100% valid CheckPoint 156-515 Flydumps with more new added questions.By training the CheckPoint 156-515 questions, you will save a lot time in preparing the exam.Visit https://www.pass4itsure.com/156-515.html to get the 100% pass CheckPoint 156-515 ensure!
QUESTION 25
Which of the following vpn debug options purges ike.elg and vpnd.elg and creates a time stamp before starting ike debug and vpn debug at the same time?
A. mon
B. trunk
C. timeon
D. ikefail
E. ike on
Correct Answer: B
QUESTION 26
The list below provides all the actions check point recommends to troubleshoot a problem with an NGX product.
Select the answer that shows order of the recommended actions that make up check point’s troubleshooting guidelines?
A. B,C,A,E,D
B. A,E,B,D,C
C. A,B,C,D,E
D. B,A,D,E,C
E. D,B,A,C,E
Correct Answer: A
QUESTION 27
Gus is troubleshooting a problem with SMTP. He has enabled debugging on his security Gateway and needs to copy the *.elg files into an archive to send to Check Point Support. Which of the following files does Gus NOT need to send?
A. asmtpd.elg
B. mdq.elg
C. diffserv.elg
D. fwd.elg
Correct Answer: C
QUESTION 28
What can you do in the advanced mode of GuiDbEdit Query that you can’t do in the simple mode?
A. Query by object name
B. Log when medications are made
C. Run a CPMI Query
D. Query by table name
Correct Answer: C
QUESTION 29
When setting up a High Availability solution using ClusterXL, on which network objects do you define VPN properties?
A. On the networks
B. On the Synchronization Interface
C. On the gateway cluster
D. On the Management Server
E. On each Security Gateway in the Gateway cluster
Correct Answer: C
QUESTION 30
Where should you run the cpinfo command in a distributed environment?
A. SmartCenter Server and Security Gateways only
B. Security Gateonly
C. SmartConsole only
D. Client behind the Security Gateway
E. SmartCenter server only
Correct Answer: A
QUESTION 31
You have installed SecurePlatform R60 as Security Gateway operating system. As company requirements changed, you need the VTI features of NGX. What should you do?
A. In SmartDashboard click on the OS drop down menu and choose SecurePlatform Pro. You have to reboot the Security Gateway in order for the change to take effect
B. You have to re-install your Security Gateway with SecurePlatform Pro R60, as SecurePlatform R60 does not support VTIs
C. Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokia appliances
D. Nothing, because SPLAT R60 does support VTIs
E. Type “pro enable” on your Security Gateway and reboot it
Correct Answer: E
QUESTION 32
Which of the following processes is responsible for Policy related functions and communication between a SmartConsole and SmartCenter Server?
A. fwd
B. cpd
C. fw monitor
D. fw sam
E. fwm
Correct Answer: E QUESTION 33
To cross-reference srfw monitor output what should you do?
A. Run fw monitor on the client
B. Restart the client and run srfw monitor a second time
C. Run fw monitor and compare against a known good baseline
D. Run fw monitor from the Gateway
E. Run srfw monitor a second time
Correct Answer: D
QUESTION 34
Steve tries to configure directional VPN Rule match in the rule base. However, the match column does not have the option to see the Directional Match. Steve sees the following screen. What is the problem?
A. Steve must enable Advanced Routing on each Security Gateway
B. Steve must enable VPN Directional Match on the VPN advanced screen, in Global properties
C. Steve must enable directional_match (true) in the objects_5_0.C file on SmartCenter server
D. Steve must enable VPN Directional Match on the gateway object’s VPN tab
E. Steve must enable a dynamic-routing protocol, such as OSPF, on the Gateway’s
Correct Answer: B
QUESTION 35
Which of the following fw monitor commands only captures traffic between IP addresses 192.168.11.1 and 10.10.10.1?
A. fw monitor -e “accept src=192.168.11.1 or dst=192.168.11.1 or src=10.10.10.1 or dst=10.10.10.1;”
B. fw monitor -e “accept src=192.168.11.11 or dst=192.168.11.1;src=10.10.10.1 or dst=10.10.10.1;”
C. fw monitor -e “accept (src=192.168.11.1 and dst=10.10.10.1) or (src=10.10.10.1 and dst=192.168.11.1);”
D. fw monitor -e “accept src=192.168.11.1 and dst=192.168.11.1;src=10.10.10.1 and dst=10.10.10.1;”
E. fw monitor -e “accept src=192.168.11.1 or dst=192.168.11.1 and src=10.10.10.1 or dst=10.10.10.1;”
Correct Answer: C QUESTION 36
You modified the *def file on your Security Gateway, but the changes were not applied. Why?
A. There is more than one *.def file on the Gateway
B. *.def files must be modified on the SmartCenter Server
C. You did not have the proper authority
D. The *.def file on the Gateway is read-only
Correct Answer: B
QUESTION 37
After configuring ClusterXL, where do you install the Security Policy?
