Now, Flydumps has published the new version of Checkpoint 156-915 exam dumps with newly added exam questions. Also, the latest Checkpoint 156-915 PDF and VCE dumps with the VCE test engine for free download, and the new Checkpoint 156-915 practice tests ensure your exam 100% pass. Visit https://www.pass4itsure.com/156-915.html to get more exam dumps!
QUESTION 43
Anna is working in a large hospital, together with three other Security Administrators. Which SmartConsole tool should she use to check changes to rules or object properties other administrators made?
A. SmartDashboard
B. SmartView Tracker
C. Eventia Tracker
D. Eventia Monitor
E. SmartView Monitor
Correct Answer: B
QUESTION 44
Doug wants to know who installed a Security Policy blocking all traffic from the corporate network. Which SmartView Tracker selection is best suited for this?
A. Records pane
B. Active tab
C. custom filter
D. log connections
E. Audit tab
Correct Answer: E
QUESTION 45
You have a production implementation of Management High Availability, at version VPN-1 NG with Application Intelligence R55. You must upgrade your two SmartCenter Servers to VPN-1 NGX. What is the correct procedure?
A. 1. Synchronize the two SmartCenter Servers.
2.
Upgrade the seconday SmartCenter Server
3.
Upgrade the primary SmartCenter Server
4.
Configure both SmartCenter Servers host objects version to VPN-1 NGX
5.
Synchronize the Servers again.
B. 1. Synchronize the two SmartCenter Servers
2.
Perform an advanced upgrade on the primary SmartCenter Server.
3.
Upgrade the secondary SmartCenter Server
4.
Configure both SmartCenter Server host objects to version VPN-1 NGX.
5.
Synchronize the Servers again.
C. 1. Perform an advanced upgrade on the primary SmartCenter Server.
2.
Configure the primary Perform SmartCenter Server host object to version VPN-1 NGX.
3.
Synchronize the primary with the secondary SmartCenter Server.
4.
Upgrade the secondary SmartCenter Server.
5.
Configure the secondary SmartCenter Server host object to version VPN-1 NGX.
6.
Synchronize the Serers again.
D. 1. Synchronize the two SmartCenter Servers.
2.
Perform an advanced upgrade on the primary SmartCenter Server.
3.
Configure the primary SmartCenter Server host object to version VPN-1 NGX.
4.
Synchronize the two Servers again.
5.
Upgrade the secondary SmartCenter Server.
6.
Configure the secondary SmartCenter Server host object to version VPN-1 NGX.
7.
Synchronize the Servers again.
Correct Answer: B QUESTION 46
Katie is the Security Administrator for an insurance company. Her manager gives Katie the following
requirements for controlling DNS traffic:
Required Result #1: Accept domain-name-over-TCP traffic (zone-transfer traffic).
Required Result #2: Log domain-name-over-TCP traffic (zone-transfer traffic).
Desired Result #1: Accept domain-name-over-UDP traffic (queries traffic).
Desired Result #2: Do not log domain-name-over-UDP traffic (queries traffic).
Desired Result #3: Do not clutter the Rule Base by creating explicit rules for traffic that can be controlled
using Global Properties.
Katie makes the following configuration changes, and installs the Security Policy:
1.She selects the box “Accept Domain Name over TCP (Zone Transfer)” in Global Properties.
2.She selects the box “Accept Domain Name over UDP (Queries)” in Global Properties.
3.She selects the box “Log Implied Rules” in Global Properties.
Does Katie’s solution meet the required and desired results?
A. The solution meets the required results, and one of the desired results
B. The solution meets all required results, and none of the desired results
C. The solution meets the required results, and two of the desired results
D. The solution meets all required and desired results.
E. The solution does not meet the required results.
Correct Answer: C QUESTION 47
You have bolcked an IP address via the Block Intruder feature of SmartView Tracker. How can you see the addresses you have blocked?
A. In SmartView Status click the Blocked Intruder tab.
B. Run fwm blocked_view
C. Run fw sam -va
D. Run fw tab -t sam_blocked_ips.
E. In SmartView Tracker, click the Active tab, and the actively blocked connections display.
Correct Answer: D QUESTION 48
What is the command to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 SmartCenter Server to VPN-1 NGX using a CD?
