Tag: 156-915

CheckPoint CheckPoint 156-915 Demo Material, 100% Real CheckPoint 156-915 PDF On StoreCheckPoint CheckPoint 156-915 Demo Material, 100% Real CheckPoint 156-915 PDF On Store

Welcome to download the newest Pass4itsure 156-915 VCE dumps: https://www.pass4itsure.com/156-915.html

Confronted any fiercer along with fiercer competitors in IT planet, are you terrific strain? Certainly, you are doing. Subsequently you’d far better find the CheckPoint 156-915 to be able to take your job. Right now, A growing number of CheckPoint 156-915 certification will be can come staying to be able to in life. It is terrific in the event that contenders get CheckPoint 156-915 exam sample questions directly from Cisco  Higher education. Candidates can easily gain more experience and knowledge during Cisco University since masters/ specialists will supply training towards the contenders. Before you take CheckPoint 156-915 exam sample questions, any main element how the contenders want to do will be to know about the CheckPoint 156-915 Study guide test training and that will make this happen for any very clear information to learn any CheckPoint 156-915 exam sample questions. Each of the CheckPoint 156-915 Study guide test information and various details are accessible immediately inside Cisco site.

QUESTION 111
When synchronizing clusters, which of the following statements is NOT true?
A. User Authentication connections will be lost by the cluster
B. An SMTP resource connection using CVP will be maintained by the cluster
C. Only cluster members running on the same OS platform can be synchronized
D. In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization

Correct Answer: B
QUESTION 112
Identify the correct steps performed by SmartUpdate to upgrade a remote Security Gateway. After selecting “Packages: add?from CD”, the:
A. Entire Contents of the CD are copied to the packages directory on the selected remote security gateway
B. Selected Package is copied to the packages directory on the selected remote security gateway
C. Selected package is copied to the package repository on the SmartCenter Server
D. Entire contents of the CD are copied to the Package Repository on the SmartCenter Server

Correct Answer: C
QUESTION 113
What is the command in SecurePlatform Expert shell used to add routes without the use of sysconfig or the WebUI?
A. ip route
B. sysconfig route
C. ifroute
D. ifconfig

Correct Answer: A
QUESTION 114
You want to upgrade a cluster with two members to VPN-1 NGX R65. The SmartCenter server and both
members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix.
What is the correct upgrade procedure?

1.
Change the version, in the General Properties of the gateway-cluster object

2.
Upgrade the SmartCenter Server and reboot after upgrade

3.
Run cpstop on one member, while leaving the other member running. Upgrade one member at a time and reboot after upgrade

4.
Reinstall the Security Policy:
A. 3,2,1,4
B. 2,3,1,4
C. 1,3,2,4
D. 2,4,3,1
Correct Answer: B
QUESTION 115
Which utility allows you to configure the DHCP service on SecurePlatform from the command line?
A. Cpconfig
B. WebUI
C. Ifconfig
D. Sysconfig
Correct Answer: D
QUESTION 116
In ClusterXL, which of the following processes are defined by default as critical devices?
A. fwd
B. assid
C. cpp
D. fwm

Correct Answer: A
QUESTION 117
Which command line interface utility allows the administrator to verify the name and timestamp of the Security Policy currently installed on a firewall module?
A. fw stat
B. fw ctl pstat
C. cpstat fwd
D. fw ver

Correct Answer: A
QUESTION 118
The command fw fetch causes the:
A. Security gateway to retrieve the compiled policy and inspect code from the SmartCenter Server and install it to the kernel
B. SmartCenter Server to retrieve the debug logs of the target security gateway
C. SmartCenter Server to retrieve the IP addresses of the target security gateway
D. Security Gateway to retrieve the user database information from the tables on the SmartCenter Server

