways specify host objects.
D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
E. The VoIP Domain SIP object’s name contains restricted characters.
Correct Answer: B
QUESTION 38
You have two Nokia Appliances: one IP530 and on IP380. Both appliances have IPSO 3.9 and VPN-1 Pro NGX installed in a distributed deployment. Can they be members of a gateway cluster?
A. No, because the Gateway versions must be the same on both security gateways.
B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version
C. No, because members of a security gateway cluster must be in installed as stand-alone deployments.
D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version or not.
E. No, because the appliances must be of the same model (Both should be IP530 or IP380).
Correct Answer: B
QUESTION 39
Exhibit: You work as a network administrator at Certkiller .com. Your network includes ClusterXL running Multicast mode on two members, as shown in this topology exhibit. Your network is expanding, and you need to add new interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for interface 10.10.10.0/24 is 10.10.10.3. What is the correct procedure to add these interfaces?

A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.

3.
Update the topology in the cluster object for the cluster and both members.

4.
Install the Security Policy.
B. 1. Disable “cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.

3.
Re-enable “Cluster membership” on the Gateway.

4.
Perform the same step on the other Gateway.

5.
Update the topology in the cluster object for the cluster and members.

6.
Install the Security Policy
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run cpstart on the member. Repeat the same steps on another member.

3.
Update the new topology in the cluster object for the cluster and members.

4.
Install the Security Policy.
D. 1. Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster and both members.

3.
Install the Security Policy.
Correct Answer: C
QUESTION 40
Problems sometimes occur when distributing IPSec packets to a few machines in a Load Sharing Multicast mode cluster, even though the machines have the same source and destination IP addresses. What is the best Load Sharing method for preventing this type of problem?
A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces (SPI)
B. Load Sharing based on SPIs only.
C. Load Sharing based on IP addresses only
D. Load Sharing based on SPIs and ports only
E. Load Sharing based on IP addresses and ports
Correct Answer: C

QUESTION 41
Exhibit:

State synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for “selective sync”. The exhibit is the fw tab -t connections -s output from both members. Is State synchronization working properly between the two members?
A. Members Certkiller 1 and Certkiller 2 are synchronized, because ID for both members are identical in the connection table
B. The connections-table output is incomplete. You must run the cphaprob state command, to determine if members Certkiller 1 and Certkiller 2 are synchronized.
C. Members Certkiller 1 and Certkiller 2 are not synchronized, because #PEAK for both members is not close in the connections table.
D. Members Certkiller 1 and Certkiller 2 are synchronized, because #SLINKS are identical in the connections table.
E. Members Certkiller 1 and Certkiller 2 are not synchronized, because #VALS in the connection table are not close.
Correct Answer: E
QUESTION 42
Exhibit:

