CheckPoint

Latest Release Checkpoint 156-315 Practice Answers and Questions Easily Free Download

No Comments

Latest 156-315 Checkpoint Real Exam Questions,Latest Release Checkpoint https://www.pass4itsure.com/156-315.html Practice Answers and Questions Easily Free Download

Exam A
QUESTION 1
Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee
Correct Answer: A
QUESTION 2
Which of the following commands shows full synchronization status?
A. cphaprob -i list
B. cphastop
C. fw ctl pstat
D. cphaprob -a if
E. fw hastat
Correct Answer: A
QUESTION 3
Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization’s three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?
A. The related end-points domain specifies an address range.
B. VoIP Domain SIP objects cannot be placed in simple groups.
C. The installed VoIP gateways specify host objects.
D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
E. The VoIP Domain SIP object’s name contains restricted characters.
Correct Answer: B

QUESTION 4
The following rule contains an FTP resource object in the Service field:
Source: local_net Destination: Any Service: FTP-resource object Action: Accept
How do you define the FTP Resource Properties > Match tab to prevent internal users from sending corporate files to external FTP servers, while allowing users to retrieve files?
A. Enable the “Get” method on the match tab.
B. Disable “Get” and “Put” methods on the Match tab.
C. Enable the “Put” and “Get” methods.
D. Enable the “Put” method only on the match tab.
E. Disable the “Put” method globally.
Correct Answer: A QUESTION 5

You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed
Correct Answer: C
QUESTION 6
Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies.
How do you request a new license for this VPN-1 NGX upgrade?
A. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP address. Request a new local license for the NGX VPN-1 Pro Gateway.
B. Request a VPN-1 NGX SmartCenter Server license, using the new machine’s IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
C. Request a new VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
D. Request a VPN-1 NGX SmartCenter Server license, using the NG with AI SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway, licensed for the existing SmartCenter Server IP address.
Correct Answer: D

QUESTION 7
You are preparing a lab for a ClusterXL environment, with the following topology:
Vip internal cluster IP = 172.16.10.1; Vip external cluster IP = 192.168.10.3 Cluster Member 1: four NICs, three enabled: qfe0: 192.168.10.1/24, qfe1: 10.10.10.1/24, qfe2: 172.16.10.1/24 Cluster Member 2: five NICs, three enabled; hme0: 192.168.10.2/24, eth1: 10.10.10.2/24, eth2: 172.16.10.2/24 Member Network tab on internal-cluster interface: is 10.10.10.0, 255.255.255.0 SmartCenter Pro Server: 172.16.10.3
External interfaces 192.168.10.1 and 192.168.10.2 connect to a Virtual Local Area Network (VLAN) switch. The upstream router connects to the same VLAN switch. Internal interfaces 10.10.10.1 and
10.10.10.2 connect to a hub. There is no other machine in the 10.10.10.0 network. 172.19.10.0 is the synchronization network. What is the problem with this configuration?

A. The SmartCenter Pro Server cannot be in the synchronization network.
B. There is no problem with this configuration. It is correct.
C. Members do not have the same number of NICs.
D. The internal network does not have a third cluster member.
E. Cluster members cannot use the VLAN switch. They must use hubs.
Correct Answer: B
QUESTION 8
You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VPN-1 and FireWall-1
C. SecurePlatform NGX R60
D. SVN Foundation
E. VPN-1 Pro/Express NGX R60
Correct Answer: C
QUESTION 9
Which service type does NOT invoke a Security Server?
A. HTTP
B. FTP
C. Telnet
D. CIFS
E. SMTP
Correct Answer: D
QUESTION 10
You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/FireWall-1 NG FP3, with the latest Hotfix.
What is the correct upgrade procedure?
1.
Change the version, in the General Properties of the gateway-cluster object.

2.
Upgrade the SmartCenter Server, and reboot after upgrade.

3.
Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade.

4.
Reinstall the Security Policy.
A. 3, 2, 1, 4
B. 2, 4, 3, 1
C. 1, 3, 2, 4
D. 2, 3, 1, 4
E. 1, 2, 3, 4
Correct Answer: D QUESTION 11
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
C. Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
D. Change the cluster mode to Unicast on the cluster-member object.
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address.