Correct Answer: A
QUESTION 119
Where is it necessary to configure historical records in SmartView Monitor to generate Express reports in Eventia Reporter?
A. In Eventia Reporter, under Standard > Custom
B. In Eventia Reporter, under Express> Network Activity
C. In SmartView Monitor, under Global Properties > Log and Masters
D. In SmartDashboard, the SmartView Monitor page in the VPN-1 Security Gateway object
Correct Answer: D
QUESTION 120
SmartCenter Server
A. Purges the current log file and starts a new log file
B. Saves the current log file names the log file by data and time and starts a new log file
C. Prompts you to enter a filename, then saves the log file
D. Purges the current log and prompts you for the new log’s mode
Correct Answer: B
QUESTION 121
Central License Management allows a Security Administrator to perform which of the following functions?
A. 2,3,4,5
B. Attach and/or delete only NGX Central Licenses to a remote module (not Local Licenses)
C. 2,5,6
D. Check for expired licenses
E. 1,2,5,6
F. Sort licenses and view license properties
G. Delete both NGX Local licenses and Central licenses from a remote module
H. 1,2,3,4,5
I. Add or remove a license to or from the license repository
J. Attach both NGX Central Local licenses to a remote module

Correct Answer: D
QUESTION 122
Which of the following is NOT true for clientless VPN?
A. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN
B. Secure communication is provided between clients and servers that support HTTP
C. User Authentication is supported
D. The Gateway can enforce the use of strong encryption

Correct Answer: B
QUESTION 123
Control connections between the SmartCenter Server and the Gateway are not encryptd by the VPN Community. How are these connections secured?
A. They are not encrypted but are authenticated by the Gateway
B. They are secured by PPTP
C. They are encrypted and authenticated using SIC
D. They are not secured

Correct Answer: C
QUESTION 124
Which VPN-1 NGX R65 component displays the number of packets accepted, rejected and dropped on a specific Security Gateway, in real time?
A. Eventia Analyzer
B. SmartView Status
C. SmartUpdate
D. SmartView Monitor
Correct Answer: A
QUESTION 125
What happens when you select File > Export from the SmartView Tracker Menu?
A. Current logs are exported to a new *.log file
B. Exported log entries are deleted from fw.log
C. Logs in fw.log are exported to a file that can be opened by Microsoft Excel
D. Exported log entries are still viewable in SmartView Tracker
Correct Answer: C
QUESTION 126
Where do you enable popup alerts for SmartDefense settings that have detected suspicious activity?
A. In SmartView Monitor, Select Tools > Alerts
B. In SmartView Tracker, Select tools > Custom commands
C. In SmartDashboard, select global properties > Log and Alert > Alert commands
D. In SmartDashboard, edit the gateway object, select SmartDefense > Alerts

Correct Answer: A QUESTION 127
Which of the following command is a CLI command for VPN-1 NGX R65?
A. fw tab -u
B. fw merge
C. fw shutdown
D. fwprint

Correct Answer: A QUESTION 128
Which SmartConsole component can administrators use to track remote administrative activities?
A. Eventia Reporter
B. SmartView Monitor
C. SmartView Tracker
D. The WebUI

Correct Answer: D

Flydumps CheckPoint 156-915 exam dumps are audited by our certified subject matter experts and published authors for development.Flydumps CheckPoint 156-915 exam dumps are one of the highest quality CheckPoint 156-915 Q&As in the world. It covers nearly 96% real questions and answers, including the entire testing scope. Flydumps guarantees you pass CheckPoint 156-915 exam at first.

Pass4itsure 156-915 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/156-915.html

CheckPoint 156-915 Vce Dumps, First-hand CheckPoint 156-915 Practice 100% Pass With A High ScoreCheckPoint 156-915 Vce Dumps, First-hand CheckPoint 156-915 Practice 100% Pass With A High Score

Important Info: These new valid CheckPoint 156-915 exam questions were updated in recent days by CheckPoint 156-915 ,please visit our website to get the full version of new CheckPoint 156-915 exam dumps with free version of new VCE Player, you can pass the exam easily by training it!

