Welcome to download the newest Flydumps 642-832 VCE dumps: http://www.flydumps.com/642-832.html
FLYDUMPS Checkpoint 156-915 is to start from the basics, then gradually deepening the focus on the content of the curriculum, which generally takes a lot of study time. You are probably also hesitant; after all, to participate in the Checkpoint 156-915 exam, it takes a lot of time and money. However, once choose FLYDUMPS Checkpoint 156-915 exam sample questions, you can save both time and money in your Checkpoint 156-915 exam. FLYDUMPS provide a convenient way to learn. FLYDUMPS Checkpoint 156-915 exam sample questions can help you quickly through Checkpoint 156-915 exam. By way of simulation questions, FLYDUMPS Checkpoint 156-915 exam sample questions help you understand all test points, and includes multiple-choice questions and experimental operation part of the Checkpoint 156-915 exam.
QUESTION 101
Your company has two headquarters, one in London, one in New York.
Each headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:
A. Two star and one mesh Community, each star Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters.
B. three mesh Communities:one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
C. two mesh Communities, one for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York is the satellite.
D. two mesh Communities, one for each headquarters and their branch offices; and one star Community, where New York is the center of the Community and London is the satellite.
Correct Answer: A
QUESTION 102
Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen.
What is the problem?
A. Steve must enable directional_match (true) in the objects_5_0.c file on SmartCenter Server.
B. Steve must enable Advanced Routing on each Security Gateway.
C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Steve must enable a dynamic-routing protocol, such as OSPF, on the Gateways.
E. Steve must enable VPN Directional Match on the gateway object’s VPN tab.
Correct Answer: C
QUESTION 103
You configure a Check Point Qos Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection allowed in the Action properties. If traffic passing through the Qos Module matches both rules,which of the following statements is true?
A. Neither rule will be allocated more than 10% of available bandwidth.
B. The H.323 rule will consume no more that 2048 Kbps of available bandwidth.
C. 50% of available bandwidth will be allocated to the H.323 rule.
D. 50% of available bandwidth will be allocated to the Default Rule.
E. Each H.323 connection will receive at least 512 Kbps of bandwidth.
Correct Answer: B
QUESTION 104
Jordan’s company is streaming training videos provided by a third party on the Internet. Jordan configures NGX so that each department ONLY views Webcasts specific to its department. Jordan created and configured the multicast groups for all interfaces, and configures them to “Drop all multicast except those whose destination is in the list”. However, no multicast transmissions are coming from the Internet. What is a possible cause for the connection problem?
A. The Multicast Rule is below the Stealth Rule. NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
B. Jordan did not create the necessary “to and through” Rules, defining how NGX will handle the multicast traffic.
C. Multicast groups are configured improperly on the external interface properties of the Security Gateway object.
D. Anti-spoofing is enabled. NGX cannot pass multicast traffic, if anti-spoofing is enabled.
E. NGX does not support multicast routing protocols and streaming media through the Security Gateway.
Correct Answer: B QUESTION 105
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results:
Required Result #1: Do not purchase new hardware.
Required Result #2: Use configuration changes that do not reduce security.
Desired Result #1: Reduce the number of explicit rules in the Rule Base.
Desired Result #2: Reduce the volume of logs.
Desired Result #3: Improve the Gateway’s performance.
Proposed Solution:
Mary recommends the following changes to the Gateway’s configuration: Replace all domain objects with
network and group objects.
Stop logging Domain Name over UDP (queries).
Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP.
Does Mary’s proposed solution meet the required and desired results?
A. The solution meets the required results, and two of the desired results.
B. The solution does not meet the required results.
C. The solution meets all required results, and none of the desired results.
D. The solution meets all required and desired results.
E. The solution meets the required results, and one of the desired results.
Correct Answer: D QUESTION 106
Carol is the Security Administrator for a chain of grocery stores. Each grocery store is protected by a Security Gateway. Carol is generating a report for the information-technology audit department. The report must include the name of the Security Policy installed on each remote Security Gateway, the data and time the Security Policy was installed, and general performance statistics (CPU Use, average CPU time, active real memeory, ect.).
Which SmartConsole application should Carol use to gather this information?
A. SmartUpdate
B. SmartView Status
C. SmartView Tracker
D. SmartLSM
E. SmartView Monitor
Correct Answer: E QUESTION 107
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway
Correct Answer: E QUESTION 108
Which operating system is not supported by VPN-1 SecureClient?
A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 7.0
E. MacOS X
Correct Answer: A QUESTION 109
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter
Correct Answer: B QUESTION 110
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queue using Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair queuing
E. guaranteed per VOIP rule
Correct Answer: A QUESTION 111
You set up a mesh VPN Community, so your internal networks can access your partner’s network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All other traffic among your internal and partner networks is sent in clear text.
How do you configure the VPN Community?
A. Disable “accept all encrypted traffic”, and put FTP and http in the Excluded services in the Community object. Add a rule in the Security Policy for services FTP and http, with the Community object in the
VPN field.
B. Disable “accept all encrypted traffic” in the Community, and add FTP and http services to the Security Policy, with that Community object in the VPN field.