A. On each Security Gateway in the Gateway Cluster
B. On the Gateway Cluster
C. Policy installation is not required after configuring ClusterXL. This automatic in NGX
D. On the management Server
E. On the backup Security Gateway
Correct Answer: B
QUESTION 38
If you save the fw monitor output with option, how do you view the output file afterwards?
A. SmartView Tracker
B. The output file is ASCII, so you can use your preferred ASCII editor
C. SmartView Monitor
D. WINWORD.EXE or openoffice
E. Ethereal
Correct Answer: E
QUESTION 39
Each Module within the NGX kernel contains specific debugging flags. Which of the statements is true concerning kernel-debug flags?
A. Debug flags require an administrator to set them
B. Each flag is generic and can’t be modified to produce varying levels of information
C. Debugging flags can be configured to produce varying levels of information
D. Debug flags can’t be disabled
E. Debugging flags are universal across all modules
Correct Answer: C
QUESTION 40
A SecureRemote/SecureClient tunnel test uses which port?
A. UDP 18233
B. UDP 2746
C. TCP 18231
D. UDP 18321
E. UDP 18234
Correct Answer: E QUESTION 41
Assume you have a rule allowing HTTP traffic, on port 80, to a specific web server in a Demilitarized Zone (DMZ). If an external host port scans the web server’s IP address, what information will be revealed?
A. Port 80 is open on the web server
B. All ports are open on the web server
C. The web server’s file structure is revealed
D. All ports are open on the Security Server
E. Nothing, the NGX Security Server Automatically block all ports scans
Correct Answer: A
QUESTION 42
Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the initial Policy?
A. fw stat
B. fw policy
C. cp stat
D. fw monitor
E. cp policy
Correct Answer: A
QUESTION 43
Policy Server login and Desktop Policy installation will kill which of the following processes on the client machine?
A. fw monitor
B. srfw monitor
C. fwm
D. fwd
E. cpd
Correct Answer: B
QUESTION 44
What does it indicate when a cluster state is “Active Attention”?
A. Both cluster members are up and ready
B. Cluster members are running different versions: The newer version member is in the ready state, which the older version member is in the active state
C. Traffic is being passed, but a problem has been detected: There are no other active members in the cluster
D. The cluster member is booting: CluserXL is running, but VPN-1/NGX is not yet ready
Correct Answer: C
QUESTION 45
When you verify IP Forwarding on SecurePlatform Pro using the command more /proc/sys/net/ipv4/ ip_forward, what vale should stored in the resulting file?
A. 0
B. Y
C. P
D. 1
E. 4
Correct Answer: D
QUESTION 46
VPN debugging information is written to which of the following files?
A. FWDIR/log/fw.elg
B. FWDIR/log/ahttpd.elg
C. FWDIR/log/vpn.elg
D. FWDIR/log/authd.elg
E. $FWDIR/log/ike.elg
Correct Answer: E
QUESTION 47
Gill Bates is in charge of a large enterprise, which requires VPN connections between offices around the world. To achieve this Gill decides to use a dynamic routing protocol to make sure all offices are connected through the VPN community using tunnel interfaces among all peers. Nothing is configured in vpn_route.conf. However, Gill is experiencing connectivity problems and when examining the logs he discovers multiple “out of state” drops. What is the most likely cause of and solution to this problem?
A. Asymmetric routing will happen if nothing has been configured in vpn_route.conf. The vpn_route.conf should be configured to prevent asymmetric routing
B. The dynamic routing protocol introduces asymmetric routing in Gill’s VPN community. Gill should use wire mode on the VPN tunnel interfaces
C. In this configuration, NAT is necessary for traffic to be routed correctly. IP pool NAT should be configured on each gateway
D. The firewall security policy drops the traffic. Gill should introduce a Directional VPN rule to allow the VPN traffic
Correct Answer: B
QUESTION 48
Gill Bates is in charge of a large enterprise, which requires VPN connections between offices around the world. To achieve this Gill decides to use a dynamic routing protocol to make sure all offices are connected through the VPN community using tunnel interfaces among all peers. Nothing is configured in vpn_route.conf. However, Gill is experiencing connectivity problems and when examining the logs he discovers multiple “out of state” drops. What is the most likely cause of and solution to this problem?
A. The firewall security policy drops the traffic. Gill should introduce a Directional VPN rule to allow the VPN traffic
B. The dynamic routing protocol introduces asymmetric routing in Gill’s VPN community. Gill should use wire mode on the VPN tunnel interfaces
C. In this configuration, NAT is necessary for traffic to be routed correctly. IP pool NAT should be configured on each gateway
D. Asymmetric routing will happen if nothing has been configured in vpn_route.conf. The vpn_route.conf should be configured to prevent asymmetric routing
Correct Answer: B
QUESTION 49
Which files should be acquired from a Windows 2003 Server System crash with a Dr. Watson Error?
A. drwtsn32.log
B. core.log
C. vmcore.log
D. memory.log
E. info.log
Correct Answer: A QUESTION 50
fw monitor packets are collected from the kernel in a buffer. What happens if the buffer becomes full?