QUESTION 87
Which feature in VPN-1 permits blocking specific IP addresses for a specified time period?
A. HTTP Methods
B. Local Interface Spoofing
C. Block Port Overflow
D. Suspicious Activity Monitoring

Correct Answer: D
QUESTION 88
Match the ClusterXL Modes with their configurations: Exhibit:

A. A2,B3,C1,D4
B. A2,B3,C4,D1
C. A3,B2,C4,D1
D. A3,B2,C1,D4

Correct Answer: D
QUESTION 89
By default Check Point High Availability components send updates about their state every:
A. 1 Second
B. 0.1 Second
C. 5 Seconds
D. 0.5 seconds

Correct Answer: B
QUESTION 90
Which operating system is not supported by SecureClient?
A. IPSO 3.9
B. MacOS X
C. Windows 2003 Professional
D. Windows XP SP2
Correct Answer: A
QUESTION 91
Which of the following is the most critical step in a SmartCenter Server NGX R65 backup strategy?
A. Move the *.tgz upgrade_export file to an offsite location via ftp
B. Perform a full system tape backup of both the SmartCenter and Security Gateway machines
C. Using the upgrade_import command, attempt to restore the SmartCenter server to a non-production system
D. Run the cpstop command prior to running the upgrade_export command
Correct Answer: C
QUESTION 92
What happens when you select File > Export from the SmartView Tracker Menu?
A. Logs in fw.log are exported to a file that can be opened by Microsoft Excel
B. Exported log entries are deleted from fw.log
C. Current logs are exported to a new *.log file
D. Exported log entries are still viewable in SmartView Tracker

Correct Answer: A QUESTION 93
Which of these components does NOT require a VPN-1 NGX R65 license?
A. SmartUpdate Upgrading/Patching
B. SmartCenter Server
C. Check Point Gateway
D. SmartConsole

Correct Answer: D QUESTION 94
How do you use SmartView Monitor to compile traffic statistics for your company’s Internet activity during production hours?
A. Use the “Traffic Counters” settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day
B. Configure Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway
C. Select the “Tunnels” view and generating a report on the statistics

Correct Answer: A QUESTION 95
Which Check Point product is used to create and save changes to a Log Consolidation Policy?
A. Eventia Reporter Server
B. SmartDashboard Log Consolidator
C. SmartCenter Server
D. Eventia Reporter Client

Correct Answer: B QUESTION 96
When configuring site-to-site VPN High Availability (HA) with MEP, which of the following is correct?
A. MEP Gateways must be managed by the same SmartCenter Server
B. If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the next connection
C. MEP Gateways cannot be geographically separated machines
D. The decision on which MEP Gateway to use is made on the MEP Gateway’s side of the tunnel

Correct Answer: B QUESTION 97
You have blocked an IP address via the Block intruder feature of Smartview Tracker. How can you see the addresses you have blocked?
A. In Smartview monitor, select Blocked Intruder option from the query tree view
B. Run fwm blocked_view
C. In Smartview monitor, select Suspicious activity rules from the tools menu and select the relevant security gateway from the list
D. In SmartView Tracker,Click the Active Tab, and the actively blocked connection display

Correct Answer: C
QUESTION 98
You are administering your company’s clientless VPN connections. How many Security Servers should you be running to support 750 active users?
A. 1
B. 7
C. 5
D. 3

Correct Answer: C
QUESTION 99
What is the most typical type of configuration for VPNs with several externally managed Gateways?
A. Star Community
B. Hybrid community
C. Mesh Community
D. Domain Community

Correct Answer: A
QUESTION 100
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. VTIs are only supported on SecurePlatform
B. VTI specific additional local and remote IP addresses are not configured
C. VTIs cannot be assigned a proxy interface
D. Local IP addresses are not configured, remote IP addresses are configured

Correct Answer: B
QUESTION 101
When configuring VPN High Availability (HA) with MEP, which of the following is correct?
A. If one gateway fails, the synchronized connection fails over to another Gateway and the connection continues
B. The decision on which MEP Security Gateway to use is made on the remote gateway’s side (non-MEP side)
C. MEP VPN Gateways cannot be geographically separated machines
D. MEP Gateways must be managed by the same SmartCenter Server

Correct Answer: B
QUESTION 102
___________ is a proprietary check point protocol. It is the basis of the functionality of Check Point ClusterXL inter-module communication.
A. HA OPCODE
B. CKPP
C. RDP
D. CCP