C. Enable “accept all encrypted traffic”, but put FTP and http in the Excluded services in the Community. Add a rule in the Security Policy, with services FTP and http, and the Community object in the VPN field.
D. Put FTP and http in the Excluded services in the Community object. Then add a rule in the Security Policy to allow Any as the service, with the Community object in the VPN field.
Correct Answer: B
QUESTION 112
You are trying to enter a new user, group, or organizational unit on an LDAP server, and you encounter the error “violates schema”. To provide the BEST long-term security, you should:
A. Import the schema, and enable schema checking.
B. Turn off schema checking, and restart the LDAP server.
C. Turn off schema checking, and restart the SmartCenter Server.
D. Restart the server
E. Recover the corrupt database.
Correct Answer: A
QUESTION 113
You users defined in a Windows 2000 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in NGX?
A. All Users
B. A group with generic* user
C. External-user group
D. LDAP account-unit group
E. LDAP group
Correct Answer: E
QUESTION 114
John is the Security Administrator for a public hospital. New health-care legislation requires logging for all traffic accepted through the perimeter Security Gateway. What must John do, to ensure implied rules meet the new requirement?
A. Use the “Implicit Rules” predefined query in SmartView Tracker.
B. Install the “View Implicit Rules” package using SmartUpdate.
C. Check the “Log Implied Rules Globally” box on the NGX Gateway object.
D. Set the position of all implicit rules to “Before Last”.
E. Check the “Log Implied Rules” box in Global Properties
Correct Answer: E
QUESTION 115
Which command allows you to view the contents of an NGX table?
A. fw tab -s <tablename>
B. fw tab -t <tablename>
C. fw tab -u <tablename>
D. fw tab -a <tablename>
E. fw tab -x <tablename>
Correct Answer: B
QUESTION 116
You have two Nokia Appliances: one IP530 and one IP380. Both Appliances have IPSO 3.9 and VPN-1 Pro NGX installed in a distributed deployment. Can they be members of a gateway cluster?
A. No, because the Gateway versions must not be the same on both security gateways.
B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version.
C. No, because members of a security gateway cluster must be installed as stand-alone deployments.
D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version or not.
E. No, because the appliances must be of the same model (Both should be IP530 or IP380.)
Correct Answer: B
QUESTION 117
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?
A. No QOS rule exists to match the rejected traffic.
B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections.
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.
E. The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself.
Correct Answer: B
QUESTION 118
Sonny is the Security Administrator for a company with a large call center.
The management team in the center is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center’s network is protected by an internal Security Gateway. which is configured to drop peer-to-peer file-sharing traffic. Which application should Sonny use, to determine the number of packets dropped by each Gateway?
A. SmartDashboard
B. SmartView Monitor
C. SmartUpdate
D. SmartView Tracker
E. SmartView Status
Correct Answer: B
QUESTION 119
In NGX, what happens if a Distinguished Name (DN) is NOT found in LDAP?
A. NGX takes the common-name value from the Certificate subject, and searches the LDAP account unit for a matching user id.
B. NGX searches the internal database for the username.
C. The Security Gateway uses the subject of the Certificate as the DN for the initial lookup.
D. If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute.
E. When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the external LDAP user database.
Correct Answer: B
QUESTION 120
Which of the following is the final step in an NGX backup?
A. Test restoration in a non-production environment, using the upgrade_import command.
B. Move the *.tgz file to another location.
C. Run the upgrade_export command.
D. Copy the conf directory to another location.
E. Run the cpstop command
Correct Answer: A
QUESTION 121
Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?
A. Guarantees
B. Differentiated Services
C. Limits
D. Weighted Fair Queueing
E. Low Latency Queueing
Correct Answer: D
QUESTION 122
Which of the following actions is most likely to improve the performance of Check Point QoS?
A. Turn “per rule guarantees” into “per connection guarantees”.
B. Install Check Point QoS only on the external interfaces of the QoS Module.
C. Put the most frequently used rules at the bottom of the QoS Rule Base.
D. Turn “per rule limits” into “per connection limits”.
E. Define weights in the Default Rule in multiples of 10.
Correct Answer: B
QUESTION 123
Your organization has many VPN-1 Edge gateways at various branch offices, to allow VPN-1 SecureClient users to access company resources. For security reasons, your organization’s Security Policy requires all Internet traffic initiated behind the VPN-1 Edge gateways first be inspected by your headquarters?? VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To the Internet and other targets only
B. To the center and other satellites, through the center
C. To the center only
D. To the center, or through the center to other satellites, then to the Internet and other VPN targets.
Correct Answer: D
QUESTION 124
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
A. internal_clear > All_GwToGw
B. Communities > Communities
C. Internal_clear > External_Cleat
D. Internal_clear > Communities
E. internal_clear>All_communities
Correct Answer: E QUESTION 125
Jack’s project is to define the backup and restore section of his organization’s disaster recovery plan for his
organization??s distributed NGX installation. Jack must meet the following required and desired objectives:
Required Objective: The security policy repository must be backed up no less frequently than every 24
hours.