The exhibit illustrates how a VPN-1 SecureClient user tries to establish a VPN host in the external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?
A. Internal Gateway VPN domain = internal_net, External VPN Domain = external net + external gateway object + internal_net.
B. Internal Gateway VPN domain = internal_net, External Gateway VPN Domain = external net + internal gateway object
C. Internal Gateway VPN domain = internal_net, External Gateway VPN Domain = internal_net + external net
D. Internal Gateway VPN domain = internal_net, External Gateway VPN Domain = internal VPN domain + internal gateway object + external net
Correct Answer: D
QUESTION 43
Regarding QoS guarantees and limits, which of the following statements is FALSE?
A. The guarantee of a sub-rule cannot be greater than the guarantee defined for the rule above it.
B. If the guarantee is defined in a sub-rule, a guarantee must be defined for the rule above it.
C. A rule guarantee must not be less than the sum defined in the guarantees’ sub-rules.
D. If both a rule and per-connection limit are defined for a rule, the per-connection limit must not be greater than the rule limit.
E. If both a limit and guarantee per rule are defined in a QoS rule, the limit must be smaller than the guarantee.
Correct Answer: E
QUESTION 44
You plan to install a VPN-1 Pro Gateway for VPN-1 NGX at Certkiller .com’s headquarters. You have a single Sun SPARC Solaris 9 machines for VPN-1 Pro enterprise implementation. You need this machine to inspect traffic and keep configuration files. Which Check Point software package do you install?
A. VPN-1 Pro Gateway and primary SmartCenter Server
B. Policy Server and primary SmartCenter Server
C. ClusterXL and SmartCenter Server
D. VPN-1 Pro Gateway
E. SmartCenter Server
Correct Answer: A
QUESTION 45
By default, a standby SmartCenter Server is automatically synchronized by an active SmartCenter Server, when:
A. The Security Policy is installed.
B. The Security Policy is saved.
C. The user database is installed.
D. The Security Administrator logs in to the standby SmartCenter server, for the first time.
E. The standby SmartCenter Server starts for the first time.
Correct Answer: A
QUESTION 46
Your primary SmartCenter Server is installed on a SecrePlatform Pro machine, which is also a VPN-1 Pro Gateway. You want to implement Management High Availability (HA). You have a spare machine to configure as the secondary SmartCenter Server. How do you configure the new machine to be the standby SmartCenter Server, without making any changes to the existing primary SmartCenter Server? (changes can include uninstalling and reinstalling)
A. You cannot configure Mangement HA, when either the primary or secondary SmartCenter Server is running on a VPN-1 Pro Gateway.
B. The new machine cannot be installed as the Internal Certificate Authority on its own.
C. The secondary Server cannot be installed on a SecurePlatform Pro machine alone.
D. Install the secondary Server on a spare machine. Add the new machine to the same network as the primary Server.
Correct Answer: A
QUESTION 47
Certkiller configures an HTTP Security Server to work with the content vectoring protocol to screen forbidden sites. Jack has created a URI resource object using CVP with the following settings:
*
Use CVP

*
Allow CVP server to modify content

*
Return data after content is approved
Mrs. Bill adds two rules to her Rule Base: one to inspect HTTP traffic going to known forbidden sites, the other to allow all other HTTP traffic. Certkiller sees HTTP traffic going to those problematic sites is not prohibited. What could cause this behavior?
A. The Security Server Rule is after the general HTTP Accept Rule.
B. The Security Server is not communicating with the CVP server.
C. The Security Server is not configured correctly.
D. The Security Server is communicating with the CVP server, but no restriction is defined in the CVP server.
Correct Answer: A
QUESTION 48
You must set up SIP with proxy for your network. IP phones are in the 172.16.100.0 network. The Rigistrar and proxy are installed on host 172.16.100.100. To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet, you have defined the following object:
*
Network object: SIP-net 172.16.100.0/24

*
SIP-gateway: 172.16.100.100

*
VoIP Domain Object: VoIP_domain_A
1.
End-point domain: SIP-net

2.
VoIP gateway installed at: SIP-gateway host object
How should you configure the rule`?
A. SIP-Gateway/Net_B/sip_any/accept
B. VoIP_domain/Net_B/sip/accept
C. SIP-Gateway/Net_B/sip/accept
D. VoIP_domain_A/Net_B/sip_any; and sip/accept
E. VoIP_Gateway_A/Net_B/sip_any/accept
Correct Answer: A
QUESTION 49
How does a standby SmartCenter Server receive logs from all Security Gateways, when an active SmartCenter Server fails over?
A. The remote Gateways must set up SIC with the secondary SmartCenter Server, for logging.
B. Establish Secure Internal Communictions (SIC) between the primary and secondary Servers. The secondary Server can then receive logs from the Gateways, when the active Server fails over.
C. On the Log Server screen (from the Logs and Master tree on the gateway object’s General Properties screen), add the secondary SmartCenter Server object as the additional log server. Reinstall the Security Policy.
D. Create a Check Point host object to represent the standby SmartCenter Server. Then select “Secondary SmartCenter Server” and “Log Server”, from the list of Check Point Products on the General properties screen.
E. The secondary Server’s host name and IP address must be added to the Masters file, on the remote Gateways.
Correct Answer: C QUESTION 50
Exhibit:

You are preparing a lab for a ClusterXL environment, with the topology shown in the exhibit.
*
Vip internal cluster IP=172.16.10.1; Vip external cluster IP=192.168.10.3

