Latest 156-315 Real Exam Download 11-20

Ensurepass

QUESTION 11

What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?

 

A. ICMPPort Unreachable

B. TCPkeep alive

C. IKE Key Exchange

D. ICMP Destination Unreachable

E. UDPkeep alive

 

Answer: E

 

 

QUESTION 12

Which Security Servers can perform Content Security tasks, but CANNOT perform authentication tasks?

 

A. Telnet

B. FTP

C. SMTP

D. HTTP

 

Answer: C

 

 

QUESTION 13

Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?

 

A. FTP

B. SMTP

C. Telnet

D. HTTP

E. rlogin

 

Answer: B

 

 

QUESTION 14

You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all sitE. to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?

 

A. internal_clear > AII_GwToGw

B. Communities > Communities

C. lnternal_clear > External_Clear

D. lnternal_clear > Communities

E. internal clear>All communities

 

Answer: E

 

 

QUESTION 15

The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?

clip_image002

A.      Internal Gateway VPN Domain = internal_net;

External VPN Domain = external net + external gateway object + internal_net.

B.      Internal Gateway VPN Domain = internal_net.

External Gateway VPN Domain = external_net + internal gateway object

C.      Internal Gateway VPN Domain = internal_net;

External Gateway VPN Domain = internal_net + external_net

D.      Internal Gateway VPN Domain = internal_net.

External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

 

Answer: D

 

 

QUESTION 16

A cluster contains two members, with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster’s IP address is 172.28.108.3, and the internal cluster’s IP address is 10.4.8.3. The synchronization interfaces are 192.168.1.1 and 192.168.1.2. The Security Administrator discovers State Synchronization is not working properly, cphaprob if command output displays as follows:What is causing the State Synchronization problem?

clip_image004

A. Another cluster is using 192.168.1.3 as one of the unprotected interfaces.

B. Interfaces 192.168.1.1 and 192.168.1.2 have defined 192.168.1.3 as asuB. interface.

C. The synchronization interface on the cluster member object’s Topology tab is enabled with “Cluster Interface”. Disable this interface.

D. The synchronization network has a cluster, with IP address 192.168.1.3 defined in the gateway-cluster object. Remove the 192.168.1.3 VIP interface from the cluster topology.

 

Answer: D

 

 

QUESTION 17

How can you completely tear down a specific VPN tunnel in an intranet IKE VPN deployment?

 

A. Run the commandvpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.

B. Run the commandvpn tu on the SmartCenter Server, and choose the option “Delete all IPSec+IKE SAs for ALL peers and users”.

C. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec+IKE SAs for a given peer (GW)”.

D. Run the command vpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for a given user (Client)”.

E. Run the commandvpn tu on the Security Gateway, and choose the option “Delete all IPSec SAs for ALL peers and users”.

 

Answer: C

 

 

QUESTION 18

How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?

 

A. Low latency class

B. DiffServrule

C. guaranteed per connection

D. Weighted Fair Queuing

E. guaranteed per VoIP rule

 

Answer: A

 

 

QUESTION 19

You are preparing to deploy a VPN-1 Pro Gateway for VPN-1 NGX. You have five systems to choose from for the new Gateway, and you must conform to the following requirements:

Operating-system vendor’s license agreement Check Point’s license agreement Minimum operating-system hardware specification Minimum Gateway hardware specification Gateway installed on a supported operating system (OS)

Which machine meets ALL of the following requirements?

 

A. Processor: 1.1 GHz RAM: 512MB Hard disk: 10 GB OS: Windows 2000 Workstation

B. Processor: 2.0 GHz RAM: 512MB Hard disk: 10 GB OS: Windows ME

C. Processor: 1.5 GHz RAM: 256 MB Hard disk: 20 GB OS: Red Hat Linux 8.0

D. Processor: 1.67 GHz RAM: 128 MB Hard disk: 5 GB OS: FreeBSD

E. Processor 2.2 GHzRAM: 256 MB Hard disk: 20 GB OS: Windows 2000 Server

 

Answer: E

 

 

QUESTION 20

Which of the following actions is most likely to improve the performance of Check Point QoS?

 

A. Turn “per rule guarantees” into “per connection guarantees”.

B. Install CheckpointQoS only on the external interfaces of the QoS Module.

C. Put the most frequently used rules at the bottom of the QoS Rule Base.

D. Turn “per rule limits” into “per connection limits”.

E. Define weights in the Default Rule in multiples of 10.

 

Answer: B

 

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.