The 100% valid latest Checkpoint 156-815 question answers ensure you 100% pass! And now we are offering the free Checkpoint 156-815 new version along with the VCE format Checkpoint 156-815 practice test. Free download more new Checkpoint 156-815 PDF and VCE on Flydumps.com.
QUESTION 59
You work as an administrator at Certkiller .com. You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional are allowed in the Action properties. If traffic passing
through the QoS Module matches both rules, which of the following statement is true?
A. Neither rule will be allocated more than 10% of available bandwidth
B. The H.323 rulel will consume no more than 2048 Kbps of available bandwidth
C. 50% of available bandwidth will be allocated to the H.323 rule
D. 50% 01 available bandwidth will be allocated to the Default Rule
E. Each H.323 connection will receive at least 512 Kbps of bandwidth
Correct Answer: B
QUESTION 60
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security-Gateway from SmartDashboard
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the actrvation key Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC)
C. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of SmartCenter Server>-.
D. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of security Gateway>-.
E. Re-install the Security Gateway
Correct Answer: B
QUESTION 61
One of your remove Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive error message “unknown”. What is the problem?
A. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate
B. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX
C. The Internal Certfcate Authorty for the SmartCenter object has been removed from objects_5_0 c
D. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection
Correct Answer: E
QUESTION 62
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
QUESTION 63
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the
external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?
A. Internal Gateway VPN Domain = Internal_net External VPN Domain = external net + external gateway object + internal_net.
B. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = external_net + internal gateway object
C. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal_net + external_net
D. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net
Correct Answer: D
QUESTION 64
Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee
Correct Answer: A
QUESTION 65
Certkiller is the Security Administrator for Certkiller .com’s large geographically distributed network. The internet connection at one of her remote sites failed during the weekend, and the Security Gateway logged locally for over 48 hours. Certkiller is concerned that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application should Certkiller use, to view the percent of free hard-disk space on the remote Security Gateway?
A. SmartView Status
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartLSM
Correct Answer: D
QUESTION 66
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and view hidden rules Select the rule, right-click, and select Disable
B. Uninstall the Security Policy, and then disable the rule
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rule (s)”
Correct Answer: E
QUESTION 67
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queue using Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair queuing
E. guaranteed per VolP rule
Correct Answer: A
QUESTION 68
As a Security Administrator, you must configure anti-spoofing on Security Gateway interfaces, to protect your Internal networks. What is the correct anti-spoofing setting on interface ETH1 in this network diagram?
NOTE In the DMZ, mail server 192.168.16.10 is statically translated to the object “mail_valid”, with IP address 210.210.210.3. The FTP server 192.168.16.15 is statically translated to the object “flp_valid”, with IP address 210.210.210.5
A. A group object that includes the 10.10.0.0/16 and 192.168.16.0/24 networks, and mail_valid and ftp_valid host objects
B. A group object that includes the 10.10.20.0/24 and 10.10.10.0/24networks
C. A group object that includes the 10.10.0.0/16 network object, mail_valid host,and ftp_valid host object
D. A group object that includes the 192.168.16.0/24 and 10.10 0.0/16 networks
E. A group object that includes the 10.10.10.0/24 and 192.168.16.0/24networks
Correct Answer: B
QUESTION 69
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results Required Result #1: Do not purchase new hardware Required Result #2: Use configuration changes that do not reduce security Desired Result #1: Reduce the number of explicit rules in the Rule Base Desired Result #2: Reduce the volume of logs Desired Result #3: Improve the Gateway’s performance Proposed Solution: Mary recommends the following changes to the Gateway’s configuration:
1.
Replace all domain objects with network and group objects.
2.
Stop logging Domain Name over UDP (queries)
3.
Use Global Properties, instead of explicit rules, to control ICMP. VRRP, and RIP. Does Mary’s proposed solution meet the required and desired result s?
A. The solution meets the required results, and two of the desired results
B. The solution does not meet the required results
C. The solution meets all required results, and none of the desired results
D. The solution meets all required and desired results
E. The solution meets the required results, and one of the desired results
Correct Answer: A
QUESTION 70
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter
Correct Answer: B
QUESTION 71
Jacob is using a mesh VPN Community to create a site-to-site VPN. The VPN properties in this mesh Community display in this graphic Exbibit: Which of the following statements isTRUE?
A. If Jacob changes the setting,”Perform key exchange encryption with” from “3DES” to “DES”, he will enhance the VPN Community’s security and reduce encryption overhead
B. Jacob’s VPN Community will perform IKE Phase 1 key-exchanqe encryption, usinq the lonqest key VPN-1 NGX supports
C. Jacob must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES
D. If Jacob changes the setting “Perform IPsec data encryption With” from “AES-128” to “3DES”, he will increase the encryption overhead
Correct Answer: D
QUESTION 72
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for “selective sync”. The following is the fwtab -t connections – s output from both members: Is State Synchronization working properly between the two members?