*
Cluster Member 1: four NICs, three enabled: qfe0: 192.168.10.1/24, qfe1: 10.10.10.1/24, qfe2: 172.16.10.1/24

*
Cluster Member 2: five NICs, three enabled: hme0: 192.168.10.2/24, eth1: 10.10.10.2/24, eth2: 172.16.10.2/24

*
Member Network tab on internal-cluster interfaces: is 10.10.10.0, 255.255.255.0

*
SmartCenter Pro Server: 172.16.10.3
External interfaces 192.168.10.1 and 192.168.10.2 connect to a Virtual Local Area Network (VLAN) switch. The upstream router connects to the same VLAN switch. Internal interfaces 10.10.10.1 and 10.10.10.2 connect to a hub. There is no other machine in the 10.10.01.0 network. 172.19.10.0 is the synchronization network. What is the problem with this configuration?
A. The SmartCenter Pro Server cannot be in synchronization network.
B. There is no problem with configuration. It is correct.
C. Members do not have the same number of NICs.
D. The internal network does not have a third cluster member.
E. Cluster members cannot use the VLAN switch. They must use hubs.

Correct Answer: B
QUESTION 51
Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, without stopping the VPN. What is the correct order of steps?
A. 1. Add a new interface on each Gateway.
2.
Remove the newly added network from the current VPN domain for each Gateway.

3.
Create VTIs on each Gateway, to point to the other two peers

4.
Enable advanced routing on all three Gateways.
B. 1. Add a new interface on each Gateway.
2.
Remove the newly added network from the current VPN domain in each gateway object.

3.
Create VTIs on each gateway object, to point to the other two peers

4.
Add static routes on three Gateways, to route the new network to each peer’s VTI interface..
C. 1. Add a new interface on each Gateway.
2.
Add the newly added network into the existingVPN domain for each Gateway.

3.
Create VTIs on each gateway object, to point to the other two peers

4.
Enable advanced routing on all three Gateways.
D. 1. Add a new interface on each Gateway.
2.
Add the newly added network into the existingVPN domain for each Gateway.

3.
Create VTIs on each Gateway, to point to the other two peers

4.
Add static routes on three Gateways, to route the new network to each peer’s VTI interface
Correct Answer: B
QUESTION 52
How does ClusterXL Unicast mode handle new traffic?
A. The pivot machine receives and inspects all new packets, and synchronizes the connections with other members.
B. Only the pivot machine receives all packets. It runs an algorithm to determine which member should process the packets.
C. All members receive packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.
D. All cluster members process all packets, and members synchronize with each other.
Correct Answer: B
QUESTION 53
You are configuring the VoIP Domain object for a SIP environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use?
A. Call Manager
B. Gateway
C. Call Agent
D. Gatekeeper
E. Proxy
Correct Answer: E

QUESTION 54
VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?
A. H.323
B. SIP
C. MEGACO
D. SCCP
E. MGCP
Correct Answer: C
QUESTION 55
You plan to incorporate OPSEC servers, such as Websense and Trend Micro, to do content filtering. Which segments is the BEST location for these OPSEC servers, when you consider Security Server performance and data security?
A. On the Security Gateway
B. Internal network, where users are located
C. On the Internet
D. DMZ network, where application servers are located
E. Dedicated segment of the network
Correct Answer: E
QUESTION 56
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule., What causes the Connection Rejection?
A. No QoS rule exist to match the rejected traffic.
B. The number of guaranteed connections is exceeded. The rule’s properties are not set to accept additional connections.
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.
E. The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself.
Correct Answer: B
QUESTION 57
Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee
Correct Answer: A
QUESTION 58
Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?
A. Guarantees
B. Low Latency Queuing
C. Differentiated Services
D. Weighted Fair Queing
E. Limits
Correct Answer: C
QUESTION 59
Which of the following TCP port numbers is used to connect the VPN-1 Gateway to the Content Vector Protocol (CVP) server?
A. 18182
B. 18180
C. 18181
D. 17242
E. 1456
Correct Answer: C QUESTION 60

VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFs security. Which of the following services is NOT provided by a CIFS resource?
A. Long access share
B. Block Remote Registry Access
C. Log mapped shares
D. Allow MS print shares
Correct Answer: A
QUESTION 61
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. Guaranteed per connection
D. Weighted Fair Queuing
E. Guaranteed per VoIP rule
Correct Answer: D
QUESTION 62
Certkiller is a Security Administrator preparing to implement a VPN solution for her multi-site organization Certkiller .com. To comply with industry regulations, Mrs. Bill VPN solution must meet the following requirements:
*
Portability: standard

*
Key management: Automatic, external PKI

*
Session keys: Changed at configured times during a connection’s lifetime

*
key length: No less than 128-bit

*
Data integrity: Secure against inversion and brute-force attacks
What is the most appropriate setting Jack should choose?
A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 ash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash
Correct Answer: D
QUESTION 63
Your current VPN-1 NG Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies. How do you request a new license for this VPN-1 NGX upgrade?
A. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP addres. Request a new local license for the NGX VPN-1 Pro Gateway.
B. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP addres. Request a new central license for the NGX VPN-1 Pro Gateway.
C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
D. Request a VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway, licenses for the existing SmartCenter Server IP address.
Correct Answer: C
QUESTION 64
Certkiller is a Security Administrator for Certkiller .com. Certkiller .com has two sites using pre-shared secrets in its VPN. The two sites are Boston and New York. Jack has just been informed that a new office is opening in Houston, and she must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the New York Security Gateway.
Mrs. Bill decides to switch from a pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Houston gateway object with the proper VPN domain, what are Certkiller’s remaining steps?
1.
Disable “Pre-shared Secret” on the Boston and New York gateway objects.

2.
Add the Houston gateway object into the New York and Boston’s mesh VPN Community.

3.
Manually generate ICA Certificates for all three Security Gateways.

4.
Configure “Traditional mode VPN configuration” in the Houston gateway object’s VPN screen.

5.
Reinstall the Security Policy on all three Security Gateways
A. 1, 2, 5
B. 1, 3, 4, 5
C. 1, 2, 3, 5
D. 1, 2, 4, 5
E. 1, 2, 3, 4
Correct Answer: C
QUESTION 65
Which component functions as the Internal Cerrificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway
Correct Answer: B

QUESTION 66
Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?
A. FTP
B. SMTP
C. Telnet
D. HTTP
E. rlogin
Correct Answer: B
QUESTION 67
Certkiller .com has two headquarters, one in Los Angeles and one in Mumbai. Each headquarter includes several branch offices. The branch office only need to communicate with the headquarter in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN communities among the branch offices and their headquarters, and between the two headquarters? VNP communities comprised of:
A. two star and one mesh community; each start Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between Mumbai and Los Angeles headquarters.
B. Three mesh Communities: one for Los Angeles and its branches, one for Mumbai headquarters and its branches, and one for Los Angeles and Mumbai headquarters.
C. Two mesh Communities, one for each headquarters; and one start Community, in which Los Angeles is the center of the Community and Mumbai is the satellite.
D. Two mesh Communities, one for each headquarters; and one start Community, in which Mumbai is the center of the Community and Los Angeles is the satellite.
Correct Answer: A
QUESTION 68
Certkiller wants to protect internal users from malicious Java code, but Jack does not want to strop Java scripts. Which is the best configuration option?
A. Use the URI resource to block Java code
B. Use CVP in the URI resource to block Java code
C. Use the URI resource to strop ActiveX tags
D. Use the URI resource to strop applet tags
E. Use the URI resource to strop script tags
Correct Answer: A
QUESTION 69
Which Security Server can perform authentication tasks, but CANNOT perform content security tasks?
A. Telnet
B. HTTP
C. rlogin
D. FTP
E. SMTP
Correct Answer: AC
QUESTION 70
Which service type does NOT invoke a Security Server?
A. HTTP
B. FTP
C. Telnet
D. CIFS
E. SMTP
Correct Answer: D
QUESTION 71
Which operating system is NOT supported by VPN-1 SecureClient?
A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 8.0
E. MacOS X
Correct Answer: A
QUESTION 72
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the configurations displayed in the exhibit. Are these machines correctly configured for a ClusterXL deployment?
A. Yes, these machines are configured correctly for a ClusterXL deployment.
B. No, QuadCards are not supported with ClusterXL.
C. No, all machines in a cluster must be running on the same OS.
D. No, al cluster must have an even number of machines.
E. No, ClusterXL is not supported on Red Hat Linux.
Correct Answer: C
QUESTION 73
Certkiller is notified by blacklist.org that her site has been reported as a spam relay, due to her SMTP server being unprotected. Mrs. Bill decides to implement an SMTP Security Server, to prevent the server from being a spam relay. Which of the following is the most efficient configuration method?
A. Configure the SMTP Security Server to perform MX resolving.
B. Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.
C. Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
D. Configure the SMTP Security Server to apply a generic “from” address to all outgoing mail.
E. Configure the SMTP Security Server to allow only mail to or from names, within Jack’s corporate domain.
Correct Answer: E
QUESTION 74