A. cd patch add
B. fwm upgrade_tool
C. cppkg add
D. patch add
E. patch add cd
Correct Answer: E
QUESTION 49
How does ClusterXL Unicast mode handle new traffic?
A. The pivot machine receives and inspects all new packets, and synchronizes the connections with other members.
B. Only the pivot machine receives all packets. It runs an algorithm to determine which member should process the packets.
C. All members receive all packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.
D. All cluster members process all packets, and members synchronize with each other.
Correct Answer: B
QUESTION 50
Your current stand-alone VPN-1 NG with Application Intelligence (AI) R55 installation is running on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the VPN-1 Pro Gateway. An additional machine will serve as the SmartCenter Server. The new machine runs on a Windows Server 2003. You need to upgrade the NG with AI R55 SmartCenter Server configuration to VPN-1 NGX.
How do you upgrade to VPN-1 NGX?
A. Insert the NGX CD in the existing NG with AI R55 SecurePlatform machine, and answer yes to backup the configuration. Copy the backup file to the Windows Server 2003. Continue the upgrade process. Reboot after upgrade is finished. After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the sysconfig process. Reboot again. Use the NGX CD to install the primary SmartCerter on the Windows Server 2003. Import the backup file.
B. Run the backup command in the existing SecurePlatform machine, to create a backup file. Copy the file to the Windows Server 2003. Uninstall all Check Point products on SecurePlatform by running rpm -e CPsuite-R55 command. Reboot. Install new VPN-1 NGX on the existing SecurePlatform machine. Run sysconfig, select VPN-1 Pro Gateway, and reboot. Use VPN-1 NGX CD to install primary SmartCenter Server on the Windows Server 2003. Import the backup file.
C. Copy the $FWDIR\conf and $FWDIR\lib files from the existing SecurePlatform machine. Create a tar.gz file, and copy it to the Windows Server 2003. Use VPN-1 NGX CD on the existing SecurePlatform machine to do a new installation. Reboot. Run sysconfig and select VPN-1 Pro Gateway. Reboot. Use the NGX CD to install the primary SmartCenter Server on the Windows Server 2003. On the Windows Server 2003, run upgrade_import command to import $FWDIR\conf and $FWDIR\lib from the SecurePlatform machine.
D. Run backup command on the existing SecurePlatform machine to create a backup file. Copy the file to the Windows Server 2003. Uninstall the primary SmartCenter Server package from NG with AI R55 SecurePlatform using sysconfig. Reboot. Install the NGX primary SmartCenter Server and import the backup file. Open the NGX SmartUpdate, and select ???upgrade all packages??? on the NG with AI R55 Security Gateway.
Correct Answer: A
QUESTION 51
Herman is attempting to configure a site-to-site VPN with one of his firm’s business partners. Herman thinks Phase 2 negotiations are failing. Which SmartConsole application should Herman use to confirm his suspicions?
A. SmartUpdate
B. SmartView Tracker
C. SmartView Monitor
D. SmartDashboard
E. SmartView Status
Correct Answer: B
QUESTION 52
Your company has two headquarters, one in London, one in NewYork.
Each headquarters includes several branch offices. The branch offices ONLY need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. Which configuration meets the criteria? VPN Communities comprised of:
A. three mesh Communities: one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
B. three star Communities: first between New York headquarters and its branches, the second between London headquarters and its branches, the third between New York and London headquarters.
C. two mesh and one star Community; each mesh Community is set up for each site, with mesh Communities between their branches. The star Community has New York as the headquarters and London as its satellite.
D. two mesh Communities for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York is the satellite.
Correct Answer: B
QUESTION 53
Which of these changes to a Security Policy optimizes Security Gateway performance?
A. Using domain objects in rules when possible
B. Using groups within groups in the manual NAT Rule Base
C. Putting the least-used rule at the top of the Rule Base.
D. Logging rules as much as possible.
E. Removing old or unused Security Policies from Policy Packaes.
Correct Answer: E
QUESTION 54
Stephanie wants to reduce the encryption overhead and improve performance for her mesh VPN Community. The Advanced VPN Properties screen below displays adjusted page settings: What can Stephanie do to achieve her goal?
