New VCE and PDF – You can prepare Checkpoint 156-515 exam in an easy way with Checkpoint 156-515 questions and answers.By training our Checkpoint 156-515 vce dumps with all the latest questions, you can pass the exam in the first attempt
QUESTION 51
How do you disable all fw debug logging?
A. fw ctl debug
B. fw ctl debug uf
C. fw ctl debug
Correct Answer: C QUESTION 52
Joey downloads the following Desktop Security Policy to his laptop, and successfully logs in to the Policy Server. Joey then disconnects from the VPN-1 Policy Server. What happens to Joey’s laptop?
A. A default Desktop Security Policy is loaded on Joey’s laptop, which opens up inbound and outbound connections.
B. There is no default Desktop Security Policy, unless the client connects to the Security Gateway.
C. A default Desktop Security Policy is loaded on Joey’s laptop, which allows Joey to connect to the Internet. Joey cannot receive any inbound traffic.
D. A default Desktop Security Policy is loaded on Joey’s laptop, which allows Joey to connect to anywhere, except the Policy Server site’s VPN Domain.
E. A default Desktop Security Policy is loaded on Joey’s laptop, which allows everyone from the Internet access to Joey’s machine. Joey cannot connect to the Internet.
Correct Answer: C
QUESTION 53
Gill Bates is in charge of a large enterprise, which requires VPN connections between offices around the world. To achieve this Gill decides to use a dynamic routing protocol to make sure all offices are connected through the VPN community using tunnel interfaces among all peers.
Nothing is configured in vpn_route.conf. However, Gill is experiencing connectivity problems and when examining the logs he discovers multiple “out of state” drops. What is the most likely cause of and solution to this problem?
A. Asymmetric routing will happen if nothing has been configured in vpn_route.conf. The vpn_route.conf should be configured to prevent asymmetric routing
B. The firewall security policy drops the traffic. Gill should introduce a Directional VPN rule to allow the VPN traffic
C. The dynamic routing protocol introduces asymmetric routing in Gill’s VPN community. Gill should use wire mode on the VPN tunnel interfaces
D. In this configuration, NAT is necessary for traffic to be routed correctly. IP pool NAT should be configured on each gateway
Correct Answer: C QUESTION 54
When setting up a High Availability solution using ClusterXL, on which network objects do you define VPN properties?
A. On the synchronization interface
B. On the Management Server
C. On each Security Gateway in the Gateway Cluster
D. On the networks
E. On the Gateway Cluster
Correct Answer: E
QUESTION 55
The following is part of a fw ctl pstat output. How much kernel memory is assigned to this system?
A. 6 MB
B. 20 MB
C. 5 MB
D. 12 MB
E. 37 MB
Correct Answer: B
QUESTION 56
Which of the following processes is responsible for Policy related functions and communication between a SmartConsole and SmartCenter Server?
A. cpd
B. fw monitor
C. fwd
D. fw sam
E. fwm
Correct Answer: E
QUESTION 57
After a sudden spike in traffic, you receive this system log file message: “kernel: FW-1: Log buffer is full”. Which is NOT a solution?
A. Increase the log buffer size.
B. Disable logging.
C. Reconfigure the minimum disk space “stop logging” threshold.
D. Decrease the amount of logging.
Correct Answer: C
QUESTION 58
You use fwm to input the following command: fwm lock_admin a. What does this command do?
A. Uninstalls all Administrators, except the default Administrator
B. Locks all Administrator accounts
C. Unlocks all Administrator accounts
D. Sets the access level of Administrators to “all-access”
Correct Answer: C
QUESTION 59
What can you do in the advanced mode of GuiDbEdit Query that you cannot do in the simple mode?
A. Run a CPMI Query.
B. Log when modifications are made.
C. Query by object name.
D. Query by table name.
Correct Answer: A
QUESTION 60
Each module within the NGX kernel contains specific debugging flags.
Which of the statements is true concerning kernel-debug flags?
A. Debugging flags are universal across all modules.
B. Debug flags cannot be disabled.
C. Debugging flags can be configured to produce varying levels of information.
D. Debug flags require an administrator to set them.
E. Each flag is generic and cannot be modified to produce varying levels of information.
Correct Answer: C
QUESTION 61
Which of the following explanations best describes the active log file $FWDIR/log/xx.logptr?
A. Additional temporary pointer file
B. Real log records
C. Pointers to the beginning of each log record
D. Pointers to the beginning of each log chain
E. Pointers to the beginning of each accounting record
Correct Answer: C
QUESTION 62
If you save the fw monitor output with option, how do you view the output file afterwards?
A. SmartView Tracker
B. The output file is ASCII, so you can use your preferred ASCII editor.
C. SmartView Monitor
D. Ethereal
E. WINWORD.EXE or OpenOffice
Correct Answer: D
QUESTION 63
You create a FTP resource and select the Get check box. Which of the following actions are denied to users, on net-detroit, when using FTP to an external host when the rule action is “accept” and no other permissive ftp rule exists lower in the rule base?
A. mget
B. change
C. put
D. directory
E. list
Correct Answer: C
QUESTION 64
Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?
A. Host-based VPN
B. Subnet-based VPN
C. Domain-based VPN
D. Route-based VPN
E. All VPN types
Correct Answer: D
QUESTION 65
Which of the following is a consequence of using the fw ctl debug all option?
A. Option is not recommended because it fills the log buffer with likely irrelevant information.
B. Loads step-by-step firewall data to a user-defined log file.
C. Provides state information for all ports.
D. Writes limited amounts of data to the console.
E. No debug output will be collected since this is an invalid flag.
Correct Answer: A
QUESTION 66
Which of the following commands is used to read messages in the debug buffer?
A. fw ctl debug
B. fw ctl debug uf
C. fw ctl kdebug
Correct Answer: C QUESTION 67
Which of the following processes controls Secure Internal Communications, Policy installation, and shared-management capabilities between Check Point products and OPSEC-partner products?
A. cpd
B. fwd
C. fwsam
D. fw monitor
E. fwm
Correct Answer: A
QUESTION 68
The fw ctl debug command is used primarily to troubleshoot _____ problems.
A. Kernel
B. Logging
C. Secure Internal Communications (SIC)
D. Policy-load
E. OPSEC
Correct Answer: A
QUESTION 69
Where should you run the cpinfo command in a distributed environment?
A. Client behind the Security Gateway
B. SmartCenter Server and Security Gateways only
C. Security Gateway only
D. SmartConsole only
E. SmartCenter Server only
Correct Answer: B
QUESTION 70
If fwauth.NDB or fwauth.NDB# are corrupt, what will be the result?
A. You will not be able to push a policy.
B. SIC will fail.
C. You will not be able to authenticate to the SmartDashboard using the cpconfig created Administrator user.
D. You will not be able to find any users in the SmartDashboard.
Correct Answer: D
Worried about Checkpoint 156-515 pass results? Adopt most reliable way of exam preparation that is Cisco 300-207 Questions & Answers with explanations to get reliable Checkpoint 156-515 pass result.Flydumps definitely guarantees it!