The exhibit is a cphaprob state command output from a ClusterXL New mode high Availability member.
When a member 192.168.1.2 fails over and restarts, which member will become active?
A. 192.168.1.2
B. 192.168.1.1
C. Both members’ state will be standby.
D. Both members’ state will be active.
Correct Answer: B
QUESTION 75

You work as a network administrator at Certkiller.com. Your network includes ClusterXL running Multicast mode on two members, as shown in this topology exhibit.
Your network is expanding, and you need to add new interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for interface 10.10.10.0/24 is 10.10.10.3.
What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.

3.
Update the topology in the cluster object for the cluster and both members.

4.
Install the Security Policy.
B. 1. Disable “cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.

3.
Re-enable “Cluster membership” on the Gateway.

4.
Perform the same step on the other Gateway.

5.
Update the topology in the cluster object for the cluster and members.

6.
Install the Security Policy
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run cpstart on the member. Repeat the same steps on another member.

3.
Update the new topology in the cluster object for the cluster and members.

4.
Install the Security Policy.
D. 1. Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster and both members.

3.
Install the Security Policy.

Correct Answer: C
QUESTION 76
VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS).
However, this service only provides a limited level of actions for
CIFs security. Which of the following services is NOT provided by a CIFS resource?

A. Long access share
B. Block Remote Registry Access
C. Log mapped shares
D. Allow MS print shares
Correct Answer: A
QUESTION 77
Which service type does NOT invoke a Security Server?
A. HTTP
B. FTP
C. Telnet
D. CIFS
E. SMTP
Correct Answer: D
QUESTION 78
Jack’s project is to define the backup and restore section of his organization’s disaster recovery plan for his organization’s distributed NGX installation. Jack must meet the following required and desired objectives.
*
Required Objective The security policy repository must be backed up no less frequent~ than every 24 hours

*
Desired Objective The NGX components that enforce the Security Policies should be backed up no less frequently than once a week

*
Desired Objective Back up NGX logs no less frequently than once a week Jack’s disaster recovery plan is as follows. See exhibit.

Jack’s plan:
A. Meets the required objective but does not meet either desired objective
B. Does not meet the required objective
C. Meets the required objective and only one desired objective
D. Meets the required objective and both desired objectives
Correct Answer: D
QUESTION 79
Which VPN Community object is used to configure VPN routing within the SmartDashboard?
A. Star
B. Mesh
C. Remote Access
D. Map
Correct Answer: A

We also provide FLYDUMPS CheckPoint 156-315 practice test download in case there is an update by the vendor. Our team of experts keeps the exam updated and accurate. Before decide to take FLYDUMPS CheckPoint 156-315 test, just check the free demo we offer. FLYDUMPS CheckPoint 156-315 test are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development. If you prepare for the exam using our FLYDUMPS CheckPoint 156-315 practice test, we guarantee your success in the first attempt.

Pass4itsure C2180-374 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/c2180-374.html

CheckPoint 156-315 VCE Files, The Most Recommended CheckPoint 156-315 Dumps PDF Online Store