A. Check the box “Use Perfect Forward Secrecy”.
B. Change the setting “Use Diffie-Hellman group” to “Group 5 (1536 bit)”.
C. Check the box “Use aggressive mode”.
D. Check the box “Support IP compression”.
E. Reduce the setting “Renegotiate IKE security associations every” to “720”.
Correct Answer: D
QUESTION 55
If you check the box “Use Aggressive Mode”, in the IKE Properties dialog box:
A. The standard three-packet IKE Phase 1 exchange is replaced by a six-packet exchange.
B. The standard six-packet IKE Phase 2 exchange is replaced by a three-packet exchange.
C. The standard three-packet IKE Phase 2 exchange is replaced by a six-packet exchange.
D. The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange.
E. The standard six-packet IKE Phase 1 exchange is replaced by a twelve-packet exchange.
Correct Answer: D QUESTION 56
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule
Correct Answer: A
QUESTION 57
When you use the Global Properties’ default settings, which type of traffic will be dropped, if no explicit rule allows the traffic?
A. Firewall logging and ICA key-exchange information.
B. Outgoing traffic origination from the Security Gateway.
C. RIP traffic
D. SmartUpdate connection
E. IKE and RDP traffic
Correct Answer: C
QUESTION 58
Andrea has created a new gateway object that she will be managing at a remote location. She attempts to install the Security Policy to the new gateway object, but the object does not appear in the “install on” box. Which of the following is the most likely cause?
A. Andrea has created the object using “New Check Point > VPN-1 Edge Embedded Gateway”.
B. Andrea created the gateway object using the “New Check Point > Externally Managed VPN Gateway” option from the Network Objects dialog box.
C. Andrea has not configured anti-spoofing on the interfaces on the gateway object.
D. Andrea has not configured Secure Internal Communications (SIC) for the object.
E. Andrea created the Object using “New Check Point > VPN-1 Pro/Express Security Gateway” option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
Correct Answer: B
QUESTION 59
IIse manages a distributed NGX installation for a large bank. IIse needs to know which Security Gateways have licenses that will expire within the next 30 days. Which SmartConsole application should IIse use to gather this information?
A. SmartView Monitor
B. SmartUpdate
C. SmartDashboard
D. SmartView Tracker
E. SmartView Status
Correct Answer: B
QUESTION 60
How do you configure an NGX Security Gateway’s kernel memory settins, without manually modifying the configuration files in $FWDIR\lib? By configuring:
A. the settings on the gateway object’s Capacity Optimization screen.
B. the settings on the Global Properties Capacity Optimization screen.
C. the settings on the Gateway object’s Advanced screen.
D. the settings on the SmartCenter Server object’s Advanced screen.
E. SmartDefense Kernel Defender options
Correct Answer: A
QUESTION 61
A cluster contains two members, with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster’s IP address is 172.28.108.3, and the internal cluster’s IP address is 10.4.8.3. The synchronization interfaces are 192.168.1.1 and 192.168.1.2. The Security Administrator discovers State Sychronization is not working properly.cphaprob -a if command output displays as follows: What is causing the State Synchronization problem?
A. Another cluster is using 192.168.1.3 as one of the unprotected interfaces.
B. Interfaces 192.168.1.1 and 192.168.1.2 have defined 192.168.1.3 as a sub-interface.
C. The synchronization interface on the cluster member object’s Topology tab is enabled with “Cluster Interface”. Disable this interface.
D. The synchronization network has a cluster, with IP address 192.168.1.3 defined in the gateway-cluster object. Remove the 192.168.1.3 VIP interface from the cluster topology.
Correct Answer: D
QUESTION 62
David is a consultant for a software-deployment company. David is working at a customer’s site this week. David’s task is to create a map of the customer’s VPN tunnels, including down and destroyed tunnels. Which SmartConsole application will provide David with the information needed to create this map?
A. SmartUpdate
B. SmartView Monitor
C. SmartLSM
D. SmartView Tracker
E. SmartView Status
Correct Answer: B
QUESTION 63
What is the behavior of ClusterXL in a High Availability environment?
A. Both members respond to the virtual IP address, and both members pass traffic when using their physical addresses.
B. Both members respond to the virtual IP address, but only the active member is able to pass traffic.
C. The active member responds to the virtual IP address, and both memers pass traffic when using their physical addresses.
