Latest 156-315 Real Exam Download 41-50

Ensurepass

QUESTION 41

In a Load Sharing Unicastmode scenario, the internal-cluster IP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108: c:> arp According to the output, which member is the Pivot?

clip_image002

A. 10.4.8.108

B. 10.4.8.3

C. 10.4.8.2

D. 10.4.8.1

 

Answer: C

 

 

QUESTION 42

Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen. What is the problem?

clip_image004

A. Steve must enabledirectional_match(true) in the objects_5_0.C file on SmartCenter Server.

B. Steve must enable Advanced Routing on each Security Gateway.

C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.

D. Steve must enable a dynamiC. routing protocol, such as OSPF, on the Gateways.

E. Steve must enable VPN Directional Match on the gateway object’s VPN tab.

 

Answer: C

 

 

QUESTION 43

You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer’s Gateway. Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel?

 

A. Manual NAT

B. Static NAT

C. Hide NAT

D. None

E. Hide NAT

 

Answer: D

 

 

QUESTION 44

Jennifer wants to protect internal users from malicious Java code, but she does not want to strip Java scripts. Which is the BEST configuration option?

 

A. Use the URI resource to block Java code

B. Use CVP in the URI resource to block Java code

C. Use the URI resource to strip ActiveX tags

D. Use the URI resource to strip applet tags

E. Use the URI resource to strip script tags

 

Answer: A

 

 

QUESTION 45

Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX routE. based VPN feature, without stopping the VPN. What is the correct order of steps?

 

A. 1. Add a new interface on each Gateway.

2. Remove the newly added network from the current VPN Domain for each Gateway.

3. Create VTIs on each Gateway, to point to the other two peers

4. Enable advanced routing on all three Gateways.

B. 1. Add a hew interface on each Gateway.

2. Remove the newly added network from the current VPN Domain in each gateway object.

3. Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers.

4. Add static routes on three Gateways, to route the new network to each peer’s VTI interface.

C. 1. Add a new interface on each Gateway.

2. Add the newly added network into the existing VPN Domain for each Gateway.

3. Create VTIs on each gateway object, to point to the other two peers.

4. Enable advanced routing on all three Gateways.

D. 1. Add a new interface on each Gateway.

2. Add the newly added network into the existing VPN Domain for each gateway object.

3. Create VTIs on each gateway object, to point to the other two peers.

4. Add static routes on three Gateways, to route the new networks to each peer’s VTI interface.

 

Answer: B

 

 

QUESTION 46

Which Security Server can perform authentication tasks, but CANNOT perform content security tasks?

 

A. Telnet

B. HTTP

C. rlogin

D. FTP

E. SMTP

 

Answer: C

 

 

QUESTION 47

You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade?

 

A. Only VPN-1 Pro Security Gateway

B. Both the operating system (OS) and all Check Point products

C. All products, except the Policy Server

D. Only the patch utility is upgraded using this command

E. Only the OS

 

Answer: B

 

 

QUESTION 48

Which type of service should a Security Administrator use in a Rule Base to control access to specific shared partitions on target machines?

 

A. Telnet

B. CIFS

C. HTTP

D. FTP

E. URI

 

Answer: B

 

 

QUESTION 49

Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder’s access, after the next Phase 2 exchange occurs?

 

A. Phase 3 KeyRevocation

B. Perfect Forward Secrecy

C. MD5 Hash Completion

D. SHA1 Hash Completion

E. DES Key Reset

 

Answer: B

 

 

QUESTION 50

You want only RAS signals to pass through H.323 Gatekeeper and other H.323 protocols, passing directly between end points. Which routing mode in the VoIP Domain Gatekeeper do you select?

 

A. Direct

B. Direct and Call Setup

C. Call Setup

D. Call Setup and Call Control

 

Answer: A

 

 

Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.