Your organization has many VPN-1 Edge gateways at various branch offices, to allow VPN-1 SecureClient users to access company resources. For security reasons, your organization’s Security Policy requires all Internet traffic initiated behind the VPN-1 Edge gateways first be inspected by your headquarters’ VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To the Internet and other targets only
B. To the center and other satellites, through the center
C. To the center only
D. To the center; or through the center to other satellites, then to the Internet and other VPN targets
How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_Ato end point Net_B, through an NGX Security Gateway?
B. Net_A/Net_B/sip and sip_any/accept
After you add new interfaces to this cluster, how can you check if the new interfaces and associated virtual IP address are recognized by ClusterXL?
A. By running thecphaprob state command on both members
B. By running the cphaproB. a if command on both members
C. By running the cphaproB. I list command on both members
D. By running the fw ctl iflist command on both members
E. By running thecpconfig command on both members
How does ClusterXL Unicast mode handle new traffic?
A. The pivot machine receives and inspects all new packets, and synchronizes the connections with other members.
B. Only the pivot machine receives all packets. It runs an algorithm to determine which member should process the packets.
C. All members receive all packets. The SmartCenter Server decides which member will process the packets. Other members simply drop the packets.
D. All cluster members process all packets, and members synchronize with each other.
Barak is a Security Administrator for an organization that has two sites using prE. shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from prE. shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?
1. 1 .Disable “PrE. Shared Secret” on the London and Oslo gateway objects.
2. Add the Madrid gateway object into the Oslo and London’s mesh VPN Community.
3. Manually generate ICA Certificates for all three Security Gateways.
4. Configure “Traditional mode VPN configuration” in the Madrid gateway object’s VPN screen.
5. Reinstall the Security Policy on all three Security Gateways.
Which Check Point QoS feature allows a Security Administrator to define special classes of service for delay-sensitive applications?
A. Weighted Fair Queuing
C. Differentiated Services
D. Low Latency Queuing
You have an internal FTP server, and you allow downloading, but not uploading. Assume Network Address Translation is set up correctly, and you want to add an inbound rule with: Source: Any Destination: FTP server Service: an FTP resource object. How do you configure the FTP resource object and the action column in the rule to achieve this goal?
A. Enable only the “Get” method in the FTP Resource Properties, and use this method in the rule, with action accept.
B. Enable only the “Get” method in the FTP Resource Properties and use it in the rule, with action drop.
C. Enable both “Put” and “Get” methods in the FTP Resource Properties and use them in the rule, with action drop.
D. Disable “Get” and “Put” methods in the FTP Resource Properties and use it in the rule, with action accept.
E. Enable only the “Put” method in the FTP Resource Properties and use it in the rule, with action accept.
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations:Are these machines correctly configured for a ClusterXL deployment?
A. Yes, these machines are configured correctly for aClusterXL deployment.
B. No,QuadCards are not supported with ClusterXL.
C. No, all machines in a cluster must be running on the same OS.
D. No, a cluster must have an even number of machines.
E. No,ClusterXL is not supported on Red Hat Linux.
Damon enables an SMTP resource for content protection. He notices that mail seems to slow down on occasion, sometimes being delivered late. Which of the following might improve throughput performance?
A. Configuring the SMTP resource to bypass the CVP resource
B. Increasing the Maximum number of mail messages in the Gateway’s spool directory
C. Configuring the Content Vector Protocol (CVP) resource to forward the mail to the internal SMTP server, without waiting for a response from the Security Gateway
D. Configuring the CVP resource to return the mail to the Gateway
E. Configuring the SMTP resource to only allow mail with Damon’s company’s domain name in the header
You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40, and the Default Rule with a weight of 10. If the only traffic passing through your QoS Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?
Download Latest Checkpoint 156-315 Real Free Tests , help you to pass exam 100%.