Correct Answer: A QUESTION 12
Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company’s file server, on \\erisco\goldenapple\files\public.
Robert receives reports that users are unable to access the shared partition, unless they use the file server’s IP address. Which of the following is a possible cause?
A. Mapped shares do not allow administrative locks.
B. The CIFS resource is not configured to use Windows name resolution.
C. Access violations are not logged.
D. Remote registry access is blocked.
E. Null CIFS sessions are blocked.

Correct Answer: B QUESTION 13

read more: https://www.pass4itsure.com/156-315.html

Continue Reading

CheckPoint

100% Pass CheckPoint 156-215 Exam By Training CheckPoint 156-215 Exam Dumps

No Comments

Welcome to download the newest Flydumps 156-215 VCE dumps: https://www.pass4itsure.com/156-215.html

Exam A
QUESTION 1
Which VPN-1 NGX feature or command allows Security Administrators to revert to earlier versions of the same Security Policy?
A. Policy Package management
B. cpinfo
C. cpconfig
D. Database Revision Control
E. upgrade_export/import

Correct Answer: D
QUESTION 2
In SmartView Tracker, you see an entry for an outbound connection showing address translation. But when setting SmartView Tracker to show all entries for that connection, only outbound entries show. What is the possible cause for this?
A. The entry is for a Manual Dynamic NAT connection, from a specific host infected by a worm.
B. The entry is for a Manual Static NAT connection, where inbound traffic is managed by a separate rule.
C. The entry is for a Static NAT connection, from a specific host that has been infected by a worm.
D. The entry is for a Dynamic NAT connection from a specific host.

Correct Answer: B
QUESTION 3
Which of the following commands is used to restore VPN-1 NGX configuration information?
A. gunzip
B. cpconfig
C. fw ctl pstat
D. cpinfo
E. upgrade_import

Correct Answer: E
QUESTION 4
Which OPSEC server is used to prevent users from accessing certain Web sites?
A. CVP
B. DEFENDER
C. URI
D. FTP
E. UFP

Correct Answer: E
QUESTION 5
Your organization Certkiller .com’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How would you request and apply the license?
A. Request a central license, using the remote Security Gateway’s IP address. Apply he license locally with the fwputlic command.
B. Request a central license, using the SmartCenter Server’s IP address. Apply the license locally on the remote Gateway with the fwputlic command.
C. Request a central license, using your SmartCenter Server’s IP address. Attach the license to the remote Gateway via SmartUpdate.
D. Request a central license, using the remote Gateway’s IP address. Attach the license to the remote Gateway via SmartUpdate.
E. Request local licenses for all Gateways separately. Apply the license locally on the remote Gateways with the fwputlic command.

Correct Answer: C
QUESTION 6
How do you create more granular control over commands, such as CWD and FIND, in FTP data connections?
A. Use Global Properties > Security Server settings.
B. Use the gateway object’s Security Server settings.
C. Use the Service field of the Rule Base.
D. Use an FTP resource object.
E. Use FTP Security Server settings in SmartDefense.

Correct Answer: E
QUESTION 7
Which of the following is the final step in a VPN-1 NGX backup?
A. Test restoration in a non-production environment, using the upgrade_import command.
B. Move the *.tgz file to another location.
C. Copy the conf directory to another location.
D. Run the upgrade_export command.
E. Run the cpstop command.

Correct Answer: B
QUESTION 8
Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server:
A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application.
B. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
E. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.

Correct Answer: C
QUESTION 9
You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer’s Gateway. Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel?
A. Hide NAT
B. None
C. Dynamic NAT
D. Static NAT
E. Manual NAT

Correct Answer: B
QUESTION 10
Yoav is a Security Administrator preparing to implement a VPN solution for his multisite organization. To comply with industry regulations, Yoav’s VPN solution must meet the following requirement:
*
Portability: Standard

*
Key management: Automatic, external PKI

*
Session keys: Changed at configured times during a connection’s lifetime

*
Key length: No less that 128-bit

*
Data integrity: Secure against inversion and brute-force attacks What is the most appropriate setting Yoav should choose?

A.
IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash

B.
IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash

C.
IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash

D.
IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash

E.
IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash

Correct Answer: E

Flydumps 156-215 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/

Continue Reading