Latest 156-315 Real Exam Download 31-40

Ensurepass

QUESTION 31

You want to establish a VPN, using Certificates. Your VPN will exchange Certificates with an external partner. Which of the following activities should you do first?

 

A. Manually import your partner’s Access Control List.

B. Exchange a shared secret, before importing Certificates.

C. Create a new logical-server object, to represent your partner’s CA.

D. Manually import your partner’s Certificate Revocation List.

E. Exchange exportedCAkeys and use them to create a new server object, to represent your partner’s Certificate Authority (CA).

 

Answer: E

 

 

QUESTION 32

You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?

 

A. No QOS rule exists to match the rejected traffic.

B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections.

C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.

D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.

E. The guarantee of one of the rule’ssuB. rules exceeds the guarantee in the rule itself.

 

Answer: B

 

 

QUESTION 33

Wayne configures an HTTP Security Server to work with the content vectoring protocol to screen forbidden sites. He has created a URI resource object using CVP with the following settings:

Use CVP Allow CVP server to modify content Return data after content is approved

He adds two rules to his Rule Base: one to inspect HTTP traffic going to known forbidden sites, the other to allow all other HTTP traffic.

Wayne sees HTTP traffic going to those problematic sites is not prohibited.

What could cause this behavior?

 

A. The Security Server Rule is after the general HTTP Accept Rule.

B. The Security Server is not communicating with the CVP server.

C. The Security Server is not configured correctly.

D. The Security Server is communicating with the CVP server, but no restriction is defined in the CVP server.

 

Answer: A

 

 

QUESTION 34

You have two Nokia Appliances: one IP530 and one IP380. Both Appliances have IPSO 3.9 and VPN-1 Pro NGX installed in a distributed deployment. Can they be members of a gateway cluster?

 

A. No, because the Gateway versions must not be the same on both security gateways

B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version

C. No, because members of a security gateway cluster must be installed as stanD. alone deployments

D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version or not

E. No, because the appliances must be of the same model (Both should be IP530 or IP380.)

 

Answer: B

 

 

QUESTION 35

You want to block corporatE. internal-net and localnet from accessing Web sites containing inappropriate content. You are using WebTrends for URL filtering. You have disabled VPN-1 Control connections in the Global properties. Review the diagram and the Security Policies for GW_A and GW_B in the exhibit provided.

clip_image002

Corporate users and localnet users receive message “Web cannot be displayed”. In SmartView Tracker, you see the connections are dropped with message “content security is not reachable”. What is the problem, and how do you fix it?

 

A. The connection from GW_B to the internalWebTrends server is not allowed in the Policy. Fix: Add a rule in GW_A’s Policy to allow source WebTrends Server, destination GW_B, service TCP port 18182, and action accept.

B. The connection from GW_B to theWebTrend server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with Source GW_B, destination WebTrends server, service TCP port 18182, and action accept.

C. The connection from GW_Ato the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with source WebTrends server, destination GW_A, service TCP port 18182, and action accept.

D. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_B’s Policy with source GW_A, destination: WebTrends server, service TCP port 18182, and action accept.

E. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_A’s Policy to allow source GW_A, destination WebTrends server, service TCP port 18182, and action accept.

 

Answer: E

 

 

QUESTION 36

VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. Which of the following services is NOT provided by a CIFS resource?

 

A. Log access shares

B. Block Remote Registry Access

C. Log mapped shares

D. Allow MS print shares

 

Answer: D

 

 

QUESTION 37

Your organization has many VPN-1 Edge gateways at various branch offices, to allow VPN-1 SecureClient users to access company resources. For security reasons, your organization’s Security Policy requires all Internet traffic initiated behind the VPN-1 Edge gateways first be inspected by your headquarters’ VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN Community?

 

A. To the Internet and other targets only

B. To the center and other satellites, through the center

C. To the center only

D. To the center; or through the center to other satellites, then to the Internet and other VPN targets

 

Answer: D

 

 

QUESTION 38

Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?

 

A. Guarantees

B. Differentiated Services

C. Limits

D. Weighted Fair Queuing

E. Low Latency Queuing

 

Answer: D

 

QUESTION 39

You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?

 

A. No QOS rule exists to match the rejected traffic.

B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections.

C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements.

D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers.

E. The guarantee of one of the rule’ssuB. rules exceeds the guarantee in the rule itself.

 

Answer: B

 

 

QUESTION 40

Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company’s file server, on \eriscogoldenapplefilespublic. Robert receives reports that users are unable to access the shared partition, unless they use the file server’s IP address. Which of the following is a possible cause?

 

A. Mapped shares do not allow administrative locks.

B. The CIFS resource is not configured to use Windows name resolution.

C. Access violations are not logged.

D. Remote registry access is blocked.

E. Null CIFS sessions are blocked.

 

Answer: B

 

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.