100% Valid And Pass With latest CheckPoint 156-915 exam dumps, you will never fail your CheckPoint 156-915 exam. All the questions and answers are updated and added to the new version timely by our experts.Also now CheckPoint 156-915 is offering free CheckPoint 156-915 exam VCE player and PDF files for free on their website.
QUESTION 72
Your standby SmartCenter Server’s status is collision. What does that mean, and how do you synchronize the Server and its peer?
A. The standby and active Servers have two Internal Certificate Authority (ICA) Certificates. Uninstall and reinstall the standby Server.
B. The peer Server detected a keep-alive packet from the standby Server.
C. The peer Server has not been properly synchronized. Manually synchronize both Servers again.
D. The peer Server is more up-to-date. Manually synchronize both Servers again.
E. The active SmartCenter Server and its peer have different Security Policies and databases. Manually synchronize the Servers, and decide which Server’s configuration to overwrite.
Correct Answer: E
QUESTION 73
After you add new interfaces to this cluster, how can you check if the new interfaces and associated virtual IP address are recognized by ClusterXL?
A. By running the cphaprob state command on both members.
B. By running the cphaprob -a if command on both members.
C. By running the cphaprob -r list command on both members
D. By running the fw ctl iflist command on both members
E. By running the cpconfig command on both members
Correct Answer: B
QUESTION 74
You want to create an IKE VPN between two VPN-1 NGX Security Gateway, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer’s Gateway.
Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel?
A. Manual NAT
B. Static NAT
C. Hide NAT
D. None
E. Hide NAT
Correct Answer: D
QUESTION 75
Shauna is troubleshooting a Security Gateway that is dropping all traffic whenever the most recent Security Policy is installed. Working at the Security Gateway. Shauna needs to uninstall the Policy, but keep the processes running so she can see if there is an issue with the Gateway’s firewall tables. Which of the following commands will do this?
A. fw dbload 10.1.1.5
B. fw unload 10.1.1.5
C. cprestart
D. fw tab -x -u
E. cpstop
Correct Answer: B
QUESTION 76
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configuration: Are these machines correctly configured for a ClusterXL deployment?
A. Yes, these machines are configured correctly for a ClusterXL deployment.
B. No, QuadCards are not suppoted with ClusterXL.
C. No, all machines in a cluster must be running on the same OS.
D. No, a cluster must have an even number of machines.
Correct Answer: C
QUESTION 77
You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40, and the Default Rue with a weight of 10. If the only traffic passing through your QoS Module is HTTP traffic, which percent of bandwidth will be allocated to the HTTP traffic?
A. 10%
B. 100%
C. 40%
D. 80%
E. 50%
Correct Answer: B
QUESTION 78
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
QUESTION 79
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?
A. Internal Gateway VPN Domain = internal_net; External VPN Domain = external net + external gateway object + internal_net
B. Internal Gateway VPN Domain = internal_net; External Gateway VPN Domain = external_net + internal gateway object
C. Internal Gateway VPN Domain = internal_net; External Gateway VPN Domain = internal_net + external_net
D. Internal Gateway VPN Domain = internal_net; External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net
Correct Answer: D
QUESTION 80
Regarding QoS guarantees and limits, which of the following statements is FALSE?
A. The guarantee of a sub-rule cannot be greater than the guarantee defined for the rule above it.
B. If a guarantee is defined in a sub-rule, a gurarantee must be defined for the rule above it.
C. A rule guarantee must not be less than the sum defiined in the guarantees’ sub-rules.
D. If both a rule and per-connection limit are defined for a rule, the per-connection limit must not be greater than the rule limit.
E. If both a limit and guarantee per rule are defined in a QoS rule, the limit must be smaller than the guarantee.
Correct Answer: E
QUESTION 81
You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade?
A. Only VPN-1 Pro Security Gateway
B. Both the operating system (OS) and all Check Point products
C. All products, except the Policy Server
D. Only the patch utility is upgraded using this command
E. Only the OS
Correct Answer: B
QUESTION 82
Jane needs to back up the routing, interface, and DNS configuration information from her NGX SecurePlatform Pro Security Gateway. Which backup-and-restore solution do you recommend for Jane?
A. Database Revision Control
B. Manual copies of the $FWDIR/ conf directory
C. upgrade_export and upgrade_import commands
D. SecurePlatform backup utilities
E. Policy Package management
Correct Answer: D
QUESTION 83
Eric wants to see all URLs? full destination paths in the SmartView Tracker logs, not just the fully qualified domain name of the Web servers. For example, the information field of a log entry displays the URL http://hp.msn.com/css/home/hpc11012.css. How can Eric best customize SmartView Tracker to see the logs he wants? Configure the URI resource, and select
A. “transparent” as the connection method
B. “tunneling” as the connection method
C. “optimize URL logging”; use the URI resource in the rule, with action “accept”
D. “Enforce URI capability”; use the UPI resource in the rule, with action “accept”
Correct Answer: C
QUESTION 84
Which of the following commands shows full synchronization status?
A. cphaprob -i list
B. cphastop
C. fw ctl pstat
D. cphaprob -a if
E. fw hastat
Correct Answer: A
QUESTION 85
You have locked yourself out of SmartDashboard with the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartDashboard. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server.