D. The active member responds to the virtual IP address, and is the only member that passes traffic
E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses.
Correct Answer: D
QUESTION 64
Mary is the IT auditor for a bank. One of her responsibilities is reviewing the Security Administrator activity and comparing it to the change log. Which application should mary use to view Security Administrator activity?
A. NGX cannot display Security Administrator activity.
B. SmartView Tracker in Real-Time Mode.
C. SmartView Tracker in Audit Mode.
D. SmartView Tracker in Log Mode
E. SmartView Tracker in Active Mode
Correct Answer: C
QUESTION 65
How can you completely tear down a specific VPN tunnel in an intranet IKE VPN deployment?
A. Run the command vpn tu on the Security Gateway, and choose the option “Detele all IPsec+IKE SAs for ALL peers and users”.
B. Run the command vpn tu on the SmartCenter Server, and choose the option “Detele all IPsec+IKE SAs for ALL peers and users”.
C. Run the command vpn tu on the Security Gateway, and choose the option “Detele all IPsec+IKE SAs for a given peer (GW)
D. Run the command vpn tu on the Security Gateway, and choose the option “Detele all IPsec SAs for a given user (Client)”.
E. Run the command vpn tu on the Security Gateway, and choose the option “Detele all IPsec SAs for ALL peers and users”.
Correct Answer: C
QUESTION 66
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?
A. ICMP Port Unreachable
B. TCP keep alive
C. IKE Key Exchange
D. ICMP Destination Unreachable
E. UDP keep alive
Correct Answer: E
QUESTION 67
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results:
Required Result#1: Do not purchase new hardware.
Required Result#2: Use configuration changes that do not reduce security.
Desired Result#1: Reduce the number of explicit rules in the Rule Base.
Desired Result#2: Reduce the volume of logs.
Desired Result#3: Improve the Gateway’s performance.
Proposed Solution:
Mary recommends the following changes to the Gateway’s configuration: Replace all domain objects with
network and group objects.
Check “Log implied rules” and “Accept ICMP requests” in Global Properties.
Use Global Properties, instead of explicit rules, to control ICMP, VRRR, and RIP.
Does Mary’s proposed solution meet the required and desired results?
A. The solution meets all required and desired results.
B. The solution meets all required results, and one of the desired results.
C. The solution meets all required results, and two of the desired results.
D. The solution meets all required results, and none of the desired results.
E. The solution does not meet the required results.
Correct Answer: B QUESTION 68
You create implicit and explicit rules for the following network. The group object “internal-networks” includes networks 10.10.10.0 and 10.10.20.0. Assume “Accept ICMP requests” is enabled as before last in the Global Properties.
Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet, by IP address? ICMP will be:
A. dropped by rule 0
B. dropped by rule 2, the Cleanup Rule.
C. accepted by rule 1.
D. dropped by the last implicit rule.
E. accepted by the implicit rule
Correct Answer: C QUESTION 69
What is a requirement for setting up Management High Avaibility?
A. All SmartCenter Servers must reside in the same Local Area Network (LAN).
B. All SmartCenter Servers must have the same amount of memory.
C. You can only have one Secondary SmartCenter Server.
D. All SmartCenter Servers must have the BIOS release.
E. All SmartCenter Servers must have the same operating system.
Correct Answer: E QUESTION 70
Your is a Security Administrator preparing to implement a VPN solution for his multisite organization. To comply with industry regulations, Your’s VPN solution must meet the following requirements:
Portability: Standard Key management: Automatic, external PKI Session Keys: Changed at configured times during a connection’s lifetime Key length: No less than 128-bit Data integrity: Secure against inversion and brute-force attacks
What is the most appropriate setting You should choose?
A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
E. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash
Correct Answer: D QUESTION 71
CCNA Checkpoint 156-915 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Checkpoint 156-915.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CCNA Checkpoint 156-915 to the text and laying out a complete study plan for review.CCNA Checkpoint 156-915 also includes a wealth of hands-on practice exercises and a copy of the CCNA Checkpoint 156-915 network simulation software that allows you to practice your CCNA Checkpoint 156-915 hands-on skills in a virtual lab environment.The CCNA Checkpoint 156-915 supporting website keeps you fully informed of any exam changes