Correct Answer: D QUESTION 103
Which of the following command is a CLI command for VPN-1 NGX R65?
A. fw shutdown
B. fwprint
C. fw tab -u
D. fw merge

Correct Answer: C QUESTION 104
Match each of the following commands to their correct function. Each command only has one function
listed:
Exhibit:
A. C1>F2;C2>F1;C3>F6;C4>F4
B. C1>F4;C2>F6;C3>F3;C4>F2
C. C1>F2;C2>F4;C3>F1;C4>F5
D. C1>F6;C2>F4;C3>F2;C4>F5

Correct Answer: D
QUESTION 105
Which security servers can perform authentication tasks, but CANNOT perform content security tasks?
A. HTTP
B. FTP
C. RLOGIN
D. SMTP

Correct Answer: C
QUESTION 106
You are running the License_upgrade tool on you SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?
A. Perform the actual license-upgrade process
B. View the status of currently installed licenses
C. Simulate the license-upgrade process
D. View the licenses in the SmartUpdate License Repository

Correct Answer: D QUESTION 107
A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter security gateway. Which SmartConsole application should you use to check these objects and rules?
A. SmartView Statuus
B. SmartView Monitor
C. SmartView Tracker
D. SmartDashboard

Correct Answer: A QUESTION 108
Which is the BEST configuration option to protect internal users from malicious java code, without stripping Java Scripts?
A. Use the URI resource to strip ActiveX tags
B. Use the URI resource to strip applet tags
C. Use CVP in the URI resource to block Java code
D. Use the URI resource to block Java Code

Correct Answer: D QUESTION 109
You organization has many VPN-1 Edge Gateways at various branch offices, to allow users to access company resources. For security reasons, your organization’s security policy requires all internet traffic initiated behind the VPN-1 Edge Gateways first be inspected by your headquarters VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN community?
A. To the Internet and other targets only
B. To the center and other satellites, through the center
C. To the center or through the center to other satellites, then to the Internet and other VPN targets
D. To the center only

Correct Answer: C QUESTION 110
Users are not prompted for authentication when they access their web servers, even though you have created an HTTP rule via User Authentication. Why?
A. Another rule that accepts HTTP without authentication exists in the Rule Base
B. You have forgotten to place the User Authentication Rule before the Stealth Rule
C. Users must use the SecuRemote Client, to use the User Authentication Rule
D. You checked the “Cache password on desktop” option in Global Properties

Correct Answer: B QUESTION 111

Flydumps is now offering CheckPoint 156-915 dumps PDF and Test Engine with 100% passing guarantee. Buy CheckPoint 156-915 pdf and pass your exam easily. If you want real exam simulation then buy test engine and install on your pc for preparation. Download CheckPoint 156-915 CCIE Data Center questions answers study material and prepare for exam.

Checkpoint 156-815 Exam Guide, Help To Pass Checkpoint 156-815 Try Free Demo With High QualityCheckpoint 156-815 Exam Guide, Help To Pass Checkpoint 156-815 Try Free Demo With High Quality

The 100% valid latest Checkpoint 156-815 question answers ensure you 100% pass! And now we are offering the free Checkpoint 156-815 new version along with the VCE format Checkpoint 156-815 practice test. Free download more new Checkpoint 156-815 PDF and VCE on Flydumps.com.

QUESTION 59
You work as an administrator at Certkiller .com. You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional are allowed in the Action properties. If traffic passing
through the QoS Module matches both rules, which of the following statement is true?
A. Neither rule will be allocated more than 10% of available bandwidth
B. The H.323 rulel will consume no more than 2048 Kbps of available bandwidth
C. 50% of available bandwidth will be allocated to the H.323 rule
D. 50% 01 available bandwidth will be allocated to the Default Rule
E. Each H.323 connection will receive at least 512 Kbps of bandwidth

Correct Answer: B
QUESTION 60
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security-Gateway from SmartDashboard
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the actrvation key Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC)
C. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of SmartCenter Server>-.
D. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of security Gateway>-.
E. Re-install the Security Gateway

Correct Answer: B
QUESTION 61
One of your remove Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive error message “unknown”. What is the problem?
A. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate
B. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX
C. The Internal Certfcate Authorty for the SmartCenter object has been removed from objects_5_0 c
D. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection

Correct Answer: E
QUESTION 62
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
QUESTION 63
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the
external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?

