Nowadays, Flydumps has published the newest Checkpoint 156-515 exam dumps with free vce test software and pdf dumps, and the latest Checkpoint 156-515 question answers ensure you a 100% pass and a money back guarantee.
QUESTION 31
How do you run fw ctl debug, to see all information about a cluster?
A. fw ctl debug cluster all fw ctl debug > output fw ctl debug uf 1024
B. fw ctl pstat fw ctl debug all fw ctl debug > out
C. fw ctl debug uf 1024 fw ctl debug cluster all fw ctl kdebug > output
D. fw ctl debug on fw ctl debug cluster all fw ctl kdebug > output
E. fw ctl debug on fw ctl debug uf 1024 fw ctl debug cluster all fw ctl kdebug > output
Correct Answer: C
QUESTION 32
What does it indicate when a cluster state is “Active attention”?
A. The cluster member is booting: ClusterXL is running, but VPN-1/ NGX is not yet ready.
B. Both cluster members are up and ready.
C. Cluster members are running different versions: The newer version member is in the ready state, while the older version member is in the active state.
D. Traffic is being passed, but a problem has been detected: There are no other active members in the cluster.
Correct Answer: D
QUESTION 33
Which of these issues would you use fw debug fwm as the primary debugging command for troubleshooting?
A. Policy save issues
B. Logging issues
C. Kernel communication issues
D. Alerts
E. Blocked port issues
Correct Answer: A
QUESTION 34
You have implemented a Check Point High Availability solution. You have defined a Gateway Cluster and a group of Security Gateways with synchronized state tables. If the active Security Gateway fails, what happens?
A. Clear text connections survive the failure. Encrypted connections must be re-established.
B. All connections must be re-established with the Security Gateway that assumes control.
C. The control network is flooded with synchronization packets.
D. Encrypted and clear text connections fail over to the Security Gateway that assumes control.
E. The remaining Security Gateway force an election to determine who takes over.
Correct Answer: D
QUESTION 35
To troubleshoot SmartDashboard issues, you run the command: fw debug fwm on TDERRR_ALL_ALL=4. What does this command do?
A. Nothing, fwm is not the correct process to debug any known SmartDashboard issues.
B. Captures traffic, including UUID.
C. Sets the fwm to debug on the fly.
D. Appends the process-identifier number to the core filename.
E. Includes special debugging options for FW1_LOG.
Correct Answer: C
QUESTION 36
You use -0 to set the number of processes to be spawned when troubleshooting Security Server. How many will be spawned?
A. The parent process will spawn up to 10000 child processes.
B. No processes will be spawned.
C. The parent process will not spawn the child processes.
D. The parent process will now spawn the child processes as needed.
Correct Answer: D
QUESTION 37
Resource rules that accept HTTP, FTP, and SMTP must:
A. Replace rules that accept these services.
B. Be placed after rules that accept these services.
C. Be placed before rules that accept these services.
D. Be placed before rules that deny these services.
E. Be placed after rules that deny these services.
Correct Answer: C
QUESTION 38
In some circumstances, adjusting the number of Security Servers spawned may help in troubleshooting performance issues. Which of the following files would you edit to achieve this?
A. fwm.conf
B. fwssd.conf
C. fwauthd.conf
D. fwd.conf
E. fwx.conf
Correct Answer: C
QUESTION 39
When Network Address Translation is used:
A. VLAN tagging cannot be defined for any hosts protected by the Gateway
B. It is not necessary to add a static route to the Gateway’s routing table.
C. The Security Gateway’s ARP file must be modified.
D. The Gateway’s lmhosts file must be modified.
E. It is necessary to add a static route to the Gateway’s routing table.
Correct Answer: B
QUESTION 40
You have installed SecurePlatform R60 as Security Gateway operating system. As company requirements changed, you need the VTI features of NGX. What should you do?
A. In SmartDashboard click on the OS drop down menu and choose SecurePlatform Pro. You have to reboot the Security Gateway in order for the change to take effect
B. Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokia appliances
C. You have to re-install your Security Gateway with SecurePlatform Pro R60, as SecurePlatform R60 does not support VTIs
D. Nothing, because SPLAT R60 does support VTIs
E. Type “pro enable” on your Security Gateway and reboot it
Correct Answer: E
QUESTION 41
userc.C is populated on the SecuRemote/SecureClient during what stage of the SecuRemote/SecureClient packet flow.
A. When connecting/encrypting data.
B. When creating a site.
C. When connecting/IKE negotiation.
D. When connecting/resolving Gateway IP.
Correct Answer: B
QUESTION 42
When you verify IP forwarding on SecurePlatform Pro using the command more /proc/sys/net/ipv4/ ip_forward, what value should stored in the resulting file?