Desired Objective: The NGX components that enforce the Security Policies should be backed up no less
frequently than once a week.
Desired Objective: Back up NGX logs no less frequently than once a week.
Jack’s disaster recovery plan is as follows:
1.Use the cron utility to run the upgrade_export command each night on the SmartCenter Servers.
Configure the organization’s routine backup software to back up the files created by the upgrade_export
command.
2.Configure the SecurePlanform backup utility to back up the Security Gateways every Saturday night.
3.Use the cron utility to run the upgrade_export comand each Saturday night on the Log Servers.
Configure an automatic, nightly logswitch. Configure the organization’s routine backup software to back up
the switched logs every night.
Jack’s plan:
A. Meets the required objective but does not meet either desired objective.
B. Does not meet the required objective.
C. Meets the required objective and only one desired objective.
D. Meets the required objective and both desired objectives.
Correct Answer: D
QUESTION 126
As a Security Administrator, you must configure anti-spoofing on Security Gateway interfaces, to protect your internal networks. What is the correct anti-spoofing setting on interface ETH1 in this network diagram?
NOTE: In the DMZ, mail server 192.168.16.10 is statically translated to the object “mail_valid”, with IP address 210.210.210.3. The FTP server 192.168.16.15 is statically translated to the object “ftp_vaild”, with IP address 210.210.210.5
A. A group object that includes the 10.10.0.0/16 and 192.168.16.0/24 networks, and mail_valid and ftp_valid host objects.
B. A group object that includes the 10.10.20.0/24 and 10.10.10.0/24 networks.
C. A group object that includes the 10.10.0.0/16 network object, mail_valid host, and ftp_valid host object
D. A group object that includes the 192.168.16.0/24 and 10.10.0.0/16 networks.
E. A group object that includes the 10.10.10.0/24 and 192.168.16.0/24 networks
Correct Answer: B
QUESTION 127
Ophelia is the Security Administrator for a shipping company. Her company uses a custom application to update the distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway’s Rule Base includes a rue to accept this traffic. Ophelia needs to the notified, via a text message to her cellular phone, whenever traffic is accepted on this rule. Which of the following options is MOST appropriate for Ophelia’s requirement?
A. user-defined alert script
B. Logging implied rules
C. SmartView Monitor
D. Pop-up API
E. SNMP trap
Correct Answer: A
QUESTION 128
The following is cphaprob state command output from a New Mode High Availability cluster member:
Which machine has the highest priority?
A. 192.168.1.2, since its number is 2
B. 192.168.1.1, because its number is 1
C. This output does not indicate which machine has the highest priority.
D. 192.168.1.2, because its state is active.
Correct Answer: B
QUESTION 129
Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, without stopping the VPN. What is the correct order of steps?
A. 1.Add a new interface on each Gateway. 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers 4.Enable advanced routing on all three Gateways.
B. 1.Add a new interface on each Gateway. 2.Remove the newly added network from the current VPN Domain in each gateway object. 3.Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface.
C. 1.Add a new interface on each Gateway. 2.Add the newly added network into the existing VPN Domain for each Gateway. 3.Create VTIs on each gateway object, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
D. 1.Add a new interface on each Gateway. 2.Add the newly added network into the existing VPN Domain for each gateway object. 3.Create VTIs on each gateway object, to point to the other two peers. 9.Add static routes on three Gateways, to route the new networks to each peer’s VTI interface.
Correct Answer: B
QUESTION 130
You network includes ClusterXL running Multicast mode on two members, as shown in this topology: Your network is expanding, and you need to add new interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for interface 10.10.10.0/24 is 10.10.10.3. What is the correct procedure to add these interfaces?
A. 1.Use the ifconfig command to configure and enable the new interface. 2.Run cpstop and cpstart on both members at the same time. 3.Update the topology in the cluster object for the cluster and both members. 4.Install the Security Policy.
B. 1.Disable “Cluster membership” from one Gateway via cpconfig. 2.Configure the new interface via sysconfig from the “non-member” Gateway. 3.Reenable “Cluster membership” on the Gateway. 4.Perform the same step on the other Gateway. 5.Update the topology in the cluster object for the cluster and members. 6.Install the Security Policy.
C. 1.Run cpstop on one member, and configure the new interface via sysconfig. 2.Run cpstart on the member. Repeat the same steps on another member.
3.Update the topology in the cluster object for the cluster and both members.
4.Instal the Security Policy.
D. 1.Use sysconfig to configure the new interfaces on both members. 2.Update the topology in the cluster object for the cluster and both members. 3.Install the Security Policy.
Correct Answer: C
Looking to become a certified Cisco professional? Would you like to reduce or minimize your Checkpoint 156-915 certification cost? Do you want to pass all of the Cisco certification? If you answered YES, then look no further. Flydumps.com offers you the best Microsoft exam certification test questions which cover all core topics and certification requirements.
Flydumps 642-832 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/642-832.html
Checkpoint 156-915 Vce Dumps, Most Popular Checkpoint 156-915 Free Dumps Vce With Low Price