A. Internal Gateway VPN Domain = Internal_net External VPN Domain = external net + external gateway object + internal_net.
B. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = external_net + internal gateway object
C. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal_net + external_net
D. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

Correct Answer: D
QUESTION 64
Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee

Correct Answer: A
QUESTION 65
Certkiller is the Security Administrator for Certkiller .com’s large geographically distributed network. The internet connection at one of her remote sites failed during the weekend, and the Security Gateway logged locally for over 48 hours. Certkiller is concerned that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application should Certkiller use, to view the percent of free hard-disk space on the remote Security Gateway?
A. SmartView Status
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartLSM
Correct Answer: D
QUESTION 66
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and view hidden rules Select the rule, right-click, and select Disable
B. Uninstall the Security Policy, and then disable the rule
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rule (s)”

Correct Answer: E
QUESTION 67
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queue using Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair queuing
E. guaranteed per VolP rule

Correct Answer: A
QUESTION 68
As a Security Administrator, you must configure anti-spoofing on Security Gateway interfaces, to protect your Internal networks. What is the correct anti-spoofing setting on interface ETH1 in this network diagram?

NOTE In the DMZ, mail server 192.168.16.10 is statically translated to the object “mail_valid”, with IP address 210.210.210.3. The FTP server 192.168.16.15 is statically translated to the object “flp_valid”, with IP address 210.210.210.5
A. A group object that includes the 10.10.0.0/16 and 192.168.16.0/24 networks, and mail_valid and ftp_valid host objects
B. A group object that includes the 10.10.20.0/24 and 10.10.10.0/24networks
C. A group object that includes the 10.10.0.0/16 network object, mail_valid host,and ftp_valid host object
D. A group object that includes the 192.168.16.0/24 and 10.10 0.0/16 networks
E. A group object that includes the 10.10.10.0/24 and 192.168.16.0/24networks

Correct Answer: B
QUESTION 69
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results Required Result #1: Do not purchase new hardware Required Result #2: Use configuration changes that do not reduce security Desired Result #1: Reduce the number of explicit rules in the Rule Base Desired Result #2: Reduce the volume of logs Desired Result #3: Improve the Gateway’s performance Proposed Solution: Mary recommends the following changes to the Gateway’s configuration:
1.
Replace all domain objects with network and group objects.

2.
Stop logging Domain Name over UDP (queries)

3.
Use Global Properties, instead of explicit rules, to control ICMP. VRRP, and RIP. Does Mary’s proposed solution meet the required and desired result s?
A. The solution meets the required results, and two of the desired results
B. The solution does not meet the required results
C. The solution meets all required results, and none of the desired results
D. The solution meets all required and desired results
E. The solution meets the required results, and one of the desired results
Correct Answer: A
QUESTION 70
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter

Correct Answer: B
QUESTION 71
Jacob is using a mesh VPN Community to create a site-to-site VPN. The VPN properties in this mesh Community display in this graphic Exbibit: Which of the following statements isTRUE?

A. If Jacob changes the setting,”Perform key exchange encryption with” from “3DES” to “DES”, he will enhance the VPN Community’s security and reduce encryption overhead
B. Jacob’s VPN Community will perform IKE Phase 1 key-exchanqe encryption, usinq the lonqest key VPN-1 NGX supports
C. Jacob must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES
D. If Jacob changes the setting “Perform IPsec data encryption With” from “AES-128” to “3DES”, he will increase the encryption overhead

Correct Answer: D
QUESTION 72
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for “selective sync”. The following is the fwtab -t connections – s output from both members: Is State Synchronization working properly between the two members?

