Latest 156-315 Real Exam Download 21-30

Ensurepass

QUESTION 21

In a Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when:

1.       The Security Policy is installed.

2.       The Security Policy is saved.

3.       The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active.

4.       A scheduled event occurs.

5.       The user database is installed. Select the BEST response for the synchronization sequence. Choose one.

 

A. 1,2,3

B. 1,2,3,4

C. 1,3,4

D. 1,2,5

E. 1,2,4

 

Answer: E

 

QUESTION 22

Stephanie wants to reduce the encryption overhead and improve performance for her mesh VPN Community. The Advanced VPN Properties screen below displays adjusted page settings: What can Stephanie do to achieve her goal?

clip_image002

A. Check the box “Use Perfect Forward Secrecy”.

B. Change the setting “UseDiffiE. Hellman group” to “Group 5 (1536 bit)”.

C. Check the box “Use aggressive mode”.

D. Check the box “Support IP compression”

E. Reduce the setting “Renegotiate IKE security associations every” to “720”.

 

Answer: D

 

 

QUESTION 23

Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen. What is the problem?

clip_image004

A. Steve must enabledirectional_match(true) in the objects_5_0.C file on SmartCenter Server.

B. Steve must enable Advanced Routing on each Security Gateway.

C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.

D. Steve must enable a dynamiC. routing protocol, such as OSPF, on the Gateways.

E. Steve must enable VPN Directional Match on the gateway object’s VPN tab.

 

Answer: C

 

 

QUESTION 24

Jerry is concerned that a denial-oF. service (DoS) attack may affect his VPN Communities. He decides to implement IKE DoS protection. Jerry needs to minimize the performance impact of implementing this new protection. Which of the following configurations is MOST appropriate for Jerry?

 

A. Set Support IKEDoS protection from identified source to “Puzzles”, and Support IKE DoS protection from unidentified source to “Stateless”.

B. Set Support IKE Dos Protection from identified source, and Support IKEDoS protection from unidentified source to “Puzzles”.

C. Set Support IKE DoS protection from identified source to “Stateless,” and Support IKE DoS protection from unidentified source to “Puzzles”.

D. Set “Support IKE DoS protection” from identified source, and “Support IKE DoS protection” from unidentified source to “Stateless”.

E. Set Support IKEDoS protection from identified source to “Stateless”, and Support IKE DoS protection from unidentified source to “None”.

 

Answer: D

 

 

QUESTION 25

Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?

 

A. Global Properties

B. QoS Class objects

C. Check Point gateway object properties

D. $CPDIR/conf/qos_props.pf

E. Advanced Action options in eachQoS rule

 

Answer: A

 

 

QUESTION 26

You are configuring the VoIP Domain object for an H.323 environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use? )

 

A. Transmission Router

B. Gatekeeper

C. Call Manager

D. Proxy

E. Call Agent

 

Answer: B

 

 

QUESTION 27

Problems sometimes occur when distributing IPSec packets to a few machines in a Load Sharing Multicast mode cluster, even though the machines have the same source and destination IP addresses. What is the best Load Sharing method for preventing this type of problem?

 

A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces (SPI)

B. Load Sharing based on SPIs only

C. Load Sharing based on IP addresses only

D. Load Sharing based on SPIs and ports only

E. Load Sharing based on IP addresses and ports

 

Answer: E

 

 

QUESTION 28

Problems sometimes occur when distributing IPSec packets to a few machines in a Load Sharing Multicast mode cluster, even though the machines have the same source and destination IP addresses. What is the best Load Sharing method for preventing this type of problem?

 

A. Load Sharing based on IP addresses, ports, and serial peripheral interfaces (SPI)

B. Load Sharing based on SPIs only

C. Load Sharing based on IP addresses only

D. Load Sharing based on SPIs and ports only

E. Load Sharing based on IP addresses and ports

 

Answer: E

 

 

QUESTION 29

Jacob is using a mesh VPN Community to create a sitE. to-site VPN. The VPN properties in this mesh Community display in this graphic:Which of the following statements is TRUE?

clip_image006

A. If Jacob changes the setting, “Perform key exchange encryption with” from “3DES” to “DES”, he will enhance the VPN Community’s security and reduce encryption overhead.

B. Jacob must change thedatA. integrity settings for this VPN Community. MD5 is incompatible with AES.

C. If Jacob changes the setting “Perform IPSec data encryption with” from “AES-128” to “3DES”, he will increase the encryption overhead.

D. Jacob’s VPN Community will perform IKE Phase 1 key-exchange encryption, using the longest key VPN-1 NGX supports.

 

Answer: C

 

 

QUESTION 30

Rachel is the Security Administrator for a university. The university’s FTP servers have old hardware and software. Certain FTP commands cause the FTP servers to malfunction. Upgrading the FTP servers is not an option at this time. Which of the following options will allow Rachel to control which FTP commands pass through the Security Gateway protecting the FTP servers?

 

A. Global Properties > Security Server > Allowed FTP Commands

B. SmartDefense > Application Intelligence > FTP Security Server

C. Rule Base > Action Field > Properties

D. Web Intelligence > Application Layer > FTP Settings

E. FTP Service Object > Advanced > Blocked FTP Commands

 

Answer: B

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.