A. Members A and B are synchronized, because ID for both members is identical in the connections table
B. The connections-table output is incomplete. You must run the cphaprob state command, to determine if members A and B are synchronized
C. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table
D. Members A and B are synchronized, because #SLlNKS are identical in the connections table
E. Members A and B are not synchronized, because #VALS in the connections table are not close
Correct Answer: E
QUESTION 73
Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?
A. Guarantees
B. Low Latency Oueuing
C. Differentiated Services
D. Weighted FairOueueing
E. Limits
Correct Answer: C
QUESTION 74
Your network includes ClusterXL running Multicast mode on two members, as shown in this topology
Your network is expanding, and you need to add new interfaces 10.10.10.1/24 on Member A, and
10.10.10.2/24 on Member B. The virtual lP address for interface 10.10.10.0/24 is 10.10.10.3.What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.
3.
Update the technology in the cluster object for the cluster and both members.
4.
Install the Security Policy.
B. 1. Disable “Cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.
3.
Reenable “Cluster membership” on the Gateway.
4.
Perform the same step on the other Gateway.
5.
Update the topology in the cluster object for the cluster and members.
6.
Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run spstart on the member. Repeat the same steps on another member.
3.
Update the new topology in the cluster object for the cluster and members.
4.
Install the Security Policy.
D. 1, Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster on both membes.
3.
Install the Security Policy.
Correct Answer: C
QUESTION 75
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object Reinstall the Security Policy
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig
D. Change the cluster mode to Unicast on the cluster-member object
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address
Correct Answer: A
QUESTION 76
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway
Correct Answer: B
QUESTION 77
You have locked yourself out of SmartDashboard With the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartDashboard. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server
B. Run fw unlocklocal on the SmartCenter Server
C. Run fw unloadlocal on the Security Gateway
D. Delete the $fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway
Correct Answer: C
QUESTION 78
By default, a standby SmartCenter Server is automatically synchronized by an active SmartCenter Server, when:
A. The Security Policy is installed
B. The Security Policy is saved
C. The user database is installed
D. The Security Administrator logs in to the standby SmartCenter Server, for the first time
E. The standby SmartCenter Server starts for the first time
Correct Answer: A
QUESTION 79
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule
Correct Answer: A
QUESTION 80
Your VPN Community includes three Security Gateways. Each Gateway has its own intemal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, Without stopping the VPN. What is the correct order of steps?
A. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
B. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface
C. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
D. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface
Correct Answer: B
QUESTION 81
Barak is a security administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that few office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the internal Certificate Authority(ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?
A. 1,2,5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1,2,3,4
Correct Answer: C
QUESTION 82
Certkiller is recently hired as the Security Administrator for Certkiller .com. Jack Bill’s manager has asked
her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Certkiller
must propose a plan based on the following required and desired results:
Required Result #1: Do not purchase new hardware. Required Result #2: Use configuration changes the
do not reduce security. Desired Result #1: Reduce the number of explicit rules in the Rule Base.
Desired Result #2: Reduce the volume of logs.
Desired Result #3: Improve the Gateway’s performance.
Proposed solution:
*
Replace all domain objects with network and group objects.
*
Check “Log implied rules” and “Accept ICMP requests” in Global Properties.
*
Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP. Does Certkiller’s proposed solution meet the required and desired results?
A.
The solution meets all required and desired results.
B.
The solution meets all required, and one of the desired results.
C.
The solution meets all required, and two of the desired results.
D.
The solution meets all required, and none of the desired results.
E.
The solution does not meet the required results.
Correct Answer: E
QUESTION 83
After installing VPN-1 Pro NGX R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?
A. The NIC is faulty. Replace it and reinstall
B. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the WebUI
C. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA)
D. Make sure the driver for your particular NIC is available and reinstall. You will be prompted for the driver
Correct Answer: B
QUESTION 84
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?
A. IKE Key Exchange
B. TCP keep alive
C. ICMP Port Unreachable
D. UDP keep alive
Correct Answer: D QUESTION 85
Which SmartConsole component can administrators use to track remote administrative activities?
A. Eventia Reporter
B. SmartView Monitor
C. SmartView Tracker
D. The WebUI
Correct Answer: D QUESTION 86
We provide Checkpoint 156-815 help and information on a wide range of issues. Checkpoint 156-815 is professional and confidential and your issues will be replied within 12 hous. Checkpoint 156-815 free to send us any questions and we always try our best to keeping our Customers Satisfied.