A. Members A and B are synchronized, because ID for both members is identical in the connections table
B. The connections-table output is incomplete. You must run the cphaprob state command, to determine if members A and B are synchronized
C. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table
D. Members A and B are synchronized, because #SLlNKS are identical in the connections table
E. Members A and B are not synchronized, because #VALS in the connections table are not close

Correct Answer: E
QUESTION 73
Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?
A. Guarantees
B. Low Latency Oueuing
C. Differentiated Services
D. Weighted FairOueueing
E. Limits
Correct Answer: C
QUESTION 74
Your network includes ClusterXL running Multicast mode on two members, as shown in this topology

Your network is expanding, and you need to add new interfaces 10.10.10.1/24 on Member A, and
10.10.10.2/24 on Member B. The virtual lP address for interface 10.10.10.0/24 is 10.10.10.3.What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.

3.
Update the technology in the cluster object for the cluster and both members.

4.
Install the Security Policy.
B. 1. Disable “Cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.

3.
Reenable “Cluster membership” on the Gateway.

4.
Perform the same step on the other Gateway.

5.
Update the topology in the cluster object for the cluster and members.

6.
Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run spstart on the member. Repeat the same steps on another member.

3.
Update the new topology in the cluster object for the cluster and members.

4.
Install the Security Policy.
D. 1, Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster on both membes.

3.
Install the Security Policy.

Correct Answer: C
QUESTION 75
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object Reinstall the Security Policy
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig
D. Change the cluster mode to Unicast on the cluster-member object
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address
Correct Answer: A
QUESTION 76
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway

Correct Answer: B
QUESTION 77
You have locked yourself out of SmartDashboard With the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartDashboard. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server
B. Run fw unlocklocal on the SmartCenter Server
C. Run fw unloadlocal on the Security Gateway
D. Delete the $fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway

Correct Answer: C
QUESTION 78
By default, a standby SmartCenter Server is automatically synchronized by an active SmartCenter Server, when:
A. The Security Policy is installed
B. The Security Policy is saved
C. The user database is installed
D. The Security Administrator logs in to the standby SmartCenter Server, for the first time
E. The standby SmartCenter Server starts for the first time

Correct Answer: A
QUESTION 79
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule

Correct Answer: A
QUESTION 80
Your VPN Community includes three Security Gateways. Each Gateway has its own intemal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, Without stopping the VPN. What is the correct order of steps?
A. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
B. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface
C. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
D. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface

Correct Answer: B
QUESTION 81
Barak is a security administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that few office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the internal Certificate Authority(ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?

A. 1,2,5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1,2,3,4

Correct Answer: C
QUESTION 82
Certkiller is recently hired as the Security Administrator for Certkiller .com. Jack Bill’s manager has asked
her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Certkiller
must propose a plan based on the following required and desired results:
Required Result #1: Do not purchase new hardware. Required Result #2: Use configuration changes the
do not reduce security. Desired Result #1: Reduce the number of explicit rules in the Rule Base.
Desired Result #2: Reduce the volume of logs.
Desired Result #3: Improve the Gateway’s performance.
Proposed solution:

*
Replace all domain objects with network and group objects.

*
Check “Log implied rules” and “Accept ICMP requests” in Global Properties.

*
Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP. Does Certkiller’s proposed solution meet the required and desired results?

A.
The solution meets all required and desired results.

B.
The solution meets all required, and one of the desired results.

C.
The solution meets all required, and two of the desired results.

D.
The solution meets all required, and none of the desired results.

E.
The solution does not meet the required results.

Correct Answer: E
QUESTION 83
After installing VPN-1 Pro NGX R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?
A. The NIC is faulty. Replace it and reinstall
B. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the WebUI
C. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA)
D. Make sure the driver for your particular NIC is available and reinstall. You will be prompted for the driver

Correct Answer: B
QUESTION 84
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?
A. IKE Key Exchange
B. TCP keep alive
C. ICMP Port Unreachable
D. UDP keep alive

Correct Answer: D QUESTION 85
Which SmartConsole component can administrators use to track remote administrative activities?
A. Eventia Reporter
B. SmartView Monitor
C. SmartView Tracker
D. The WebUI

Correct Answer: D QUESTION 86

We provide Checkpoint 156-815 help and information on a wide range of issues. Checkpoint 156-815 is professional and confidential and your issues will be replied within 12 hous. Checkpoint 156-815 free to send us any questions and we always try our best to keeping our Customers Satisfied.