A. Packet capture stops
B. The information in the buffer is saved and packet capture continues, what new data stored in the buffer
C. All packets in it are deleted and the buffer begins filling from the beginning
D. Older packet information is dropped as new packet information is added
Correct Answer: C QUESTION 51
Which of the following is a consequence of using the fw ctl debug all option?
A. No debug output will be collected since this is an invalid flag
B. Writes limited amounts of data to the console
C. Options is not recommended because it fills the log buffer with likely irrelevant information
D. Provides state information for all ports
E. Loads step-by-step firewall data to a user-defined log file
Correct Answer: C QUESTION 52
Which of the following commands is used to read messages in the debug buffer?
A. fw ctl debug
B. fw ctl kdebug
C. fw ctl debug uf
Correct Answer: B QUESTION 53
After a sudden spike in traffic, you receive this system log file message: “Kernel: FW-1: Log Buffer is full”. Which is NOT a solution?
A. Reconfigure the minimum disk space “stop logging” threshold
B. Decrease the amount of logging
C. Increase the log buffer size
D. Disable logging
Correct Answer: A QUESTION 54
Which statement is true for route based VPNs?
A. Route-based VPNs replace domain-based VPNs
B. Route-Based VPNs are a form of partial overlap VPN Domain
C. IP Pool Nat must be configured on each gateway
D. Dynamic-routing protocols are not required
E. Packets are encrypted or decrypted automatically
Correct Answer: D QUESTION 55
To start both vpnd.elg and ike.elg, which single vpn debug command would you use?
A. vpn tu
B. vpn debug ikeon
C. vpn debug trunc
D. vpn debug vpnd.elg + ike
E. vpn debug ikeinit
Correct Answer: C
QUESTION 56
Which of the following types of information should an Administrator use tcpdump to view?
A. Packet-header analysis
B. AppleTalk Traffic analysis
C. NAT traffic analysis
D. DECnet traffic analysis
E. VLAN trunking analysis
Correct Answer: A
QUESTION 57
How does fw monitor differ from the INSPECT filter?
A. Fw monitor allows Administrators to view how traffic would be filtered through a specific Rule Base, if implemented. The INSPECT filter implements the Rule Base
B. Fw monitor is a command-line utility that can be used for packet-header analysis, while the INSPECT filter implements the Rule Base
C. fw monitors traffic passing through a security Gateway’s interfaces. The INSPECT filter implements the Rule Base.
D. Fw monitor captures all packets on the network segment to which an interface is attached. The INSPECT filter implements the Rule Base
E. Fw monitor tracks changes made to the Rule base. The INSPECT filter implements the Rule Base
Correct Answer: C
QUESTION 58
Which of these issues would you use fw debug fwm as the primary debugging command for troubleshooting?
A. Alerts
B. Policy save issues
C. Blocked Port Issues
D. Logging issues
E. Kernel communication issues
Correct Answer: B
QUESTION 59
Which of the following explanations best describes the audit log file xx.adtloginitial_ptr?
A. Pointers to the beginning of each log chain
B. Additional temporary pointer file
C. Pointers to the begging of each log record
D. Audit log records
E. Pointers to the beginning of each accounting record
Correct Answer: A QUESTION 60
Resource rules that accept HTTP, FTP and SMTP must:
A. Replace rules that accept these services
B. Be placed after rules that accept these services
C. Be placed before rules that accept these services
D. Be placed before rules that deny these services
E. Be placed after rules that deny these services
Correct Answer: C
QUESTION 61
Which of the following explanations best describes the active log file $FWDIR/log/xx.logptr?
A. Real log records
B. Pointers to the beginning of each log record
C. Pointers to the beginning of each log chain
D. Pointers to the beginning of each accounting record
E. Additional temporary pointer file
Correct Answer: B
QUESTION 62
You create a FTP resource and select the Get check box. Which of the following actions are denied to users, on net-detroit, when using FTP to an external host when the rule action is “accept” and no other permissive ftp rule exists lower in the rule base?
A. Put
B. Change
C. List
D. mget
E. Directory
Correct Answer: A
QUESTION 63
Which of the following explanations best describes the active log file $FWDIR/log/xx.logptr?
A. Pointers to the beginning of each accounting record
B. Pointers to the beginning of each log record
C. Pointers to the beginning of each log chain
D. Additional temporary pointer file
E. Real log records
Correct Answer: B
QUESTION 64
Which of the following explanations best describes the command fw lslogs?
A. Control kernel
B. Display protected hosts
C. Send signal to a daemon D. Create a new log file. The old log has moved
E. Display a remote machine’s log-file list
Correct Answer: E
QUESTION 65
Which of the following commands can you run to view packet flow of a VPN-1 SecuRemote/SecureClient connection?
A. sc monitor
B. fw monitor
C. srfw monitor
D. cpd monitor
E. vpn monitor
Correct Answer: C
CheckPoint 156-515 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section. CheckPoint 156-515 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging CheckPoint 156-515 review questions help you assess your knowledge and reinforce key concepts.CheckPoint 156-515 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.