A. Y
B. P
C. 1
D. 0
E. 4
Correct Answer: C
QUESTION 43
How does fw monitor differ from the INSPECT filter?
A. fw monitor monitors traffic passing through a Security Gateway’s interfaces. The INSPECT filter implements the Rule Base.
B. fw monitor allows Administrators to view how traffic would be filtered through a specific Rule Base, if implemented. The INSPECT filter implements the Rule Base.
C. fw monitor tracks changes made to the Rule Base. The INSPECT filter implements the Rule Base.
D. fw monitor captures all packets on the network segment to which an interface is attached. The INSPECT filter implements the Rule Base.
E. fw monitor is a command-line utility that can be used for packet-header analysis, while the INSPECT filter implements the Rule Base.
Correct Answer: A
QUESTION 44
Policy Server login and Desktop Policy installation will kill which of the following processes on the client machine?
A. srfw monitor
B. fwm
C. fw monitor
D. fwd
E. cpd
Correct Answer: A
QUESTION 45
To cross-reference srfw monitor output what should you do?
A. run fw monitor on the client.
B. run srfw monitor a second time.
C. run fw monitor from the Gateway.
D. restart the client and run srfw monitor a second time.
E. run fw monitor and compare against a known good baseline.
Correct Answer: C
QUESTION 46
After configuring ClusterXL, where do you install the Security Policy?
A. On the Gateway Cluster
B. On the backup Security Gateway
C. On the Management Server
D. Policy installation is not required after configuring ClusterXL. This is automatic in NGX
E. On each Security Gateway in the Gateway Cluster
Correct Answer: A
QUESTION 47
Which native UNIX utility displays fw monitor output on Solaris?
A. tcpdump
B. Ethereal
C. snoop -i (lowercase)
D. CapView
E. snoop (lowercase)
Correct Answer: C
QUESTION 48
When you run the fw monitor -e “accept;” command, what type of traffic is captured?
A. All traffic coming in all directions, before and after inbound and outbound kernels.
B. Only inbound traffic, before and after inbound and outbound kernels.
C. Only outbound traffic, before and after the outbound kernel.
D. All traffic accepted by the Rule Base.
E. Only inbound traffic, before and after the inbound kernel.
Correct Answer: A
QUESTION 49
Which of the following explanations best describes the command fw lslogs?
A. Display a remote machine’s log-file list.
B. Create a new log file. The old log has moved.
C. Control kernel.
D. Send signal to a daemon.
E. Display protected hosts.
Correct Answer: A
QUESTION 50
Which of the following commands shows full synchronization status?
A. cphaprob -I list
B. fw hastat
C. cphaprob -a if
D. fw ctl stat
E. cphastop
Correct Answer: A
QUESTION 51
How do you disable all fw debug logging?
A. fw ctl debug
B. fw ctl debug uf
C. fw ctl debug
Correct Answer: C QUESTION 52
Joey downloads the following Desktop Security Policy to his laptop, and successfully logs in to the Policy Server. Joey then disconnects from the VPN-1 Policy Server. What happens to Joey’s laptop?
A. A default Desktop Security Policy is loaded on Joey’s laptop, which opens up inbound and outbound connections.
B. There is no default Desktop Security Policy, unless the client connects to the Security Gateway.
C. A default Desktop Security Policy is loaded on Joey’s laptop, which allows Joey to connect to the Internet. Joey cannot receive any inbound traffic.
D. A default Desktop Security Policy is loaded on Joey’s laptop, which allows Joey to connect to anywhere, except the Policy Server site’s VPN Domain.
E. A default Desktop Security Policy is loaded on Joey’s laptop, which allows everyone from the Internet access to Joey’s machine. Joey cannot connect to the Internet.
Correct Answer: C
QUESTION 53
Gill Bates is in charge of a large enterprise, which requires VPN connections between offices around the world. To achieve this Gill decides to use a dynamic routing protocol to make sure all offices are connected through the VPN community using tunnel interfaces among all peers.
Nothing is configured in vpn_route.conf. However, Gill is experiencing connectivity problems and when examining the logs he discovers multiple “out of state” drops. What is the most likely cause of and solution to this problem?
A. Asymmetric routing will happen if nothing has been configured in vpn_route.conf. The vpn_route.conf should be configured to prevent asymmetric routing
B. The firewall security policy drops the traffic. Gill should introduce a Directional VPN rule to allow the VPN traffic
C. The dynamic routing protocol introduces asymmetric routing in Gill’s VPN community. Gill should use wire mode on the VPN tunnel interfaces
D. In this configuration, NAT is necessary for traffic to be routed correctly. IP pool NAT should be configured on each gateway
Correct Answer: C QUESTION 54
When setting up a High Availability solution using ClusterXL, on which network objects do you define VPN properties?