B. Run fw unlocklocal on the SmartCenter Server.
C. Run fw unloadlocal on the Security Gateway.
D. Delete the $ fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway.
Correct Answer: C
QUESTION 86
How can you reset the password of the Security Administrator, which was created during initial installation of the SmartCenter Server on SecurePlatform?
A. Launch cpconfig and select “Administrators”.
B. Launch SmartDashboard, click the admin user account, and overwrite the existing Check Point Password.
C. Type cpm -a, and provide the existing administration account name. Reset the Security Administrator’s password.
D. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the “Password” portion of the file. Then log in to the account without password. You will be prompted to assign a new password.
E. Launch cpconfig and delete the Administrator’s account. Recreate the account with the same name.
Correct Answer: E
QUESTION 87
How does ClusterXL Unicast mode handle new traffic?
A. The pivot machine receives and inspects all new packets,and synchronizes the connections with other members.
B. Only the pivot machine receives all packets. It runs an algorithm to determine which member should process the packets.
C. All members receive all packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.
D. All cluster members process all packets, and members synchronize with each other.
Correct Answer: B
QUESTION 88
By default, when you click file > Switch Active File from SmartView Tracker, the SmartCenter Server.
A. Opens a new window with a previously saved log file.
B. Purges the current log file, and starts a new log file.
C. Purges the current log, and prompts you for the new log’s mode.
D. Saves the current log file, names the log file by date and time, and starts a new log file.
E. Prompts you to enter a filename, then saves the log file.
Correct Answer: D
QUESTION 89
Alex is the Security Administrator for a large, geographically distributed network. The internet connection at one of his remote sites failed during the weekend, and the Security Gateway logged locally for over 48 hours. Alex is concerned that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application should Alex use, to view the percent of free hard-disk space on the remote Security Gateway?
A. SmartView Status
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartLSM
Correct Answer: D
QUESTION 90
Which mechanism is used to export Check Point logs to third party applications?
A. OPSE
B. CPLogManager
C. LEA
D. SmartView Tracker
E. ELA
Correct Answer: C
QUESTION 91
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
QUESTION 92
You want upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VPN-1 and FireWall-1
C. SecurePlatform NGX R60
D. SVN Foundation
E. VPN-1 Pro/Express NGX R60
Correct Answer: C
QUESTION 93
Choose the BEST sequence for configuring user management on SmartDashboard, for use with and LDAP server.
A. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit.
B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
C. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application.
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
E. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
Correct Answer: A
QUESTION 94
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit: After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:
A. FTP session is dropped by the implicit Cleanup Rule.
B. user is prompted from that FTP site only, and does not need to enter username and password for Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.
Correct Answer: B QUESTION 95
You are preparing to configure your VoIP Domain Gatekeeper object.
Which two other objects should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed
Correct Answer: C
QUESTION 96
Select the correct statement about Secure Internal Communications (SIC) Certificates? SIC Certificates:
A. for the SmartCenter Server are created during the SmartCenter Server configuration.
B. decrease network security by securing administrative communication among the SmartCenter Servers and the Security Gateway.
C. for NGX Security Gateways are created during the SmartCenter Server installation.
D. uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.
Correct Answer: D
QUESTION 97
What is the command to see the licenses of the Security Gateway FWDALLAS from you SmartCenter Server?
A. cprlic print FWDALLAS
B. fw licprint FWDALLAS
C. fw tab -t fwlic FWDALLAS
D. cplic print FWDALLAS
E. fw lic print FWDALLAS
Correct Answer: A
QUESTION 98
Which of the following commands is used to restore NGX configuration information?
A. cpconfig
B. cpinfo -i
C. restore
D. fwm dbimport
E. upgrade_import
Correct Answer: E
QUESTION 99
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Intermal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security Gateway from SmartDashboard.
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication SmartDashboard and retype the activation key. Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).
C. From the SmartCenter Server’s command line type fw putkey ???§?Cp <shared key> <IP Address of SmartCenter Server>.
D. From the SmartCenter Server’s command line type fw putkey ???§?Cp <shared key> <IP Address of Security Gateway>.
E. Re-install the Security Gateway.
Correct Answer: B
QUESTION 100
You are preparing computers for a new ClusterXL deployment. For you cluster, you plan to use three machines with the following configurations: Are these machines correctly configured for a ClusterXL deployment?
A. Yes, these machines are configured correctly for a ClusterXL deployment.
B. No, QuadCards are not supported with ClusterXL.
C. No, all machines in a cluster must be running on the same OS.
D. No, a cluster must have an even numbers of machines.
E. No, ClusterXL is not supported on Red Hat Linux.
Correct Answer: C
All our Cisco products are up to date! When you buy any CheckPoint 156-915 product from Certpaper, as “CheckPoint 156-915 Questions & Answers with explanations”,you are automatically offered the CheckPoint 156-915 updates for a total of 90 days from the day you bought it.If you want to renew your CheckPoint 156-915 purchase during the period of these 90 days,your CheckPoint 156-915 product is renewed and you are further enabled to enjoy the free Cisco updates.