Latest 156-315 Real Exam Download 121-130



Which of the following QoS rulE. action properties is an Advanced action type, only available in Traditional mode?


A. Guarantee Allocation

B. Rule weight

C. Apply rule only to encrypted traffic

D. Rule limit

E. Rule guarantee


Answer: A




Which OPSEC server is used to prevent users from accessing certain Web sites?








Answer: C




Regarding QoS guarantees and limits, which of the following statements is FALSE? ~>


A. The guarantee of asuB. rule cannot be greater than the guarantee defined for the rule above it.

B. If a guarantee is defined in asuB. rule, a guarantee must be defined for the rule above it.

C. A rule guarantee must not be less than the sum defined in the guarantees’ suB. rules.

D. If both a rule and per-connection limit are defined for a rule, the per-connection limit must not be greater than the rule limit.

E. If both a limit and guarantee per rule are defined in aQoS rule, the limit must be smaller than the guarantee.


Answer: E




Wayne configures an HTTP Security Server to work with the content vectoring protocol to screen forbidden sites. He has created a URI resource object using CVP with the following settings:


Allow CVP server to modify content

Return data after content is approved

He adds two rules to his Rule Base: one to inspect HTTP traffic going to known forbidden sites, the other to allow all other HTTP traffic.

Wayne sees HTTP traffic going to those problematic sites is not prohibited.

What could cause this behavior?


A. The Security Server Rule is after the general HTTP Accept Rule.

B. The Security Server is not communicating with the CVP server.

C. The Security Server is not configured correctly.

D. The Security Server is communicating with the CVP server, but no restriction is defined in the CVP server.


Answer: A




Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization’s three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?


A. The relatedenD. points domain specifies an address range.

B. VoIP Domain SIP objects cannot be placed in simple groups.

C. The installed VoIP gateways specify host objects.

D. The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.

E. The VoIP Domain SIP object’s name contains restricted characters.


Answer: B




How does ClusterXL Unicast mode handle new traffic?


A. The pivot machine receives and inspects all new packets, and synchronizes the connections with other members.

B. Only the pivot machine receives all packets. It runs an algorithm to determine which member should process the packets.

C. All members receive all packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.

D. All cluster members process all packets, and members synchronize with each other.


Answer: B




Your network includes ClusterXL running Multicast mode on two members, as shown in this topology:Your network is expanding, and you need to add new interfaces: on Member A, and on Member B. The virtual IP address for interface is What is the correct procedure to add these interfaces?


A. 1. Use theifconfig command to configure and enable the new interface.

2. Run cpstop and cpstart on both members at the same time.

3. Update the topology in the cluster object for the cluster and both members.

4. Install the Security Policy.

B. 1. Disable “Cluster membership” from one Gateway viacpconfig.

2. Configure the new interface via sysconfig from the “non-member” Gateway.

3. RE. enable “Cluster membership” on the Gateway.

4. Perform the same step on the other Gateway.

5. Update the topology in the cluster object for the cluster and members.

6. Install the Security Policy.

C. 1. Run cpstop on one member, and configure the new interface via sysconfig.

2. Run cpstart on the member. Repeat the same steps on another member.

3. Update the new topology in the cluster object for the cluster and members.

4. Install the Security Policy.

D. 1. Use sysconfig to configure the new interfaces on both members.

2. Update the topology in the cluster object for the cluster and both members.

3. Install the Security Policy.


Answer: C




Barak is a Security Administrator for an organization that has two sites using prE. shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from prE. shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?

1.       Disable “PrE. Shared Secret” on the London and Oslo gateway objects.

2.       Add the Madrid gateway object into the Oslo and London’s mesh VPN Community.

3.       Manually generate ICA Certificates for all three Security Gateways.

4.       Configure “Traditional mode VPN configuration” in the Madrid gateway object’s VPN screen.

5.       Reinstall the Security Policy on all three Security Gateways.


A. 1,2,5

B. 1,3,4,5

C. 1,2,3,5

D. 1,2,4,5

E. 1,2,3,4


Answer: A




You are configuring the VoIP Domain object for a SIP environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use?


A. Call Manager

B. Gateway

C. Call Agent

D. Gatekeeper

E. Proxy


Answer: E




When you add a resource service to a rule, which ONE of the following actions occur?


A. VPN-1SecureClient users attempting to connect to the object defined in the Destination column of the rule will receive a new Desktop Policy from the resource.

B. All packets that match the resource in the rule will be dropped.

C. All packets matching the resource service rule are analyzed or authenticated, based on the resource properties.

D. Users attempting to connect to the destination of the rule will be required to authenticate.

E. All packets matching that rule are either encrypted or decrypted by the defined resource.


Answer: C



Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.