A. On the synchronization interface
B. On the Management Server
C. On each Security Gateway in the Gateway Cluster
D. On the networks
E. On the Gateway Cluster
Correct Answer: E
QUESTION 55
The following is part of a fw ctl pstat output. How much kernel memory is assigned to this system?
A. 6 MB
B. 20 MB
C. 5 MB
D. 12 MB
E. 37 MB
Correct Answer: B
QUESTION 56
Which of the following processes is responsible for Policy related functions and communication between a SmartConsole and SmartCenter Server?
A. cpd
B. fw monitor
C. fwd
D. fw sam
E. fwm
Correct Answer: E
QUESTION 57
After a sudden spike in traffic, you receive this system log file message: “kernel: FW-1: Log buffer is full”. Which is NOT a solution?
A. Increase the log buffer size.
B. Disable logging.
C. Reconfigure the minimum disk space “stop logging” threshold.
D. Decrease the amount of logging.
Correct Answer: C
QUESTION 58
You use fwm to input the following command: fwm lock_admin a. What does this command do?
A. Uninstalls all Administrators, except the default Administrator
B. Locks all Administrator accounts
C. Unlocks all Administrator accounts
D. Sets the access level of Administrators to “all-access”
Correct Answer: C
QUESTION 59
What can you do in the advanced mode of GuiDbEdit Query that you cannot do in the simple mode?
A. Run a CPMI Query.
B. Log when modifications are made.
C. Query by object name.
D. Query by table name.
Correct Answer: A
QUESTION 60
Each module within the NGX kernel contains specific debugging flags.
Which of the statements is true concerning kernel-debug flags?
A. Debugging flags are universal across all modules.
B. Debug flags cannot be disabled.
C. Debugging flags can be configured to produce varying levels of information.
D. Debug flags require an administrator to set them.
E. Each flag is generic and cannot be modified to produce varying levels of information.
Correct Answer: C
QUESTION 61
Which of the following explanations best describes the active log file $FWDIR/log/xx.logptr?
A. Additional temporary pointer file
B. Real log records
C. Pointers to the beginning of each log record
D. Pointers to the beginning of each log chain
E. Pointers to the beginning of each accounting record
Correct Answer: C
QUESTION 62
If you save the fw monitor output with option, how do you view the output file afterwards?
A. SmartView Tracker
B. The output file is ASCII, so you can use your preferred ASCII editor.
C. SmartView Monitor
D. Ethereal
E. WINWORD.EXE or OpenOffice
Correct Answer: D
QUESTION 63
You create a FTP resource and select the Get check box. Which of the following actions are denied to users, on net-detroit, when using FTP to an external host when the rule action is “accept” and no other permissive ftp rule exists lower in the rule base?
A. mget
B. change
C. put
D. directory
E. list
Correct Answer: C
QUESTION 64
Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?
A. Host-based VPN
B. Subnet-based VPN
C. Domain-based VPN
D. Route-based VPN
E. All VPN types
Correct Answer: D
QUESTION 65
Which of the following is a consequence of using the fw ctl debug all option?
A. Option is not recommended because it fills the log buffer with likely irrelevant information.
B. Loads step-by-step firewall data to a user-defined log file.
C. Provides state information for all ports.
D. Writes limited amounts of data to the console.
E. No debug output will be collected since this is an invalid flag.
Correct Answer: A
QUESTION 66
Which of the following commands is used to read messages in the debug buffer?
A. fw ctl debug
B. fw ctl debug uf
C. fw ctl kdebug
Correct Answer: C QUESTION 67
Which of the following processes controls Secure Internal Communications, Policy installation, and shared-management capabilities between Check Point products and OPSEC-partner products?
A. cpd
B. fwd
C. fwsam
D. fw monitor
E. fwm
Correct Answer: A
QUESTION 68
The fw ctl debug command is used primarily to troubleshoot _____ problems.
A. Kernel
B. Logging
C. Secure Internal Communications (SIC)
D. Policy-load
E. OPSEC
Correct Answer: A
QUESTION 69
Where should you run the cpinfo command in a distributed environment?
A. Client behind the Security Gateway
B. SmartCenter Server and Security Gateways only
C. Security Gateway only
D. SmartConsole only
E. SmartCenter Server only
Correct Answer: B
QUESTION 70
If fwauth.NDB or fwauth.NDB# are corrupt, what will be the result?
A. You will not be able to push a policy.
B. SIC will fail.
C. You will not be able to authenticate to the SmartDashboard using the cpconfig created Administrator user.
D. You will not be able to find any users in the SmartDashboard.
Correct Answer: D
This volume is part of the Exam Certification Guide Series from Checkpoint 156-515.Checkpoint 156-515 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Checkpoint 156-515 Certification candidates identify weaknesses,concentrate their study efforts,and enhance their confidence as Checkpoint 156-515 exam day nears.