PDF CheckPoint 156-915 100% Pass Certification Dumps For Groundbreaking ResultsPDF CheckPoint 156-915 100% Pass Certification Dumps For Groundbreaking Results

Exam A
QUESTION 1
You have two Nokia Appliances one IP530 and one IP380. Both Appliances have IPSO 39 and VPN-1 Pro NGX installed in a distributed deployment Can they be members of a gateway cluster?
A. No, because the Gateway versions must not be the same on both security gateways
B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version
C. No, because members of a security gateway cluster must be installed as stand-alone deployments
D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version or not
E. No, because the appliances must be of the same model (Both should be IP530orIP380.)
Correct Answer: B
QUESTION 2
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
A. Internal_clear>- All_GwToGw
B. Communities >- Communities
C. Internal_clear>- External_Clear
D. Internal_clear>- Communitis
E. Internal_clear>-All_communitis
Correct Answer: E
QUESTION 3
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit.

After being authenticated by the Security Gateway when a user starts an HTTP connection to a Web site
the user tries to FTP to another site using the command line. What happens to the user?
The….

A. FTP session is dropprd by the implicit Cleanup Rule.
B. User is prompted from the FTP site only, and does not need to enter username nad password for the Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.
Correct Answer: B
QUESTION 4
After being authenticated by the Security Gateway, When a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:
A. FTP session is dropped by the implicit Cleanup Rule
B. user is prompted from that FTP site on~, and does not need to enter username and password for Client Authentication
C. FTP connection is dropped by rule2
D. FTP data connection is dropped, after the user is authenticated successfully
E. User is prompted for authentication by the Security Gateway aqain
Correct Answer: B
QUESTION 5
You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlalform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VPN-1 and FireWall-1
C. SecurePlalform NGX R60
D. SVN Foundation
E. VPN-1 ProfExpress NGX R60
Correct Answer: C
QUESTION 6
What is the command to see the licenses of the Security Gateway Certkiller from your SmartCenter Server?
A. print Certkiller
B. fw licprint Certkiller
C. fw tab -t fwlic Certkiller
D. cplic print Certkiller
E. fw lic print Certkiller
Correct Answer: D
QUESTION 7
You set up a mesh VPN Community, so your internal network can access your partners network, and vice versa . Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All traffic among your internal and partner networks is sent in clear text. How do you configure VPN Community?
A. Disable ‘accept all encrypted traffic’, and put FTP and http in the Excluded services in the Community object Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field
B. Disable “accept all encrypted traffic” in the Community, and add FTP and http services to the Security Policy, with that Community object in the VPN field
C. Enable “accept all encrypted traffic”, but put FTP and http in the Excluded services in the Community. Add a rule in the Security Policy with services FTP and http, and the Community object in theVPN field
D. Put FTP and http in the Excluded services in the Community object Then add a rule in the Security Policy to allow any as the service, with the Community object in the VPN field
Correct Answer: B
QUESTION 8
Ophelia is the security Administrator for a shipping company. Her company uses a custom application to update the distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateways Rule Base includes a rule to accept this traffic. Ophelia needs to be notified, via atext message to her cellular phone, whenever traffic is accepted on this rule. Which of the following options is MOST appropriate for Ophelia’s requirement?
A. User-defined alert script
B. Logging implied rules
C. SmartViewMonitor
D. Pop-up API
E. SNMP trap
Correct Answer: A QUESTION 9

You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?
A. No QoS rule exists to match the rejected traffic
B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers
E. The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself
Correct Answer: B
QUESTION 10
Choose the BEST sequence for configuring user management on Smart Dash board, for use with an LDAP server
A. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit
B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties
C. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object
E. Configure a server object for the LDAP Account Unit, and create an LDAP resource object
Correct Answer: A